EPB, Dalton's Optilink say they won't sell or share users web browser data

A network operations technician works in EPB's state-of-the-art Distribution Center designed to compliment the citywide Smart Grid and fiber optic network.
A network operations technician works in EPB's state-of-the-art Distribution Center designed to compliment the citywide Smart Grid and fiber optic network.

Chattanoogan Adam McElhaney wants to know what U.S. House Speaker Paul Ryan does when he logs onto his computer and surfs the web.

And he's raised more than $200,000 to find out.

McElhaney is a web privacy advocate, and he was upset after Republicans in Congress struck down an Obama administration regulation to prevent internet service providers (ISPs) from selling their customers' browsing his histories without their permission. He was upset enough, in fact, he started a campaign on GoFundMe.com to raise $10,000 to purchase the browsing history of Ryan, leader of the Republican majority.

As of Sunday afternoon, 12,835 people had donated $201,389 to McElhaney's campaign.

"I plan on purchasing the internet histories of all legislators, congressmen, executives, and their families," McElhaney said in his fundraising pitch. "Help me raise money to buy the histories of those who took away your right to privacy."

Whether McElhaney can do what he is proposing is uncertain, web experts agree, but he is clearly channeling anger from many consumers over the way the privacy regulation was struck down with little opportunity for debate.

"$10 is not a lot to pay for a little stick-it-to-'em feeling to start my day," one person noted on McElhaney's Twitter feed.

McElhaney's challenge is that privacy laws now in effect prohibit a company that collects web browsing information from selling individuals' data. So an advertiser might be able to ask Google to target an ad at all the 40-and-older white males in Wisconsin who read conservative websites, but would not get raw browser history data that would identify a specific 47-year-old man from Wisconsin who also used Twitter on the specific days Ryan sent out tweets.

McElhaney said he believes he has a way to get around these limitations, and promises to either refund his donations or give them to a web privacy group if he fails.

But the speed with which he and others with similar campaigns have exceeded their initial fundraising goals seems to reflect widespread concern about how much information is being collected and sold without users' permission.

The Electronic Frontier Foundation, one of the leading internet privacy groups, said in a statement that the 215-205 vote in Congress will "give our personal information to an already highly profitable cable and telephone industry so that they can increase their profits with our data.

Big internet providers "will be given new powers to harvest your personal information in extraordinarily creepy ways. They will watch your every action online and create highly personalized and sensitive profiles for the highest bidder. All without your consent," the EFF statement said.

The region's two city-owned ISPs - the Electric Power Board in Chattanooga and Dalton Utilities/Optilink in Dalton - were both quick to tell customers they would not sell browsing data.

"We will never use, monitor, control, share or sell any customers' website browsing information, Internet usage history, email messages or other content generated from the use of our Internet service," EPB officials said on the utility's Facebook page.

Critics cited campaign contributions as a reason for the vote. Among Tennessee Republicans, Sen. Lamar Alexander received $84,000 from telecommunications companies in his last election campaign, according to figures compiled by the National Institute on Money in State Politics (www.followthemoney.org). Sen. Bob Corker received $43,000 and Rep. Chuck Fleischmann got $18,000. In North Georgia, Republican Rep. Tom Graves got $33,000.

But the legislators argued they were merely insuring ISPs had the same rules as companies such as Google, which also collect users' browsing data.

"I voted to make sure the Federal Communications Commission can start over and write a new rule that both protects consumers' personal information and makes sure there is a level playing field between companies that provide access to the Internet and companies that do business on the Internet," Alexander said in a statement.

"Privacy protections are very important, however, these FCC rules would treat internet service providers differently than the rest of the internet ecosystem, creating an unnecessary patchwork of confusing regulations," Fleischmann said.

And Corker added: "The rule would have created an uneven playing field for internet companies. The Federal Communications Commission and the Federal Trade Commission have stated that they will work together on new privacy protections, and I look forward to reviewing their proposals and working with my colleagues to ensure that there are appropriate safeguards for consumers."

***

The problem with keeping what you do on the internet private is that the websites you browse are scattered on hard drives (called servers, because they serve up data) all across the U.S. and around the world.

When you type in the address of a website in a browser such as Google Chrome, Firefox, Safari or Internet Explorer, the browser stores that address in its "history" folder. Then your browser sends the address to your computer's network software, and then through the router that connects to your ISP. If you are at work or at school, the signal will first go to your school or company servers, which may or may not be located in your building, and then on to your ISP.

The largest ISPs in the U.S. include many of the major telephone and cable TV companies, such as Comcast, Verizon, Cablevision or AT&T. They're the people you pay each month for your internet service.

At your ISP, your web browser's request to find a specific webpage will be routed to the computer hard drive that holds files for the site you want to reach. But that request may go through several other computers along the way.

Each of those computers - your company's, your ISP's or those along the way, and the computer that holds the site you want to reach - all store the address your request came from (so they can send the information back to you) and the address of the website you are searching for.

That includes the address of each webpage you visit, how long you spent there and what you did, including whether you downloaded files. Web privacy advocates worry that as more and more companies collect such data, it becomes more vulnerable to hackers who could use it for electronic theft or blackmail.

The information is incredibly valuable to advertisers, however, because it allows them to target their advertising specifically at people who may actually want to buy the product or service they are selling. Or if they know you have bought an item online, they can offer to sell you things that might logically go with that product, such as new sheets or pillows if they know you have just bought a mattress.

That is why you may see ads on a webpage reflecting something you searched for or purchased only a few hours or even minutes earlier.

Online advertising networks already have sophisticated tools to track your browsing. One of the arguments in favor of blocking the Obama administration rules was that Google and other web browser companies already had access to this information, as did many advertisers, so it was unfair not to allow ISPs to get into the business themselves and sell the data they collect.

Internet privacy advocates say they have no problem allowing advertisers, ISPs and browser companies to have access to this data, if consumers give permission first. That was the gist of the Obama administration's proposed rule.

But ISPs (and Google and advertisers) argued it would be time-consuming and expensive to obtain permission and would interfere with their ability to conduct their businesses.

Currently, ISPs do allow consumers to opt out of having their data collected.

Browser companies such as Google offer a very limited ability for web users to browse anonymously. If you select that option, your browser software will not record the addresses of the websites you visit, and it will delete any tracking software (often called cookies) those web sites add to your computer.

But private or incognito browsing only affects your own computer. Your company's server, the ISP's computers and those along the way to your destination site still keep track of where you go and what you do there.

A more sophisticated way to hide your browsing data from everyone is a virtual private network, or VPN, which disguises your computer's address. But VPNs usually charge a small monthly fee, in the $5 to $12 range, and they can be difficult to set up if your home has several desktop, laptop and tablet computers plus several smartphones.

Contact staff writer Steve Johnson at 423-757-6673, sjohnson@timesfreepress.com, on Twitter @stevejohnsonTFP, and on Facebook, www.facebook.com/noogahealth.

Upcoming Events