Insecurity Issues

How private is your e-mail and your Web-surfing history?

When Elaine Weyland discovered that she couldn't browse the Web through her Comcast service without first accepting the cable company's new agreement, she did what most people don't bother to do: She read the fine print before giving her OK.

Weyland was disturbed by a provision buried deep in the lengthy agreement: "However, you acknowledge and agree that Comcast and its agents have the right to monitor, from time to time, any such postings and transmissions, including without limitation e-mail, newsgroups, chat, IP audio and video, and Web space content."

That statement was followed by a section bluntly titled "Eavesdropping," which states that "other persons or entities ... may be able to access and/or monitor" a customer's use of their high-speed Internet service.

The news that Comcast, or others, could peek at her e-mails, at any time, didn't sit well with Weyland.

"I read the contract, and I said, 'Screw you guys,'" she says.

Weyland says that when she called up Comcast to cancel her service over the "brazen and arrogant" provision, she had to wait five hours before she was finally able to speak with a customer-service representative who admitted the amendment was in the subscriber agreement. Before that, she spoke with several reps who denied Comcast even had a contract with customers.

"If you expect that (agreement) to be binding, then that is a contract," says Weyland.

Kelle Maslyn, corporate affairs manager for Comcast, says that Weyland shouldn't worry about Comcast eavesdropping on her e-mail, despite her company's customer agreement.

"Like all other major ISPs, Comcast's subscriber agreement contains a standard language that reserves our rights to investigate abuse or other law enforcement requests," says Maslyn in an e-mail. "We respect our customers' privacy and do not monitor e-mails or other communications."

But Cox Communications, a rival cable company that provides Internet access in parts of Pima County, has much more restrictive language in its customer agreement. Cox asserts that the company will only check customer e-mails to protect the customer, or if required by law enforcement.

"Unless addressed to us, we do not read e-mail messages, instant messages, online chats or the content of other online communications that reside on or pass through our service," the agreement reads.

"We may, however, retain and provide such communications if we are legally required to do so. Incoming and outgoing e-mail messages are generally scanned electronically to identify and filter out likely spam and for viruses and related problems that could harm your equipment, the network or other users."

No matter what an ISP promises, e-mail remains susceptible to eavesdropping as it travels between routers and mail servers before landing in a mailbox.

Paul Stephens, the director of policy advocacy for Privacy Rights Clearinghouse, a nonprofit watchdog that examines the effect of technology on privacy, says Weyland and other e-mail users don't realize just how vulnerable their messages are. The only way to protect an e-mail message is to encrypt it.

"There is nothing about e-mail that is confidential," Stephens says.

The Privacy Rights Clearinghouse doesn't have a problem with Internet service providers electronically scanning e-mails, as long as the provider is using that information for troubleshooting purposes.

"The problem arises when they obtain personal information about you," says Stephens, who adds that Comcast's service agreement is similar to agreements from some other providers.

Stephens says the challenges of online privacy extend well beyond e-mail as more online companies, such as Yahoo! and Google, trace your steps on the Internet to build a profile of you for advertising purposes. Some sites put so-called "cookies" on your browser, which follow your path as you move from Web site to Web site. Users can usually block cookies by adjusting their browsers.

But once an Internet company captures your IP address, Stephens says, it can gather a tremendous amount of information about you--and there is little you can do.

Stephens says that a typical major Internet company may keep the log of a user's Web whereabouts for up to three years, but that may vary with different companies.

"The question is: How long do they keep those logs?" Stephens asks.

If you want a better shot at anonymity when you surf the Web, Stephens recommends getting a program that prevents your IP address and other personal information from being obtained by others. Programs like Tor and Anonymizer are free--albeit a little complicated to use--but worth the trouble to keep your personal information away from others, says Stephens.

Stephens notes that even when people try to protect their online privacy by adjusting their Web browser, they tend to forget about the privacy of what they use the most: their e-mail.

"We worry about things like cookies, but overlook the most basic thing," says Stephens. "That's quite frightening, actually."

Weyland has found her own way of maintaining her privacy. Since canceling her service with Comcast, she hasn't yet found a new provider.

About The Author

Comments (0)

Add a comment

Add a Comment