According to a news release from the FCC, the FCC announced a settlement that resolves the investigation into Verizon for its use of unique identifier headers (UIDH), better known as “supercookies”, which were inserted into customers’ mobile traffic without their consent or knowledge.
“These unique, undeletable identifiers – referred to as UIDH –are inserted into web traffic and used to identify customers in order to deliver targeted ads from Verizon and other third parties.”
Subsequent to this investigation and settlement, Verizon will now “[notify] consumers about its targeted advertising programs, … obtain customers’ opt-in consent before sharing UIDH with third parties, and will obtain customers’ opt-in or opt-out consent before sharing UIDH internally within the Verizon corporate family.”
Not only will Verizon change its policies, but it will be fined $1.35 million.
“Verizon Wireless will pay a fine to the United States Treasury in the amount of one million, three hundred fifty thousand dollars ($1,350,000) within thirty (30) calendar days of the Effective Date. Verizon Wireless shall send electronic notification of payment to [email protected] on the date said payment is made. The payment must be made by check or similar instrument, wire transfer, or credit card, … Regardless of the form of payment, a completed FCC Form 159 (Remittance Advice) must be submitted.”
However, $1.35 million is a drop in the bucket considering Verizon reports that it made $131.6 billion last year.
Verizon inserted supercookies into HTTP requests made by mobile wireless users who were using their mobile data, this means that users who used their own internet connection weren’t affected. The cookie uniquely identified users and allowed Verizon to deliver targeted advertisements. The supercookie couldn’t be removed, and because of this and the fact that any site could see it, it was abused by sites to readd cookies which were deleted by users.
What damned Verizon was the fact that they didn’t get consent or tell anyone for that matter, which clearly violates the Open Internet Transparency Rule and Section 222 of the Act, which the FCC investigated them for.
“The Transparency Rule requires BIAS providers, including wireless mobile broadband providers, to disclose accurate information regarding their mobile broad band Internet access services sufficient for consumers to make informed choices regarding such services. 18 Under Section 222 of the Act, a telecommunications carrier has a duty to protect its customers’ proprietary information and any ”telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts.””