The internet is changing. Or, at least, how data collected through the internet is handled is changing.
Last week, the US Senate voted to overturn a set of rules governing how internet service providers (ISPs) can collect and use information on their customers, laws that were approved by the Federal Communications Commission (FCC) under President Barack Obama, just days before Donald Trump was voted into office.
On Tuesday, the House of Representatives followed the Senate's lead in voting to overturn the rules, meaning those Obama-era FCC laws will soon be repealed.
What's more, Ajit Pai, the newly appointed head of the FCC, is opposed to strengthening privacy regulations, meaning this could spell the end of internet privacy as we know it, or at least for the next few years.
But what does all this really mean for your data? And how could repealing the rules change the internet as we know it? We took a deeper look at the laws and asked some experts to find out.
What are the FCC's ISP laws?
The laws in question dictate how ISPs can share user data, most notably with advertisers, who could pay money for access to that data in an attempt to more effectively advertise to users. The data in question is fairly definable, and it's separated into two main categories, dubbed “sensitive” and “non-sensitive.” Here’s breakdown of the type of data that falls into each category.
- Any children's information
- Social Security
- Web history
- App usage
- IP address
- Physical address
- ISP subscription level
In the FCC's rules, the data in the sensitive category can’t be used or sold to advertisers and other parties. If an ISP did want to use sensitive information, they first would have to get your permission. Under the repeal, however, some of the data in the sensitive category can be used by ISPs and sold to the highest bidder. Most notably, that includes browsing history.
In basic terms, the rollback of the rule is a bad thing for privacy advocates or really anyone who would prefer to keep their browsing history to themselves. It is, however, a good thing for ISPs, who can sell your browsing history to the highest bidder and potentially make a lot more money from it. Unfortunately, both the FCC and Congress are squarely in favor of ISPs, meaning that privacy is set to fall by the wayside.
There's another problem with the repealing of the rule in that it will prevent the FCC from adopting similar rules in the future. In other words, if the bill passes – which it most likely will – the FCC will have a much harder time reviving privacy protections.
It's important to note that the FCC rule was voted on in October 2016, and while it was approved it hasn't yet gone into effect. So, while ISPs already technically have the power to sell user browsing history, this rollback blatantly gives them the green light to do so, and it prevents changes from taking place in the future.
Before the FCC rules, ISPs were governed based on Section 222 of the Communications Act, a much vaguer set of restrictions on what communications companies can do with customer information.
"We supported the FCC’s broadband privacy rules because they were clear and strong; without them, the privacy protection framework for ISPs will revert back to the previous [Customer Proprietary Network Information] rules, overseen by a Chairman [Ajit Pai] who seems disinclined to enforce established pro-user policies," said Denelle Dixon, Chief Business and Legal Officer at Mozilla, in an interview with TechRadar.
What are Chairman Pai's arguments?
A quick history lesson on FCC Chairman Ajit Pai. Pai has been a member of the FCC since 2012, however before that he served as a lawyer for the Department of Justice and Verizon.
You may have heard Pai's argument for rolling back the rule is that it's overreaching when it comes to the commission's authority, and that ISPs like Verizon and Comcast shouldn't be regulated differently than so-called "edge" providers, like Google and Facebook, which are regulated by the Federal Trade Commission (FTC).
Pai isn’t alone in this thinking.
"The major ISPs in the United States have published privacy notices in place that detail their policies and procedures," said Samuel Cullari, counsel at the law firm , in an interview with TechRadar. Cullari previously worked as a Deputy General Counsel for Comcast. "Much like other businesses that maintain customer data, ISPs take customer privacy seriously. If they didn't, they would lose their customers."
Of course, there are some problems with that argument. For starters, if you don’t like Google’s search engine, you can simply use another one. It’s not that easy when it comes to your ISP. That’s because in many areas, there’s a monopoly.
For example, many Comcast users can only use Comcast as their service provider because there simply aren’t other options in their area. In fact, the highlights that 51% of households have access to only one high-speed broadband provider, meaning that if an ISP is selling personal data, customers can’t simply vote with their dollars and choose another provider.
ISPs and edge companies also see a completely different view of your internet activity. Edge companies only see traffic that you give them. ISPs see everything you do. On top of that, generally speaking edge companies offer free services, while ISPs charge a hefty fee for what they offer.
The FTC itself also lacks some authority. Not only is the FTC unable to create new laws, but it also can’t regulate Title II communications companies like ISPs thanks to net neutrality laws that were put into place by the FCC in 2015.
The future of internet privacy
The rule rollback sets an unsettling precedent for the internet and internet privacy in general.
As mentioned, the new proposition essentially means that the FCC can't create and implement new laws in the future, which is a major problem considering the FTC's current inability to launch its own rules against ISPs.
"The precedents are already set. The US intelligence community and Department of Homeland security already command a combined yearly budget over $120 billion a year," said Lynda O’Conner, author of Democracy Betrayed: The Rise of the Surveillance Security State, in an interview with TechRadar. "Hundreds of thousands of officers and agents conduct surveillance on all parts of our lives, and they are rarely if ever taken to task."
In other words, citizen privacy isn't necessarily high on the list for government agencies, and the new rules only strengthen this point.
It's really a pessimistic viewpoint, but reality nonetheless. The fact is the people who control internet privacy laws also stand to gain from reducing privacy on the internet. That's where agencies like the FCC and FTC are supposed to come in, and that's why this decision sets a problematic precedent for US citizens, who generally expect to have government agencies on their side.
Not only that, but the rules are as good as repealed; all that needs to happen now is for President Trump to sign a document.
Perhaps unsurprisingly, the members of Congress who voted against the FCC's rules routinely get donations from major broadband companies, and you can .
The internet is set to change as a result of the repealed rules. As broadband providers gain access to personal data, they could start challenging the likes of Facebook and Google in the advertising world. Only time will tell if that proves to be true, but, put bluntly, it would be surprising if it wasn't.
Still, some take a more optimistic approach, and argue that the fight for internet privacy isn't over just yet.
"Thousands upon thousands of American citizens called their members of Congress to oppose this [Congressional Review Act], and many, from both parties, listened," said Mozilla's Dixon.
"As we head towards other internet policy tipping points, such as with the future of the FCC's net neutrality rules, internet users will be more and more active, vocal, and effective at holding their elected representatives accountable to serve the public interest."
- The best free security software of 2017