Since the March 28 Congressional decision to allow internet service providers (ISPs) to sell data to other companies without user permission, student protection on the web has become a
greater concern.
Now, information like browsing history, app usage and financial and medical data can be sold to other companies.
The bill, SJ Res 34 was presented and primarily supported by GOP members. Privacy advocates and Democrats were among those who opposed it, arguing that an internet service provider shouldn’t be able to see and sell data showing websites and specific pages its users visit.
The concern
Many of those opposed to the bill are concerned that ISPs like AT&T, Charter and Verizon will be able to view the sites and pages of non-encrypted websites that users visit and sell that data to other companies.
A main issue is that sites such as WebMD are not encrypted, putting health and lifestyle information at risk. This raises privacy concerns because not all people want their ISP to access which sites and pages they visit, especially not those that explain health symptoms they might have, computer science professor Zachary Peterson said.
“These are things you won’t want everyone to know and you won’t want to have products marketed to you based on that,” he said.
Encrypted websites are beneficial because they’re protected through https, which means there’s an extra layer of coding in the data between the server and the browser.
“Anyone who is sitting in between that connection, including the ISP, cannot see what I’m saying to Amazon, they can see I’m talking to Amazon, but they can’t see what I’m saying to Amazon,”
Peterson said.
While sites like Amazon, Facebook, Twitter and Forbes, among a list of 100 non-Google websites that are https-secure, that’s not a guarantee the sites will protect a user completely. However, when given the chance to browse only https sites, Peterson highly recommends doing so in order to protect data.
The concern extends beyond an ISP, knowing which disease a user thinks they have. It extends to lifestyle choices, behaviors and decisions. It points to the larger picture of living in a “smart” world, where a watch, a phone and a laptop can track a person’s lifestyle behaviors, Peterson said.
The push to innovate
While privacy advocates feel they lost the battle on Congress’ resolution, computer science alumnus Liam Kirsh said the rollback is an incentive to create more protective measures for consumers.
“I think less trust in ISPs will result in more innovation and better improvement of security tools so people don’t have to rely on legal regulations,” Kirsh said. “[That way] we don’t have to trust ISPs are complying with [the law].”
Specifically, Kirsh said he’s concerned that an ISP can see the information he’s giving to unencrypted web pages. An ISP already has access to seeing which domains a user browses, like Facebook, but now it can see which specific pages they’re visiting on unencrypted sites, like CNN and Fox.
As a result, Kirsh sees ISP accessibility to data as a call to action for hosts of unencrypted sites to encrypt their data. And he’s not alone.
The Electronic Frontier Foundation, a “non-profit dedicated to fighting for civil liberties in the digital world,” wants to encrypt 100 percent of the web to increase consumer privacy. So far, they’re making progress. As of February, 2017, Mozilla Firefox reported that there are more encrypted websites than unencrypted websites online today.
Some sites don’t encrypt because of lack of resources, Kirsh said. However, large institutions that need more credibility behind them are more likely to encrypt data.
“Banks, Google and Facebook have a reputation to protect [data] so they put in the engineering resources and efforts to secure their sites [it takes some configuration to offer secure connections], but it’s free,” he said.Overall, Kirsch said he places more of his trust in strides in cryptography — writing and solving code — than in Congress’ policies.
“Data is secured with math, and I would rather have my data secured by numbers than by regulations,” he said.
What students can do to protect themselves
To create an extra layer between the user and the ISP, a user can purchase a Virtual Private Network (VPN), which masks traffic, Peterson said. While they do come at a cost, the VPN would decrease the chances of an ISP’s full access to personal data transmitted over the web. One downside to the VPN is that select sites, like Netflix, prohibit access to users who use VPN, he said.
Another method of protection includes a Tor browser, which allows a user to search anonymously on the web. The Tor browser bounces a user’s traffic from several points around the web, confusing the ISP as to which location the user browses from. Because the spurts of traffic consume substantial bandwidth, high-speed internet connection could be compromised in exchange for browsing with an alias, Peterson said.
While people can adopt ways to protect themselves on the web, no method guarantees complete privacy. And that is just a part of being on the internet today.