ISPs Tell Two Lies: “This is Fair” and “This Will Work”

Intro: The Parable of the Watermelon Stand

Once upon a time, two folks (Alphonzet and Balantanoid) decided to sell watermelons at a roadside stand. The two-step business model was: 1) buy watermelons for $1 apiece from a farm, then 2) transport them in their pickup truck to the roadside stand, where they sold the watermelons at a retail price of $1 apiece. After some time, accountant Balantanoid informed business partner Alphonzet that, due to the price of gasoline and other incidental business costs, they were actually losing money. Alphonzet reviewed the numbers and pondered, and then ventured a solution:

“Do you think we need a bigger truck?”

Businesses looking to buy consumer information from ISPs are like the characters in this story considering using a bigger truck. More data isn’t what businesses need, and there is danger is believing otherwise. Furthermore, ISPs unjustly shirk responsibility that ought to come with the entitlement to the data they intend to sell.

I. Background.  Internet Service Providers Aren’t Satisfied With a de facto Monopoly

Internet service providers have no competitors and provide a borderline necessity. They can charge anything (and do) and provide a low quality product and service (as they do), and customers will still pay them (and they do). This isn’t enough for them. The telecommunications industry has successfully lobbied congress into repealing an FCC order that previously prevented the sale of tracked, identifiable consumer data to third parties.

Of course, ISPs are the only ones who can risk fighting their customers. Service providers operating on the internet can’t antagonize their customers because they are subject to fundamental concepts of free market capitalism: If they anger their customers, their customers will go elsewhere. ISPs don’t have “customers” in the traditional sense. They have “victims” or “hostages”- so it makes sense that ISPs wouldn’t worry about treating them like customers.

II. “This Will Work.” ISP’s Already Lie to Consumers and Government- Now They Get to Lie to Businesses

I don’t know how many lies the telecommunications industry had to tell congress to get the FCC’s rule repealed. Probably not many- after some generous donations, congress rarely asks very many questions, or cares about answers. But the lie that ISPs are relying on now is for 3rd party companies to believe that (in the context of the aforementioned parable) a bigger truck will turn their watermelon business profitable. There are two likely outcomes of this business arrangement: either advertising will get better, more efficient, more streamlined, more effective, and benefit both advertiser and consumer, OR advertising will become more obnoxious, more noisy, less useful, less relevant, more intrusive, and worse for consumers and advertisers.

In his NYT Op-Ed on this legislation, former FCC Chairman Tom Wheeler gives the example of ISPs selling data to car dealerships about which customers are visiting car websites, thus allowing car dealers to target more likely customers. One interpretation is that this will help car dealers only target relevant audiences, and customers will get better opportunities and information as customer-business connectivity is optimized. My experience is that this is supremely unlikely.

My most recent experience with targeted advertising is that the business model is not effective. I spent an evening looking for a new pair of shoes from online stores. The next day, ads for shoes show up on my Facebook feed. But I had already bought shoes. I was no longer a potential customer in that market. No amount of advertising is going to persuade me to make a purchase, because the purchase was already complete.

More data doesn’t mean you understand your customer better. You need the right data- and ISPs just can’t provide that. Data science simply isn’t good enough yet. The algorithms consistently fail to capture human thought, intent, and desire. The greater danger in the loss of this privacy isn’t in other parties knowing who you are- it’s in other parties THINKING they know who you are.

This example reveals two facts that render third party purchases of consumer data useless: a single data point or grouping of data points doesn’t tell you all of the important data about a consumer, and second, consumers move faster than companies. For the same reasons that cause all of us to receive junk mail addressed to people who haven’t lived at an address for years, (or even addressed to deceased persons), companies efforts to use consumer data are routinely ineffective. The myriad problems with the over-reliance on big data is its own subject, but one that informs this issue.

The effort to make money off of violating privacy won’t work because companies aren’t equipped to turn data into sales.

III. “This Is Fair.” Justice Requires That ISPs Pick A Single Classification: Common Carrier or Private Enterprise

There is a doctrine in tort law that common carrier services like buses and trains have reduced duties to customers. Private carriers have more discretion about how to run their business, but have increased liability. In the famous tort case Paslgraf v. Long Island Railroad, a railroad company was not held liable when a passenger’s explosive package accidentally detonated, causing injuries. Part of the reasoning relied on the notion that the railroad was a common carrier, and such service providers are not liable for some acts of their customers because they have less discretion regarding their customers than a private carrier has.

This reasoning ought to be applied to internet service providers: ISPs can be either a common carrier or a private carrier, but must accept the responsibilities and limitations of whichever classification they choose.

If ISPs want the benefits of being private enterprises, they need to take on the liability commensurate with those benefits. The concept of safe harbours in the DMCA is predicated on the notion that ISPs are a sort of public utility or common carrier. ISPs that want the benefits of private business need to be liable for crimes and damages that common carriers would not be liable for.

ISPs believe they have a right to the data of their individual customers, such as their browser histories and app usage rates. If they are so interested in the private information of their customers, they should take on criminal liability for crimes committed by their customers, from piracy to identity theft to terrorism or child pornography. This is the burden of responsibility. If an ISP is truly entitled to the content of a customer’s online activity, they are responsible for that content. There is no entitlement without responsibility. This is a fundamental precept of justice that permeates the law.

If the ISP does not want to be liable for the crimes committed using their services, they must opt for the common carrier approach to providing internet and information services. The idea of ISP access to consumer data without responsibility to the consumer is not just offensive to privacy or comfort- it is offensive to the very concept of justice and fairness. It is the ISP getting something extra from a consumer in return for nothing. Forcibly taking from someone in exchange for nothing is the clearest possibly understanding of theft.


The data that ISPs will sell to 3rd parties is unlikely to make advertising substantially better, due to the challenges in execution. The larger issue is settling the classification of ISPs in the context of telecommunications law. ISPs can be either private enterprises or common carriers. They cannot continually shift their classification from moment to moment to suit convenience, reaping rewards and rejecting responsibility.

Update: ISPs earn their place… And they really have a cultural status.

Her Data Is Part of Her Story, But Her Story is not Just Her Data.

Her Story” is a great example how piecing together bits of information can create a picture of a person or an event. It is also an example of some of the limits of that picture.

Hack Her Data, Hack Her Story

Her Story” is difficult to describe or classify as a game. It’s a little like trying to find and organize the pieces of a detective novel. The game doesn’t give the player a lot of direction; part of the game is the discovery of the game itself. The game allows the player to search a police database to find short movie clips from several police interviews with a woman. No context is given for why the woman was interviewed or why the player is searching the database. However, by finding and watching the clips, the player gains clues that allow new searches. This cycle of searching and information is the core mechanic of the game.

Hacking to Learn

Hacking can mean a lot of things, but it is broadly about investigation (sometimes, it is an investigation that is against some laws). It can be done for a wide range of reasons and can take many different forms, many of them legal– or even a legitimate business. Regardless of the specific details, hacking always involves exploring the possibilities and limits of a system in order to learn or discover something. In “Her Story,” the hacking is learning what the in-game database can find that will help the player piece together a coherent string of events and characters.

The Limits of Hacking

Even after hacking together all of “Her Story,” something about the picture is incomplete. Why is the player watching these interviews? The game gives the player this answer after piecing together enough of “Her Story,” but hacking a person’s data doesn’t necessarily answer all of the questions about that person. For most criminal hackers, the pieces of data have enough of the story: credit card numbers, bank accounts, social security numbers, addresses, birth dates, etc. Sometimes we need more than a collection of data about a person, and those are often cases where believing data too blindly can cause problems, from legal decisions in courts or policies to judgments in our interpersonal relationships. As mountains of data pile up for each of us, the temptation to describe and explain people using that data also grows. This data has a lot of appeal because it can measure and evaluate some things very effectively. This effort to make life more efficient comes brings at least two potential drawbacks: First, the data can be misleading in myriad ways, and second, the data seems so powerfully scientific and sound that questioning it (or its interpretation) can become almost taboo.

Her Story

There will always be hackers trying to steal financial information and identities. But that threat is known and recognized, so experts fight against it and consumers take protective measures. The data we give to companies and employers and government is riddled with pitfalls, and blind faith in big data will amplify those problems. In “Her Story,” twists emerge as the player pieces the plot together. After enough of the story is pieced together, the game asks the player if “you understand why [the woman] did what she did.” I’m not sure any collection of data can ever really answer that.