AT&T rewrites rules: Your data isn't yours

Link:
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/06/21/BUG9VJHB9C1.DTL&hw=at&sn=002&sc=870

Cliffs:
AT&T has issued an updated privacy policy that takes effect Friday. The new policy says that AT&T – not customers – owns customers’ confidential info and can use it “to protect its legitimate business interests, safeguard others, or respond to legal process.”

Article:

http://www.sfgate.com/templates/brands/chronicle/images/chronicle_logo.gif

http://www.sfgate.com/templates/columnists/lazarus/bylinelogo.gif David Lazarus

AT&T rewrites rules: Your data isn’t yours

[email=“dlazarus@sfchronicle.com”]David Lazarus

Wednesday, June 21, 2006

[b]

[/b]

AT&T has issued an updated privacy policy that takes effect Friday. The changes are significant because they appear to give the telecom giant more latitude when it comes to sharing customers’ personal data with government officials.

The new policy says that AT&T – not customers – owns customers’ confidential info and can use it “to protect its legitimate business interests, safeguard others, or respond to legal process.”

The policy also indicates that AT&T will track the viewing habits of customers of its new video service – something that cable and satellite providers are prohibited from doing.

Moreover, AT&T (formerly known as SBC) is requiring customers to agree to its updated privacy policy as a condition for service – a new move that legal experts say will reduce customers’ recourse for any future data sharing with government authorities or others.

The company’s policy overhaul follows recent reports that AT&T was one of several leading telecom providers that allowed the National Security Agency warrantless access to its voice and data networks as part of the Bush administration’s war on terror.

“They’re obviously trying to avoid a hornet’s nest of consumer-protection lawsuits,” said Chris Hoofnagle, a San Francisco privacy consultant and former senior counsel at the Electronic Privacy Information Center.

“They’ve written this new policy so broadly that they’ve given themselves maximum flexibility when it comes to disclosing customers’ records,” he said.

AT&T is being sued by San Francisco’s Electronic Frontier Foundation for allegedly allowing the NSA to tap into the company’s data network, providing warrantless access to customers’ e-mails and Web browsing.

AT&T is also believed to have participated in President Bush’s acknowledged domestic spying program, in which the NSA was given warrantless access to U.S. citizens’ phone calls.

AT&T said in a statement last month that it “has a long history of vigorously protecting customer privacy” and that “our customers expect, deserve and receive nothing less than our fullest commitment to their privacy.”

But the company also asserted that it has “an obligation to assist law enforcement and other government agencies responsible for protecting the public welfare, whether it be an individual or the security interests of the entire nation.”

Under its former privacy policy, introduced in September 2004, AT&T said it might use customer’s data “to respond to subpoenas, court orders or other legal process, to the extent required and/or permitted by law.”

The new version, which is specifically for Internet and video customers, is much more explicit about the company’s right to cooperate with government agencies in any security-related matters – and AT&T’s belief that customers’ data belongs to the company, not customers.

“While your account information may be personal to you, these records constitute business records that are owned by AT&T,” the new policy declares. “As such, AT&T may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process.”

It says the company “may disclose your information in response to subpoenas, court orders, or other legal process,” omitting the earlier language about such processes being “required and/or permitted by law.”

The new policy states that AT&T “may also use your information in order to investigate, prevent or take action regarding illegal activities, suspected fraud (or) situations involving potential threats to the physical safety of any person” – conditions that would appear to embrace any terror-related circumstance.

Ray Everett-Church, a Silicon Valley privacy consultant, said it seems clear that AT&T has substantially modified its privacy policy in light of revelations about the government’s domestic spying program.

“It’s obvious that they are trying to stretch their blanket pretty tightly to cover as many exposed bits as possible,” he said.

Gail Hillebrand, a staff attorney at Consumers Union in San Francisco, said the declaration that AT&T owns customers’ data represents the most significant departure from the company’s previous policy.

“It creates the impression that they can do whatever they want,” she said. “This is the real heart of AT&T’s new policy and is a pretty fundamental difference from how most customers probably see things.”

John Britton, an AT&T spokesman, denied that the updated privacy policy marks a shift in the company’s approach to customers’ info.

“We don’t see this as anything new,” he said. “Our goal was to make the policy easier to read and easier for customers to understand.”

He acknowledged that there was no explicit requirement in the past that customers accept the privacy policy as a condition for service. And he acknowledged that the 2004 policy said nothing about customers’ data being owned by AT&T.

But Britton insisted that these elements essentially could be found between the lines of the former policy.

“There were many things that were implied in the last policy.” He said. “We’re just clarifying the last policy.”

AT&T’s new privacy policy is the first to include the company’s video service. AT&T says it’s spending $4.6 billion to roll out TV programming to 19 million homes nationwide.

The policy refers to two AT&T video services – Homezone and U-verse. Homezone is AT&T’s satellite TV service, offered in conjunction with Dish Network, and U-verse is the new cablelike video service delivered over phone lines.

In a section on “usage information,” the privacy policy says AT&T will collect “information about viewing, game, recording and other navigation choices that you and those in your household make when using Homezone or AT&T U-verse TV Services.”

The Cable Communications Policy Act of 1984 stipulates that cable and satellite companies can’t collect or disclose information about customers’ viewing habits.

The law is silent on video services offered by phone companies via the Internet, basically because legislators never anticipated such technology would be available.

AT&T’s Britton said the 1984 law doesn’t apply to his company’s video service because AT&T isn’t a cable provider. “We are not building a cable TV network,” he said. “We’re building an Internet protocol television network.”

But Andrew Johnson, a spokesman for cable heavyweight Comcast, disputed this perspective.

“Video is video is video,” he said. “If you’re delivering programming over a telecommunications network to a TV set, all rules need to be the same.”

AT&T’s new and former privacy policies both state that “conducting business ethically and ensuring privacy is critical to maintaining the public’s trust and achieving success in a dynamic and competitive business climate.”

Both also state that “privacy responsibility” extends “to the privacy of conversations and to the flow of information in data form.” As such, both say that “the trust of our customers necessitates vigilant, responsible privacy protections.”

The 2004 policy, though, went one step further. It said AT&T realizes “that privacy is an important issue for our customers and members.”

The new policy makes no such acknowledgment. David Lazarus’ column appears Wednesdays, Fridays and Sundays. Send tips or feedback to [email=“dlazarus@sfchronicle.com”]dlazarus@sfchronicle.com.

What the fuck?

:tdown:

1984 here we come.

well thats not good

Man…fuck AT&T!

Apparently AT&T is a Bush administration and RIAA whore…

On a second note, I am glad that I didn’t sign with AT&T for our new MPLS network and opted to go with Paetec instead…

watch as everyone switches to a different provider

exaclty. perfect timing considering the meglomerger et all.

:tdown:

i seriously wonder how much pressure the CIA and the Bush Admin had to put on them to do that. Cant do warrentless wire taps because its illegal? Ok then, we’ll just make the phone companies change their terms of service so they can just give it to us

AT&T is a very large global backbone, no matter what provider you are on, you will most likely have to go through some kinda AT&T backbone

i have at&t for my internet and i got that email the other day time to look elseware for internet, to bad verison DSL is not in my area

No cable providers in your area?

Yeah but they can’t hack 3DES packets or some other encryption originating from some other vendor. Stupid… Only their OWN customers…

adelphia is to expensive and we are aparently to far away to get DSL but my friend 5 blocks down has it though which i dont understand

What can they do. They’re being sued for 200 billion dollars. 200 billion dollars. 200 billion dollars.

Because of stupid lawsuits like this they have to do something to protect themselves. I’m sorry, if you don’t agree with the wiretapping fine, go after the NSA, write your congressman, vote differently, organize a protest to draw attention to it, (or do the liberal douche thing and bitch about it on a message board but don’t do anything that will actually change it). But suing the phone company because they complied with a government order? That smells like bullshit right there.

http://news.yahoo.com/s/nm/20060622/tc_nm/telecoms_att_dc