Comcast Thinks Having Basic Broadband Privacy Protections 'Irrational'
from the we're-angels dept
Last week the FCC announced that it would be imposing some relatively new basic privacy protections on broadband. While the full rules will be hashed out after extensive public and company input (meaning if anything they’ll get weaker), FCC boss Tom Wheeler’s proposal (pdf) is fairly basic: ISPs should alert customers when their data is stolen, ISPs should be totally transparent about what they’re collecting, and ISPs should provide users with working opt-out tools for any data collection service the ISP employs. None of these requirements are particularly onerous, and most ISPs will find that they’re already adhering to them.
Given that an informed and empowered customer that opts out of snoopvertsing means less money earned, it’s no mystery that ISPs have been whining about the FCC’s proposal. After all, as wireline and wireless subscriber growth has become saturated, companies like Comcast and Verizon have turned to advertising as their next great growth market (thus Verizon’s $4.4 billion AOL buy).
Obviously Comcast can’t just come right out and say it’s solely worried about losing money, so top company lobbyist David Cohen (apparently the company hates it when I call him that) has coughed up a new company blog post in which Comcast tries to argue that having some basic, new broadband privacy rules is an “irrational” move that creates an “unjustified set of regulatory shackles.” Shackles that would, apparently, prevent consumers from enjoying all of the marketing Comcast intends to throw at them:
“Beyond blocking ISPs from competing in the online advertising marketplace, the FCC proposal will have other spillover effects. One example of the extreme nature of the FCC?s proposal and how it would negatively impact competition and consumers relates to cross-marketing of our competitive products and services to existing ISP customers. Under the FCC proposal, Xfinity Internet customers could miss out on learning about lower prices for taking bundles of services like Xfinity Home Security. Today, consumers are benefitting from competition in these new and expanded services, and they expect to receive these offerings from their broadband provider. The proposed FCC?s rules would unjustifiably make that much more difficult.”
That’s really just an overlong, alternative way of saying that Comcast is worried they won’t be able to upsell you as much unnecessary shit as they otherwise would. But again, with transparency and opt-out consent the cornerstones of the FCC’s plan, the FCC has made it clear that there’s really nothing that will prevent ISPs from upselling their own, or anybody else’s services. Despite hysteria in the telecom sector there’s no indication the FCC’s panning anything more elaborate or “difficult,” with the primary focus being letting consumers opt out — with no hard focus on requiring consumers opt in (much preferred by many privacy advocates).
ISPs have been pushing funded studies for months stating privacy rules aren’t necessary because ISPs don’t really collect much about you (just flatly incorrect) and VPNs and encryption means consumers have tools to protect themselves already making further action unnecessary. But as studies like this one from Team Upturn have noted, ISPs collect an ocean of data on users via multiple technologies. Most Internet of Things and other household traffic isn’t encrypted, and ISPs still track and monetize user behavior by studying DNS records and other network footprints.
Still, Cohen tries to pretend that there’s no reason for the FCC to get involved in privacy because nothing bad has ever happened on the broadband privacy front:
“There is no evidence of any problem with ISP privacy and security practices: research published by the Harvard Business Review and the Pew Research Center shows that consumers trust their ISPs just as much, if not more, than other providers in the Internet ecosystem. And there have been very few ISP-related privacy or data security issues under the FTC regime, even while the FTC has taken numerous enforcement actions against others in the Internet ecosystem. “
Cohen has a short memory. You’ll recall that one of the key reasons the FCC is even pursuing new broadband privacy rules was Verizon’s abuse of so-called “stealth cookies,” which involved embedding wireless user packets with unique header identifiers that let Verizon track consumers and build detailed online profiles. Verizon was using this tracking technology for three years before security analysts even noticed. Consumers were never informed. It took another six months of public pressure and an FCC investigation before Verizon allowed customers to opt out. The FTC never raised a finger, which is why you’ll generally see ISPs argue for leaving some telecom enforcement in the hands of said agency.
Again, ISPs had spent the last decade arguing that a “self-regulatory regime” was all that was needed to protect consumer privacy — but when push came to shove it simply couldn’t do it. Between Verizon’s stealth cookies and AT&T’s decision to make opting out of snoopvertising a steep monthly premium, the lack of broadband competition has meant ISPs could consistently ignore customer privacy rights without repercussion. In an ideal, competitive market you might not need net neutrality or privacy rules, but as anybody held hostage by the nation’s dynamic duopoly knows, that’s just not the reality most broadband consumers live in.