[Question: The US just passed a law that allows ISPs to sell our surfing data to marketing firms. My question is, can ISPs see all of our info, even if it’s encrypted using SSL?
Specifically, does this mean that they have access to all the info from any site I log into, like my Paypal account, credit card accounts, online banking account, as well as my tax info if I use an online service?
If so, what right do marketing companies have to my tax info and other private business info?]
Even though the regulations have changed, it doesn’t mean that your ISP’s business practices have changed. Most ISP’s have a privacy policy in place and are regulated by their own policy.
The data they have access to has not changed, and they have been selling some of this data all along. The only difference is that they can now provide personally identifiable information, like your name, along with that data if they so choose. It doesn’t mean they will, just that there is no regulation that prevents it now.
The idea behind using SSL encryption has always been to prevent middlemen, namely your ISP’s, from seeing sensitive information. So, generally speaking, your ISP’s don’t see any of your encrypted data, except as data that has been encrypted. So, I would not worry about sensitive passwords, or other encrypted data, being sold by your ISP. If you are using Google Search with Chrome browser then all of your search data is encrypted because Google uses SSL for search.
You might want to be a little more careful about what you are posting online to insecure websites (no SSL) but generally speaking, SSL is just as secure as it has always been.
If you do a little research on how Secure Socket Protocol technology works you will quickly discover that all query string parameters are stripped and encrypted before it is added to the TLS (Transport Layer), only the Hostname, and port number are exposed to your ISP and all upstream providers.
So, with SSL your ISP will still see which websites you visit, but not which pages you viewed on that website. And your Google search data is never exposed to your man-in-the-middle providers (ISPs).
SSL, when properly implemented is your friend.