Comcast Angers Privacy Groups But For What?

internetnews.com Staff

Updated · Feb 13, 2002

Privacy advocates spent Wednesday blasting Comcast Corp. (NASDAQ:CMCSK) for
its decision to record the Web surfing activities of its customers without
their knowledge.

The cable company, which is in the
midst of a $72 billion merger
with AT&T Broadband to become the largest
cable network in the world, was conducting the practice in order to
optimize the performance for customers across its network.

But, now a PR blunder has caused Comcast to start back-peddling.

“Beginning immediately, we will stop storing this individual customer
information in order to completely reassure our customers that the privacy
of their information is secure,” Comcast said in a statement released
Wednesday afternoon.

Mitch Bowling, Comcast vice president of operations, said actual customer
response to the privacy complaints has been almost non-existent.

“Obviously, we have customers that we respect and want to make clear to
them and ensure that they understand that we respect their privacy,” he said.

So why exactly was the third-largest cable Internet service provider (ISP)
in the U.S. monitoring its customers so closely?

Cable is a shared network resource, which means that the more Internet
customers who share the same node will cut into the overall speed of the
connection. The result: slow downloads and frequent lags in connectivity.

To address the problem, Comcast uses edge servers by Inktomi to improve the overall efficiency of the network. Edge servers
cache popular Web pages or files at the provider’s data center instead of
requiring users to visit the actual Web site. This dramatically cuts down
on the bandwidth passing through the network the customer is using.

For example, say there’s a popular Webcast thousands of people are visiting
every hour. Instead of going to “forexample.com” and downloading the
stream, the Web page information is stored at a Comcast edge server located
close to the consumer’s node, putting only a small section of the entire
cable network under strain.

Comcast’s edge services need to collect information on user surfing habits
to improve their service. By collecting the IP address and the sites that
address visits, they can improve the performance of these edge servers to
free up even more bandwidth on Comcast’s network.

That program’s on hold now until Comcast can figure out another method to
efficiently manage its operations and improve edge server performance going
forward.

“We’re evaluating our future, long-term stance on caching, Bowling
said. “We’ve taken some immediate attention because there’s a lot of focus
on the issue, but we have to make sure our customers understand how
important we think this is.”

Lee Tiem, senior staff attorney at the Electronic Frontier Foundation, said
most people assumed the worst about Comcast, even though that likely wasn’t
the case.

“The real issue here is ‘what is the attitude companies have towards
privacy?’ ” he said. “The end result is that (today’s report) is quite
good. I hope it sends a message that there are some ISPs out there that
don’t track their customers, and that those that do understand the
importance of privacy. When a company like Comcast (announces the
immediate halt to tracking), that’s a good sign.”

It seems the real concern for privacy advocates was the fact that rather
than issuing a simple one-paragraph e-mail to their customer base spelling
out the reason for the practice, company officials didn’t notify anyone
externally, resulting in questions as to Comcast’s ulterior motive.

Mikal Condon, staff counsel for the Electronic Privacy Information Center,
said she is more concerned about the potential for misuse and violations to
the Cable Act of 1992, which spells out the rights to customer privacy.

“I think that a lot of the frenzy that happened today, people are really
just trying to figure out what’s happening today, that they can react to it
appropriately,” she said. “The Cable Act requires that if you collect
personally identifiable information that you allow users to opt-in to that
collection.”

One thing’s for certain…the furor couldn’t have happened at a worse time.

Comcast is in the middle of a bid for AT&T Broadband, a merger process sure
to involve regulatory approval by both the Federal Communications
Commission and the Federal Trade Commission. Any hint of impropriety could
damage or even completely undo merger approval, which would be a huge
setback for the company trying to gain ground against the likes of AOL Time
Warner, the second-largest cable company in the U.S.

“We think it’s a dangerous habit (for Comcast) to get into,” Condon
said. “Regardless of what they are doing, which I think is till up in the
air, I think privacy groups at this point are trying to a finger to what
exactly Comcast is doing. However, the concern that groups like EPIC has
is that they are collecting information about users in extremely sensitive
areas and that just opens up the door to misuse.”

And, Comcast’s chief competitors like America Online and EarthLink still
seized upon the golden opportunity to add their voices to the chorus,
saying they don’t and wouldn’t collect the Web activity of their members.

But Comcast still tried to explain itself through its statement.

“Consistent with our subscriber agreement and our privacy policy, Comcast
reviews information in aggregate form only for purposes of network
performance management to ensure an optimal Internet network experience for
our subscribers,” the statement read. “Comcast has not shared and will not
share personal information about where our subscribers go on the Web,
either for any internal purpose or with any outside party, except as
required by law.”

A vast majority of ISPs assign IP addresses dynamically, using the dynamic
host configuration protocol (DHCP). That means every time a customer signs
on to the Internet, they are assigned a different IP address, a pooling
process that saves the provider from reserving huge chunks of IP addresses
and has absolutely no effect on the end user.

Because IP addresses are dynamically handed out, customer information like
names, addresses and phone numbers aren’t readily available. Technicians
would need to join the logs of IP addresses used at a certain time with the
customers online at a certain time, a process that isn’t technically
difficult but unlikely one Comcast would pursue.