Government agencies should investigate whether Verizon Wireless' use of so-called supercookies to track the online activities of its subscribers amount to privacy violations, three U.S. senators said Friday.
Verizon's use of the respawning, hard-to-defeat cookies on its mobile subscribers' phones raises serious privacy problems, said the senators, all Democrats. Senators are considering new legislation to rein in the use of hard-to-delete cookies, said Senator Bill Nelson of Florida.
News reports last year also identified AT&T as using supercookies, but the company later dropped the activity.
"This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent," Nelson said in a statement. "That's why I think we need to get to the bottom of this and perhaps new legislation."
Nelson, along with Senators Richard Blumenthal of Connecticut and Edward Markey of Massachusetts, asked the U.S. Federal Trade Commission and the Federal Communications Commission to investigate Verizon's use of supercookies.
Supercookies, in particular, may violate the FCC's rules and policies related to consumer privacy and transparency, the senators wrote in a letter to the agency.
Verizon said it will respond to the senators' most recent letters. Just last week, the three senators, along with Senator Brian Schatz, a Hawaii Democrat, wrote Verizon a letter asking the company for an explanation of its supercookie program.
"Verizon takes our customers' privacy seriously," the company said in response to the new letters.
Last month, Verizon said it would allow customers to opt out of supercookies. Nelson said he would rather see consumers have to opt in to tracking.
In recent weeks, computer scientist Jonathan Mayer found that online advertising company Turn used Verizon's supercookies to track the Internet activity of the company's subscribers, even after some had tried to delete the cookies.
Verizon has also published a Web page explaining the supercookie program. The program, using a Unique Identifier Header [UIDH], "was designed with privacy protections in place — it changes automatically and frequently and it does not contain any customer information," the company said.
The UIDH is not present on encrypted traffic or when a device is connected through Wi-Fi or Virtual Private Networks, Verizon said.
Sign up for CIO Asia eNewsletters.