Comcast Hits Web-Watching Pitfall


Hit with a firestorm of criticism over possible invasion-of-privacy issues, Comcast Corp. last week halted its practice of monitoring its 950,000 cable-modem customers' Web-surfing activities.

The controversy arose after a Comcast data customer reportedly complained that the MSO's method of gathering data on Internet usage — including customers' Internet-protocol addresses and the Web addresses they visited — was an invasion of privacy.

Comcast had gathered the information to determine which popular bits of content it should store on cache servers placed throughout the network.

Word about the monitoring spread, and a range of critics — from online privacy advocates to U.S. Rep. Ed Markey (D-Mass.) — lined up to take their shot.

Markey, the senior Democrat on the House Subcommittee on Telecommunications and the Internet, fired off a letter to Comcast president Brian Roberts questioning whether the data collection was legal.

"I believe that many consumers would be understandably concerned if our nation's cable operators begin to monitor Americans' use of cable systems for other services such as telecommunications services, including broadband access to Internet via cable modems," wrote Markey. He also asked Roberts to clarify MSO's policy and whether it intended to ask users' permission to gather such information.

The 1984 Cable Act prohibits MSOs from gathering personal Internet usage data without obtaining prior written or electronic consent. But it does allow systems to collect such information if they can prove it is needed for network operations.

Bowing to the pressure, Comcast cable unit president Stephen Burke said in a Feb. 13 statement that the practice would be discontinued.

"This information has never been connected to individual subscribers and has been purged automatically to protect subscriber privacy," Burke said. "Beginning immediately, we will stop storing this individual customer information in order to completely reassure our customers that the privacy of their information is secure."

Comcast isn't alone in using cache servers to store content at the edge of its network. The practice can speed the delivery of data to users, but it also depends on having information on which content is most popular.

The sticking point in Comcast's system was in tying the customer's IP identity directly to the Web sites visited.

In contrast, AT&T Broadband doesn't link the user's IP address directly to the Web site destination, said director of external communications Sarah Eder.

"We can tell how many hits going through the [cable-modem termination system] are going to a particular Web site, like, but we are not matching that to IP addresses," Eder said.

Cox Communications Inc. doesn't use cache servers, so it collects no site visit details, said vice president of data engineering Jay Rolls.

"It's a longstanding debate in the Internet community whether caching or proxy — they are all the same thing, essentially — if it is beneficial or not," he noted. "Caching can add some additional latency to the network.

"It also is an additional point of failure in your network, and it is operationally a lot of overhead to keep them healthy and running and squeaky clean."


That's not to say Cox does not do any traffic analysis. It does watch traffic to manage its flow and determine where new cable-modem controller units should be placed.

But with respect to individual usage patterns, "those aren't logged," said Rolls. "I couldn't even pull up a graph telling you what percentage of our subscribers are going to Yahoo! We are not even doing that."

Industry watchers noted that Comcast is still relatively new to the broadband Internet-service provision game. They cited the MSO's increased visibility — it is seeking approval to merge with AT&T Broadband and become the No. 1 U.S. pay TV provider — as a contributing factor in the controversy.

"Whether it was an oversight or whether they just didn't realize the effect of what they were doing is unclear, but clearly they have been called on it, and have made some adjustments," said Forrester Research Internet analyst Rob Lancaster. "Comcast is under some fairly serious scrutiny right now, and it is probably not a good time to be trying anything that is even close to being other than the norm, especially around customer-privacy issues."

Most ISPs don't go as far in collecting data as Comcast did, noted Jupiter Research Inc. Internet analyst Dylan Brooks. Internet users know that information about them is being routinely collected, but as a relative newcomer to ISP service, Comcast's devil was in the information's detail.

"Even though they said they weren't using it for anything, the fact that information was being kept made it susceptible to things like court subpoenas or any FBI or CIA investigations," Brooks said. "So you enter this whole realm of conspiracy theory about what they are actually using it for — where I think, in actuality, this is one of those things that came about from not being in the ISP business."

Brooks also said Comcast was right to back away from the data-collection policy.

"I think some of the damage is done and they are going to see a little bit of grumbling about it," Brooks said. "But backing off is definitely the right thing to do at this point.

"A, they are not getting much benefit from it and b, they can always revisit it in a different fashion — doing something a bit more standard and a little less obvious."