For sale: Your private browsing history
Congress passes bill allowing ISPs to sell customer Web surfing data.
The US House of Representatives voted Tuesday to eliminate ISP privacy rules, following the Senate vote to take the same action last week. The legislation to kill the rules now heads to President Donald Trump for his signature or veto.
The White House issued a statement today supporting the House’s action, and saying that Trump’s advisors will recommend that he sign the legislation. That would make the death of the Federal Communications Commission’s privacy rules official.
The rules issued by the FCC last year would have required home Internet and mobile broadband providers to get consumers’ opt-in consent before selling or sharing Web browsing history, app usage history, and other private information with advertisers and other companies. But lawmakers used their authority under the Congressional Review Act (CRA) to pass a joint resolution ensuring that the rules “shall have no force or effect” and that the FCC cannot issue similar regulations in the future.
CRA resolutions require the president’s signature, and several Republican attempts to undo Obama administration regulations were vetoed by President Obama. But with both Congress and the White House now in Republican hands, Trump yesterday signed four resolutions to remove recently issued regulations.
Republicans argue that the Federal Trade Commission should regulate ISPs’ privacy practices instead of the FCC. But the resolution passed today eliminates the FCC’s privacy rules without any immediate action to return jurisdiction to the FTC, which is prohibited from regulating common carriers such as ISPs and phone companies.
If Trump signs the resolution to eliminate privacy rules, ISPs won’t have to seek customer approval before sharing their browsing histories and other private information with advertisers.
The House vote was 215 to 205, with most Republicans voting to eliminate privacy rules and all Democrats voting to preserve them. Full vote results are available here. The Senate vote last week was 50-48, with lawmakers voting entirely along party lines.
“What the heck are you thinking?”
“I have a simple question: what the heck are you thinking?” Rep. Michael Capuano (D-Mass.) said in debate on the House floor. “What is in your mind? Why would you want to give up any of your personal information to a faceless corporation for the sole purpose of them selling it? Give me one good reason why Comcast should know my mother’s medical problems.”
Capuano said that ISPs can discover customers’ medical conditions by seeing what illnesses and drugs they search for on the Internet.
“Just last week I bought underwear on the Internet. Why should you know what size I take or the color?” Capuano said. ISPs could take that information and sell it to underwear companies who might show him advertisements, he said.
“These companies are not going broke. The Internet is not in jeopardy,” Capuano said. “It’s none of their information, it’s none of their business.”
Capuano challenged Republicans to “leave Capitol Hill for five minutes” and “find three people on the street” who want ISPs collecting and selling their browsing histories.
“Private browsing history should not be up for sale.”
Rep. Mike Doyle (D-Penn.) said that “no company will even put its name behind this effort,” instead relying on lobbyists. “Lobbyists make the bogus claim that having actual protections will confuse consumers, and that the only way to clear up this confusion is to have no rules at all,” he said.
No consumers have supported getting rid of the privacy rules, Doyle said. The rules are not strict, since they don’t prevent ISPs from tracking customers and serving up personalized advertising as long as they ask customers for consent first, he said. ISPs would simply have to “ask permission, protect people’s data, and tell them if it gets stolen,” he said.
While Republicans claim the rules would confuse customers, no actual consumers have come forward to say they’re confused by the FCC’s rules, said Rep. Frank Pallone (D-N.J.).
Private browsing mode won’t help
House Minority Leader Nancy Pelosi (D-Calif.) pointed out that ISPs can track customers’ Web browsing even when they enable their browser’s “private mode,” which does not encrypt Internet traffic. Google, for example, says that Chrome’s incognito mode prevents the Chrome browser itself from saving the sites that you visit, but does not stop ISPs and websites from seeing which websites you’ve visited.
“Americans’ private browsing history should not be up for sale,” Pelosi said. “Overwhelmingly the American people do not agree with the Republicans that this information should be sold,” Pelosi also said.
ISPs can see every bit of data sent into and out of customers’ homes, and “even when you use encryption, ISPs can still capture data about whom you’re talking to or what sites you’re visiting,” said Rep. James Langevin (D-R.I.). “These data are sensitive and consumers have a right to decide whether or not they can be shared or monetized.”
GOP: Rules “unfairly skew” advertising market
Rep. Michael Burgess (R-Texas) said the FCC rules “unfairly skew the market” toward social networks and search engines, which would have more ability to collect and use customer information for personalized advertising.
“The Federal Communications Commission privacy rule arbitrarily treats Internet service providers differently from the rest of the Internet,” he said, calling the rules an example of “government intervention in the free market.”
The FCC’s privacy rules also include new data breach notification requirements. Burgess complained that this might result in “more frequent breach notifications” for “consumers who suffer from notification fatigue.”
The resolutions to eliminate privacy rules were introduced in the Senate by Sen. Jeff Flake (R-Ariz.) and in the House by Rep. Marsha Blackburn (R-Tenn.).
Blackburn said the FCC rulemaking was “just another example of big government overreach.” She also said that the FCC “unilaterally swiped jurisdiction from the Federal Trade Commission.” This was a reference to the FCC’s decision in February 2015 to reclassify home and mobile ISPs as common carriers. The reclassification allowed the FCC to impose net neutrality rules, but it also stripped the Federal Trade Commission of its authority over ISPs because the FTC’s charter from Congress prohibits the agency from regulating common carriers.
Blackburn argued that the FCC can protect customer privacy on a case-by-case basis without specific privacy rules, because Title II of the Communications Act lets the FCC prevent common carriers from engaging in “unjust” or “unreasonable” behavior.
Rep. Greg Walden (R-Ore.) said that there should be one standard for Internet service providers and websites, enforced by the FTC. The FCC rules have the “potential to stifle one of the most innovative sectors of our nation’s economy and it’s consumers who will suffer,” he said.
The FTC regulates Web companies like Google and Facebook, but action by the FCC or Congress would be needed to let the FTC regulate ISPs as well.
Read the original article over at ArsTechnica.