March 2017

The Federal Communications Commission issued a temporary stay of a data security regulation that would have subjected Internet service providers (ISPs) to a different standard than that applied to other companies in the Internet ecosystem by the Federal Trade Commission. The regulation would have gone into effect on March 2.

The March 1 decision will maintain a status quo that has been in place for nearly two years with respect to ISPs and nearly a decade with respect to other telecommunications carriers. The stay will remain in place until the FCC is able to act on pending petitions for reconsideration. The stay will provide time for the FCC to work with the FTC to create a comprehensive and consistent framework for protecting Americans’ online privacy. The FTC had proven to be an effective cop on the beat for safeguarding digital privacy. But in 2015, the FCC stripped the FTC of its authority over ISPs’ privacy and data security practices when it adopted the Title II Order. The stay will also ensure that ISPs and other telecommunications carriers do not incur substantial and unnecessary compliance costs while the FCC considers modifications to the rule.

ISPs have been – and will continue to be – obligated to comply with Section 222 of the Communications Act and other applicable federal and state privacy, data security, and breach notification laws. In addition, broadband providers have released a voluntary set of “ISP Privacy Principles” that are consistent with the Federal Trade Commission’s long-standing privacy framework. For other telecommunications carriers, the Commission’s preexisting rules governing data security will remain in place.

Commissioner Clyburn: On the very same day a major content distribution network revealed that the private data of millions of users from thousands of websites had been exposed for several months, the FCC announced its intention to indefinitely suspend rules requiring broadband providers to protect users’ private data. The irony here is inescapable. With a stroke of the proverbial pen, the Federal Communications Commission—the same agency that should be the “cop on the beat” when it comes to ensuring appropriate consumer protections—is leaving broadband customers without assurances that their providers will keep their data secure.

It is for this reason, that I must issue this unequivocal dissent.

This Order is but a proxy for gutting the Commission’s duly adopted privacy rules—and it does so with very little finesse. First, the Order alleges deleterious divergence from FTC standards, when in actuality there is little daylight between the approaches taken by the two agencies. Second, the Order alleges significant harm to service providers, but cites absolutely nothing to prove it. In fact, the stay request does not even begin to estimate the costs associated with compliance. The outcome of this Order is not relief of regulatory burdens, as is evidenced by providers seeking a stay using the text of the FCC’s rule as the basis for their voluntary code of conduct. What it actually does is permit providers to shift the costs for corporate negligence onto private citizens.

Finally, I must express my disappointment that the Chairman even entertained this item being adopted on delegated authority. This would have marked the first time in which the Wireline Competition Bureau actually granted a petition for stay. Thankfully, my request to have this considered by the Commission preserved some degree of procedural integrity at the FCC.

Commissioner O’Rielly: I support this decision to stay the broadband data security rules while the Commission and Congress consider an appropriate resolution of the broader Net Neutrality proceeding.

To be clear, I think the law and Commission precedent are quite straightforward: the FCC lacks authority to adopt data security rules for any type of provider. Data security is not mentioned anywhere in the Communications Act, and other statutes and legislative efforts that have addressed the topic do not afford the FCC any role.

I consistently objected to the prior Commission’s unlawful attempts to freelance in this area long before the Net Neutrality Order and Privacy Order were adopted. I also pointed out that the Commission’s attempts to saddle the communications sector with experimental regulations could conflict with well-established FTC precedents that have served as a predictable road map for businesses and consumers alike.

Finally, I appreciate the opportunity to vote on this order at the Commission level. While I welcome greater participation by the full Commission in general, I think that Commission-level action on significant decisions like this one are particularly helpful to provide a clear and final statement of the agency’s position, which promotes transparency and certainty for all interested parties.

Does the recent “Gaggle Order” — the decision to ban the New York Times, CNN, Politico, Buzz Feed, and the Los Angeles Times reporters from Sean Spicer’s press “gaggle” — violate the First Amendment? Turns out that’s a close question.

It certainly looks, at first glance, like a prohibited content-based (or possibly even viewpoint-based) discrimination limiting the affected outlets’ ability to receive information, which would subject it to the highest form of First Amendment scrutiny and require some “compelling” justification to be constitutional. On the other hand, surely the First Amendment doesn’t prevent a president (or his press secretary) from, say, granting an exclusive interview (or providing a “leak”) to one (favored) reporter or paper or TV network and not another.

Later in 2017, a coalition of organizations including the Committee to Protect Journalists, the Freedom of the Press Foundation, the Reporters Committee for the Freedom of the Press, the Knight First Amendment Center and the Index on Censorship will launch an as-yet unnamed news site to track press freedom violations in the United States. The site will not only track incidents spurred by the Trump administration, but his election and anti-press rhetoric was a major catalyst in its founding.

The site, which is slated to launch sometime in the next two to three months, will have one full-time reporter and feature research and analysis from the partner organizations. CPJ is funding the reporting position (they're fresh from a fundraising bump), and the Freedom of the Press Foundation is contributing the site's development work. The project was conceived at a meeting of those organizations about a month ago, said Trevor Timm, the executive director of the Freedom of the Press Foundation. They discussed the lack of a comprehensive database for "press freedom incidents" in the United States — arrests of journalists, border security shakedowns and equipment confiscation.