No, You Can't Buy Congress's Internet Data, Or Anyone Else's
from the this-won't-fix-piracy dept
In the wake of yesterday's unfortunate Congressional vote to kill broadband privacy protections (which had only just been put in place a few months ago, and hadn't yet taken effect) we've been seeing a lot of... bad ideas. People are rightfully angry and upset about this. The privacy protections were fairly simple, and would have been helpful in stopping truly egregious behavior by some dominant ISPs who have few competitors, and thus little reason to treat people right. But misleading and misinforming people isn't helpful either.
The story that's getting the most attention and seems to be going viral (or at least on the verge) is this GoFundMe campaign set up by Misha Collins to buy and release Congress's internet data:
Congress recently voted to strip Americans of their privacy rights by voting for SJR34, a resolution that allows Internet Service Providers to collect, and sell your sensitive data without your consent or knowledge. Since Congress has made our privacy a commodity, let’s band together to buy THEIR privacy.
This GoFundMe will pay to purchase the data of every Congressperson who voted for SJR34 and to make it publicly available.
PS: No, we won't "doxx" people. We will not share information that will impact the safety & security of their families (such as personal addresses). However, all other details are fair game. It says so right in the resolution that they voted to approve.
Game on, Congress.
As I type this, the campaign is rapidly approaching $30,000 raised (though it claims it has a $500 million goal). The campaign also promises that any leftover money will go to the ACLU — and I love the ACLU, but I'd argue that other organizations were much more involved in this particular fight than they were, so that's an odd choice). Update: Turns out this isn't the only such campaign. There's another one here that has raised even more and doesn't say what it will do with the money if it can't buy the data.
But here's the real problem: you can't buy Congress' internet data. You can't buy my internet data. You can't buy your internet data. That's not how this works. It's a common misconception. We even saw this in Congress four years ago, where Rep. Louis Gohmert went on a smug but totally ignorant rant, asking why Google won't sell the government all the data it has on people. As we explained at the time, that's not how it works*. Advertisers aren't buying your browsing data, and ISPs and other internet companies aren't selling your data in a neat little package. It doesn't help anyone to blatantly misrepresent what's going on.
When ISPs or online services have your data and "sell" it, it doesn't mean that you can go to, say, AT&T and offer to buy "all of Louis Gohmert's browsing history." Instead, what happens is that these companies collect that data for themselves and then sell targeting. That is, when Gohmert goes to visit his favorite publication, that website will cast out to various marketplaces for bids on what ads to show. Thanks to information tracking, it may throw up some demographic and interest data to the marketplace. So, it may say that it has a page being viewed by a male from Texas, who was recently visiting webpages about boardgames and cow farming (to randomly choose some items). Then, from that marketplace, some advertisers' computerized algorithms will more or less say "well, I'm selling boardgames about cows in Texas, and therefore, this person's attention is worth 1/10th of a penny more to me than some other company that's selling boardgames about moose." And then the webpage will display the ad about cow boardgames. All this happens in a split second, before the page has fully loaded.
At no point does the ad exchange or any of the advertisers know that this is "Louis Gohmert, Congressional Rep." Nor do they get any other info. They just know that if they are willing to spend the required amount to get the ad shown via the marketplace bidding mechanism, it will show up in front of someone who is somewhat more likely to be interested in the content.
* Amusingly, Rep. Gohmert voted to repeal the privacy protections, which makes no sense if he actually believed what he was saying in that hearing a few years ago...
Now, what is true is that it's still a bad thing to have companies holding this much data about our private internet usage. And there are real privacy risks of data leaking, and potentially then being tied back to individuals, because it's basically impossible to anonymize that kind of data entirely. But no one is out there "selling your browsing history" in a way that someone else can go buy it.
I know that some people don't care about this distinction, and even some people I know and trust are cheering on this crowdfunding campaign, at the very least to try to make a point about how Congress is voting against their own privacy in favor of some of their largest campaign donors. And that point is not wrong. But if we continue to push this myth that companies are selling direct dossiers on each individual surfer, people will start believing other wrong and misleading stuff, and that makes it more difficult to tackle the actual problems here.
And that's not the only kind of myth we've seen. We've already talked about people now falsely believing that VPNs are a solution here (they are not, and at best might solve some small problems while creating others). But then you have MSNBC, with a TV news correspondent (who you'd think would know better) tweeting out complete nonsense, telling people to "delete" their browsing history hourly:
That's just... embarrassingly uninformed, to the same level as the people insisting you can walk up to Comcast or AT&T and buy Louis Gohmert's browsing history (or, for that matter, Louis Gohmert's belief that the government can just buy advertising data to find terrorists).
We don't solve problems by misrepresenting what the real scenario is. It's true that ISPs have way too much power over these markets, and they can see and collect a ton of information on you which can absolutely be misused in privacy-damaging ways. But let's at least be honest about how it's happening and what it means. That's the only way we're going to see real solutions to these issues.