Sharing isn’t caring: Ruling lets ISPs sell your personal information

Consumers have few options, but can take some steps to protect their data

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Like so many public policy arguments, this Internet Service Provider privacy story is not sexy right now, because the projected consequences lack immediacy.

But by the time it is sexy, it’ll be too late to do anything about it. That leaves people who want you to care about it with the unfortunate option of conjuring up worst-case scenarios to get your attention, and those who hope you won’t pay attention accusing them of exaggeration.

Bob Sullivan, journalist and one of the founding members of

Meanwhile, consumers are left with the obvious question: What am I supposed to do about it? I’ll get to that answer in a moment—that’s what NBC Nightly News wanted me to explain on TV last night. But first a few more thoughts on the ISP privacy rule that is no more.

Related podcast: How lax privacy rules will trigger rise in predatory marketing

Like so many things Washington, it’s a relatively simple idea that takes form in an archaic, procedural drama.

The idea: Can ISPs collect and sell your internet activities, and should they have to ask for your permission first? Or is it OK to assume you are OK with it, as long as there is some option to back out? The opt-in, opt-out debate is as old as the internet, but it’s a red herring. “Opt out” doesn’t work. People don’t bother for a host of reasons.

In truth, “opt-out” is just a euphemism for “Corporation, do what you want.” To be fair to corporations, however, opt-in isn’t so great either. People are busy, and it’s really hard to get their attention, let alone get their intention correct. Forcing an opt-in would keep millions of people away from a service they might like.

Policy should dictate

So, it’s not easy. But I hope that reality suggests to you that this is precisely the kind of policy situation that calls for strong leaders to make civic-minded decisions based on the best interest of the people they represent. Leaving a decision like this up to consumers is a farce, an abdication of duty, like giving people the option to buy cars with brakes that don’t work, or eat at restaurants with dirty kitchens.

Plenty of firms already track your internet movements and sell your data to the highest bidder. Seeing this in action could make you queasy. Imagining the future consequences of this (will searching for diabetes information raise your insurance rates? Or end up in an employment background report?) will certainly make anyone ill.

Our nation has a messy patchwork of laws that barely provide any protections to consumers and let U.S. corporations do nearly anything they want with data they collect. Our most recent federal law that deals directly with privacy doesn’t have the words “cell phone” in its text. The only federal law on the books that really puts consumer privacy first deals only with video rental records, thanks to the Robert Bork Supreme Court nomination hearings.

That’s one reason privacy advocates are taking loss of the FCC rule so hard. It was a long time in the making. First, it required the FCC to declare that internet providers, like Comcast, are “common carriers,” like the phone company or another utility. That took responsibility for privacy rules away from the FTC. That then cleared the way for an FCC order that put consumer privacy first—the second of its kind, by my count.

The common carrier bit of this is important. ISPs are very much like utilities. That means they have outsized market power, so consumers need outsized protections.

Limited choice

Sure, Facebook and Google watch what you do. But, ubiquitous as they are, consumers still have alternatives to them. In many cases, that’s not true for internet access. As you know all too well, many consumers have three, two or even just a single choice for internet access.

So it makes sense that ISPs would be subject to additional rules to make sure they don’t run roughshod over customer rights. So in the fall, after years of discussion, the FCC decided to add strong privacy protections to internet use. It decided, in the words of then-director Tom Wheeler, to treat internet traffic like phone calls. Private content, to be treated with sanctity.

As I wrote in October, it was a rare, rare win for the privacy crowd.

If you are somehow lost in the haze of “Obama did this in his last days, it must be bad,” I think it’s important to take a step back and examine the record of Mr. Wheeler at this moment. Here’s the headline The New Yorker wrote when Obama appointed him: “Obama’s bad pick: A former lobbyist at the F.C.C.”

Read that again, slowly. He was a lobbyist, for years, at both the National Cable Television Association and the Cellular Telecommunications and Internet Association. So, Wheeler knows the industry perspective on things.

Ex-FCC boss critical

Yet HE spearheaded this effort. And now, he is most critical of the rollback. “Here’s one perverse result of this action. When you make a voice call on your smartphone, the information is protected: Your phone company can’t sell the fact that you are calling car dealerships to others who want to sell you a car. But if the same device and the same network are used to contact car dealers through the internet, that information—the same information, in fact—can be captured and sold by the network. To add insult to injury, you pay the network a monthly fee for the privilege of having your information sold to the highest bidder,” he wrote in a piece in The New York Times.

“Apparently, the Trump administration and its allies in Congress value privacy for themselves over the privacy of the Americans who put them in office. What is good business for powerful cable and phone companies is just tough luck for the rest of us.”

That argument fell on deaf ears, lost in the momentum that the current administration has to undo everything from the past eight years. I do believe there is a happy medium to be found in data collection, but this isn’t it. As I say to anyone who will listen, corporations keep overplaying their hand and, ultimately, they will stunt the exciting future of new technologies, creating unnecessary fear and loathing “Trust us,” just isn’t a great privacy policy.

What you can do

So we move forward, and now comes the “Tips” section of this story. Sadly, it will be short. Really, there’s not much consumers can do, and I am loath to ask this of you. But tips I must offer, so here are four, in order of ascending difficulty.

• Favor https websites (like mine!). The traffic between your computer and an https website is scrambled, so at least that data is safe from prying eyes of ISPs.

• Call or visit your ISP and opt-out of information sharing. Do it now. That’s your “vote” in this situation. Put your provider on notice that you won’t tolerate spooky activity. Give them a hard time. Consider it civil disobedience.

• Plenty of folks are suggesting you use a virtual private network (VPN). Sure. It’s a good idea for some. But VPNs cost money, they aren’t foolproof, they can be inconvenient, you might not be able to use your favorite streaming service, and you’ll have to decide for yourself which small provider you trust. There isn’t really a good resource for picking a VPN, so I’m not going to link to one. Do your own research.

More stories related to data privacy:
Don’t expect Trump to leave internet rules, regulations intact
Fair or foul? New forensics tools raise privacy concerns
Who’s listening? Privacy questions echo across the Internet of Things