Senators call for investigation into Verizon ‘supercookies’
WASHINGTON — Democrat senators called on federal regulators Friday to investigate Verizon Wireless, the country’s biggest mobile provider, for secretly inserting unique tracking codes into the web traffic of its 100 million customers.
Data privacy experts have accused Verizon of violating consumers’ privacy by using “supercookies,” an identifying string of letters and numbers attached to each site visited on a person’s mobile device.
“This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent,” said Sen. Bill Nelson of Florida, the top Democrat on the Senate Commerce Committee.
Verizon Wireless spokeswoman Debra Lewis said the company “takes our customers’ privacy seriously” and that it plans to respond to Nelson’s letter to the Federal Communications Commission and the Federal Trade Commission.
The company said last week that it would give customers the chance to opt out of the tracking program.
The FCC and FTC did not respond to questions about whether they would conduct a review. The FCC regulates the telecommunications industry, and the FTC investigates consumer complaints based on unfair or deceptive business practices. The agencies typically do not acknowledge investigations until they are complete and only if wrongdoing is found.
“The commission takes violations of consumer privacy extremely seriously,” FCC spokesman Neil Grace wrote in an emailed statement.
Most people are familiar with online cookies — little bits of code attached to your Web browser after visiting a site. But popular web browsers give the option of blocking the cookies or deleting them from your computer.
As more people rely on wireless devices to go online, the industry found a new way to track people. At Verizon, each retail customer — business and government users were exempted — was assigned a unique code, or identifying header, that was inserted into their mobile applications and browsers.
Critics called these supercookies because consumers could not delete them, and no one knew they were there. And while these trackers did not contain personal information, such as a name or phone number, they easily could be used to identify a person by monitoring their web habits and cross-referencing it with information that a person volunteers online.
Phone companies are required by law to give customers the opportunity to opt out of data collection for marketing purposes and have five business days to notify the FCC if that process fails. In September, Verizon Communications agreed to pay $7.4 million to settle allegations that it failed to notify about 2 million customers of its privacy policies.
AT&T Mobility, which had experimented with the idea, announced in November that it’s no longer attaching the hidden codes.