Online privacy

States across the country are trying to figure how out to regulate consumer privacy in the digital ad space, but the battlefield to watch is Sacramento (CA). There, lawmakers are vetting a bill today that would require internet service providers like Verizon and Comcast to get permission from customers before sharing their data with marketers.

As the lines between media, tech and telecom companies blur, Internet providers and the web companies that use their pipes have a rare alliance in opposing the bill. They all have a stake in the fight as telecommunications companies buy media companies (think Verizon buying Yahoo and AOL) and web companies are, in some cases, working on their own connectivity initiatives (think Google Fiber). A new privacy law in California would be a threat to ISPs trying to break into the digital advertising market and the start of a slippery slope for the Facebook-Google duopoly.

[Commentary] Despite its name, the California Broadband Internet Privacy Act, awaiting votes in the state Senate, won’t do anything meaningful to protect consumer privacy on line. Instead, it will curb innovation and reduce competition, hurting consumers whose interests it purports to protect.

The measure, AB 375 by Assemblyman Ed Chau (D-Monterey Park), is intended to crack down on internet service providers that are allegedly selling sensitive personal web browsing information without consumers’ consent. Its backers argue that it will fill a supposed “privacy gap” left when Congress repealed Federal Communications Commission draft rules adopted during Barack Obama’s administration. Here’s why they’re wrong. First, the proposal attacks a nonexistent problem. Internet service providers have committed that they will seek permission from consumers before using sensitive personal information, such as health and financial data. Customers will have to affirmatively “opt in” before any such transaction could take place. So no one’s personal data is being sold. Second, even if a problem exists, there are legal tools to combat it. In short, there is no legislative privacy gap. Third, the state bill is based on a flawed proposal by the FCC. Don’t take my word for it. Ask America’s top privacy cop, the FTC.

[Jon Leibowitz, a partner at Davis Polk & Wardwell, was Federal Trade Commission chair from 2009-2013. He is co-chair of the 21st Century Privacy Coalition, a trade group of broadband providers.]

Personality quizzes have some sort of perennial appeal. Facebook newsfeeds are filled with BuzzFeed quizzes and other oddball questionnaires that tell you which city you should actually live in, which ousted Arab Spring ruler you are, and which Hogwarts house you belong in. But these new online quizzes have a dark edge that their analog predecessors didn’t.

In the wake of the US election, a secretive data firm hired by Donald Trump’s campaign boasted that it has been using quizzes for years to gather personal information about millions of voters. Its goal: the creation of digital profiles that can predict—and possibly exploit—Americans’ values, anxieties, and political leanings. Whether this firm, Cambridge Analytica, has actually used predictive profiles to influence people isn’t certain; reports suggest it hasn’t, at least not directly. But the company’s methods nonetheless expose the growing scale of personality analysis online—and the dangers that come with it. On the internet, anything you do is like taking a personality quiz: Everywhere you click reveals something about you. And you’re not the only one who sees the results.

A communication breakdown and a vacationing employee were the reasons it took more than a week to close a leak that contained data belonging to 6 million Verizon customers, according to Chris Vickery, the cybersecurity researcher who discovered the breach. Verizon said recently that an employee at one of its vendors, NICE Systems, had accidentally made the data available to anyone who had the public link to the cloud.

[Commentary] Americans’ information independence is under attack, whether it’s the repeal of network neutrality or the repeal of broadband privacy protections. The Federal Communications Commission needs to listen and serve the American people, not special interests. I am committed to protecting both your privacy and the internet as we know it. A free and open internet is essential to our democracy, economy and modern way of life.

The Verizon debacle joins a lengthy list of incidents where companies and government agencies have accidentally published people’s confidential information, a problem that experts say may be getting harder to fix as more companies their storage to the cloud. Chris Vickery, director of cyber-risk research at UpGuard, found the Verizon data trove sitting in a critical data repository managed by a third vendor based in Israel. The repository had been misconfigured—a human error—leaving it unprotected. Thanks to a chronic shortage of skilled tech workers, it’s hard to find employees with the necessary skills and training to consistently avoid such mistakes, Vickery says. Tech workers setting up cloud systems or in-house servers can misunderstand the settings on the software they’re setting up, or cut corners to make data more easily accessible within the organization.

[Commentary] If there's anything lawmakers should have learned from activists over the past few years it's this: Do not make the internet angry.

In March, congressional Republicans once again felt the wrath of the internet community when they reversed the Federal Communications Commission’s broadband privacy rules. The blowback from the vote was massive, prompting members of Congress to hide from angry constituents. Now President Donald Trump and FCC Chairman Ajit Pai are digging even deeper and looking to overturn the historic 2015 Net Neutrality win. If they think the internet is going to take that sitting down, they have another think coming. The internet community and allied companies come together to remind President Trump, Chairman Pai and Congress that millions of people in America have made their support for net neutrality known. They know that the repeal of net neutrality means the end of real privacy protections, means paying more for worse service — and enables companies like AT&T, Comcast and Verizon to decide how you use the internet.

[Sandra Fulton is the government relations manager for Free Press Action Fund]

[Commentary] Could a consumer revolt against cable television rates before the 1992 election replay with digital data in the upcoming election cycle?

Rep Marsha Blackburn (R-TN), chair of the of the House Commerce Committee’s Subcommittee on Communications and Technology, introduced a bill that requires internet service providers to get opt-in consent from consumers before sharing sensitive personal information, and allow opt-out of sharing other information. Her abrupt and unconventional turn on internet privacy came after widespread public reaction to the congressional repeal of the Federal Communications Commission’s privacy rules.

Those who believe that the bill is not likely to pick up any legislative momentum might argue that general anxiety about digital trails left across the internet does not pack the political punch of rising cable rates that consumers could feel when they balanced their checkbooks each month. Blackburn’s bill also may be seen as a response to some of the edge providers that were most vocal in their objections to the repeal of the privacy rules.

The Republican-led Federal Communications Commission is preparing to overturn the two-year-old decision that invoked the FCC's Title II authority in order to impose net neutrality rules. It's possible the FCC could replace today's net neutrality rules with a weaker version, or it could decide to scrap net neutrality rules altogether. Either way, what's almost certain is that the FCC will eliminate the Title II classification of Internet service providers. And that would have important effects on consumer protection that go beyond the core net neutrality rules that outlaw blocking, throttling, and paid prioritization.

Without Title II's common carrier regulation, the FCC would have less authority to oversee the practices of Internet providers like Comcast, Charter, AT&T, and Verizon. Customers and websites harmed by ISPs would also have fewer recourses, both in front of the FCC and in courts of law. Title II provisions related to broadband network construction, universal service, competition, network interconnection, and Internet access for disabled people would no longer apply. Rules requiring disclosure of hidden fees and data caps could be overturned, and the FCC would relinquish its role in evaluating whether ISPs can charge competitors for data cap exemptions.

Rep Keith Ellison (D-MN), along with Reps Carol Shea-Porter (D-NH), Maxine Waters (D-CA), Eleanor Holmes Norton (D-DC), Jan Schakowsky (D-IL), Pramila Jayapal (D-WA), and Earl Blumenauer (D-OR), introduced the Online Privacy Act (HR 3175). This bill would re-instate the Federal Communications Commission’s original online privacy rule, which would prohibit Internet Service Providers (ISPs) from selling user browsing data.

“The Internet should be open and free for everyone – and every person who uses it should be able to do so without worrying what their service provider might be doing with their data,” Rep Ellison said. “Our government should work for us – the people – not massive telecom corporations. This bill would make sure that every American can get online without having their personal information sold to the highest bidder. And it will provide justice for those who already have had their information taken from them.”