Say so long to your data privacy under Trump FCC’s new rules

Internet service providers will have carte blanche to access personal information for profit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

A dual-track effort to derail—if not per­ma­nent­ly eliminate—new fed­er­al pri­va­cy rules that would lim­it Inter­net Ser­vice Providers’ com­mer­cial use of sen­si­tive cus­tomer data is gain­ing steam.

On Wednes­day, March 1, the Trump administration’s Fed­er­al Com­mu­ni­ca­tions Com­mis­sion vot­ed to delay imple­men­ta­tion of new broad­band pri­va­cy rules for ISPs. This hap­pened on the eve of strin­gent new pri­va­cy rules tak­ing effect.

The rules approved by the FCC last Octo­ber under for­mer Pres­i­dent Oba­ma require the likes of Com­cast, Ver­i­zon, AT&T and Time Warn­er to get cus­tomers’ explic­it con­sent before using or shar­ing behav­ioral data, includ­ing brows­ing his­to­ry, loca­tion and oth­er sen­si­tive information.

Relat­ed: Don’t expect Trump to leave inter­net rules, reg­u­la­tions intact

Then on Tues­day, March 7, Sen. Jeff Flake, R-Ari­zona, went one big step fur­ther. Flake for­mal­ly pro­posed using a rare leg­isla­tive tool, called the Con­gres­sion­al Review Act (CRA), as a means to per­ma­nent­ly halt the FCC from ever impos­ing any mean­ing­ful lim­its to ISPs’ com­mer­cial use of con­sumers’ behav­ioral profiles.

John M. Simp­son, Con­sumer Watch­dog pri­va­cy project director

It’s already very like­ly that the Repub­li­can FCC will sub­stan­tial­ly water down pri­va­cy rules for ISPs, and they are, in fact, get­ting ready to do that,” says John M. Simp­son, pri­va­cy project direc­tor for the advo­ca­cy group, Con­sumer Watch­dog. “But that may all be moot because ear­li­er this week a CRA was filed that would sim­ply abol­ish the rule completely.”

Should Con­gress suc­ceed in using the CRA mech­a­nism to abol­ish the pri­va­cy rules approved last fall, the Trump FCC—and pre­sum­ably all future commissions—would, in effect, be barred from adapt­ing any form of pri­va­cy rules for ISPs, what­so­ev­er, Simp­son says.

It would just leave it like the Wild Wild West where there’s no reg­u­la­tions at all,” Simp­son says.

Dash for cash

This is all hap­pen­ing because ISPs are all too eager to par­tic­i­pate in the hun­dreds of bil­lions of dol­lars in online adver­tis­ing rev­enue reaped by Google, Face­book, Twit­ter and oth­er so-called “edge providers” who vora­cious­ly col­lect and then sell behav­ior pro­fil­ing data gen­er­at­ed by patrons of their respec­tive services.

Con­cerns about how ISPs tend to hold monop­oly stakes in many geo­graph­ic areas—and col­lect even more exten­sive behav­ioral pro­fil­ing data than any sin­gle edge provider can amass alone—were alle­vi­at­ed last fall when the Oba­ma FCC stepped for­ward with its Euro­pean-like pri­va­cy rules for ISPs.

No going back

Now the Trump FCC is prepar­ing to water down the rules approved by the Oba­ma FCC. What’s more, Con­gress, led by Sen. Flake, is posi­tion­ing itself to leap ahead by using an obscure leg­isla­tive mech­a­nism, the CRA, to nail the cof­fin per­ma­nent­ly shut.

For con­sumers, this rep­re­sents a stun­ning rever­sal, says Katie McIn­nis, staff attor­ney for Con­sumers Union, the pol­i­cy and mobi­liza­tion arm of Con­sumer Reports.

Inter­net ser­vice providers are using their all-access pass to con­sumers’ online lives to boost their prof­its, sell­ing this per­son­al infor­ma­tion to the high­est bid­ders,” McIn­nis says. “This move to elim­i­nate these rules makes it clear that Con­gress val­ues big indus­try more than con­sumers, who over­whelm­ing­ly sup­port these protections.”

Simp­son con­curs. “The thing that is so depress­ing is that these rules were very good for both busi­ness and con­sumers,” he says. “The inter­net is built on trust, and if con­sumers can’t trust their ISPs it just under­mines the whole system.”

Edge providers like Google and Face­book already lead the way in col­lect­ing mas­sive amounts of data about how con­sumers use their web browsers and com­put­ing devices. They inten­sive­ly mine this data to sup­port ad cam­paigns based on behav­ior pro­fil­ing. Adver­tis­ing might seem benign enough. But pri­va­cy advo­cates wor­ry that ISPs won’t be able to resist pur­su­ing even more aggres­sive mon­e­ti­za­tion mod­els to exploit the disadvantaged.

Poor espe­cial­ly at risk

Machine learn­ing and big data min­ing tech­niques are now rou­tine­ly used in com­merce. And it is pos­si­ble for ISPs to cre­ate detailed behav­ior pro­files for each indi­vid­ual inter­net user. Such pro­files have proven to be very effec­tive in con­duct­ing preda­to­ry mar­ket­ing cam­paigns that most often tar­get the poor.

For exam­ple, behav­ior pro­files can help insur­ance com­pa­nies dis­crim­i­nate while issu­ing poli­cies and banks while approv­ing loans. Behav­ior pro­files can be used to pro­mote gam­bling, porn and drug abuse. And they can tilt hir­ing deci­sions, or be used by politi­cians and ide­o­logues to manip­u­late pub­lic discourse.

ISPs appear to be eager to cash in. For exam­ple, in 2014 Ver­i­zon was found to be silent­ly mod­i­fy­ing its users’ web traf­fic by inject­ing a cook­ie-like track­er that enabled third-par­ty adver­tis­ers and web­sites to assem­ble a deep, per­ma­nent pro­file of vis­i­tors’ web brows­ing habits with­out their con­sent, accord­ing to the Elec­tron­ic Fron­tier Foundation.

No pri­va­cy rules for Com­cast, Ver­i­zon, AT&T et al. “means fur­ther over­reach­ing by ISPs, which opens the doors to all kind of abus­es that shouldn’t hap­pen,” Simp­son notes. “The kind of pro­fil­ing that will be done, and what ISPs will do with those pro­files, is com­plete­ly inappropriate.”

Lau­ra M. Moy, deputy direc­tor of the Cen­ter on Pri­va­cy & Tech­nol­o­gy at George­town Uni­ver­si­ty Law Cen­ter, notes the the FCC is required by law to have strong pri­va­cy pro­tec­tions in place for inter­net cus­tomers. “But if the FCC nev­er­the­less refus­es to do that, con­sumers may find that their inter­net providers are using, sell­ing, and shar­ing infor­ma­tion that con­sumers con­sid­er to be very pri­vate, with­out per­mis­sion and per­haps with­out trans­paren­cy as well,” Moy says.

More sto­ries relat­ed to privacy:
Who’s lis­ten­ing? Pri­va­cy ques­tions echo across the Inter­net of Things
Cavoukian Q&A: ‘Pri­va­cy by design’ restores con­trol to consumers
Fair or foul? New foren­sics tools raise pri­va­cy concerns