JAN. 25, 2015
Verizon's Mobile 'Supercookies' Seen as Threat to Privacy
By NATASHA SINGER and BRIAN X. CHEN
For the last several months, cybersecurity experts have been warning  Verizon Wireless that it was putting the privacy of its customers at risk. The computer codes the company uses to tag and follow its mobile subscribers around the web, they said, could make those consumers vulnerable to covert tracking and profiling.
It looks as if there was reason to worry.
This month Jonathan Mayer, a lawyer and computer science graduate student at Stanford University, reported on his blog  that Turn, an advertising software company, was using Verizon's unique customer codes to regenerate its own tracking tags after consumers had chosen to delete what is called a cookie -- a little bit of code that can stick with your web browser after you have visited a site. In effect, Turn found a way to keep tracking visitors even after they tried to delete their digital footprints.
The episode shined a spotlight on a privacy issue that is particularly pronounced at Verizon. The company's customer codes, called unique ID headers, have troubled some data security and privacy experts who say Verizon has introduced  a persistent, hidden tracking mechanism into apps and browsers that third parties could easily exploit.
While Internet users can choose to delete their regular cookies, Verizon Wireless users cannot delete the company's so-called supercookies.
"Verizon is not in a position to control how others use its header," Mr. Mayer said. "There's no doubt that this particular approach does introduce new privacy problems."
Websites, digital advertising networks and online analytics services have for years placed bits of code in people's browsers to follow their online activities and show them advertising tailored to their interests. Verizon uses its customer tags to put subscribers into advertising categories, among other things.
In a recent interview, Praveen Atreya, a Verizon technology director who helped develop the technology behind the mobile marketing program, said the company's unique header was not intended for use by other companies to remember its subscribers or recover information about them.
Indeed, after a report on the practice by ProPublica,  Turn announced  it would suspend its use of Verizon's ID codes to regenerate tracking cookies and reconsider its use of the technique.
"We feel this practice is legal," Max Ochoa, Turn's chief privacy officer, said in a phone interview. "But given people's concerns, as soon as we get the new codes rolled out, we will suspend this practice."
Telecommunications companies had long avoided selling information about their customers' activities because a federal law classified them as "common carriers," akin to public utilities; the category is subject to strict data-privacy rules.
But in 2007, the Federal Communications Commission decided that the privacy regulations governing telephone communications need not apply to the wireless Internet service provided by phone carriers.
Online behemoths like Facebook and Yahoo,  along with consumer database marketers like Acxiom  and BlueKai, already enabled advertisers to target narrow customer segments, like 30-something men who earn more than $200,000 and are in the market for luxury cars. But the F.C.C.'s ruling paved the way for wireless providers to do likewise.
Verizon is now at the forefront of telecommunications companies selling intelligence about their customers to advertisers. AT&T experimented last year with a similar ad-targeting program, which involved inserting a unique numeric code into a subscriber's web requests. But after scrutiny in the news media, AT&T said it was halting its program,  at least until it came up with a better approach.
The ad-targeting experiments by Verizon and AT&T are striking examples of the data-mining opportunities open to phone carriers now that they have become the nexus of the information universe, providing a connection to the Internet for people anywhere they go, at any time.
Verizon's marketing efforts are part of a high-frequency digital ad trading system  called real-time bidding, in which many kinds of players track and analyze users' online activities to identify the characteristics of those who would be most receptive to certain ads.
A Verizon service called Relevant Mobile Advertising,  for instance, combines details obtained from information resellers like Acxiom and Experian with the wireless carrier's own data to classify its mobile subscribers by gender, income, interests or other criteria; the company allows its subscribers to opt out of receiving ads customized through this program.
Another service, called Verizon Selects  -- which consumers can opt in to in exchange for reward points -- segments subscribers based on their web browsing and use of apps.
Verizon says its customer categorization programs offer an advantage to advertisers because the company has a direct relationship with subscribers and it can understand their general location based on the places from which they make calls or send texts. The services use a unique alphanumeric code for each subscriber, rather than real names or contact information, to group them into ad clusters. Mr. Atreya, the Verizon director, says the company changes these customer codes every few days.
"The intent was to provide a safe vehicle for us to be able to share information with our partners in the web ecosystem," Mr. Atreya said.
Verizon uses these ID tags to sell intelligence about its subscribers. Turn, a Verizon customer that works on behalf of advertisers or their agencies, can sync its own alphanumeric tracking codes with those Verizon tags.
Advertisers place orders with Turn to show ads to a specific audience, such as young suburban mothers or surfers who live near beaches. When Turn's system sees tags identifying users in those consumer clusters, it can place bids in electronic auctions to show those groups digital ads. Turn's system sees one million such bid opportunities a minute.
"Verizon is one of many data partners," said Paul Alfieri, Turn's senior vice president for marketing. "It's up to the advertisers to say, 'We're willing to pay for 10 data vendors to get that needle in a haystack,' or 'No data vendors.' "
The controversy over Verizon's supercookie only worsened after Mr. Mayer at Stanford reported that Turn had been using the carrier's customer codes for an additional purpose: to regenerate its own tracking cookies after users had deleted them.
Mr. Atreya said he had not been consulted.
"They did not talk to me. If they did, I would not have been satisfied," Mr. Atreya said.
Verizon was still evaluating its ad-targeting system, he said. He added that the company was considering allowing its subscribers to opt out of being tagged with its undeletable customer codes.
Some leading data-privacy and security experts contend that Verizon's use of unique and persistent customer ID tags makes its subscribers vulnerable to covert online tracking by third parties.
Harold Feld, a senior vice president at Public Knowledge, a nonprofit group that focuses on information policy, said Verizon's use of supercookies highlighted the need for stronger privacy laws regulating wireless Internet services.
The practice has given ammunition to supporters of net neutrality -- the idea that the Internet should be a level playing field for companies of all sizes -- who have lobbied the F.C.C. to reclassify broadband providers as common carriers.
If that happens, it could prohibit carriers like Verizon from selling intelligence about its customers for ad-targeting purposes.
"Stuff like this is worse than what Google or Facebook or anyone else does," Mr. Feld said. "I can avoid Google and Facebook, in theory at least. But if the network operator is going to spy on me, there is nothing I can do about it."