Lawmakers call for investigation of Verizon supercookies

Senators say they may push for legislaton to address the hard-to-defeat tracking cookies

Government agencies should investigate whether Verizon Wireless' use of so-called supercookies to track the online activities of its subscribers amount to privacy violations, three U.S. senators said Friday.

Verizon's use of the respawning, hard-to-defeat cookies on its mobile subscribers' phones raises serious privacy problems, said the senators, all Democrats. Senators are considering new legislation to rein in the use of hard-to-delete cookies, said Senator Bill Nelson of Florida.

News reports last year also identified AT&T as using supercookies, but the company later dropped the activity.

"This whole supercookie business raises the specter of corporations being able to peek into the habits of Americans without their knowledge or consent," Nelson said in a statement. "That's why I think we need to get to the bottom of this and perhaps new legislation."

Nelson, along with Senators Richard Blumenthal of Connecticut and Edward Markey of Massachusetts, asked the U.S. Federal Trade Commission and the Federal Communications Commission to investigate Verizon's use of supercookies.

Supercookies, in particular, may violate the FCC's rules and policies related to consumer privacy and transparency, the senators wrote in a letter to the agency.

Verizon said it will respond to the senators' most recent letters. Just last week, the three senators, along with Senator Brian Schatz, a Hawaii Democrat, wrote Verizon a letter asking the company for an explanation of its supercookie program.

"Verizon takes our customers' privacy seriously," the company said in response to the new letters.

Last month, Verizon said it would allow customers to opt out of supercookies. Nelson said he would rather see consumers have to opt in to tracking.

In recent weeks, computer scientist Jonathan Mayer found that online advertising company Turn used Verizon's supercookies to track the Internet activity of the company's subscribers, even after some had tried to delete the cookies.

Verizon has also published a Web page explaining the supercookie program. The program, using a Unique Identifier Header [UIDH], "was designed with privacy protections in place -- it changes automatically and frequently and it does not contain any customer information," the company said.

The UIDH is not present on encrypted traffic or when a device is connected through Wi-Fi or Virtual Private Networks, Verizon said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Bill NelsonRirchard BlumenthalU.S. SenateU.S. Federal Trade CommissionregulationmobilegovernmentprivacyVerizon WirelessEdward MarkeysecurityJonathan MayerU.S. Federal Communications CommissionBrian Schatz

More about BillFCCFederal Communications CommissionFederal Trade CommissionIDGNewsVerizonVerizon Wireless

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place