Your Right to Know and Choose: Wheeler’s Broadband Privacy Proposal

You’re reading the Benton Foundation’s Weekly Round-up, a recap of the biggest (or most overlooked) telecommunications stories of the week. The round-up is delivered via e-mail each Friday; to get your own copy, subscribe at www.benton.org/user/register

Robbie’s Round-Up for the Week of March 14-18, 2016

The Federal Communications Commission Open Meeting on March 31 is shaping up to be one of high importance. Last week, I wrote about the FCC’s proposal to modernize the Lifeline program in order to make the Internet more accessible for communities of lower-income (See: “A Historic Moment for Broadband Adoption”). This week, I take a look at FCC Chairman Tom Wheeler’s proposal to protect the online privacy of broadband consumers.

Broadband Consumer Privacy Proposal
Last week, Chairman Wheeler released a fact sheet on his privacy proposal, in an effort to “give broadband consumers increased choice, transparency, and security with respect to their data.” Chairman Wheeler’s proposal seeks to apply the privacy requirements of the Communications Act to broadband Internet access, like the privacy protections in place for telecommunication services. In a blog post for Huffington Post, Chairman Wheeler wrote, “The information collected by the phone company about your telephone usage has long been protected information. Regulations of the FCC limit your phone company’s ability to repurpose and resell what it learns about your phone activity. The same should be true for information collected by your ISP.”

Chairman Wheeler’s proposal is built on three core principles: choice, transparency, and security.

  • Choice: Consumers have the right to exercise meaningful and informed control over what personal data their broadband provider uses and under what circumstances it shares their personal information with third parties or affiliated companies.
  • Transparency: Consumers deserve to know what information is being collected about them, how it’s being used, and under what circumstances it will be shared with other entities. Broadband providers must provide accurate disclosures of their privacy practices in an easily understandable and accessible manner.
  • Security: Broadband providers have a responsibility to protect consumer data, both as they carry it across their networks and wherever it is stored.

According to the New York Times, under the proposal, cable and phone companies would be allowed to use personal data for things like billing and pitching more expensive versions of services that customers are already using. Customers could opt out of marketing for other services provided by their broadband companies. And the companies would have to get permission from their customers before they could do more with the data, like selling it to advertisers. Another rule would require companies to protect the data and notify customers, the FCC and law enforcement agencies if the information was stolen.
FCC Chairman identified several important features to the proposal:

  1. The new rules would prohibit Internet providers from sharing information with third parties about a customer’s name, address, location and Internet activity, unless they have opted in to having their data shared.
  2. The rules also broaden the types of data that are protected.
  3. The new rules would prevent Verizon from continuing to use its “zombie cookie” on behalf of its subsidiary AOL. Recently, Verizon agreed to pay $1.35 million to settle FCC charges that it violated customers’ privacy when it used a hidden unkillable (therefore “zombie”) number to track cellphone users.
  4. The new rules, however, would allow AT&T to keep marketing its privacy-invading Gigapower high-speed Internet service in dozens of cities. Gigapower costs $70 a month for customers who agree to let AT&T view the Web pages they visit and the queries they type into search engines. Those who want to protect their privacy must pay $100 a month for the Gigapower service.
  5. The proposal doesn’t cover content, only metadata. That means if a customer visits an unencrypted website, the Internet provider could still view and share the contents of that website without consent.

Reaction
FCC Commissioner Michael O’Rielly said, “The ‘fact’ sheet demonstrates that the FCC is doubling down on its misguided and broken Net Neutrality decision by imposing troubling and conflicting ‘privacy’ rules on Internet companies, as well as freelancing on topics like data security and data breach that are not even mentioned in the statute. While I will read the document, this direction does not surprise me given this agency’s reckless approach to an important topic, especially where it clearly lacks expertise, personnel, or understanding.”

Free Press Policy Counsel Gaurav Laroia said, “Net Neutrality rules stem from the fact that your cable or phone company has no right to block or dictate your choices on the Internet. Today’s proposal should result in a similar recognition that these carriers have no right to watch or listen in on your communications either. By initiating this rulemaking, the FCC is taking the first step toward fulfilling its responsibility under Title II to protect the privacy of all telecommunications customers — including broadband Internet users. Chairman Wheeler and the other commissioners must establish the agency as a strong defender of online privacy.”

Bob Quinn, AT&T Senior Vice President-Federal Regulatory, criticized the move by Chairman Wheeler to expand the privacy regulations of ISPs, claiming the current Federal Trade Commissioner governance is adequate. “Some groups, however, have argued that in fact the FCC needs to go much further than the current FTC framework in its treatment of ISPs. To get there, those groups have characterized ISPs as 'gatekeepers,' asserted that ISPs (as opposed to companies like Google) are the real leaders of targeted advertising and, finally, argued that the Federal Trade Commission is, in essence, incompetent at policing privacy given the tools they have available. With all due respect to those groups, their arguments are just not borne out by the facts.”

AT&T’s criticism centers around broadband providers being treated differently than Internet businesses like Google and Facebook, which collect huge amounts of personal data about users. AT&T accused the FCC of putting a “thumb on the scale in favor of Internet companies.” But, a New York Times editorial noted, “The commission has no authority to regulate those websites. And it is far easier for consumers to avoid those sites than to avoid their Internet service providers, especially since in many parts of the country people have only one or two choices for broadband.”

Companies like AT&T also argue that new rules are not needed because a lot of Internet traffic is encrypted and phone and cable companies cannot decipher the data. But as the New York Times noted, even when data is encrypted, companies can still tell what websites people are visiting. And many websites still do not use encryption.

Ratings agency Moody's Investors Services said the proposal could severely handicap Internet providers’ “ability to compete with digital advertisers such as Facebook and Google." "We believe this to be a long-term risk to the current TV advertising business model, as well as all broadband providers whom also have ad sales exposure." Moody's said.

Civil Rights
Several major civil rights groups signed on to a letter asking the FCC to consider the way privacy issues affect traditionally marginalized communities while crafting privacy rules for Internet providers. “The Commission should carefully examine the privacy interests of historically disadvantaged communities,” the groups said. “Use of consumers’ online information can have disproportionate negative effects on the communities that our organizations represent.” The groups said that privacy protections implemented by the FCC should apply equally to wired and wireless broadband, since black and Hispanic Americans more heavily use mobile connections.

What’s Next
At its March 31 meeting, the FCC will consider a Notice of Proposed Rulemaking seeking comment on Wheeler’s proposed framework for ensuring that consumers have the tools they need to make informed choices about how their data is used and when it is shared by their broadband providers. If adopted as expected, the public and other interested parties will have a few months to weigh in.

Quick Bits

Weekend Reads (resist tl;dr)

Events Calendar for the Week of March 21-25, 2016

ICYMI From Benton
benton logoWhat to Expect When You’re Expecting Lifeline Reform: A Public Interest Perspective on Making Broadband Service Affordable for All, Raphael Leung
benton logoLifeline Reform Reaches the Home Stretch, Andy Schwartzman


By Robbie McBeath.