The new "ISP Spy" policies go into effect TODAY
If you are in the habit of downloading copyrighted media, including software, music and videos, be warned that beginning on Sunday July 1st your ISP will start spying on your activity. The Raw Story reports, “That’s the date when the nation’s largest ISPs will all voluntarily implement a new anti-piracy plan that will engage network operators in the largest digital spying scheme in history, and see some users’ bandwidth completely cut off until they sign an agreement saying they will not download copyrighted materials.”
Of course the usual suspects are behind this plan including the Recording Industry Association of America (RIAA) and the Motion Picture Association of American (MPAA). The plan is backed by all major ISPs (Comcast, Verizon, Time Warner Cable, Cablevision, AT&T) and has the support of the Obama administration.
Penalties for offenders can include reduced bandwidth, access reduced to a limited number of websites, and complete internet service cut-off. ISPs can require customers to attend “an education course” if they want service restored. And of course offenders can be charged with copyright infringement by the studios.
A CNET News article quotes RIAA CEO Cary Sherman, “Each ISP has to develop their infrastructure for automating the system.” Sherman said ISPs are developing systems to keep track of repeat infringers which will allow them to send “first notice or the third notice.” CNET reports that ISPs will use a “graduated response” approach. This approach requires ISPs to “send out one or two educational notices to customers accused of downloading copyrighted content illegally. If the customer doesn’t stop, the ISP is then asked to send out ‘confirmation notices’ asking that they confirm they have received notice.” If accused customers continue to pirate material the ISP can then begin to impose the before mentioned restrictions.
Welcome to the police state folks, previously home to the ‘land of the free’.
the ISPs agreed to do this "voluntarily” …
SOPA tanked, so the RIAA and MPAA concocted a "backdoor" approach, and every major ISP eagerly agreed to sign up for it …
This means VPN ("Virtual Private Network") providers will probably see a spike in revenue, as well as Usenet providers who offer SSL and do not keep logs.
Which ISPs Are Spying on You?
The few souls that attempt to read and understand website privacy policies know they are almost universally unintelligible and shot through with clever loopholes. But one of the most important policies to know is your internet service provider’s — the company that ferries all your traffic to and from the internet, from search queries to BitTorrent uploads, flirty IMs to porn.
Wired News, with help from some readers, attempted to get real answers from the largest United States-based ISPs about what information they gather on their customers’ use of the internet, and how long they retain records like IP addresses, e-mail and real-time browsing activity. Most importantly, we asked what they require from law-enforcement agencies before coughing up the data, and whether they sell your data to marketers.
Only four of the eight largest ISPs responded to the 10-question survey, despite being contacted repeatedly over the course of two months. Some ISPs wouldn’t talk to us, but gave answers to customers responding to a call for reader help on Wired’s Threat Level blog.
Marc Rotenberg, the executive director of the Electronic Privacy Information Center, says ISPs should be more circumspect about keeping user data. Maintaining detailed data for long periods of time makes any internet company a huge target for law enforcement fishing expeditions. "From a user perspective, the best practice would be for ISPs to delete data as soon as possible," Rotenberg said. "(The government) will treat ISPs as one-stop shops for subpoenas unless there is a solid policy on data destruction," Rotenberg said.
AOL, AT&T, Cox and Qwest all responded to the survey, with a mix of timeliness and transparency.
But only Cox answered the question, "How long do you retain records of the IP addresses assigned to customers."
These records can be used to trace an internet posting, website visit or an e-mail back to an ISP’s customers. The records are useful to police tracking down child-porn providers, and music-industry groups use them to sue file sharers. Companies have also used the records to track down anonymous posters who write unflattering comments in stock-trading boards.
Cox’s answer: six months. AOL says "limited period of time," while AT&T says it varies across its internet-access offerings but that the time limits are all "within industry standards."
Comcast, EarthLink, Verizon and Time Warner didn’t respond.
Some of the most sensitive information sent across an ISP’s network are the URLs of the websites that people visit. This so-called clickstream data includes every URL a customer visits, including URLs from search engines, which generally include the search term.
AOL, AT&T and Cox all say they don’t store these URLs at all, while Qwest dodged the question. Comcast, EarthLink, Verizon and Time Warner didn’t respond.
When asked if they allow marketers to see anonymized or partially-anonymized clickstream data, AOL, AT&T and Cox said they did not, while Qwest gave a muddled answer and declined to answer a follow-up question. Comcast, EarthLink, Verizon and Time Warner didn’t respond.
This question was prompted by hints at a web-data conference last March that ISPs were peddling their customer’s anonymized clickstream data to web marketers. Anonymization of data such as URLs and search histories is not, however, a perfect science. This became clear last summer when AOL employees attempted to provide the search-research community with a large body of queries that researchers could mine to improve search algorithms. AOL researchers replaced IP addresses with different unique numbers, but news organizations quickly were able to find individuals based on the content of their queries.
Wired News also asked the companies if they have been in contact or discussions with the government about how long they should be keeping data. The Justice Department, along with some members of Congress, are pushing for European Union-style data-retention rules that would require ISPs to store customer information for months or years — a measure law enforcement says is necessary to prosecute computer crimes, such as trading in child pornography.
ISPs were nearly universally reluctant to talk about any conversations or meetings they have had with federal officials. AOL had no comment, Qwest dodged the question, AT&T wouldn’t say, but noted it would broach the issue with the government as part of an industry-wide discussion. For its part, Cox says it has not been contacted.
As for whether they oppose data retention: Qwest said that the market should decide how long data is kept, while Cox was "studying the issue"; AOL is working with the industry and Congress, and AT&T is "ready to work with all parties."
Internet surveillance recently got easier, as the deadline passed last week for ISPs to equip their networks to federal specifications for real-time surveillance of a target’s e-mails, VOIP calls and internet usage — as well as data like IP address assignment and web URLs. While law enforcement currently prefers to ask for stored internet records rather than get real-time surveillance, that balance may shift once the nation’s networks are wired to government surveillance standards.
related story …
The FBI Is Now (Officially) Spying On US Internet Activity
Adrian Covert May 26, 2012
The FBI has probably been monitoring the web activity of random US citizens for quite some time, but today, as CNET reports, the law enforcement bureau has formed a dedicated unit for the purpose of internet surveillance. But its end goal is a bit different than you may think.
According to Declan McCullough, the National Domestic Communications Assistance Center has a mandate to try and crack Skype conversations, analyse internet traffic data and build wiretapping hardware. But its not for investigations of its own; the goal is to develop new technologies to help make it easier for other law enforcement agencies to spy on US citizens.
Here’s what the FBI had to say to CNET:
“It is important to point out that the NDCAC will not be responsible for the actual execution of any electronic surveillance court orders and will not have any direct operational or investigative role in investigations. It will provide the technical knowledge and referrals in response to law enforcement’s requests for technical assistance.”
Plenty of mystery still surrounds the formation of this new unit, but the thought that online privacy is little more than a myth is a scary idea. [Cnet]