So we've noted that killing net neutrality
isn't the only goal for large ISPs in the new year. Trump's top telecom advisors have all made it abundantly clear they'd like to defang and defund the FCC as a consumer watchdog entirely
, and roll back the decision to classify ISPs as common carriers under Title II. This would not only dismantle net neutrality, but it would also eliminate the relatively basic broadband privacy rules
the FCC recently passed. Those rules, in short, require that ISPs not only clearly disclose what's being sold and who it's being sold to, but also require they also provide working opt-out tools.
Unsurprisingly, ISPs made quite a stink
about the "draconian" nature of the rules, and sector lobbyists are getting a running head start in dismantling them. After all, informed customers with the tools to protect their own privacy could cost them billions of dollars annually. Especially since the rules require that consumers opt in
to collection of more sensitive financial data.
The cable industry's largest lobbying and trade organization, the Internet & Television Association (NCTA), is urging the FCC
to eliminate the rules entirely, claiming they simply weren't necessary:
"They are unnecessary, unjustified, unmoored from a cost-benefit assessment, and unlikely to advance the Commission’s stated goal of enhancing consumer privacy,” wrote the Internet & Television Association, known as NCTA."
Except if you've tracked why the rules were created, you'd know that's simply not true. The FCC acted after security researchers discovered that Verizon Wireless was modifying user data packets
to track consumers around the internet, without informing them or providing working opt out tools
. The FCC was also concerned that some ISPs (Comcast, AT&T) had begun exploring charging users a steep premium
if they wanted to actually protect their own privacy. Similarly, the FCC acted after some ISPs claimed they'd started providing worse customer service
depending on a customer's credit score.
That alone should show you two truths: one, the broadband industry's claim that it can self-regulate on privacy issues is a joke. Two, the lack of competition in the broadband space opens the door to abuses you won't see in the broader, more competitive content markets Verizon, Comcast and AT&T are interested in rushing toward. These ISPs have long tried to claim that placing additional regulatory burdens on them is unfairly "asymmetric" because Google, Facebook and friends don't face them. But Google, Facebook and friends don't operate in a competitive vacuum thanks to a generation of lobbying, dysfunction, and regulatory capture, something these ISPs would prefer we all ignore.
Like the NCTA, the industry's biggest telco lobbying organization (US Telecom), had plenty to say about the new privacy rules. In its own filing with the FCC
(pdf), the group urges the FCC to "modify key elements" of the privacy rules (read: all the ones that mean anything) right after it gets done eliminating net neutrality. The organization actually tries to claim at one point that privacy protections for consumers aren't necessary because ISPs don't really know all that much about you
and hey, if you really don't like it you can always encrypt your data:
"...the Order ignores the record facts when it predicates this scheme of asymmetric regulation on the premise that ISPs are nearly omniscient and have greater visibility into consumer data than any other Internet company. That premise is false, as Commissioners Pai and O’Rielly and many commenters have explained. Given the recent rise of encryption and multiple ISP connections per user, any given ISP has rapidly declining visibility into the details of consumers’ Internet usage and, in some respects, less visibility than leading social media platforms, search engines, and data brokers."
This idea that ISPs aren't actually
information super vacuums has been used consistently by dollar per hollar
telecom sector think tankers, and it's nonsense. As exposure of deep packet inspection
and Verizon's stealthy super cookies
shows, incumbent ISPs do have nearly "omniscient" awareness of everything a consumer sees, watches, hears, or does. And encryption isn't a privacy panacea
; ISPs can still observe user online behavior based on overall traffic patterns and volume, unencrypted portions of communications, and the growing volume of unencrypted Internet of Things traffic. And a VPN is no guaranteed blockade to ISP snooping either, since again IoT devices won't use VPN, and ISPs can often still monitor user behavior via DNS anyway.
Large ISPs could have avoided these regulations by making sound, reasoned policy choices. Instead, they chose to hoover up every shred of data they could find and sell everything that wasn't nailed down, making consumer choice and transparency a distant afterthought. And thanks to limited competition, broadband consumers have no way of "voting with their wallet" to avoid many of these practices, which is why the FCC crafted them in the first place. You either need to fix broadband competition, or impose rules protecting consumers from the symptoms of that particular disease (net neutrality and privacy violations).
So far, there's every indication
that the new, incoming FCC intends to do neither.