Your Privacy is a Partisan Issue

You’re reading the Benton Foundation’s Weekly Round-up, a recap of the biggest (or most overlooked) telecommunications stories of the week. The round-up is delivered via e-mail each Friday; to get your own copy, subscribe at www.benton.org/user/register

Robbie's Round-Up for the Week of March 27-31, 2017

Think for a moment about all you do with your broadband connection — and now consider that Republicans just unleashed your broadband provider’s ability to monetize it.

On March 28, the U.S. House of Representatives voted to revoke rules created by the Federal Communications Commission that would have required broadband providers to receive permission before collecting data on subscribers’ online activities. In a 215-to-205 vote largely along party lines and which mirrored an earlier vote in the Senate, Republican Representatives delivered a massive victory for broadband providers while offering flimsy justification. The move is sparking a backlash from consumers who value their online privacy. But while the plan to remove privacy protections may harm consumers, some GOP leaders have something else in their sights: the repeal of network neutrality.


A Brief History of Privacy Rules at the FCC

The Federal Trade Commission is normally the federal agency that takes enforcement action against “unfair or deceptive acts or practices” including privacy violations. However, the FTC is bound by the “common carrier exemption” which gives the FCC jurisdiction over telecommunications companies. In 2015, when the FCC reclassified broadband Internet access service under Title II of the Communications Act in the effort to ensure an Open Internet, the agency assumed jurisdiction over broadband providers on issues like protecting consumer privacy.

In late 2016, seemingly a lifetime ago, the FCC passed broadband privacy rules designed to give consumers the power to choose how their broadband providers use and share their personal data. [I wrote about the decision and the specifics of the rules in benton logoFCC Acts to Increase Consumer Privacy Choice] Briefly, the rules would have separated the use and sharing of information into three categories and included clear guidance for both ISPs and customers about the transparency, choice, and security requirements for customers’ personal information:

  • Opt-in: ISPs would have been required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specified categories of information that were considered sensitive, which included precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history, and the content of communications.
  • Opt-out: ISPs would have been allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually-identifiable customer information – for example, email address or service tier information – would be considered non-sensitive, and the use and sharing of that information would have been subject to opt-out consent, consistent with consumer expectations.
  • Exceptions to consent requirements: Customer consent would have been inferred for certain purposes including the provision of broadband service or billing and collection. For the use of this information, no additional customer consent would have been required beyond the creation of the customer-ISP relationship.

In addition, the rules included:

  • Transparency requirements that would have required ISPs to provide customers with clear, conspicuous, and persistent notice about the information they collect, how it would be used, and with whom it would be shared, as well as how customers could change their privacy preferences.
  • A requirement that broadband providers engage in reasonable data security practices and guidelines on steps ISPs should consider taking, such as implementing relevant industry best practices, providing appropriate oversight of security practices, implementing robust customer authentication tools, and proper disposal of data consistent with FTC best practices and the Consumer Privacy Bill of Rights.
  • Common-sense data breach notification requirements to encourage ISPs to protect the confidentiality of customer data, and to give consumers and law enforcement notice of failures to protect such information.

In crafting the rules, the FCC borrowed generously from the privacy and data security enforcement standards of the FTC. The FCC rules would have protected the privacy of consumers’ personal information in the same way telephone customers have long enjoyed. As former FCC Chairman Tom Wheeler noted in an op-ed in the New York Times, “For decades, in both Republican and Democratic administrations, federal rules have protected the privacy of the information in a telephone call. In 2016, the FCC, which I led as chairman under President Barack Obama, extended those same protections to the Internet.”

What the Repeal Means

The vote to repeal the FCC privacy rules means broadband providers now are players in the $83 billion market for online advertising. Your broadband provider now can collect, store, share, and sell your online behavioral information for profit without seeking your explicit consent. Think for a moment about all you do with your broadband connection — and now consider that Congress just unleashed your broadband provider’s ability to monetize it. As former FCC staffer Gigi Sohn wrote, “ISPs like Comcast, AT&T, and Charter will be free to sell your personal information to the highest bidder without your permission — and no one will be able to protect you.”

Information relating to intimate personal preferences, health problems, and financial matters are now available for the network to sell. Wheeler noted that the bill is an effort by the FCC’s new Republican majority and Congressional Republicans to overturn a simple but vitally important concept — namely that the information that goes over a network belongs to you as the consumer, not to the network hired to carry it. Wheeler wrote in his op-ed,

Here’s one perverse result of this action. When you make a voice call on your smartphone, the information is protected: Your phone company can’t sell the fact that you are calling car dealerships to others who want to sell you a car. But if the same device and the same network are used to contact car dealers through the internet, that information — the same information, in fact — can be captured and sold by the network. To add insult to injury, you pay the network a monthly fee for the privilege of having your information sold to the highest bidder.

Arguing Against Privacy

"Lawmakers who voted in favor of this bill just sold out the American people to special interests," said Rep Jared Polis (D-CO). How could they explain that away? Poorly. University Law Professor and “net neutrality” coiner Tim Wu tweeted, “The GOP explanations for rolling back privacy protections are among the most strained and absurd things I’ve read in some time.” Let’s take a look.

1) The “Unnecessary Regulation That Hurts The Market” Argument
The Washington Post noted that proponents of the repeal argued the regulations, “stifle innovation by forcing Internet providers to abide by unreasonably strict guidelines.” House Communications Subcommittee Chairman Marsha Blackburn (R-TN) went a step further, actually saying, “[Consumer privacy] will be enhanced by removing the uncertainty and confusion these rules will create.” Wu questioned whether her statement was read with a straight face.

If lawmakers truly believed the privacy rules would stifle innovation and create damaging uncertainty, more evidence, research, and signs of common sense should have been presented.

2) The “Leveling the Playing Field” Argument
Some Representatives claim it is unjust to subject ISPs to different privacy rules than so-called “edge” companies like Google and Facebook. Rep Steve Scalise (R-LA) said, “These rules are applied unevenly, based on what type of company you are or what kind of technology you use."

FCC Chairman Ajit Pai described the rules as “regulations designed to benefit one group of favored companies over another group of disfavored companies. Appropriately, Congress has passed a resolution to reject this approach of picking winners and losers before it takes effect.”

As a New York Times editorial points out, the argument is “highly disingenuous. Congress has only given the commission authority over telecommunications companies, so the FCC couldn’t have come up with rules that applied to other businesses even if it wanted to.”

It is important to also understand the differences between edge providers and broadband service providers:

  • Your ISP can see everything you do. Edge companies (Facebook, Google) on the other hand, only see a small portion of any given consumer’s internet traffic.
  • ISPs charge handsomely for their services, while most edge companies services are free, creating very different consumer expectations with regard to collection and use of data.
  • It is easier to switch edge providers than broadband service providers. As Gigi Sohn notes, “Even in the instances where a consumer has a choice of broadband providers (and Americans in 78 percent of census blocks do not, according to a recent FCC report), high switching costs make changing providers a very unattractive option. You can decide you’re fed up with Google’s data policies and use another search engine easily; it’s much harder to do that with your ISP.”

These differences aside, it is reasonable to want one set of privacy rules for the entire Internet ecosystem (the same privacy rules to apply for Facebook as for Comcast). But, as Gigi Sohn notes, “Why is Congress’ response to this alleged unlevel playing field removing the strongest privacy rules protecting consumers today?” The FCC doesn’t have the legal power to regulate edge companies. Congress does. Rather than tearing down privacy protections, Congress could have improved consumer privacy protections for edge providers to meet the higher FCC standard.

3) The "FTC is Fine as Being the Lone Privacy Cop" Argument
Chairman Blackburn said, “I think that people should realize that the FTC is the primary regulator of privacy, not the FCC. They have the history and the expertise to regulate consumer privacy, and having more than one agency regulate the same agency [issue] creates abuse and government overreach. Businesses need regulatory clarity in order to properly operate.”

Dallas Harris, Policy Fellow at Public Knowledge, said, “To be clear, the FTC cannot regulate broadband providers due to a Congressionally-mandated exemption for common carriers. This bill does not change that. The truth is that once President Trump signs this resolution, there will be no effective federal cop on the beat to proactively protect consumer information collected by ISPs.”

And as Sohn notes, “There’s a very important difference between the FTC’s enforcement powers and preventative FCC rules: the FCC’s rules have the power to protect consumers before they are harmed, while the FTC’s rules moderate industry behavior and give consumers the ability to enforce their rights after harm occurs.”

Could the Privacy Decision Impact Net Neutrality?

With the House passage of the repeal and the signature by President Trump, there will be no clear privacy protections for broadband Internet access service consumers. How will the FCC and Congress address the issue moving forward?

GOP leaders and Chairman Pai may use this lack of privacy oversight as a crisis/opportunity to push forward their effort to undo the FCC's Title II decision and effectively eliminate net neutrality.

In his statement on the repeal, Chairman Pai said, “Moving forward, I want the American people to know that the FCC will work with the FTC to ensure that consumers’ online privacy is protected through a consistent and comprehensive framework. In my view, the best way to achieve that result would be to return jurisdiction over broadband providers’ privacy practices to the FTC, with its decades of experience and expertise in this area.” That phrase "return jurisdiction over broadband providers' privacy practices to the FTC" means repealing the Title II decision.

Politico noted that House Commerce Committee Chairman Greg Walden (R-OR) is in step with Chairman Pai on leaving privacy to the FTC. "I hope the FCC will take up and review what was done under the Wheeler regime on Title II," he said, referencing former-FCC Chairman Wheeler. Walden continued:

Repealing Title II solves the whole problem. I think we gotta get this back to where we can legislate in this space, and take the bill we drafted a few years ago that would put into statute prohibitions on bad behavior, on throttling, and paid prioritization and blocking, there's bipartisan agreement on that. But when the Obama administration forced the FCC to go straight to Title II, that created all these problems.

As the New York Times Editorial Board noted, “Republicans just made clear how little they care about protecting the privacy of Americans.” Unfortunately, net neutrality may be next. As always, we’ll keep you posted in Headlines.

Quick Bits

Weekend Reads (resist tl;dr)
coffee iconCommissioner Clyburn’s Final #Solutions2020 Call to Action Plan (FCC)
coffee iconU.S.-Backed Efforts to Promote Openness and Democracy Are At Risk in the Age of Trump (Fast Company)
coffee iconCorporation for Public Broadcasting Statement Before Congress (CPB)
coffee iconHollywood needs a free and open Internet. So why isn't it fighting for it? (Los Angeles Times Op-Ed)
coffee iconThe Platform Press: How Silicon Valley reengineered journalism (Columbia Journalism Review)

Events Calendar for April
April 5 --Facilitating the 21st Century Wireless Economy, House Communications Subcommittee Hearing
April 19 -- Community Broadband Workshop, NTIA
April 20 -- Federal Communications Commission Open Meeting

ICYMI From Benton
benton logoCall for Applications - Charles Benton Junior Scholar Award (TPRC)
benton logoWhat More Do We Know About Ajit Pai’s Agenda?, Robbie McBeath


By Robbie McBeath.