Tell Congress to Protect Our Personal InformationLearn More About Unauthorized Access to Data
Last week, we filed our official comments with the Federal Communications Commission for its privacy proceeding. The closer we got to the deadline to submit comments on the proceeding, the thinner the arguments against it become, and we included several indisputable facts in our comments for the Commissioners to keep in mind.
The statute mandates a specific kind of privacy framework.
The FCC cannot, and has never been able to, “adopt an Federal Trade Commission-style framework.” This is a myth thrown around by lobbyists who have never bothered to read the statute they’re suddenly so concerned about. Like it or not (and it’s pretty clear that the Internet Service Providers are in the “not” camp), the FCC has a congressional mandate to promulgate rules that are (a) forward-looking, (b) use-based, and (c) limited to common carriers (i.e. broadband internet access services under Title II).
The FTC framework, by comparison is both (a) reactive (can only be used after the harm has occurred), and (b) type-based (some types of data are entitled to more protection than others). The very engineering of the internet makes this impossible to implement meaningfully for ISPs. ISPs handle massive amounts of data, of varying types, at any given moment. For an ISP to implement an FTC-style “tiered” system, it would first need to know what--if any--of the data it is being handed is sensitive, and thus must be treated separately.
But because the visible “envelope” information doesn’t always tell you how sensitive the information contained inside is--you could be uploading your bank routing number to your non-bank employer’s website to set up direct deposit, or you could be reading an article on mortgage rates on a bank domain site--the ISPs have to face a kind of Schrodinger’s paradox. They have two options for responding: (a) assume every packet has the most sensitive kind of data possible and treat it accordingly (which they clearly do not want to do), or (b) manually inspect each packet, a hugely invasive (and presumably very costly) practice. So even if the FCC were to ignore the statute and implement a type-based system, it would have to accept that the only way to implement this system in a way that ISPs would deem acceptable would not protect privacy.
Consumers aren’t confused--and they want more protection, not less.
Much like customers know the difference between the postal service and the companies they send mail to, consumers know and understand the difference between the services they use and the network that lets them access those services. And, much like with the postal service, they expect the network carrying those communications to not open, read, or collect (and market) data on the information they send over it.
Consumers have a long-standing and reasonable expectation of privacy in the content of the communications that they pass over a common carrier. And they know and understand that the FCC has the power to mandate those protections; much as phone companies cannot tap their calls or bombard them with advertising based on their call patterns, broadband companies should not be able to dig their claws into data that consumers provide to them solely for it to be routed to its destination. And while online privacy is an area that many consumers are (rightly) concerned about, the argument that a world with no privacy protections is better than a world with some protections is a bald-faced attempt to maintain the “wild west” status that the data trade currently thrives under.
The FCC has already been doing this for twenty years.
The FCC has the technical and historical expertise to do this, and do it right. While the FTC has taken substantial action on privacy in the past, the basic structure of broadband internet access service and the lack of market competition along a competitive axis means that the FTC’s framework simply doesn’t fit onto the broadband market. The FCC, as the agency charged with overseeing common carriers and other connected networks--and as the agency that has dealt with broadband internet for the last twenty years--has the accumulated technical knowledge and legal expertise to address the harms in a way that actually works.
ISPs’ arguments against the proceeding continue to be transparently flawed; they are desperate to find any rationale--no matter how thin--to avoid FCC oversight. Simply put, the facts are not in their favor.
You can read our full comments to the FCC here.
Image credit: IntoConnection