ISPs can now store and sell US user data, but NordVPN sees three ways they can affect online security
President Donald Trump signed an executive order on April 3, finalising the repeal of the US Federal Communications Commission’s (FCC) internet privacy rules that would have stopped ISPs’ intrusive practices, says NordVPN.
Internet Service Providers (ISPs) are now free to collect and share their subscribers’ private data that includes precise geolocation, financial information, health information, children’s information and web browsing history. While ISPs are claiming they won’t sell customer data, now that they are legally allowed to do it, there’s lots of skepticism surrounding this claim.
According to the rights group Electronic Frontier Foundation, “privacy and security are two sides of the same coin: Privacy is about controlling who has access to information about you, and security is how you maintain that control.”
Here, VPN service provider NordVPN reviews three ways that ISPs could impact online security, given the new rights:
- Storing large amounts of data could attract hackers – The storage security argument always reappears when discussing the mandatory ISP data retention programs. Security experts and human rights groups usually agree that collecting citizens’ data must be balanced with increased data protection. To make matters worse, the FCC chairman, Ajit Pai has recently halted the enforcement of another ISP regulation. It would have required providers to take measures to protect user private data from security breaches. As a result, even if users’ data gets hacked because of lax security, broadband providers will bear no responsibility.
- ISPs could use enhanced tracking techniques – According to a 2015 study, at least nine ISPs, including AT&T, Verizon and Vodafone, were found to have been using a “supercookies.” When supercookies are installed, every website a user visits, and every third party embedded in these websites can track them. Even if a user deletes their browser’s cookies or use the Incognito mode, supercookies persist. Also, the effectiveness of some privacy tools may be weakened because the tracking could be added after the data leaves a device. To prevent trackers from being added on a network level, users would have to use a combination of tools to fully secure their Internet traffic, such as a tracker blocker and a VPN for encryption. Thanks to FCC investigation, ISPs (such as Verizon) were fined and have since agreed to notify users about cookies and give an option to opt in before they can track their data. However, if FCC regulations keep getting struck down, ISPs might revert to using, or invent other enhanced tracking methods.
- ISP tactics might weaken web encryption – At the moment, ISPs can only track the portion of user traffic that is not encrypted. Although VPN service encryption is recommended, some people choose to rely on web page encryption offered by HTTPS protocol. Tracking is limited on HTTPS websites secured with SSL (Secure Socket Layer). In such websites, any data that is being sent between a user’s browser and the server is encrypted. As such SSL certificates pose a major problem for ISPs since their goal is to build advertising profiles based on their subscriber data. There have been talks of ISPs implementing a standard called Explicit Trusted Proxy, which would potentially allow ISPs to intercept encrypted HTTPS web-page data, decode it, process it, re-encrypt it, and then finally pass the re-encrypted data along to its original destination. Recent studies have shown that many tools used for inspecting HTTPS traffic end up weakening the encryption and potentially exposing it to various security breaches. If Internet providers get their way and obtain access to HTTPS data, they will reduce the security of the entire web.
NordVPN remains a supporter of internet privacy and security. The company has noticed a 200% spike in user inquiries from the U.S. since Congress approved new ISP rights.
“We will continue safeguarding Internet user privacy, and providing assistance and consultations on Internet privacy to all our clients. During the times of increasing attacks on Internet privacy, VPNs are starting to play a major part in user protection,” said Marty P. Kamden, CMO of NordVPN.
A VPN (Virtual Private Network) secures and encrypts internet traffic, helping protect users’ identity and data by hiding their IP address. It scrambles a user’s online data, so an ISP cannot decode and use it for building an advertising profile.
It also reroutes Internet traffic through an encrypted tunnel, preventing any third parties (including the ISPs) from monitoring your Internet traffic.
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus
IoT – Have CSPs got what it takes to succeed?
Our VanillaPlus Insight tracks developments in the Internet of Things (IoT) and explores the opportunities this presents for CSPs.
The Insight contains a specially-commissioned analyst report from IoT experts Machina Research as well as features and interviews to help you gain a greater understanding of the IoT attributes CSPs already have and how they can be monetised more effectively.