Verizon Supercookie Opt-Out Offer Not Enough, Say 4 U.S. Senators

The lawmakers are asking the FCC and the FTC to look into Verizon's use of the supercookies, which track mobile users, to examine whether they intrude on consumer privacy.

smartphones, supercookies, Verizon

Concerns about Verizon's use of supercookies that automatically target ads to mobile customers are prompting four U.S. senators to ask the Federal Communications Commission and the Federal Trade Commission to look into the practice to determine if it intrudes on the privacy of consumers.

In separate Feb. 6 letters sent to Tom Wheeler, the chairman of the FCC, and to Edith Ramirez, the chairwoman of the FTC, the senators asked the agencies to investigate Verizon's supercookie use.

After hearing criticism for months about its use of the special data headers, also known as supercookies, Verizon agreed earlier in February to allow users who object to the data tags to opt out of the program so they will no longer receive them, according to an earlier eWEEK report.

But in a Feb. 6 statement, U.S. Sen. Bill Nelson, D-Fla., the top Democrat on the Senate Commerce Committee, said that such an option is not enough. Instead, said Nelson, consumers should have to opt in to allow such tracking.

"This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent," Nelson said in the statement. "That's why I think we need to get to the bottom of this and perhaps [need] new legislation."

Joining Nelson in the call for investigation are Sens. Edward Markey, D-Mass.; Richard Blumenthal, D-Conn.; and Brian Schatz, D-Hawaii.

The lawmakers asked Verizon whether it intends to keep using supercookies, and what steps it plans to take to protect consumers' privacy.

In the letter to Wheeler at the FCC, Nelson and his colleagues wrote that "consumer privacy has long been a priority of the Commerce Committee. As we consider whether legislation may be necessary to fully protect consumers from the use of these supercookies, we also believe the Federal Communications Commission should use its full existing statutory authority to examine these practices. In particular, the use of these supercookies may implicate the Commission's rules and policies related to consumer privacy and transparency."

In their letter to Ramirez at the FTC, the senators asked that her agency "scrutinize all public and customer disclosures and information relevant to the use of [Verizon's] supercookie by third parties."

Verizon's new opt-out option for the supercookies came earlier this month after several privacy advocates criticized the program because it previously did not allow customers to avoid participating in the ad tracking efforts. The opt-out ability will arrive soon, the company said at the time. A Verizon spokeswoman told eWEEK earlier that the company "takes customer privacy seriously and it is a central consideration as we develop new products and services. As the mobile advertising ecosystem evolves, and our advertising business grows, delivering solutions with best-in-class privacy protections remains our focus."

Back in October 2014, Verizon denied that the ad program intruded on the privacy of its customers, according to an earlier eWEEK report.

The controversy involves Verizon's inclusion of Unique Identifying Headers (UIDH) in the address information of incoming Internet data requests from Verizon customers more than two years ago. Critics of the practice say that UIDHs can ultimately allow Web servers to build profiles of users when their mobile devices generate the tokens, but Verizon denies that the information can be used to identify an individual user.

Verizon previously said that the UIDH data, which has been in use since late 2012, accompanies users' Internet data requests transmitted over the company's wireless network. The UIDH data is dynamic and changes often on user devices, and can be used to authenticate subscribers as well as help to associate devices with targeted ad campaigns for the company's Relevant Mobile Advertising program, as long as a customer has not opted out of that program.

Customers were already eligible to opt out of Verizon's Relevant Mobile Advertising program, but until now could not also opt out of the header use.

In November 2014, AT&T dropped its own similar experiment with phone-tracking tags that gave users unique identifiers, even if the users had opted out of mobile ad-tracking services, according to a previous eWEEK report. That controversial tracking program had also been criticized by privacy advocates who argued that tracking user information even if users opted out of the tracking was not fair. The AT&T testing was built around a numeric code that changed every 24 hours on mobile devices and was used to help serve ads on an anonymous basis, similar to a cookie in online advertising. The testing was completed by AT&T at the time and was removed from the company's mobile network, according to the report.

The tracking tags, which were also known as "perma-cookies," had allowed Internet sites to track a specific mobile phone and create a database of information about what the user of the phone was doing, such as looking for sports scores or searching for restaurants or shops.