If I visit a healthcare information website, like webmd.com, and it's unencrypted, then my service provider knows my name, address, and health attributes. If they kept logs about my visit to those pages, would this be considered PHI under the context of HIPAA? If so, perhaps a lawsuit could force a judge to claim service provider logs are indeed sensitive.<p>Looking for other's thoughts...
Swedish ISP Bahnhof used the argument that an ISP shouldn't be seen as anything else than a postal service delivering packages. So this sort of feels like they want to open your letters, scan them, and maybe throw in a few coupons on matched words. But worse.
I work for an ISP and I can't imagine looking our customer's web browsing and such. The closest I come to that is Netflow data but (in our case) that's aggregated and doesn't identify specific customers.<p>> <i>"Web browsing and app usage history are not 'sensitive information,'" CTIA said</i><p>I wonder if they might feel differently if someone hacked them or their ISP and posted a month's worth of traffic logs, etc., for the public to see.<p>Maybe if the Internet histories of a handful of the top-level folks at these organizations were shared with the world (along with their identities, of course), they would change their mind.
> Moreover, CTIA claims that Section 222's use of the phrase "customer proprietary network information" demonstrates that the regulation doesn't necessarily cover "personal" information. Section 222 provisions "apply only to commercially valuable—not personal—information," the group said.<p>Since the ISPs are planning to sell that personal information, it sure seems commercially valuable. It's a shame that, instead of ISPs simply not being dicks (er, "unlocking value"), we will have to waste time and money to encrypt everything and route it through TOR.
For some reason Oracle came out today in support of the ISPs and against privacy: <a href="http://www.multichannel.com/news/policy/oracle-pai-repudiate-wheelers-tech-favoritism-policies/411586" rel="nofollow">http://www.multichannel.com/news/policy/oracle-pai-repudiate...</a>
And yet, someone hits a publicly visible (no authentication) AT&T URL repeatedly, and he gets convicted of "hacking".<p>If so, then why should AT&T get a pass for repeatedly snooping and recording my activity?
as a European I pity you for not having data protection regulations.
Instead you have to deal with unregulated, unreasonable despotism.<p>ISPs are telecommunication providers and bound to special secrecy, disclosing browsing history is punishable by criminal law (§ 88 TKG in Germany).<p>Cambridge Analytics showed us, how dangerous it is for democracy to know users habits, values, attitudes, preferences and their contact details and how easy it is to manipulate individuals.<p>US-Americans, you seriously need to wake up and get your democracy back before your society is to Orwellian.<p>Also, you are giving a bad example.
And stop cheering USA USA USA, your society is malformed and dysfunctional, you shouldn't be proud of it and lie to your self about it.
<i>The FCC defined Web browsing history and app usage history as sensitive information, along with other categories such as geo-location data, financial and health information, and the content of communications. If the rules are overturned, ISPs would be able to sell this kind of customer information to advertisers.</i><p>Don't Facebook, et. al. do this already? Don't most people spend most of their time on Facebook anyway? ISPs just want a cut of the action.