Verizon Fined $1.35 Million by FCC Over ‘Supercookie’ Tracking

Everyone wants your browsing data, from the government to your ISP, for reasons ranging from tracking potential criminals to lucrative advertisement revenue. Now Verizon is settling with the FCC over their usage of an ad targeting technology known as ‘supercookie’, which tracks the sites visited by phones on their network. These supercookies allow ads to be better targeted for users on of the Verizon cell phone service, however, Verizon neglected to inform their users of the tracking and allow them to opt-out. This action has caused them to incur a fine of $1.35 million from the US Federal Communications Commission and force them to receive customer permission before sharing any tracking data with other companies and those inside its organization, including AOL.

Verizon’s usage of the supercookie tracking garnered a lot of negative feedback when it was introduced last year, causing the company to allow users to opt-out of the program. This move is forced even further by today’s settlement, limiting the data that can be shared even from customers that do not opt-out. This is a big change, as it addresses one of the main concerns with supercookies, which could allow websites to track users on a permanent basis, as it was impossible to disassociate a user from their supercookie on the Verizon network.

This settlement represents the FCC successfully defending the Open Internet Transparency Rule, only the second time that it has been done (the first being a fine against AT&T over unlimited data plans.) This ruling seems to allow for some level of tracking to be permitted, so long as there is transparency and the option to opt-out exist for the customer. “Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re doing online,” stated Travis LeBlanc, chief of the FCC’s Enforcement Bureau. It is clear that Verizon overstepped their bounds in this case, and we can only hope that other network providers will learn from this when considering the tracking and sharing of their users’ data.

Republican Senators Argue With FCC Over 25Mbps Broadband

On Thursday, a group of republican senators expressed an issue with the Federal Communications commission, or rather their definition of a service. The item in question is broadband and the fact that in order to qualify in their reports they are now required to provide 25Mbps Broadband.

Citing popular sites like Netflix and Amazon in their letter, they argue that services like these only require a fraction of the speed that the FCC now say is the baseline to classify as broadband internet. The speed in question is 25 Mbps, a speed I know a lot of people would be happy to pay for if it was stable at even a fraction of that speed.

Broadbands definition was redefined as 25 Mbps last year, raising from only 4Mbps. The difference being fundamental to the FCC given that they are required to act if not enough people have access to this service. The reason they stated for the update was because the old speed was “dated and inadequate”, with more devices connected to each household now you could often see several people connecting and using services like Netflix at the same time.

In their latest report, 10% didn’t have access to the 25Mbps speed that was required to be considered Broadband. Something which may be easier to help with if the FCC was consistent across the board the senators argue. While using 25 Mbps for reporting on broadband levels, if you are applying for Connect America Funds the benchmark is only 10 Mbps. These funds are designed to help connect people and allow companies to offer services to as many people as possible, but clearly only offering 10 Mbps is far from the 25 Mbps you will require according to the new standards.

US Fed­er­al Judges May Help ISPs Undermine Net Neutrality

Federal judges in the US could force the Federal Communications Commission to decimate its own net neutrality ruling. Internet service providers have been fighting the FCC ever since the government body reclassified internet services under Title II of the Com­mu­nic­a­tions Act, according to the National Journal. At the behest of ISPs, three Federal judges at the D.C. Cir­cuit Court of Ap­peals are currently putting that reclassification under the microscope, which may see the concept of a free and open internet sold out.

Lawyers working on behalf of ISPs argue that internet services should be classified as ‘information services’ like Google or Netflix, rather than ‘telecommunications services’ like telephones, due to the cost of storing and sending large quantities of data.

On Friday, Judge Steph­en Wil­li­ams asked lawyers from the FCC why companies should not be allowed to charge extra for internet “fast lanes?” asserting that, “If you get something spe­cial, you pay something spe­cial.”

The Appeals panel is also looking at what constitutes an internet network. For example, mobile internet for smartphones and tablets is distributed via mobile (cell) phone networks, while broadband operates through fibre or cable, so why should they be considered the same “network”?

“You nev­er know with these guys,” me­dia at­tor­ney An­drew Schwartz­man, a supporter of net neutrality, told re­port­ers. “They probed very, very ag­gress­ively both sides. My sense of it, for what it’s worth—and we’ll know in four months—is that they were sat­is­fied with the com­mis­sion’s explan­a­tions.”

Whatever the panel decides – ruling in favour of either the FCC or ISPs – it is expected that the losing side will take the case to the Supreme Court.

FCC Speaks Out Regarding Router Hacking Laws

Back in September, the US Federal Communications Commission revealed proposals for new laws governing software requirements for Unlicensed National Information Infrastructure (U-NII) devices, the draft for which suggested that the government agency could outlaw router hacking, like flashing the device with third-party firmwares DD-WRT, Tomato, and OpenWRT.

The FCC has now spoken out regarding the proposed rules, specifically the section asking router manufacturers to explain “how [its] device is protected from ‘flashing’ and the installation of third-party firmware such as DD-WRT”.

“This particular question prompted a fair bit of confusion – were we mandating wholesale blocking of Open Source firmware modifications?” Julius Knapp, Chief of the Office of Engineering & Technology for the FCC writes. “We were not,” Knapp clarifies, “but we agree that the guidance we provide to manufacturers must be crystal-clear to avoid confusion.”

There we have it: no ban on router hacking. Knapp, however, does acknowledge how misleading the previous draft may have been, writing, “today we released a revision to that guidance to clarify that our instructions were narrowly-focused on modifications that would take a device out of compliance.”

He adds, “The revised guidance now more accurately reflects our intent in both the U-NII rules as well as our current rulemaking, and we hope it serves as a guidepost for the rules as we move from proposal to adoption.”

The revised section now reads [PDF]:

“Describe, if the device permits third-party software or firmware installation, what mechanisms are provided by the manufacturer to permit integration of such functions while ensuring that the RF parameters of the device cannot be operated outside its authorization for operation in the U.S. In the description include what controls and/or agreements are in place with providers of third-party functionality to ensure the devices’ underlying RF parameters are unchanged and how the manufacturer verifies the functionality.”

Image courtesy of Polygon.

FCC Could Ban DD-WRT and Wireless Router Mods

The US Federal Communications Commission is proposing new laws that will ban internet users from modifying setting and firmware on wireless routers, making particular mention of third-party open-source DD-WRT as a firmware to be outlawed.

Third-party firmware – such as DD-WRT, Tomato, and OpenWRT – allows users control over every aspect of a router, can compensate for security flaws with proprietary firmware, and support router VPNs. DD-WRT, a free Linux-based firmware, is a favourite amongst router modders, with manufacturers such as Buffalo manufacturing routers specifically to function with DD-WRT.

The FCC’s new proposals govern software requirements for Unlicensed National Information Infrastructure (U-NII) 5GHz band, calling for 5GHz devices to “be secured to prevent its modification to ensure that the device operates as authorized thus reducing the potential for harmful interference to authorized users,” and that manufacturers ensure that “the device is not easily modified to operate with RF parameters outside of the authorization.”

The footnotes of the proposal outline what the FCC considers weak router security, calling out “those that rely solely on the distribution of firmware in compiled binary form without any form authentication or verification between the device and entity sending the firmware. These implementations are typically susceptible to device ‘flashing’ with third-party firmware or software capable of operating the device outside of its authorization.” The document then lists rules that router manufacturers should abide by, including, “What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party software such as DD-WRT.”

Do you enjoy greater security, firewall control, wireless strength, and VPN options in the US thanks to DD-WRT? Enjoy it while it lasts.

Thank you ExtremeTech for providing us with this information.

The FCC Receives Almost 650,000 Comments Regarding Net Neutrality

The Federal Communications Commission is apparently hoping to roll out a new law that would deny Internet Service Providers to allow prioritized traffic for companies who could afford to pay a large amount of money for the privileges.

Having the ISPs able to decide which site is granted more traffic will make the Internet a not-so-free space where users will get flooded with traffic they do not want and wait huge amounts of time for their websites to load with what traffic is left from the ISP. It is said that companies such as Netflix, ESPN and even Disney will lose, along with startup companies as well as internet users themselves.

Though this is currently not the case, it is a glimpse of what is to be expected in the future if nothing is done. It might seem that nobody cares, but the FCC tends to disagree, along with the 647,000 people out there who already sent their comments to the organization.

[youtube]https://www.youtube.com/watch?v=fpbOEoRrHyU[/youtube]

“We’ve received about 647k #netneutrality comments so far. Keep your input coming — 1st round of comments wraps up July 15.” tweeted Tom Wheeler, chairman of the FCC.

On July the 15th, the FCC is said to enter the “reply” phase, having the first batch of comments becoming public and accessible by anyone on the Internet, as well as having to grant internet users the ability to express their support and disagreement on this matter even further.

Thank you TechCrunch for providing us with this information
Video courtesy of TechCrunch

New CISPA Regulations Could Classify Netflix as a “Cybersecurity Threat”

It appears that a new cybersecurity bill currently going through the Senate is considered too ‘broad’ and would grant ISPs the liberty to limit streaming services’ delivery to customers, having Netflix given as an example.

The Cybersecurity Information Sharing Protection Act of 2014, which has been rallied against twice already, is said to deliver a backdoor for ISPs to destroy net neutrality, something that they have sought for a long time. Until now, the Federal Communications Commission has been the judge when it comes to net neutrality, having set ground rules in order to keep ISPs from limiting content on the Internet.

However, the bill in question appears to describe that “countermeasures” can be employed against “cybersecurity threats”, giving no specific definition to what type of information is included and can be considered a “cybersecurity threat”. This would give ISPs an ace up their sleeves, which would help them jumping over a lot of FCC rules.

“A ‘threat,’ according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available,” Greg Nojeim, a lawyer with the Center for Democracy and Technology, stated. “A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users.”

A letter has been sent to Dianne Feinstein, the bill’s sponsor, having the CDT, EFF, American Civil Liberties Union and other civil liberties groups stating that the bill “arbitrarily harms average internet users”. The letter also points out that previous cybersecurity legislation considered by the Senate had some net neutrality protections defined, something that the current bill lacks.

The unsettlement caused by the bill has been said to postpone it for now, having it sent back to the Intelligence Committee for further discussions. There has been no word on any decisions regarding the bill so far.

Thank you Motherboard for providing us with this information