FCC Boss Moves To Kill Broadband Privacy Protections. You Know, To Help The Little Guy.
from the Comcastic dept
New FCC boss Ajit Pai, apparently taking a break from paying empty lip service to the poor, has quietly announced the FCC will be killing consumer broadband privacy protections before they even have a chance to take root. Hoping the news would get lost in the pre-weekend hustle, the FCC quietly circulated an e-mail on Friday stating that the agency would be moving to kill the rules before they arrive March 2, just as large ISPs had demanded.
The FCC statement starts by implying that eliminating FCC oversight of broadband privacy (leaving the FTC as the lone cop on the beat) is more consistent and efficient:
"Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework. All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another. Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy. Unfortunately, one of the previous administration’s privacy rules that is scheduled to take effect on March 2 is not consistent with the FTC’s privacy standards. Therefore, Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2."
This idea that the FTC should be the only regulator overseeing ISP privacy comes from the telecom industry itself, which has repeatedly tried to claim it's unfair to "burden" ISPs (many of which are trying to get into the ad and media industry) with FCC regulations not faced by the likes of Google and Facebook. The problem: they're ignoring the fact that while users can switch search engines or services if they're unhappy with Google or Facebook's privacy practices, a lack of competition often means users have no such luxury when it comes to broadband ISPs. Thus, specific rules large ISPs pretend they don't see the reasoning for.
Meanwhile, the big push to have the FTC alone oversee broadband privacy is rooted in the knowledge that the FTC is (a) overworked and underfunded, and (b) has no rule-making authority. Now ex-FCC boss Tom Wheeler had this to say about this GOP and Trump FCC "modernization" effort in a recent, candid interview:
"It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along. So it doesn’t surprise me that the Trump transition team -- who were with the American Enterprise Institute and basically longtime supporters of this concept -- comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices."
In other words, the pretense for Pai and friends is "efficiency," when the reality, as has long been the FCC's overarching MO, is to protect large ISPs like Comcast, Verizon and AT&T from real accountability and oversight. That's a problem when it comes to an uncompetitive industry where the nation's biggest carriers have no organic checks and balances on their increasingly unethical privacy practices. You need either real competition or reasonable regulators, and as these ISPs' historical behavior makes clear, you run into problems when revolving-door regulators want neither.
The FCC rules themselves were passed last year and are relatively simple; ISPs must disclose what data they're gathering and who they're selling it to. In a few instances, users need to opt in if ISPs want to share more personal financial data. The telecom and ad industries whined about the rules, but the FCC only acted to create the rules after Verizon was caught covertly modifying user packets in order to track user behavior (without informing them or providing working opt-out tools), and AT&T and Comcast began making it clear they wanted to charge users a premium for privacy.
The telecom industry had its chance to self-regulate on the privacy front, and showed repeatedly it wasn't capable of actually doing so. Repeal the FCC's privacy rules, and there's literally nothing standing between you and Comcast when it comes to privacy except an overworked (and likely to be similarly and intentionally hamstrung) FTC incapable of picking up the slack. That's certainly great for Comcast. It's less great if you're a broadband consumer actually looking to have some amount of control over how your personal data is collected and shared in the gigabit era.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Absolutely right
Pai is most certainly right, rules should be consistent across the board, with no need to unnecessarily complicate things simply because trifling details might differ.
For example, in the interest of providing a fair and level playing field...
Bikes should be required to meet any and all requirements that cars are under(seatbelts, blinkers, license to use), because both bikes and cars have wheels and are used for transportation. Alternatively, car manufacturers should't be burdened by unnecessary regulations and rules that bike manufacturers don't have to follow for the same reason.
People can talk without any bothersome regulations in place, they can even communicate via the highly technical method of two cans and some string, and as such phone/telecommunication companies shouldn't be saddled with burdensome regulations that just get in the way of better serving the customer.
You can take a canoe out on the lake without filing out countless forms and going through the hassle of safety checks or anything absurd like that, and as such larger boats such as those used for shipping shouldn't be unfairly forced to deal with those sorts of things either. A boat's a boat after all, it makes no sense to treat one different than the other just because the structure might differ a tiny little bit.
[ link to this | view in thread ]
[ link to this | view in thread ]
Netzero anyone?
[ link to this | view in thread ]
https://www.aclu.org/
https://www.eff.org/
https://www.freepress.net/
also you can set them as your charity on https://smile.amazon.com/
also write to your House Representative and senators
http://www.house.gov/representatives/find/
https://www.senate.gov/general/contact_information /senators_cfm.cfm?OrderBy=state
and the FCC
https://www.fcc.gov/about/contact
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
Time to start getting used to the taste of vodka.
[ link to this | view in thread ]
I would think also, to some degree, the market itself may provide said privacy with tools like the VPN/adblock/ browser plugins and such. People like their privacy, learning about and using the tools to ensure privacy may be just as effective if not more so than regulation no?
[ link to this | view in thread ]
Re:
For a user, if they don't have an always on VPN setup at the router, then the one time they forget to start up their VPN client, their privacy is lost.
[ link to this | view in thread ]
Are you going to censor this post too, Masnick?
[ link to this | view in thread ]
Re: Re:
Isn't their a law about breaking encryption? I would think that their would be, but I'm guessing here.
"For a user, if they don't have an always on VPN setup at the router, then the one time they forget to start up their VPN client, their privacy is lost."
I don't know. I would think this would be a feature not a bug. Sometimes; I don't want/need my anonymity. Others I do. Either way I get to decide. Not the Gov., not the ISP. I do. I feel somewhat empowered by that.
[ link to this | view in thread ]
Re:
Look, just send Mike a private message that your dick loves him and that you wake up thinking about Mike. You think all day about Mike. And when you go night-night, you hope the the Sandman will give you a dream about being with Mike. Who knows? Maybe Mike plays for both teams.
[ link to this | view in thread ]
FCC Mandates are not negotiable...
The mandate behind the entity known as the FCC has to be followed regardless of how much you're being paid by AT&T, Verizon, Sprint and T-Mobile.
The FCC is not your private barony, it's a government entity, with *RULES* you have to follow.
Pull your face out of the big 4's collective ass and do the job as mandated by the FCC guidelines.
If you can not or will not, then you must step down or be pushed down, hopefully it won't hurt too much when your face hits the piles of shit that you're corporial form is composed of.
[ link to this | view in thread ]
Re:
1) They'd still get the inevitable DNS leakage
2) They'd still get a bunch of metadata
3) They can degrade VPN service quality
4) The Internet is global. At some point your traffic is going to cross Comcast's or Verizon's cables even if they aren't your ISPs.
[ link to this | view in thread ]
That's downright mean
That is an unfair and absolutely uncalled for comparison. Piles of shit can actually be useful, serving to help the public by increasing crop yield in the form of fertilizer.
Piles of shit have a bad enough rap as it is, they don't deserve to be lumped in with the likes of corporate bootlickers like Pai.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: That's downright mean
[Takes deep breath] Can you smell the greatness?
I was going to mention that in my area the farmers are getting the fields ready for planting. And how I indeedly do smell the "greatness" in the air. I didn't think anyone would make the connection.
So in comparison bos taurus fecal matter is much much more useful than Pai. Smells better too?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: FCC Mandates are not negotiable...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
This is actually quite true! Barring extreme circumstances such as a monopoly position, all actors in the same market should be subject to the same rules. (I say "market" rather than "online space" both because this applies equally well to offline contexts, and because the "online space" actually represents many different markets.)
The snag is that a company providing a connection to the Internet is not operating within the "online space". That company is operating between the "online space" and the rest of the world.
All actors within that market should be subject to the same rules, but the rules to which they should be subject are not the same as the rules to which those operating within the different market that is the "online space" should be subject.
(There's actually a lot more to it, in various crannies of the above - to do with things such as "natural monopoly" and "network effect" and "pro bono publico" and "non-profit" and so forth. But that's a decent overall short summary.)
As it happens, most of the companies involved in this fight - including, if I understand correctly, both Google and Facebook - fall into both categories: they both provide access to the Internet, and provide services on the Internet. Those different parts of their business should be regulated separately, according to the different rules which apply to those different markets.
[ link to this | view in thread ]
Re: Re:
I'd agree that you'll probably have a better chance talking to your representatives than to the FCC. But contacting the FCC wouldn't hurt.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re:
When Money talks... the bullshit will walk.
[ link to this | view in thread ]
Re: Doesn't a encrypted VPN turn any ISP into a dumb pipe?
Internet is OSI layer 3 full duplex communication. VPN uses variations of NAT to accomplish what it does. Worse it creates a concentration point for traffic analysis and filtering. (most commercial VPN's already filter email by default)
A general dependence on VPN will create choke points increasing surveillance and censorship overall. But more to the point, if you need to use a VPN service, a crime has already been committed against you.
While some VPN providers may be honorable, probably some of them are data miners themselves. It is a well known fact that TOR is rife with data mining.
The long and short of it is this:
BITS ARE SPEECH!
Any transient sampling, or modification of traffic above OSI layer 3 is an abuse of the first and fourth amendments. Facilitating that abuse by means of an inhome device ( cable box) is abuse of the 3rd amendment.
While detailed traffic analysis is periodically neccessary for diagnostic purposes, that is not the same thing as buying line-rate wiretapping equipment, and bulk sampling traffic. Or bulk injecting data into communications into 3rd party communications. (many of whom the carrier has no contractual relationship with)
There is a technical solution coming that will provide end to end distributed cipher in a way that consumers will accept. I think the players all know it. So they are trying to concentrate traffic in order to make interfering with their customers civil rights cheaper and easier.
But it's really just a flurry of misdirection in an attempt to prevent the forcible removal of their dicks from the Constitution.
The Internet was free. Now it isn't. But it will be again. The technical means for accomplishing this is an inevitable evolution.
[ link to this | view in thread ]
Re:
I do not understand why anyone thinks Ajit Pai's arguments: (if the company you are sending USPS mail to can build a profile on you about what you purchase from them, your name, and address, and sell that, why can't the USPS?! It's different rules for the mail carrier from the companies they deliver mail to, and they should be regulated under the same rules!) are taken seriously; people should be screaming in the streets about this.
Yes, I get that the vast majority of people are underinformed, naive, or plain idiots, but this effort should also be terribly, ridiculously illegal. There shouldn't need to be an FCC rule about ISP customer privacy, because deep packet inspection for non CALEA purposes should already be profoundly illegal.
[ link to this | view in thread ]
Re: Re: Re:
Including over net neutrality.
[ link to this | view in thread ]
Re: Re: FCC Mandates are not negotiable...
[ link to this | view in thread ]
What does this mean?
I use a VPN mostly, but find it often much slower... does anyone have any safe VPNs that can provide up to gigabit solutions(if we are allowed)?
[ link to this | view in thread ]
Re: Netzero anyone?
[ link to this | view in thread ]
Re: Re: That's downright mean
[ link to this | view in thread ]
Re: What does this mean?
However, they still can see what sites you visit, even with https. They just cant see what you send back and forth to those sites. But knowing what the sites are is enough for them to build a profile on you and market to you, even if the detailed traffic is private.
Regarding VPN, I would love to know too. I currently subscribe to a business level gigabit subscription, and I do not think ISPs would pull these shenanigans on business accounts because there would be lawsuits, but you never know.
[ link to this | view in thread ]
Re: Re: What does this mean?
Isn't there? They're sitting there between you and your destination at key exchange time; I don't see anything stopping them from a man-in-the-middle attack.
Well, not anything technical. It would be extremely ill-advised for ISPs to perform MITM attacks against their subscribers, as I suspect the backlash would dwarf SOPA. (And using an MITM attack for something as frivolous as targeted advertising would be especially foolish, seeing as the purpose of MITM is not to let your target know they're being attacked.)
[ link to this | view in thread ]
Re: Re: Re: What does this mean?
You need to go back and read about Alice, Bob and how they use public / private key-pairs. The ISP would need a certificate signed by root-CA (embedded in OS / browser) claiming ownership of the destination DNS name.
We can argue about the "weakness" of the root CA trust model, but it's the single hurdle protecting your HTTPS from MiTM attacks and is not entirely trivial to break.
It's actually MUCH EASIER for a non-ISP to get control of one of your "hops" than it is to get a useful forged certificate.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Doesn't a encrypted VPN turn any ISP into a dumb pipe?
This is what I'm hoping for. If we make it technically impossible to track data, then it won't be tracked. You can make all the laws you want. The Government has proven time and again it doesn't care. Same with the corporations. If we want true privacy, we will have to create it ourselves.
[ link to this | view in thread ]
Re: Re: Re: Re: What does this mean?
"not entirely trivial to break."
That is an awesome turn of phrase.
While not entirely trivial, it becomes more trivial once certain infrastructure is in place. Such as an overlay network that allows selectively backhauling interesting traffic, and security software provided to the end node by the ISP that can install a false CA via autoupdate. (both already broadly deployed)
These factors become more severe as the edge devices (cable boxes) become more intelligent. Which is one of the best reasons for cable box competition. A monopoly on these devices is more likely to provide a homogenous surveillance infrastructure that can be abused by the state. (vs. a diverse infrastructure that can be abused by everybody)
Which IMHO means that cable box competition is protected by the 3rd, and 2nd amendments, no matter what the posers in the state legislature and the FCC say.
Part of the issue here is that lawyers don't understand modern communications well enough to be able to identify negligence. So the public is like a mentally handicapped person getting a bullet in the head during a gang shoot out, while the kid who shared gummi bears with him on the short bus looks on from his perch on the judicial bench.
[ link to this | view in thread ]
http://prnmeg.blogspot.com/2016/1 2/2017-download-viber-free.html
http://prnmeg.blogspot.com/2016/12/2017-download-imo-free.html
http:// prnmeg.blogspot.com/2016/12/2017-download-facebook-messenger.html
http://prnmeg.blogspot.com/2016/12/ 2017-download-telegram-free.html
http://prnmeg.blogspot.com/2016/12/2017-download-twittar-free.html
ht tp://prnmeg.blogspot.com/2016/12/2017-download-kik-messenger.html
http://prnmeg.blogspot.com/2016/12/ download-instagram-free.html
http://prnmeg.blogspot.com/2016/12/2017-download-wechat-free.html
[ link to this | view in thread ]
Re: Re: What does this mean?
You are right. I completely mixed up my memory of previous articles with ISP's injecting ads into HTTP traffic and Lenovo's shenanigans that exposed everyone using HTTPS to MITM attacks by replacing certificates with a private key that was the same across the board.
[ link to this | view in thread ]