Democratic senators on Friday called on federal regulators to investigate Verizon Wireless, the country's biggest mobile provider, for secretly inserting unique tracking codes into the Web traffic of its some 100 million customers.
Data privacy experts have accused Verizon of violating consumers' privacy by using "supercookies," an identifying string of letters and numbers attached to each site visited on a person's mobile device.
"This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent," said Sen. Bill Nelson of Florida, the top Democrat on the Senate Commerce Committee, in a statement.
Verizon Wireless spokeswoman Debra Lewis said the company "takes our customers' privacy seriously" and that it planned to respond to Nelson's letter to the Federal Communications Commission and Federal Trade Commission. The company had announced last week it would give customers the chance to opt out of the tracking program.
The FCC and FTC did not respond to questions on whether they would conduct a review. The FCC regulates the telecommunications industry, while the FTC investigates consumer complaints based on unfair or deceptive business practices. The agencies typically do not acknowledge investigations until they are complete and only if wrongdoing is found.
"The commission takes violations of consumer privacy extremely seriously," said FCC spokesman Neil Grace in an emailed statement.
Most people are familiar with online cookies— little bits of code attached to your Web browser after visiting a site. But popular Web browsers give the option of blocking these cookies or deleting them from your computer.
As more people rely on wireless devices to go online, the industry found a new way to track people. At Verizon, each retail customer — business and government users were exempted — was assigned a unique code, or identifying header, that was inserted into their mobile applications and browsers. Critics called these supercookies because consumers couldn't delete them and no one knew they were there. And while these trackers didn't contain personal information, such as a name or phone number, they could be easily used to identify a person by monitoring their Web habits and cross-referencing it with information that a person volunteers online.
A civil liberties group, the Electronic Frontier Foundation, compared supercookies to creating a "license plate for your brain" because everything a person thinks about and searches for online would become linked to an identifying header.
Phone companies are required by law to give customers the opportunity to opt out of data collection for marketing purposes and have five business days to notify the FCC if that process fails. Last September, Verizon Communications agreed to pay $7.4 million to settle allegations after it failed to notify some 2 million customers of its privacy policies.
In the letters to regulators, Nelson said he wants to know whether Verizon violated any laws and suggested new privacy legislation might be needed. Democratic Sens. Richard Blumenthal of Connecticut and Ed Markey of Massachusetts also signed the letters.
AT&T Mobility, which had experimented with the idea, announced last November that it's no longer attaching the hidden codes.
Consumers' interest in privacy and their digital anonymity has intensified in recent years, following revelations by former National Security Agency analyst Edward Snowden. Top secret NSA documents he leaked to journalists revealed the NSA was collecting the phone records and digital communications of millions of citizens not suspected of a crime, prompting congressional changes.