Broadband Industry Has A Hissy Fit As FCC Unveils Some Fairly Basic New Broadband Privacy Protections
from the sky-is-falling dept
As had been hinted at for months, the FCC formally unveiled its plans to apply some relatively basic privacy protections for broadband service. And while you'll likely see the broadband industry bitching up a storm over the next few months, none of the requirements are particularly onerous (and many are things ISPs are doing already). The agency's full announcement (pdf) notes the rules will require that ISPs are a) transparent about what they're doing, b) have basic systems in place to protect collected data and alert users in case of data breach and c) provide users with opt out technology that actually works.When the FCC reclassified ISPs as common carriers under Title II, ISPs were automatically subjected to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). But because those rules were largely designed for ye olde phone company, the FCC is updating them to become very basic rules of the road for handling customer data. ISPs have been quick to complain that they shouldn't face privacy protections that go beyond what Apple and Google deal with, but the FCC correctly argues that the lack of broadband competition make ISPs a unique animal:
"A consumer’s relationship with her ISP is very different than the one she has with a website or app. Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."ISPs have also argued for the better part of a decade that they should be allowed to self-regulate on the privacy front, but their behavior has repeatedly indicated they're not actually capable of this. Verizon, for example., was caught last year modifying user packets to track users around the Internet and build detailed subscriber profiles. The company engaged in this behavior for two years before it was even discovered by security researchers. It took another six months of public and FCC pressure for Verizon to even provide working opt-out tools.
Preparing for the FCC's announcement the broadband industry has been pushing a number of "studies" trying to argue that broadband privacy protections also aren't necessary because users can protect themselves with encryption or VPNs. But plenty of household data isn't encrypted (including most IOT devices), and the FCC is quick to note that the lack of broadband competition makes the sector notably different from say, search engines:
"Even when data is encrypted, broadband providers can still see the websites that a customer visits, how often they visit them, and the amount of time they spend on each website. Using this information, ISPs can piece together enormous amounts of information about their customers – including private information such as a chronic medical condition or financial problems."In short what the FCC's doing is again relatively straightforward, basic, and most ISPs will be doing this stuff anyway. But that didn't stop AT&T from taking to its policy blog to complain that the modern broadband industry is just too damned evolved for privacy protections:
"In the 1980’s telecommunications industry, when companies were required by law to stay in their lanes, it might have made sense to have rules that applied only to one set of providers in an industry. But that was 30+ years ago, and we are long past that stage in U.S. communications policy...Limiting ISPs’ ability to compete with ad supported business models – which are overwhelmingly favored by consumers – is bad for consumers and ultimately bad for broadband investment in this country."Except you should stop and take a look at what AT&T's vision of modern broadband privacy standards looks like. The company has been using deep packet inspection to track its U-verse broadband customers for years. But instead of making it easy and transparent to opt out, AT&T requires that its broadband customers not only jump through a number of confusing hoops, but it actually charges customers upwards of $60 per month to do so. When you understand that AT&T's vision of the broadband privacy future involves making actual privacy a cumbersome paid luxury, you can understand why companies like AT&T are opposed to even the most basic protections.
The FCC's also making it very clear it's not thwarting "innovation" in the user-tracking space, or seriously hindering the cash cow that is tracking users online. That was illustrated with the company's recent settlement with Verizon over the afore-mentioned stealth trackers; the settlement lets Verizon happily continue fiddling with user traffic for the benefit of tracking them, just as long as the company's clear about what's happening and provides working opt-out tools. That's really not a big deal by any standard.
So while you're going to see ISPs and friends bitch endlessly about this being "yet another heavy-handed FCC power grab" and the like, there's really not much here to be afraid of. It's also worth remembering that ISPs like AT&T and Verizon had every opportunity to preempt privacy regulations by showing they were capable of self-regulating, but failed repeatedly and painfully at the task.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: broadband, fcc, privacy
Companies: at&t, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
Go further
OK, not holding my breath.
[ link to this | view in thread ]
[ link to this | view in thread ]
That's not news.
If the FCC stood still they'd hissy that the FCC wasn't giving them more privileges and dancing for their enjoyment.
[ link to this | view in thread ]
Re: Go further
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Third party information sharing is practically comparable to whitewashing of money in some circumstances: As soon as you combine the illegal data with other data in the right way, you can sell it all completely legally! If you are a databroker, why not get better information at a lower price?
[ link to this | view in thread ]
System Error
[ link to this | view in thread ]
"How to Navigate, Mitigate or Eliminate the Impacts of State Restrictions on Public Broadband"
(PDF) http://cjspeaks.com/wp/wp-content/uploads/2015/01/Snapshot-1-15.pdf
Originally found here
https://soylentnews.org/comments.pl?sid=12583&cid=316941#commentwrap
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
You can control this on a per site level using uBlock Origin (not uBlock, but uBlock Origin) and/or uMatrix. Same author, they have slightly different purposes, but can also work together. Set a default (for me it's block everything except css and images), then on a per site basis allow javascript or frames etc (this is in uMatrix). It's not really that hard to understand. It's a really granular fine control - you can allow specific XSS on a a specific domain: eg you can allow google apis on techdirt, but no where else (by default).
[ link to this | view in thread ]
Consumers would be given an opt-in
An interesting corollary to this, and to AT&T's practice of charging consumers to opt out of monetization their network behavior, is H.R. 2666, a vague and sweeping bit of legislation that prohibits the FCC from regulating broadband fees. If this were to become law, ISPs, would argue that they could charge consumers for opting out of their privacy rights and the FCC's hands would be tied. The legislation also threatens net neutrality because it would undercut the prohibition against fast lanes. Critics of net neutrality view this as ex ante fee regulation, forcing ISPs to set a price of $0 to connect edge providers to their customers. The House Energy and Commerce Committee votes on H.R. 2666 tomorrow, March 14, 2016.
[ link to this | view in thread ]