Sharing isn’t caring: Ruling lets ISPs sell your personal information

Consumers have few options, but can take some steps to protect their data

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Like so many pub­lic pol­i­cy argu­ments, this Inter­net Ser­vice Provider pri­va­cy sto­ry is not sexy right now, because the pro­ject­ed con­se­quences lack immediacy.

But by the time it is sexy, it’ll be too late to do any­thing about it. That leaves peo­ple who want you to care about it with the unfor­tu­nate option of con­jur­ing up worst-case sce­nar­ios to get your atten­tion, and those who hope you won’t pay atten­tion accus­ing them of exaggeration.

Bob Sul­li­van, jour­nal­ist and one of the found­ing mem­bers of

Mean­while, con­sumers are left with the obvi­ous ques­tion: What am I sup­posed to do about it? I’ll get to that answer in a moment—that’s what NBC Night­ly News want­ed me to explain on TV last night. But first a few more thoughts on the ISP pri­va­cy rule that is no more.

Relat­ed pod­cast: How lax pri­va­cy rules will trig­ger rise in preda­to­ry marketing 

Like so many things Wash­ing­ton, it’s a rel­a­tive­ly sim­ple idea that takes form in an archa­ic, pro­ce­dur­al drama.

The idea: Can ISPs col­lect and sell your inter­net activ­i­ties, and should they have to ask for your per­mis­sion first? Or is it OK to assume you are OK with it, as long as there is some option to back out? The opt-in, opt-out debate is as old as the inter­net, but it’s a red her­ring. “Opt out” doesn’t work. Peo­ple don’t both­er for a host of reasons.

In truth, “opt-out” is just a euphemism for “Cor­po­ra­tion, do what you want.” To be fair to cor­po­ra­tions, how­ev­er, opt-in isn’t so great either. Peo­ple are busy, and it’s real­ly hard to get their atten­tion, let alone get their inten­tion cor­rect. Forc­ing an opt-in would keep mil­lions of peo­ple away from a ser­vice they might like.

Pol­i­cy should dictate

So, it’s not easy. But I hope that real­i­ty sug­gests to you that this is pre­cise­ly the kind of pol­i­cy sit­u­a­tion that calls for strong lead­ers to make civic-mind­ed deci­sions based on the best inter­est of the peo­ple they rep­re­sent. Leav­ing a deci­sion like this up to con­sumers is a farce, an abdi­ca­tion of duty, like giv­ing peo­ple the option to buy cars with brakes that don’t work, or eat at restau­rants with dirty kitchens.

Plen­ty of firms already track your inter­net move­ments and sell your data to the high­est bid­der. See­ing this in action could make you queasy. Imag­in­ing the future con­se­quences of this (will search­ing for dia­betes infor­ma­tion raise your insur­ance rates? Or end up in an employ­ment back­ground report?) will cer­tain­ly make any­one ill.

Our nation has a messy patch­work of laws that bare­ly pro­vide any pro­tec­tions to con­sumers and let U.S. cor­po­ra­tions do near­ly any­thing they want with data they col­lect. Our most recent fed­er­al law that deals direct­ly with pri­va­cy doesn’t have the words “cell phone” in its text. The only fed­er­al law on the books that real­ly puts con­sumer pri­va­cy first deals only with video rental records, thanks to the Robert Bork Supreme Court nom­i­na­tion hearings.

That’s one rea­son pri­va­cy advo­cates are tak­ing loss of the FCC rule so hard. It was a long time in the mak­ing. First, it required the FCC to declare that inter­net providers, like Com­cast, are “com­mon car­ri­ers,” like the phone com­pa­ny or anoth­er util­i­ty. That took respon­si­bil­i­ty for pri­va­cy rules away from the FTC. That then cleared the way for an FCC order that put con­sumer pri­va­cy first—the sec­ond of its kind, by my count.

The com­mon car­ri­er bit of this is impor­tant. ISPs are very much like util­i­ties. That means they have out­sized mar­ket pow­er, so con­sumers need out­sized protections.

Lim­it­ed choice

Sure, Face­book and Google watch what you do. But, ubiq­ui­tous as they are, con­sumers still have alter­na­tives to them. In many cas­es, that’s not true for inter­net access. As you know all too well, many con­sumers have three, two or even just a sin­gle choice for inter­net access.

So it makes sense that ISPs would be sub­ject to addi­tion­al rules to make sure they don’t run roughshod over cus­tomer rights. So in the fall, after years of dis­cus­sion, the FCC decid­ed to add strong pri­va­cy pro­tec­tions to inter­net use. It decid­ed, in the words of then-direc­tor Tom Wheel­er, to treat inter­net traf­fic like phone calls. Pri­vate con­tent, to be treat­ed with sanctity.

As I wrote in Octo­ber, it was a rare, rare win for the pri­va­cy crowd.

If you are some­how lost in the haze of “Oba­ma did this in his last days, it must be bad,” I think it’s impor­tant to take a step back and exam­ine the record of Mr. Wheel­er at this moment. Here’s the head­line The New York­er wrote when Oba­ma appoint­ed him: “Obama’s bad pick: A for­mer lob­by­ist at the F.C.C.”

Read that again, slow­ly. He was a lob­by­ist, for years, at both the Nation­al Cable Tele­vi­sion Asso­ci­a­tion and the Cel­lu­lar Telecom­mu­ni­ca­tions and Inter­net Asso­ci­a­tion. So, Wheel­er knows the indus­try per­spec­tive on things.

Ex-FCC boss critical

Yet HE spear­head­ed this effort. And now, he is most crit­i­cal of the roll­back. “Here’s one per­verse result of this action. When you make a voice call on your smart­phone, the infor­ma­tion is pro­tect­ed: Your phone com­pa­ny can’t sell the fact that you are call­ing car deal­er­ships to oth­ers who want to sell you a car. But if the same device and the same net­work are used to con­tact car deal­ers through the inter­net, that information—the same infor­ma­tion, in fact—can be cap­tured and sold by the net­work. To add insult to injury, you pay the net­work a month­ly fee for the priv­i­lege of hav­ing your infor­ma­tion sold to the high­est bid­der,” he wrote in a piece in The New York Times.

Appar­ent­ly, the Trump admin­is­tra­tion and its allies in Con­gress val­ue pri­va­cy for them­selves over the pri­va­cy of the Amer­i­cans who put them in office. What is good busi­ness for pow­er­ful cable and phone com­pa­nies is just tough luck for the rest of us.”

That argu­ment fell on deaf ears, lost in the momen­tum that the cur­rent admin­is­tra­tion has to undo every­thing from the past eight years. I do believe there is a hap­py medi­um to be found in data col­lec­tion, but this isn’t it. As I say to any­one who will lis­ten, cor­po­ra­tions keep over­play­ing their hand and, ulti­mate­ly, they will stunt the excit­ing future of new tech­nolo­gies, cre­at­ing unnec­es­sary fear and loathing “Trust us,” just isn’t a great pri­va­cy policy.

What you can do

So we move for­ward, and now comes the “Tips” sec­tion of this sto­ry. Sad­ly, it will be short. Real­ly, there’s not much con­sumers can do, and I am loath to ask this of you. But tips I must offer, so here are four, in order of ascend­ing difficulty.

• Favor https web­sites (like mine!). The traf­fic between your com­put­er and an https web­site is scram­bled, so at least that data is safe from pry­ing eyes of ISPs.

• Call or vis­it your ISP and opt-out of infor­ma­tion shar­ing. Do it now. That’s your “vote” in this sit­u­a­tion. Put your provider on notice that you won’t tol­er­ate spooky activ­i­ty. Give them a hard time. Con­sid­er it civ­il disobedience.

• Plen­ty of folks are sug­gest­ing you use a vir­tu­al pri­vate net­work (VPN). Sure. It’s a good idea for some. But VPNs cost mon­ey, they aren’t fool­proof, they can be incon­ve­nient, you might not be able to use your favorite stream­ing ser­vice, and you’ll have to decide for your­self which small provider you trust. There isn’t real­ly a good resource for pick­ing a VPN, so I’m not going to link to one. Do your own research.

More sto­ries relat­ed to data privacy:
Don’t expect Trump to leave inter­net rules, reg­u­la­tions intact
Fair or foul? New foren­sics tools raise pri­va­cy concerns
Who’s lis­ten­ing? Pri­va­cy ques­tions echo across the Inter­net of Things


Posted in Data Privacy, Featured Story