On Tuesday, the House voted to repeal existing FCC regulations protecting private consumer data. Without these laws, internet service providers (ISPs) will be able to sell your browsing history to advertisers without restriction.
Before, ISPs could collect your private data, but were unable to share it without explicit consent from the user. Now, all that's keeping our information under wraps is a signature from President Trump.
If you want to see who exactly sold us out, Motherboard posted a nice little list of the 50 Senators and 215 House members who voted yes on this resolution.
While most of the discussion has been on individual user privacy, what does this mean for companies, who are also browsing the web?
It means initially that businesses will be able to earn more money by selling this data to advertisers, or further streamline their current marketing campaigns based on an influx of data on customer browsing habits.
However, many businesses, especially smaller ones, still use "personal" ISPs like Comcast or Verizon to connect to the internet. Which means their browsing data will also be made public to advertisers, or whoever else is buying.
Do you really want the same advertisers you're trying to work with, and possibly your competitors, to know what you're up to online?
At the same time, sites like Google, Facebook, and Yahoo! have already been collecting and selling your data.
But let's look at the what the actual joint resolution is saying:
This joint resolution nullifies the rule submitted by the Federal Communications Commission entitled "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services." The rule published on December 2, 2016: (1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services, (2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information, (3) adopts data security and breach notification requirements, (4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and (5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information.
While subsection 3 might seem alarming at first, cybersecurity and data privacy attorney Shawn Tuma reassures that layered compliances are in place for breach notification. ISPs still have to issue security notifications through the 48 states with such legislation in place.
However, the major issue is what precedent this repeal will set for U.S. privacy in the future.
Nathan Wenzler, Chief Security Strategist at AsTech, says, "It will be interesting to see if additional decisions are made by the current administration over the next few years which may piggyback off of this decision to further strip away every individual's right to protect their personal data privacy on the Internet.”
After all, the European Union has made huge strides in privacy this year with GDPR and its eventual implementation, and in general with its Right to Be Forgotton act.
But what are we supposed to do here in the States?
Chris Roberts, Chief Security Architect of Acalvio Technologies, says, "If we use HTTPS and TOR or vary our browsing habits, then we throw them off. But that’s also not foolproof. They can’t see what we’re viewing, but they can see where we’ve been. Unlike Google, Facebook, and other sites which track you, your ISP doesn’t have to get you to login or stay logged in or do anything other than simply browse the Internet—which is not good. The ISPs are not under FTC jurisdiction, and there are no current FCC rules for them to adhere to.”
The overall goal should be to protect the privacy of everyone, across the board. While it's a setback for ISPs to have free reign to collect and sell data without our consent, it's already been happening with cookies and tracking scripts on major sites.
Wenzler says:
"As a privacy advocate, I find this to be an apples-to-oranges argument. ISPs were meant to provide the means for people to connect to the internet at large, while sites like Facebook and others deliver the content that rides on top of it all. It has always been considered by most technology experts that this segregation was critical in order to allow individuals to connect to the internet without being restricted, having information filtered from view, or to have those users exposed in any way. From an idealistic standpoint, the internet was meant to freely provide information to all, without limit or condition. And while these current regulations do not go so far as to allow ISPs to prevent users from connecting to certain content, it is a step toward the direction of further stripping away the protections for users' privacy and their ability to embrace the freedom of data that the internet was intended to provide."
