Online privacy

Lawmakers could be looking at a new fight over internet privacy, as they return to Washington after their weeklong Memorial Day recess. In the House, Communications Subcommittee Chairman Marsha Blackburn (R-TN) is moving to build support for an internet privacy bill she introduced in May. The bill comes after Chairman Blackburn and Republicans spearheaded efforts to kill the Federal Communications Commission's own privacy rules for broadband providers. But so far her bill is winning few supporters, with most stakeholders in the internet privacy fight being slow to take a stance.

The Senate Commerce Committee is holding a hearing on David Redl's nomination to be Assistant Secretary for Communications and Information at the Department of Commerce on June 8. If confirmed, Redl will be in charge of the National Telecommunications and Information Administration (NTIA), and serve as President Trump's top telecom adviser.

[Commentary] Like the network neutrality debate, the privacy debate has been hijacked by noise rather than analysis, filling the zeitgeist with several misconceptions about the state of American privacy law. No doubt this misinformation campaign contributed to House Communications Subcommittee Chairman Marsha Blackburn’s (R-TN) decision to introduce this bill. But the act ultimately sacrifices the internet’s primary revenue engine in an attempt to solve a problem that the relevant agencies are well on their way to resolving on their own.

If Congress wanted to make a real contribution, it could repeal the Federal Trade Commission Act’s outdated common carrier exemption, which helped trigger this debate. While well-intentioned, the BROWSER Act accomplishes little good while threatening significant harm to the internet ecosystem.

[Daniel Lyons is an associate professor at Boston College Law School]

[Commentary] When Congress killed Federal Communications Commission rules that would stop internet providers from selling your browsing history to advertisers, supporters of that move told upset internet users to cheer up. Now, they all said, we could finally protect your privacy everywhere online! Instead of having rules that constrained only internet providers while letting sites and apps have fun with your data, we’d get our shot to develop a comprehensive privacy framework for all these companies. Two months later, something interesting has happened: A new bill by House Communications Subcommittee Chairman Marsha Blackburn (R-TN).

Blackburn’s BROWSER Act of 2017—as in, “Balancing the Rights of Web Surfers Equally and Responsibly”—would apply an opt-in standard to both providers and sites. And many of the people who had so much to say about online privacy in March have nothing to say about this bill… which suggests it will fare as well as other attempts to write new privacy laws. You’d think this bill would warrant a comment by the trade groups that had supported developing a uniform privacy standard—or the internet providers that had pledged in January to operate by an opt-in standard. You would be wrong. Spokespeople for the 21st Century Privacy Coalition, NCTA, CTA, the Chamber, and Comcast all said they had yet to take a stance on the bill, which has drawn four Republican co-sponsors to date. CTIA did not respond to queries but has yet to post anything about Blackburn’s proposal either.

House Communications Subcommittee Chairman Marsha Blackburn (R-TN) says she’s working to get some Democratic Reps on board to the BROWSER Act, her broadband privacy bill that would require both companies like Google and internet service providers to develop opt-in policies for sharing users’ sensitive data. “I’m pleased that some of my colleagues across the aisle are interested in the bill — I am hopeful this is going to be bipartisan, bicameral,” she said without naming names. She also noted that she intends to broach the topic with the Administration as she continues to work with members of the White House on the infrastructure package. “As we move forward with broadband expansion and the infrastructure bill, it will give me the opportunity to talk with [the White House] and seek support for what we’re doing with privacy,” she added.

Comcast Senior Executive Vice President David Cohen said the pressure for action on privacy might fade as the FCC moves forward with its net neutrality rulemaking. “I think the fervor for privacy legislation may disappear if the FCC does proceed in four or five months and reclassifies broadband under Title I because then the FTC will again have jurisdiction to enforce privacy against ISPs as well as the internet ecosystem, so then there may be a question of whether any congressional legislation is necessary at that time,” Cohen said. He said whether all web browsing or just certain web browsing history should be deemed sensitive is a discussion that can be had during consideration of the bill.

[Commentary] Privacy activists appear to have some new friends among congressional Republicans. House Communications Subcommittee Chairman Marsha Blackburn (R-TN) and cosponsors have introduced comprehensive privacy legislation that would apply a strict new privacy regime across the entire internet ecosystem. The legislation, known as the Browser bill, results from legitimate concerns about an “unlevel” playing field across the internet ecosystem and a mistaken belief that recent congressional action repealing the Federal Communications Commission’s privacy rule, promulgated under former FCC Chairman Tom Wheeler, left consumers unprotected. In fact, Congress’s action was the first step in re-leveling the playing field and returning privacy enforcement responsibilities over internet service providers to the Federal Trade Commission, which had that job before the FCC classified broadband internet service providers as “Title II” common carriers in 2015. Common carriers are exempt from FTC jurisdiction. The FCC then filled the gap by promulgating its now-repealed privacy rule. The Browser bill would return privacy jurisdiction over ISPs to the FTC, but would do so under a new and restrictive regime.

The better route to reinstating FTC jurisdiction is to follow repeal of the FCC privacy rule with repeal of the Title II classification. The FCC now has a rulemaking underway intended to accomplish that objective, a much better course than new privacy legislation.

[Thomas M. Lenard is senior fellow and president emeritus at the Technology Policy Institute. ]

Congressional Republicans knew their plan was potentially explosive. They wanted to kill landmark privacy regulations that would soon ban Internet providers, such as Comcast and AT&T, from storing and selling customers’ browsing histories without their express consent. So after weeks of closed-door debates on Capitol Hill over who would take up the issue first — the House or the Senate — Republican members settled on a secret strategy, according to Hill staff and lobbyists involved in the battle. While the nation was distracted by the House’s pending vote to repeal Obamacare, Senate Republicans would schedule a vote to wipe out the new privacy protections. On March 23, the measure passed on a straight party-line vote, 50 to 48. Five days later, a majority of House Republicans voted in favor of it, sending it to the White House, where President Trump signed the bill in early April without ceremony or public comment. “While everyone was focused on the latest headline crisis coming out of the White House, Congress was able to roll back privacy,” said former Federal Communications Commission chairman Tom Wheeler, who worked for nearly two years to pass the rules. The process to eliminate them took only a matter of weeks. The blowback was immediate.

Oracle plans to send a letter voicing its support of House telecom subcommittee Chairman Marsha Blackburn's (R-TN) new privacy bill. The recently introduced legislation would require both Internet service providers and so-called edge providers including Google and Facebook to develop opt-in policies for users to share their sensitive information, including browsing histories. Oracle senior vice president Ken Glueck said the bill creates parity among industries and also starts discussion on what should be considered sensitive information. "I think in my mind, location information is far more sensitive than web browsing," Glueck said. "But that's a debate that has to be had."

AT&T also offered support: "We have always said consumers expect their online data to be protected by a comprehensive and uniform privacy framework that applies across the entire internet ecosystem and includes operating systems, browsers, devices, ISPs, apps, online services and advertising networks," spokesman Michael Balmoris said, adding that, "We support Chairwoman Blackburn for moving the discussion in that direction, and we look forward to working with her as this legislation moves forward." USTelecom and CTIA had no comment at this time. Mobile Future did not respond to a request for comment. Meanwhile, the Internet Association is set to huddle with Chairman Blackburn. The group has already shared its opposition to the legislation and said that the bill has the potential to "upend the consumer experience online and stifle innovation."

Not to be deterred, Chairman Blackburn called out consumers as well in her response to these critiques. "I thought the Internet Association would be more supportive of protecting consumers," she said. "I think if you ask the American people if they're OK with having less control over their online privacy so companies can sell their data - they'd say no."

The Electronic Frontier Foundation also said it wouldn't support the bill in its current form, pointing to its preemption of state user privacy laws and the uniform treatment of ISPs and online companies as problematic. "The complications that the bill create by treating everything the same really stems from the fact that these are really different industry sectors and the markets are extraordinarily different," EFF legislative counsel Ernesto Falcon said. "It's an open field on the internet. People have choices, and new companies are coming in all the time. That's not the case at all when you're talking about broadband access."

Sen. Mike Lee (R-UT) is considering some sort of Senate version of the legislation and we can now add Sen. Steve Daines (R-MT) to that list as well. "Sen. Daines worked in the private sector for over 12 years and understands the importance of protecting personally identifiable information," an aide from his office said in an email. "Steve is looking into this proposal and discussing it with Montana stakeholders."