As we've been noting, broadband providers have wasted no time pressuring Congress to kill the FCC's new broadband privacy rules. These rules, passed last year, simply require that ISPs are transparent about what data they're collecting and who they're selling it to, while requiring they provide working opt-out tools. But the rules went further in requiring that broadband customers opt in to more sensitive data collection, including financial data. Given an informed, empowered consumer means less advertising revenue, ISPs quickly went to work throwing a monumental hissy fit.
This week, a coalition of broadband providers including Comcast, AT&T, T-Mobile and Verizon issued a breathless letter professing their absolute dedication to consumer privacy, apparently hoping that consumers haven't noticed they're simultaneously trying to kill the first meaningful broadband-specific privacy protections users have enjoyed in the history of the technology. As you might expect, the least-liked industry in America spends a notable part of the missive patting itself on the back for its selfless dedication to user privacy:
"ISPs understand the trust our customers place in us, and we are committed to protecting our customers’ privacy and safeguarding their information. For 20 years, we have implemented policies and practices that are consistent with the FTC’s widely respected and effective privacy framework and other federal and state privacy laws.
...We understand the importance of maintaining our customers’ trust. That is why we will continue to provide consumer privacy protections, while at the same time meeting consumers’ expectations for innovative new product solutions to enhance their online experiences.
Yeah, like that time Verizon was caught modifying user data packets to covertly track customers all around the internet without A. telling anybody or B. providing working opt out tools. Or that time AT&T began charging its broadband customers a steep premium just to protect their own privacy (something Comcast has shown repeated interest in as well). Or that time Cable One made it clear it wants to use user financial data to deliver worse customer service to low-income customers with bad credit. You can just feel the broadband industry's dedication to protecting your private data pulsing in the very wind itself!
In short the industry's trying to argue that the weaker, inconsistent privacy protections of the FTC are enough to protect consumers from wrongdoing. But as you saw in the last paragraph, the FTC (already overloaded and in constant risk of having its authority eroded) rarely has the time or interest in actually enforcing these rules anyway. The FCC's new rules were created specifically in response to these behaviors, and because the barely-competitive broadband industry creates some unique consumer protection challenges other industries and companies (like Google or Facebook, where users are free to use other services) don't face.
This idea that Congress will be somehow "streamlining" the FCC and eliminating duplicate authority will be the narrative du jour for most of this year. But in an outgoing interview with former FCC boss Tom Wheeler this week, the former dingo makes a point that's important for consumers and telecom journalists alike to understand:
"In the Trump administration, people are talking about stripping regulatory power from the FCC, and essentially taking the agency apart (including moving jurisdiction over internet access to the Federal Trade Commission [FTC]). “Modernizing” the FCC is the lingo being used. What’s your thought about that?
It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along.
So it doesn’t surprise me that the Trump transition team — who were with the American Enterprise Institute and basically longtime supporters of this concept — comes in and says, “Oh, we oughta do away with this.” It makes no sense to get rid of an expert agency and to throw these issues to an agency with no rule-making power that has to compete with everything else that’s going on in the economy, and can only deal with unfair or deceptive practices.
To try and ease concerns among those that, well, have actually paid attention to the industry's bad behavior on this front, giant ISPs like Verizon and Comcast instead proposed a voluntary group of self-regulatory principles governing transparency, data security, notifications in the wake of hack attacks, and "consumer choice." The industry's promise to respect user privacy choices are framed as such:
"ISPs will continue to give broadband customers easy-to-understand privacy choices based on the sensitivity of their personal data and how it will be used or disclosed, consistent with the FTC’s privacy framework. In particular, ISPs will continue to: (i) follow the FTC’s guidance regarding opt-in consent for the use and sharing of sensitive information as defined by the FTC; (ii) offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing; and (iii) rely on implied consent to use customer information in activities like service fulfillment and support, fraud prevention, market research, product development, network management and security, compliance with law, and first-party marketing."
In short, we're going to just keep doing what we're already doing, while hiding behind overlong privacy policies, "implied consent," and loopholes that broadly declare most data "non-sensitive" -- all while obfuscating the fact the FTC privacy enforcement hasn't worked. If FTC enforcement alone for broadband privacy actually worked, Verizon wouldn't have been allowed to covertly track consumers around the internet for two years before security researchers actually noticed it. If FTC oversight actually worked on this subject, AT&T wouldn't have been allowed to charge users up to nearly $800 more per month in some instances just to protect their own data.
And having a weak (and likely soon to be weaker) cop on the beat is particularly important to companies like Verizon moving forward, given it has been on a tear gobbling up failed internet brands like AOL and Yahoo as part of its master plan to shift its focus from broadband toward slinging video ads at Millennials (apparently not very well). Verizon and friends have tried to argue that the FCC's privacy rules created "asymmetrical regulation," but they consistently ignore that the lack of broadband competition creates risks you don't see in the markets inhabited by the companies Verizon's envious of (Facebook, Google).
Here's the thing. The broadband industry had it pretty good for most of the last decade in terms of doing whatever it wanted with consumer data. Regulators, regardless of party, generally looked the other way as these companies hoovered up every shred of location and browsing data -- using everything from DNS tracking to deep packet inspection -- then relied on FTC regulatory loopholes to sell this data to pretty much everybody. Only once the broadband industry began pushing its god-damned luck with incredibly stupid ideas (with ideas like charging users for their own privacy) did the FCC even feel the need to get involved.
So in short, if the broadband industry's looking for someone to blame for the FCC's relatively modest privacy rules, it should spend some time looking in the mirror. Granted that may all be a moot point now that we've decided to put a former Verizon lawyer with a disdain for facts in charge of regulating the broadband sector. Back in 2008 Verizon claimed that consumer privacy protections weren't necessary because "public shame" would keep the company honest. There's every indication we're about to truly put that theory to the test.