Lawmakers want an investigation of Verizon's supercookies

Senators say they may push for legislaton to address the hard-to-defeat tracking cookies

Government agencies should investigate whether Verizon Wireless's use of so-called supercookies to track the online activities of its subscribers amount to privacy violations, three U.S. senators said Friday.

Verizon's use of the respawning, hard-to-defeat cookies on its mobile subscribers' phones raises serious privacy problems, said the senators, all Democrats. Senators are considering new legislation to rein in the use of hard-to-delete cookies, said Sen. Bill Nelson (D-Fla.).

News reports last year also identified AT&T as using supercookies, but the company later discontinued that activity.

"This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent," Nelson said in a statement. "That's why I think we need to get to the bottom of this and perhaps [introduce] new legislation."

Nelson, along with Sens. Richard Blumenthal (D-Conn.) and Edward Markey (D-Mass.), asked the Federal Trade Commission and the Federal Communications Commission to investigate Verizon's use of supercookies.

Supercookies, in particular, may violate the FCC's rules and policies related to consumer privacy and transparency, the senators wrote in a letter to the agency.

Verizon said it will respond to the senators' most recent letters. Just last week, the three senators, along with Sen. Brian Schatz (D-Hawaii), wrote Verizon a letter asking the company for an explanation of its supercookie program.

"Verizon takes our customers' privacy seriously," the company said in response to the new letters. 

Last month, Verizon said it would allow customers to opt out of supercookies. Nelson said he would rather see consumers be given the choice to opt in to tracking.

In recent weeks, computer scientist Jonathan Mayer found that online advertising company Turn used Verizon's supercookies to track the Internet activity of the company's subscribers, even after some had tried to delete the cookies.

Verizon has also published a Web page explaining the supercookie program. The program, using a Unique Identifier Header (UIDH), "was designed with privacy protections in place -- it changes automatically and frequently, and it does not contain any customer information," the company said.

The UIDH is not present on encrypted traffic or when a device is connected through Wi-Fi or a virtual private network, Verizon said.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.