Skip to main content

Landmark privacy rules are going to get killed because internet providers asked nicely

Landmark privacy rules are going to get killed because internet providers asked nicely

Share this story

FCC

Your internet provider can see bits and pieces of almost everything you do online: the sites you visit, the apps you use, the services you connect to. It’s an unpleasant reality for anyone concerned with their privacy, since this information can reveal a whole lot about you. But it’s stayed that way because that’s how internet providers want it — and government regulators feel compelled to listen.

At least until last year. While President Obama was in office, the FCC passed a landmark privacy order that required internet providers to get permission before sharing sensitive information about you — and, for the first time, that included your web browsing history.

Internet providers weren't happy about it because it could cut into their revenue streams, so they've been petitioning the government to get the rules overturned. Now, it looks like they're about to get their wish.

Efforts to revoke the rules are already underway

Last week, the FCC halted a portion of the rules and indicated plans to rework them. And this week, Republicans in Congress introduced their own measures to revoke the privacy rules. Neither is a done deal yet, but they make it clear that, one way or another, the strongest elements of the privacy order are probably going down.

These rules are largely being revised at the behest the telecom lobby, which has ardently opposed them on behalf of companies including Comcast, Charter, AT&T, Verizon, Sprint, and T-Mobile. The groups aren't asking for privacy protections to be killed entirely — they’re okay with not sharing your banking info, for instance — but they do want them scaled back in a big way.

Until the net neutrality order was passed, internet providers operated under the generic privacy framework that the Federal Trade Commission imposes on all companies. These aren't hard-and-fast rules — rather, they're a series of guidelines and a demand that companies don't do anything "unfair or deceptive."

These guidelines aren't all that different from the rules the FCC put into place. They require companies to get opt-in consent before sharing "sensitive" information, such as medical info, precise location information, or any data about children. They also require companies to take "reasonable" steps to secure that data — the same metric the FCC's order uses.

"That is the exact same standard as the FTC's," Dallas Harris, a policy fellow at Public Knowledge, says of the data protection rule in a phone call with The Verge.

The FCC’s rules are surprisingly similar to the FTC’s privacy framework

For the most part, there are only two key differences between the FCC's rules and the FTC's guidance — but they're big ones. The FCC doesn't have to prove widespread consumer harm before fining a company for breaking a rule, and the FCC also includes web browsing history and app usage history in its list of sensitive information.

"The FCC added web browsing history and app usage history under the sensitive information category," Harris says. "And that's really the only difference between what the FTC did and FCC did in their rulemaking."

Under Obama, the FCC went farther because it recognized something important about internet providers: they have a privileged view of your activity — they essentially provide the digital road you take to get anywhere you want to go online — and that deserves more scrutiny.

But that's a reality internet providers would prefer not to face, since they want to be able to sell your data and use it to build out online advertising businesses. We’ve seen some attempts at this in the past, though without much success. Most recently, AT&T ran a program that offered cheaper internet service for people who opted in to targeted advertising. But that program failed and shut down in October of last year. Charter also floated a plan to harvest data so it could sell ads back in 2008, but it scrapped the service before launch after consumers pushed back.

Though the past is filled with failures, internet providers have still made it clear that they’d like to be able to try this again in the future. Selling ads is the entire reason Verizon was crazy enough to buy both AOL and Yahoo.

ISPs want to pretend they’re in the same business as Facebook and Google

Internet providers have put forward an array of arguments for why they think the current privacy rules should be struck down, ranging from the rules violating their First Amendment rights to the data protection requirements being too much work. But they're all broadly predicted on the idea that ISPs are being treated unfairly, slapped with stronger rules than companies like Facebook and Google have to face.

"Companies like Google, Facebook, and Twitter add incalculable value to the world economy by subsidizing affordable consumer services with the profits earned from productive uses of consumer information," USTelecom writes in a filing. "ISPs are no different from any other internet company in that regard."

But the argument is misleading, since, even with these privacy restrictions, internet providers are still capable of collecting and sharing the same types of data that Google, Facebook, and Twitter can collect. Those three companies collect information about how you use their websites, and internet providers have every right to collect information about how their own sites are used, too. In fact, the privacy restrictions actually put internet providers on a level playing field, because they’re otherwise able to see more about what you’re doing than a company like Twitter can.

So where exactly do they see the problem? In a filing with the FCC, a collection of nine telecom groups actually complains at one point that being an ISP is hard enough without these restrictions. They write that ISPs “face more significant competitive constraints” than big tech companies, particularly when it comes to “search, social media, operating system platforms, browsers, and online advertising.”

In reality, the only constraint is that internet providers aren’t offering services in these areas. Without spying on your browsing habits, internet providers’ ability to collect data is far more limited than Facebook’s and Google’s because those two companies have popular websites that people willingly provide data to, and companies like Comcast and AT&T don’t.

Pai says the new rules are too confusing for consumers

"The truth is, they know they can't compete on those fronts," says Harris. "I would love for internet service providers to try to put together a search engine that challenges Google. They would be able to use that information just like Google is able to use that information, right?”

FCC chairman Ajit Pai has also put forth the idea that placing tougher privacy restrictions on ISPs is too confusing for consumers. In a joint statement with acting FTC chair Maureen Ohlhausen earlier this month, Pai said that "[Americans] shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it."

But if anything, it's internet providers and Republicans in both Congress and the FCC who are making this so confusing. Throughout this process, they've continued to conflate ISPs with tech companies like Facebook and Google. These companies may all work with the internet, but they're in distinctly different industries. To use an analogy: ISPs built roads, and tech companies build businesses along them. ISPs see how much money those companies are raking in and don’t want to be left out.

“They just want to use the data that they collect in their privileged position as an internet service provider to make more money,” Harris says. She points out that ISPs sometimes receive government subsidies to build out their networks, too, so the idea that they’re facing an uneven playing field seems “a bit disingenuous.”

Legislation has been introduced in the House and Senate

At this point, it's largely a waiting game to see who acts first: Congress or the FCC. Legislation to overturn the rules has been introduced in both the House and Senate. The FCC could also overturn the rules itself with a vote, though it hasn't announced plans to do so yet.

When either of those things happen, the FCC will have to develop a new set of privacy rules to replace the old ones. Pai has already made clear his intention for the new rules to match the FTC's: "We will work together on harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for other companies in the digital economy," he said alongside Ohlhausen.

And Congress has asked the same thing of him, with Senator Flake saying (R-AZ) the legislation to overturn the FCC's rules "is the first step toward restoring the FTC's light-touch, consumer-friendly approach."

There’s not really a bright side here for consumers. Internet providers asked for permission to start sharing your private data again, and without much of a fight, they’re about to get it.

Disclosure: Comcast is an investor in Vox Media, The Verge’s parent company.