Dog Whistle Politics Attack Consumer Privacy (Again)

In a quiet press release, lost among the battle to defeat the disastrous Affordable Care Act repeal - which was successful, if you hadn't heard yet - U.S. Senator Jeff Flake (R-Ariz) introduced a bill to gut the regulatory power of the Federal Communication Commission (FCC).  The joint resolution is extremely short, stating that the Senate "disapproves the rule submitted by the Federal Communications Commission relating to 'Protecting the Privacy of Customers of Broadband and Other Telecommunication Services,' and such rule shall have no force or effect." 

In his press release, Senator Flake said the following: “The FCC's midnight regulation does nothing to protect consumer privacy.  It is unnecessary, confusing and adds yet another innovation-stifling regulation to the internet. [My resolution] will not change or lessen existing consumer privacy protections. It empowers consumers to make informed choices on if and how their data can be shared.”

So, what do the rules the joint resolution are affecting actually say?  The 100-page document outlining the Obama-era rules is fairly straight forward, and has several themes:

  1. Internet Service Providers (ISP) must get affirmative consent from users before sharing Personally Identifiable Information (PII) about them [pg 16]. 
    • Specifically, the document defines PII as "any information that can reasonably be used on its own, or in combination, to identify an individual or device."
    • The document later goes on to define a set of non-PII, but still private, data as any of the following:
      • Broadband Service Plans
      • Geo-location
      • MAC Addresses and Other Device Identifiers
      • IP Addresses and Domain Name Information
      • Traffic Statistics
      • Port Information
      • Application Header
      • Application Usage
      • Application Payload
      • Customer Premises Equipment and Device Information
  2. ISPs must allow for more ambitious users to stop the sharing of non-private data [pg 17].
  3. ISPs must notify users of data breaches that affect PII [pg 19].
  4. Consumers may utilize the FCC dispute center to raise issues caused by ISPs [pg 23].

Most importantly, these FCC rules articulate that "[w]hile almost any piece of data could be linked to a consumer, it is appropriate to consider whether such a link is practical or likely in light of current technology.” This statement sets the tone for the entire set of rules established by the FCC in December of 2016. Not only are ISPs on notice for protecting PII data, but also private consumer data that only they would be able to obtain by nature of their monopolistic relationship with consumers (i.e. geolocation and MAC addresses). In addition, they're now also mandated to protect information that could lead others to ascertain that private data.

For Senator Flake to state that these rules do "nothing to protect consumer privacy" is more than a little misleading, when they in fact not only protect consumer privacy and prevent ISPs from triple-dipping into their consumer base. Consider that we already pay $30 - 100 per month for broadband internet service, and these providers already generate ad revenue based on our use of their service without selling our data; by loosening the restrictions on selling our data they will now be able to profit further based on our use of their service.  Simply put, this third profit stream cannot exist unless we first purchase and use their service; it cannot exist without us. This joint resolution is banking on our distraction with the White House, or our ignorance of technology, to loosen the ambitious regulations passed by the FCC and the Obama Administration.

Consider an article I wrote in October 2016 before these rules were passed:

Does Joe even know that Netflix is using this information? What recourse does he have for limiting what Netflix can do? He may not care that Netflix used his browsing habits to [to improve Netflix], but what if Netflix sold information to his employer, who determined that Joe isn’t as productive in the workplace as he claims?

There is very little you can do to prevent Internet Service Providers from getting this information; if you're on the internet, most of this information is going to be collected every second of every day that you browse your favorite blog.  Even now, your ISP is collecting information about what you're reading, where you're reading it from, and how long you spend reading it; with little-to-nothing you can do to stop them.

You might not care that they are using this information to improve their service, and you may not care that this information is used to increase their profits. At what point though, do you begin to care? Is it when this information begins to harm you directly? Is it when the fees you pay to access the internet continue to rise, even as ISP profits soar through the use and selling of your data?

That's a question that only you can answer, and your answer is likely very different than mine.  Privacy means different things to different people, and it's a deeply personal conversation. While I may be transparent in my religious and political affiliation, others may live or work in environments where such affirmations are uncomfortable or even dangerous.  Internet Service Providers collect enough private data that makes it impossible to hide that information from them, and these FCC rules enable you to say "yay" or "nay" on how that data is shared.

Senator Flack, a huge recipient of the extremely conservative Club for Growth PAC, is more concerned with repealing everything Obama touched than he is in understanding the personal journey that privacy necessitates, or the implications a repeal of these rules would have on technology and the economy.The Senate, which passed this resolution along party lines earlier this week, is banking on a distracted, apathetic, or ignorant population to get this bill through the House of Representatives. So, there's still time.