Broadband

by Karl Bode


Filed Under:
ajit pai, broadband, fcc, ftc, privacy



FCC Boss Moves To Kill Broadband Privacy Protections. You Know, To Help The Little Guy.

from the Comcastic dept

New FCC boss Ajit Pai, apparently taking a break from paying empty lip service to the poor, has quietly announced the FCC will be killing consumer broadband privacy protections before they even have a chance to take root. Hoping the news would get lost in the pre-weekend hustle, the FCC quietly circulated an e-mail on Friday stating that the agency would be moving to kill the rules before they arrive March 2, just as large ISPs had demanded.

The FCC statement starts by implying that eliminating FCC oversight of broadband privacy (leaving the FTC as the lone cop on the beat) is more consistent and efficient:

"Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework. All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another. Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy. Unfortunately, one of the previous administration’s privacy rules that is scheduled to take effect on March 2 is not consistent with the FTC’s privacy standards. Therefore, Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2."

This idea that the FTC should be the only regulator overseeing ISP privacy comes from the telecom industry itself, which has repeatedly tried to claim it's unfair to "burden" ISPs (many of which are trying to get into the ad and media industry) with FCC regulations not faced by the likes of Google and Facebook. The problem: they're ignoring the fact that while users can switch search engines or services if they're unhappy with Google or Facebook's privacy practices, a lack of competition often means users have no such luxury when it comes to broadband ISPs. Thus, specific rules large ISPs pretend they don't see the reasoning for.

Meanwhile, the big push to have the FTC alone oversee broadband privacy is rooted in the knowledge that the FTC is (a) overworked and underfunded, and (b) has no rule-making authority. Now ex-FCC boss Tom Wheeler had this to say about this GOP and Trump FCC "modernization" effort in a recent, candid interview:

"It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along. So it doesn’t surprise me that the Trump transition team  --  who were with the American Enterprise Institute and basically longtime supporters of this concept  --  comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices."

In other words, the pretense for Pai and friends is "efficiency," when the reality, as has long been the FCC's overarching MO, is to protect large ISPs like Comcast, Verizon and AT&T from real accountability and oversight. That's a problem when it comes to an uncompetitive industry where the nation's biggest carriers have no organic checks and balances on their increasingly unethical privacy practices. You need either real competition or reasonable regulators, and as these ISPs' historical behavior makes clear, you run into problems when revolving-door regulators want neither.

The FCC rules themselves were passed last year and are relatively simple; ISPs must disclose what data they're gathering and who they're selling it to. In a few instances, users need to opt in if ISPs want to share more personal financial data. The telecom and ad industries whined about the rules, but the FCC only acted to create the rules after Verizon was caught covertly modifying user packets in order to track user behavior (without informing them or providing working opt-out tools), and AT&T and Comcast began making it clear they wanted to charge users a premium for privacy.

The telecom industry had its chance to self-regulate on the privacy front, and showed repeatedly it wasn't capable of actually doing so. Repeal the FCC's privacy rules, and there's literally nothing standing between you and Comcast when it comes to privacy except an overworked (and likely to be similarly and intentionally hamstrung) FTC incapable of picking up the slack. That's certainly great for Comcast. It's less great if you're a broadband consumer actually looking to have some amount of control over how your personal data is collected and shared in the gigabit era.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 28 Feb 2017 @ 5:49am

    Absolutely right

    Pai is most certainly right, rules should be consistent across the board, with no need to unnecessarily complicate things simply because trifling details might differ.

    For example, in the interest of providing a fair and level playing field...

    Bikes should be required to meet any and all requirements that cars are under(seatbelts, blinkers, license to use), because both bikes and cars have wheels and are used for transportation. Alternatively, car manufacturers should't be burdened by unnecessary regulations and rules that bike manufacturers don't have to follow for the same reason.

    People can talk without any bothersome regulations in place, they can even communicate via the highly technical method of two cans and some string, and as such phone/telecommunication companies shouldn't be saddled with burdensome regulations that just get in the way of better serving the customer.

    You can take a canoe out on the lake without filing out countless forms and going through the hassle of safety checks or anything absurd like that, and as such larger boats such as those used for shipping shouldn't be unfairly forced to deal with those sorts of things either. A boat's a boat after all, it makes no sense to treat one different than the other just because the structure might differ a tiny little bit.

    reply to this | link to this | view in chronology ]

  • identicon
    Baron von Robber, 28 Feb 2017 @ 6:35am

    1st thing John Oliver should do is stand up a company that buys the info of Pai's, Drumpf's, ect surfing habits and post them for all to see....well, maybe not Drumpf's. It'll just come up twitter, Trump, fox, Trump, breitbart, Trump and stormfront.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2017 @ 7:03am

      Re:

      Then we'll just see rules to exempt themselves from such practices.

      reply to this | link to this | view in chronology ]

      • identicon
        Baron von Robber, 28 Feb 2017 @ 7:09am

        Re: Re:

        Then his supporters will see the blatant, obscene, naked hipocracy that it is.........haha, got ya, his supporters got this far with blinders still on.

        Time to start getting used to the taste of vodka.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 6:38am

    Netzero anyone?

    IIRC there used to be many more models of ISP, including advertising.

    reply to this | link to this | view in chronology ]

    • identicon
      Also Anonymous, 28 Feb 2017 @ 12:05pm

      Re: Netzero anyone?

      The idea for Netzero was you get to use the internet and we get to advertise. This here is you overpay for a service and you don't have any real option other than one or two alternatives unless you are lucky, and then they go through your information to resell it to other people, who you may or may not know who it is, who then use it or sell it onto others. So you are paying to have your private information sold onto others with no control over it, definitely not Netzero

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 6:41am

    if you want to help protect NN and privacy rules you should support groups like ACLU and the Electronic Frontier Foundation and Free Press who are fighting to keep Net Neutrality and privacy rules.

    https://www.aclu.org/

    https://www.eff.org/

    https://www.freepress.net/

    also you can set them as your charity on https://smile.amazon.com/

    also write to your House Representative and senators

    http://www.house.gov/representatives/find/

    https://www.senate.gov/general/contact_information /senators_cfm.cfm?OrderBy=state

    and the FCC

    https://www.fcc.gov/about/contact

    reply to this | link to this | view in chronology ]

    • identicon
      Vel the Engimatic, 28 Feb 2017 @ 6:46am

      Re:

      What makes you think Pai or Trump's administration will listen, considering all the dollar bills plugging up their ear holes.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Feb 2017 @ 6:55am

        Re: Re:

        I wonder if you would be doing something different with the same dollar bills plugging up your ear holes?

        reply to this | link to this | view in chronology ]

      • identicon
        Thad, 28 Feb 2017 @ 9:00am

        Re: Re:

        Massive public backlash has worked in the past, even in cases where it seemed unlikely.

        I'd agree that you'll probably have a better chance talking to your representatives than to the FCC. But contacting the FCC wouldn't hurt.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 7:08am

    He has learnt all the catch phrases to appear to be helping people, while changing his job to one of doing what the industry bids him to do.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 7:10am

    Doesn't a encrypted VPN turn any ISP into a dumb pipe? The only draw back I've seen is that if you do a lot of commenting on sites like these, you'll get moderated quite a bit as the trolls like to use them too.

    I would think also, to some degree, the market itself may provide said privacy with tools like the VPN/adblock/ browser plugins and such. People like their privacy, learning about and using the tools to ensure privacy may be just as effective if not more so than regulation no?

    reply to this | link to this | view in chronology ]

    • identicon
      Baron von Robber, 28 Feb 2017 @ 7:14am

      Re:

      I don't think so. With regulation, an ISP would have to knowingly break it and takes some effort.

      For a user, if they don't have an always on VPN setup at the router, then the one time they forget to start up their VPN client, their privacy is lost.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Feb 2017 @ 7:17am

        Re: Re:

        "I don't think so. With regulation, an ISP would have to knowingly break it and takes some effort. "

        Isn't their a law about breaking encryption? I would think that their would be, but I'm guessing here.

        "For a user, if they don't have an always on VPN setup at the router, then the one time they forget to start up their VPN client, their privacy is lost."

        I don't know. I would think this would be a feature not a bug. Sometimes; I don't want/need my anonymity. Others I do. Either way I get to decide. Not the Gov., not the ISP. I do. I feel somewhat empowered by that.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2017 @ 7:39am

      Re:

      No.

      1) They'd still get the inevitable DNS leakage
      2) They'd still get a bunch of metadata
      3) They can degrade VPN service quality
      4) The Internet is global. At some point your traffic is going to cross Comcast's or Verizon's cables even if they aren't your ISPs.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Mar 2017 @ 4:02am

        Re: Re:

        Your "No" doesn't make since. The amount of effort they would have to go through to make any of these, or any combination of these a prime method for tracking millions of people would hardly be worth the effort. Aside from that; There are counter measures for any and all of these things. It would start the most expensive game of wack a mole since the AA's took the field. That seems more likely to curb the tracking companies more than government regulation or agencies. Hell, the Government is one of the ones trying to track you in the first place. You've got the NSA (Government) scooping up ALL the data at will. Then we have the FCC trying to protect us from the nasty corporations. How about they start with cleaning their own house?

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    My_Name_Here, 28 Feb 2017 @ 7:17am

    I'm not sure my heart can take this much good news all at once. Or my dick.

    Are you going to censor this post too, Masnick?

    reply to this | link to this | view in chronology ]

    • identicon
      Baron von Robber, 28 Feb 2017 @ 7:30am

      Re:

      Yes. None of us will ever see the post you made that I'm replying too.

      Look, just send Mike a private message that your dick loves him and that you wake up thinking about Mike. You think all day about Mike. And when you go night-night, you hope the the Sandman will give you a dream about being with Mike. Who knows? Maybe Mike plays for both teams.

      reply to this | link to this | view in chronology ]

  • identicon
    Tronald Dump, 28 Feb 2017 @ 7:39am

    FCC Mandates are not negotiable...

    Hey, you there, Ishit Poo, I think you're forgetting something.

    The mandate behind the entity known as the FCC has to be followed regardless of how much you're being paid by AT&T, Verizon, Sprint and T-Mobile.

    The FCC is not your private barony, it's a government entity, with *RULES* you have to follow.

    Pull your face out of the big 4's collective ass and do the job as mandated by the FCC guidelines.

    If you can not or will not, then you must step down or be pushed down, hopefully it won't hurt too much when your face hits the piles of shit that you're corporial form is composed of.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 28 Feb 2017 @ 7:52am

      That's downright mean

      That is an unfair and absolutely uncalled for comparison. Piles of shit can actually be useful, serving to help the public by increasing crop yield in the form of fertilizer.

      Piles of shit have a bad enough rap as it is, they don't deserve to be lumped in with the likes of corporate bootlickers like Pai.

      reply to this | link to this | view in chronology ]

      • identicon
        I.T. Guy, 28 Feb 2017 @ 8:05am

        Re: That's downright mean

        How funny... in my previous comment.

        [Takes deep breath] Can you smell the greatness?

        I was going to mention that in my area the farmers are getting the fields ready for planting. And how I indeedly do smell the "greatness" in the air. I didn't think anyone would make the connection.

        So in comparison bos taurus fecal matter is much much more useful than Pai. Smells better too?

        reply to this | link to this | view in chronology ]

        • icon
          orbitalinsertion (profile), 28 Feb 2017 @ 1:02pm

          Re: Re: That's downright mean

          There may be some market niches to be filled here. I personally would opt for a Pai scraper, but not so much a Pai spreader.

          reply to this | link to this | view in chronology ]

    • identicon
      David, 28 Feb 2017 @ 8:10am

      Re: FCC Mandates are not negotiable...

      Uh, the FCC mandate is set by the government, and its current mandate is to commit suicide. At the very least structure its work in a manner consistent with already having done so.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 28 Feb 2017 @ 11:42am

        Re: Re: FCC Mandates are not negotiable...

        Pai seems perfectly fine with FCC getting closed. Right now he is removing the raison d'etre for FCC. It is alright to throttle, artificially increase the cost of using the internet outside of the ISPs walled gardens and give no fox about expanding coverage/upgrading. I think other things like limits on unlimited plans will get shut down by FTC, but the future of ISPs as gatekeepers making money from both sides of the fence is here. The copyright industry is laughing at the opportunities (gatekeepers = responsibility to act. You know the song and dance)...

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 7:55am

    Are we still pretending that privacy is a thing that exists in this surveillance state?

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 28 Feb 2017 @ 7:57am

    [Takes deep breath] Can you smell the greatness?

    reply to this | link to this | view in chronology ]

  • icon
    The Wanderer (profile), 28 Feb 2017 @ 8:40am

    All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another.

    This is actually quite true! Barring extreme circumstances such as a monopoly position, all actors in the same market should be subject to the same rules. (I say "market" rather than "online space" both because this applies equally well to offline contexts, and because the "online space" actually represents many different markets.)

    The snag is that a company providing a connection to the Internet is not operating within the "online space". That company is operating between the "online space" and the rest of the world.

    All actors within that market should be subject to the same rules, but the rules to which they should be subject are not the same as the rules to which those operating within the different market that is the "online space" should be subject.

    (There's actually a lot more to it, in various crannies of the above - to do with things such as "natural monopoly" and "network effect" and "pro bono publico" and "non-profit" and so forth. But that's a decent overall short summary.)

    As it happens, most of the companies involved in this fight - including, if I understand correctly, both Google and Facebook - fall into both categories: they both provide access to the Internet, and provide services on the Internet. Those different parts of their business should be regulated separately, according to the different rules which apply to those different markets.

    reply to this | link to this | view in chronology ]

    • identicon
      JimBob, 28 Feb 2017 @ 10:58am

      Re:

      Why in the world is no one screaming about wiretapping laws? USPS cannot open my mail to do behavioural analysis, they cannot sell that information for marketing purposes, or build profiles on me based on the contents of my letters. Neither can UPS, nor can the phone company...

      I do not understand why anyone thinks Ajit Pai's arguments: (if the company you are sending USPS mail to can build a profile on you about what you purchase from them, your name, and address, and sell that, why can't the USPS?! It's different rules for the mail carrier from the companies they deliver mail to, and they should be regulated under the same rules!) are taken seriously; people should be screaming in the streets about this.

      Yes, I get that the vast majority of people are underinformed, naive, or plain idiots, but this effort should also be terribly, ridiculously illegal. There shouldn't need to be an FCC rule about ISP customer privacy, because deep packet inspection for non CALEA purposes should already be profoundly illegal.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 9:28am

    when are people going to stand up against this a-hole? he is obviously not interested in anything/anyone other than the big IPSs and Telcos and wont be happy until the 'encouragement' he has received is paid back to them in full!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 10:37am

    Re: Doesn't a encrypted VPN turn any ISP into a dumb pipe?

    No it doesn't.

    Internet is OSI layer 3 full duplex communication. VPN uses variations of NAT to accomplish what it does. Worse it creates a concentration point for traffic analysis and filtering. (most commercial VPN's already filter email by default)

    A general dependence on VPN will create choke points increasing surveillance and censorship overall. But more to the point, if you need to use a VPN service, a crime has already been committed against you.

    While some VPN providers may be honorable, probably some of them are data miners themselves. It is a well known fact that TOR is rife with data mining.

    The long and short of it is this:

    BITS ARE SPEECH!

    Any transient sampling, or modification of traffic above OSI layer 3 is an abuse of the first and fourth amendments. Facilitating that abuse by means of an inhome device ( cable box) is abuse of the 3rd amendment.

    While detailed traffic analysis is periodically neccessary for diagnostic purposes, that is not the same thing as buying line-rate wiretapping equipment, and bulk sampling traffic. Or bulk injecting data into communications into 3rd party communications. (many of whom the carrier has no contractual relationship with)

    There is a technical solution coming that will provide end to end distributed cipher in a way that consumers will accept. I think the players all know it. So they are trying to concentrate traffic in order to make interfering with their customers civil rights cheaper and easier.

    But it's really just a flurry of misdirection in an attempt to prevent the forcible removal of their dicks from the Constitution.

    The Internet was free. Now it isn't. But it will be again. The technical means for accomplishing this is an inevitable evolution.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Mar 2017 @ 4:06am

      Re: Re: Doesn't a encrypted VPN turn any ISP into a dumb pipe?

      "The technical means for accomplishing this is an inevitable evolution."

      This is what I'm hoping for. If we make it technically impossible to track data, then it won't be tracked. You can make all the laws you want. The Government has proven time and again it doesn't care. Same with the corporations. If we want true privacy, we will have to create it ourselves.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Feb 2017 @ 11:55am

    What does this mean?

    Other than they gather our data and sell it of course (which is bad enough). Can they start to inject ads into our streams again and make HTTPS even more unsafe? Does this give them the right to overwrite data on webpages like they have done before (It was other ads as I remember it)?
    I use a VPN mostly, but find it often much slower... does anyone have any safe VPNs that can provide up to gigabit solutions(if we are allowed)?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Feb 2017 @ 1:51pm

      Re: What does this mean?

      Regarding HTTPS, there is nothing your ISP can do to monitor, or inject packets into your HTTPS traffic. HTTPS traffic is safe from deep packet inspection which looks at text, images, and video transferring to and from your web browser.

      However, they still can see what sites you visit, even with https. They just cant see what you send back and forth to those sites. But knowing what the sites are is enough for them to build a profile on you and market to you, even if the detailed traffic is private.

      Regarding VPN, I would love to know too. I currently subscribe to a business level gigabit subscription, and I do not think ISPs would pull these shenanigans on business accounts because there would be lawsuits, but you never know.

      reply to this | link to this | view in chronology ]

      • identicon
        Thad, 28 Feb 2017 @ 2:43pm

        Re: Re: What does this mean?

        Regarding HTTPS, there is nothing your ISP can do to monitor, or inject packets into your HTTPS traffic.

        Isn't there? They're sitting there between you and your destination at key exchange time; I don't see anything stopping them from a man-in-the-middle attack.

        Well, not anything technical. It would be extremely ill-advised for ISPs to perform MITM attacks against their subscribers, as I suspect the backlash would dwarf SOPA. (And using an MITM attack for something as frivolous as targeted advertising would be especially foolish, seeing as the purpose of MITM is not to let your target know they're being attacked.)

        reply to this | link to this | view in chronology ]

        • identicon
          Robert, 28 Feb 2017 @ 5:27pm

          Re: Re: Re: What does this mean?

          > I don't see anything stopping them from a man-in-the-middle attack.

          You need to go back and read about Alice, Bob and how they use public / private key-pairs. The ISP would need a certificate signed by root-CA (embedded in OS / browser) claiming ownership of the destination DNS name.

          We can argue about the "weakness" of the root CA trust model, but it's the single hurdle protecting your HTTPS from MiTM attacks and is not entirely trivial to break.

          It's actually MUCH EASIER for a non-ISP to get control of one of your "hops" than it is to get a useful forged certificate.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 1 Mar 2017 @ 7:58am

            Re: Re: Re: Re: What does this mean?

            "not entirely trivial to break."

            That is an awesome turn of phrase.

            While not entirely trivial, it becomes more trivial once certain infrastructure is in place. Such as an overlay network that allows selectively backhauling interesting traffic, and security software provided to the end node by the ISP that can install a false CA via autoupdate. (both already broadly deployed)

            These factors become more severe as the edge devices (cable boxes) become more intelligent. Which is one of the best reasons for cable box competition. A monopoly on these devices is more likely to provide a homogenous surveillance infrastructure that can be abused by the state. (vs. a diverse infrastructure that can be abused by everybody)

            Which IMHO means that cable box competition is protected by the 3rd, and 2nd amendments, no matter what the posers in the state legislature and the FCC say.

            Part of the issue here is that lawyers don't understand modern communications well enough to be able to identify negligence. So the public is like a mentally handicapped person getting a bullet in the head during a gang shoot out, while the kid who shared gummi bears with him on the short bus looks on from his perch on the judicial bench.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Mar 2017 @ 11:08am

        Re: Re: What does this mean?

        You are right. I completely mixed up my memory of previous articles with ISP's injecting ads into HTTP traffic and Lenovo's shenanigans that exposed everyone using HTTPS to MITM attacks by replacing certificates with a private key that was the same across the board.

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.