from the snoopvertising-supernova dept
Unsurprisingly, ISPs made quite a stink about the "draconian" nature of the rules, and sector lobbyists are getting a running head start in dismantling them. After all, informed customers with the tools to protect their own privacy could cost them billions of dollars annually. Especially since the rules require that consumers opt in to collection of more sensitive financial data.
The cable industry's largest lobbying and trade organization, the Internet & Television Association (NCTA), is urging the FCC to eliminate the rules entirely, claiming they simply weren't necessary:
"They are unnecessary, unjustified, unmoored from a cost-benefit assessment, and unlikely to advance the Commission’s stated goal of enhancing consumer privacy,” wrote the Internet & Television Association, known as NCTA."Except if you've tracked why the rules were created, you'd know that's simply not true. The FCC acted after security researchers discovered that Verizon Wireless was modifying user data packets to track consumers around the internet, without informing them or providing working opt out tools. The FCC was also concerned that some ISPs (Comcast, AT&T) had begun exploring charging users a steep premium if they wanted to actually protect their own privacy. Similarly, the FCC acted after some ISPs claimed they'd started providing worse customer service depending on a customer's credit score.
That alone should show you two truths: one, the broadband industry's claim that it can self-regulate on privacy issues is a joke. Two, the lack of competition in the broadband space opens the door to abuses you won't see in the broader, more competitive content markets Verizon, Comcast and AT&T are interested in rushing toward. These ISPs have long tried to claim that placing additional regulatory burdens on them is unfairly "asymmetric" because Google, Facebook and friends don't face them. But Google, Facebook and friends don't operate in a competitive vacuum thanks to a generation of lobbying, dysfunction, and regulatory capture, something these ISPs would prefer we all ignore.
Like the NCTA, the industry's biggest telco lobbying organization (US Telecom), had plenty to say about the new privacy rules. In its own filing with the FCC (pdf), the group urges the FCC to "modify key elements" of the privacy rules (read: all the ones that mean anything) right after it gets done eliminating net neutrality. The organization actually tries to claim at one point that privacy protections for consumers aren't necessary because ISPs don't really know all that much about you and hey, if you really don't like it you can always encrypt your data:
"...the Order ignores the record facts when it predicates this scheme of asymmetric regulation on the premise that ISPs are nearly omniscient and have greater visibility into consumer data than any other Internet company. That premise is false, as Commissioners Pai and O’Rielly and many commenters have explained. Given the recent rise of encryption and multiple ISP connections per user, any given ISP has rapidly declining visibility into the details of consumers’ Internet usage and, in some respects, less visibility than leading social media platforms, search engines, and data brokers."This idea that ISPs aren't actually information super vacuums has been used consistently by dollar per hollar telecom sector think tankers, and it's nonsense. As exposure of deep packet inspection and Verizon's stealthy super cookies shows, incumbent ISPs do have nearly "omniscient" awareness of everything a consumer sees, watches, hears, or does. And encryption isn't a privacy panacea; ISPs can still observe user online behavior based on overall traffic patterns and volume, unencrypted portions of communications, and the growing volume of unencrypted Internet of Things traffic. And a VPN is no guaranteed blockade to ISP snooping either, since again IoT devices won't use VPN, and ISPs can often still monitor user behavior via DNS anyway.
Large ISPs could have avoided these regulations by making sound, reasoned policy choices. Instead, they chose to hoover up every shred of data they could find and sell everything that wasn't nailed down, making consumer choice and transparency a distant afterthought. And thanks to limited competition, broadband consumers have no way of "voting with their wallet" to avoid many of these practices, which is why the FCC crafted them in the first place. You either need to fix broadband competition, or impose rules protecting consumers from the symptoms of that particular disease (net neutrality and privacy violations).
So far, there's every indication that the new, incoming FCC intends to do neither.