Online Privacy: Same Unicorn, But More Menacing

President Trump signed the congressional repeal of online privacy rules that had been put forth by the Federal Communications Commission in the final days of the Obama Administration. In the short term, that amounts practically to nothing. In the long term, it is very significant.

The Obama Administration’s rules would have forbade Internet service providers (ISPs) such as Comcast, AT&T, and Verizon from using your online usage data for any purpose other than providing you Internet access of acceptable quality. So, for example, your ISP could not share your web browsing history, your app usage, or you geolocation data with a third party, or even with another division of their own company that didn’t focus on providing high-quality Internet service, without your explicit consent.

Sounds reasonable, right? Well, in fact, these rules never actually went into effect. They weren’t passed until October 2016, in the final days of the Obama Administration. The FCC was sued, and a stay was issued in January, just before the rules were to go into effect. This bought Congress enough time to invoke the Congressional Review Act, a mechanism by which Congress can shoot down an Executive Branch order within sixty days of its introduction. The Senate voted first to overturn the new regulations by a margin of 50 to 48. The House then voted to repeal the regulations by a similarly narrow margin of 215 to 205. Then, President Trump signed the repeal into law in a closed-door ceremony, quite the opposite of the camera-friendly scene that has surrounded most of his signings.

The repeal itself means little. The rules never went into effect, ISPs have already been selling and otherwise using your data, and now they continue with the status quo. So, we now find ourselves using the Internet as it has always been. No change. Carry on.

Except it feels different.

By virtue of their role, ISPs see virtually everything you do online. After all, they have to know who you are, your IP address, and what you want to see online, or else they can’t provide you high-quality service. With all this data at their disposal, some ISPs have acted to capitalize on their clairvoyance. Some have sold that data to advertisers, while others have used it in-house for advertising purposes. Google and Facebook do this all the time. In fact, that is the basis of Google’s and Facebook’s business models: the ability to use your activity on their sites to drive advertising revenue.

But some believe that ISPs shouldn’t be allowed to do this because they essentially act as a utility, providing our only digital road to the Internet. Because they are the only game in town, or, at the very least, one choice among a very few entities that provide a link to an increasingly essential service, the Obama-era FCC believed that ISPs were subject to different and stricter regulations than Google and Facebook, whose sites web surfers choose to use voluntarily.  In fact, that distinction is the basis of the Net Neutrality argument: because they essentially operate without competition and provide access to what has become an essential service, they are subject to additional regulations, including stipulations that they not discriminate against or prefer particular kinds of traffic.

That distinction between ISPs and a site like Facebook, however, loses clarity with this recent decision. This new action by Congress and the Trump Administration suggests that our pre-ordained ISPs and our voluntary past-time sites like Facebook are much more alike than the Obama Administration tried to paint them. That has long-ranging repercussions. In fact, it seems, actually, to doom net neutrality regulations that attempt to force ISPs into treating all Internet traffic equally instead of preferring particular sites (perhaps that pay them for the privilege of faster service) to others. Google and Facebook prefer sites that belong to advertisers that pay them. If Comcast and Verizon are more like Google and Facebook than they are to utility companies, then they, too, can prefer their deep-pocketed customers to those who just want an Internet connection.

Here’s the deal. ISPs have always had the ability to use the data they’ve collected about us without our consent. Under the Obama Administration rules, they would have had to get our consent before continuing to do that. Undoubtedly, getting our permission would have amounted to a long, multi-paragraph blob of fine-print legal-eze. We would have scrolled through that blob in haste without reading so that we could click on the “I Accept” button and move on to our cat videos. That’s how we use the Internet. So, most of use would have just accepted the sharing of our data anyway, because, in fact, we already had been, albeit unknowingly and unthinkingly.

And, again, these rules had not yet gone into effect. So, to cry about how the repeal marks the end of privacy on the Internet, as if the act sparks an immediate change, is dramatic and sanctimonious.

Yet, two things are terribly worrisome about Congress’ actions and those of the Trump Administration. First, this seems to be the first shot fired by the Trump Administration in the battle to overturn net neutrality regulations. If net neutrality is not upheld, the Internet will transform fundamentally from the everyman’s communication channel into a vehicle for transporting paid content to consumers. Some won’t care, and some, like I, will despair over yet another capitulation of free speech to commercialism. Second, because the Congressional Review Act actually stipulates that the affected Executive Branch agency cannot introduce any substantively similar measure in the future, the FCC can never put forth another set of actions that seek to limit what ISPs can do with your data in this way again. Never. Ever. Thanks to this use of the Congressional Review Act, they actually are forbidden from restricting what ISPs can do with your data ever again.

So, these actions by the Trump Administration and Congress simultaneously protect the status quo while, at the same time, ushering in the end of the world for privacy advocates. It’s that whole “end of the world” thing that should have you thoroughly spooked. It certainly has me.

 

About Ray Klump

Associate Dean, College of Aviation, Science, and Technology at Lewis University Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *