21st-century-privacy-coalitionOn Tuesday, I wrote about the efforts of the 21st Century Privacy Coalition, an alliance of America’s largest telecommunications companies, to get out from under FCC control and have the same FTC-administered rules apply to all communications companies.

It wants to be as culpable for the data it gets on you as Google and Facebook, basically. Which is much less culpable.

It is an understandable impulse. Last year Bloomberg estimated that the market for telecommunications companies worldwide in selling your customer data to third parties would climb as high as $9.6 billion in 2016. But as it stands, American companies are under tight FCC guidance and legislative control over what information they can pass on to third parties.

But even under the current level of control, the information your telecommunications provider has on you is being used in surprisingly detailed ways.

People are sensitive about the information Facebook gathers on its users and the standards of privacy it is held to. Your phone, is just like Facebook, except real life. It hoovers up a detailed footprint of your entire physical world. Reading from Verizon’s privacy policy it lists that it may collect your name, address, contact information, driver’s license number and Social Security Number and payment details, as well as your location, browsing history, phone numbers, streaming details, what apps you use, how much data you consume and what services you subscribe to.

Federal law — the Telecommunications Act of 1996 — closely regulates what can be done with the most sensitive of this data (called customer proprietary network information), like who you call, who you are, and so on.

But everything else is fair game; your preferences and history ‘anonymized’ alongside demographic and geographic details about you and on sold to third party marketers.

And you thought it was just Google that was tracking you.

According to Verizon, “information may be aggregated or anonymized for business and marketing uses by us or by third parties.” AT&T provides data to third party companies that is anonymous, but still able to be identified to an individual level. Sprint retains the right to use personal information for “co-branded” advertising offers. T-Mobile shares customer information, including geographic and demographic information to help advertisers “better reach” its customers.

Telecommunications companies are actively exercising these abilities. Verizon has developed its Precision Market Insights offering. Working with with the Phoenix Suns basketball team, tracking customers who downloaded a certain app, it was able to break down for them that their average supporter was a tech-savvy travel enthusiast with a household income greater than $50,000.

At the end of last month, Verizon then launched its own mobile advertising business, PrecisionID, offering its “very specific data sets” to companies like Blue Kai, Turn and AdRoll to better target web browsers. Verizon spokesperson Adria Tomaszewski told Pando that this anonymized data was being passed on in aggregate, not on an individual level.

“We have that ability, but we’re not sharing on an individual level at the moment,” Tomaszewski says.

Verizon isn’t alone in this. AT&T changed its privacy policy last year to allow it more easily sell customer information and an AT&T spokesperson confirmed to Pando that it had started a trial program in Austin to offer cheaper Internet packages to customers that give “permission to use their web browsing activity… to provide them with more relevant offers and advertising in exchange for a lower price.”

It is happening on more than just a provider by provider level, too. For 12 months now, SAP’s Consumer Insights program has sought to best phone companies at its own game, taking customer data en masse from 1000 operators from around the world — including home location registers, subscription details and call details, says Consumer Insight’s Global Business Development Director Jim Brooks.

Brooks repeats the industry line, that when it comes to SAP this information is all anonymized with sub IDs. But the detail to which it can be targeted to is “granular,” he says. Someone’s browsing behavior or phone activity can be traced to within 30 to 200 meters.

The potential of it all is massive, Brooks thinks. SAP worked with a luxury German car manufacturer to microtarget its outdoor media placement to small, affluent bubbles. Using the data it gets, SAP can work out the demographic breakdown of who is visiting Westfield Mall in London by hour, how far they’re traveling and their individual shopping behaviors.

It is a great situation for the phone companies to be in. We get free use of Facebook and it uses our information to sell ads. We pay Verizon, or whomever, and then it also gets to make even more money off us by using our information to sell ads.

The more specific the information, the more valuable it is. And telecommunications companies know a lot of stuff about us. The coverall excuse of anonymization for trading these secrets isn’t actually an excuse, either. We’re not that protected by this information being anonymous.

ACLU legislative counsel Christopher Calabrese warns that even if it is not identified, this data can be damaging. Granular micro-targeting of neighborhoods and new demographic assumptions can lead to new big data prejudices and stereotyping.

“Just as neighborhoods can serve as a proxy for racial or ethnic identity, there are new worries that big data technologies could be used to ‘digitally redline’ unwanted groups,  either as customers, employees, tenants, or recipients of credit,” warned a White House report on big data in May.

Additionally, anonymized information from telecommunications can be combined with much creepier and more personal information from unregulated data brokers and unhashed to identify who we are. “We know that this is happening,” Calabrese says.

It’s not a great situation. But it could be much worse. “As it stands the the industry has more legal protection than most,” Calabrese says.

Do we really want to walk back the privacy standards for the one sector we still have some control over?

[illustration by Brad Jonas for Pando]