Company spokesperson Walt Sharp says AT&T isn't doing anything other U.S. ISPs aren't. "Our policy is consistent with the policies of other major corporations and with others in the industry," he says.
But I found that not all ISP privacy policies are created equal. As explained below, your best chances for keeping your personal information and online activities private may be to go with a cable operator for Internet access.
The most startling revision to the policy is found under the "Legal Obligations/Fraud" heading: "While your Account Information may be personal to you, these records constitute business records that are owned by AT&T. As such, AT&T may disclose such records to protect its legitimate business interests, safeguard others, or respond to legal process."
Elsewhere in the document (read it in all its legalistic glory here), your Account Information is defined as including not just contact data (your name, address, phone number, and e-mail address--info the company needs to send you bills), but records on the services you use, your transactions (such as online purchases) and service charges, the equipment and software you're using, and even "your Social Security number and/or credit card information, passwords, and usernames." I have difficulty getting my head around the notion that my Social Security number is now an AT&T business record.
Another part of the "Legal Obligations/Fraud" section that sets off alarm bells is a sentence saying that AT&T can use "your information" to "investigate, prevent, or take action regarding illegal activities...or as otherwise required or permitted by law." If all that isn't a blank check to give out my information (especially the "permitted by" part), I don't know what is.