It used to be that you paid for bandwidth from a provider and that’s exactly what you got. Now, with ever-expanding efforts to profit, ISPs have started to monetize customer information quietly while selling them bandwidth. The temptation is strong, as that kind of aggregate data has real value on the secondary market, but what about the customers’ privacy?
For years, computers, tablets, smartphones and other devices sold to consumers have been partially subsidized through large companies selling information about your Internet usage, such as browsing habits. Whether it’s a laptop, mobile device or home computer, it comes preloaded with software from third parties, who pay manufacturers to install programs that border on adware and spyware. This is one reason for the difference in price between computers sold to homes and businesses. Ever try to remove all the junk? It takes a dedicated tech expert, and even then it’s tough. The problem is so endemic that it has lead to the rise of a cottage industry of programs to remove it with names like Bulk Crap Uninstaller and Crap Cleaner. Some of this junkware could even hijack your traffic at a very low level, blurring the line of what actions are ethical by the manufacturers that make these deals. They may even introduce actual security vulnerabilities into computers.
Here at ESET, we usually get asked if we sell customer data to marketers; the answer is “no”. We have plenty to do just focusing on current threats and keeping customers safe. ISPs should do the same – stay focused on the technology to serve customers, not to sell their information to the highest bidder.
The issue is trust. Many people have no idea their information is being sold. If they did, there often was a monopoly or duopoly of internet providers in their area that provided broadband, and often those companies offered “take it or leave it” agreements, so you didn’t have a choice but to allow your information to be sold if you wanted to use their service. No? Try altering the agreement and sending it back to them (which you have legal right to do before you sign). You will likely not receive a warm response. Or, in some cases, you may have to pay extra for the privilege of not being tracked.
Keeping customer trust at the center of a business model certainly may hamper temporary quarter-by-quarter profit imperatives so prominent in publicly-traded companies, but if what you’re selling is trust and confidence, we think it will pay off in the end.
There is much work to be done providing adequate broadband to the U.S. (and the rest of the world) There are many areas that are either unserved or under-served, and customers there need broadband service to do their work. I am involved in a small ISP in an underserved rural area. We have opted not to sell any customer data to marketers in order not to establish a precedent I don’t think many customers would be comfortable with. But then in a small town you see customers in the store and want them to enjoy doing business with you and not have to look the other way.
I know ESET also cares deeply about what happens to customers, who are often in our own families, and who we have to answer to during social gatherings. I guess we could maximize profits by selling information, but it would set a precedent that doesn’t match who we are. Gaining trust takes years; losing it takes seconds. I hope the ISP industry, and other tech industries could focus a bit more on trust and a bit less on profits. If you gain trust, profits will follow.
by Cameron Camp, ESET We Live Security