What This Week's Internet Privacy Action Really Means
It has become increasingly easy to turn off the news or not read the paper as even the most seemingly common sense approaches to regulation default to partisan bickering among clout-heavy lobbyists. And with a pro-big business Republican House, Senate, and president, it's easy to understand how the current Congress and administration would abandon regulations designed to protect consumer privacy in favor of the interests of lobbyist clients that pay the biggest bills -- namely AT&T, Comcast, and Verizon, among others. In fact, that's what happened this week when President Donald Trump signed a bill eliminating privacy rules put in place by the Federal Communications Commission in the waning days of the Obama administration.
The FCC's rules were a direct result of a long legal battle to protect Net neutrality (read my related No Jitter post, "Net Neutrality Decision: Broadband a Utility, Not a Luxury"). After having lost two rounds in court, the FCC changed its tack and declared that Internet service providers (ISPs) were common carriers and thus could be managed under FCC rules, rather than those of the Federal Trade Commission (FTC). The FCC rules, which would have imposed stricter rules on ISPs than others, drew the ire of many Republicans and large ISPs. The ISPs claimed they were being subjected to special administrative obligations (not a good thing) because of their status as ISPs. Part of the conflict resulted from the differences between FTC and FCC rules, thus creating an inconsistency in how those rules designed to protect consumers would be applied.
But what's really behind the recent action, even if not what's generating the headlines? It's what the Internet advertising market and the shares that the biggest ISPs stand not to gain (as opposed to lose, since no one has access to that revenue stream today) if they must go through the trouble of getting permission from end users before sharing their information with those willing to pay for it. Internet advertising is thought to be a ginormous market, at $83 billion, as noted in a March 28 article in The Washington Post. That's right. $83 billion. And if what I saw at Mobile World Congress (MWC) in Barcelona this year is any indication, the opportunity for large ISPs to collect and sell (read: capitalize on) "consumers' behavioral information" is thus so massive as to motivate even a small- to moderate-sized ISP to jump on the bandwagon and sell consumer data to all bidders that come knocking. (At MWC there were 20 companies selling different products and services associated with collected data for every one selling some comparable data security product!)
In this debate, the old familiar Republican line that regulation stifles innovation played a weak second fiddle to the argument that little to no regulation -- or self-regulation -- is the way to manage the issue of consumer privacy. As they say in polite circles, "Poppycock!" As is said in less polite circles, ")_(*&*(^*&^&*(&%!" It's all about the revenue potential.
With or without a regulatory framework, companies providing broadband services are scurrying to develop techniques and methods for mining and analyzing customer information, including browsing habits, app usage and search history, and location identification. "The FCC's rules, which were passed in October ... set limits on how Internet providers could use that information, seeking to give consumers more control over the data they generate as they traverse the Web on their smartphones and computers," as noted in that previously cited Washington Post article. Those rules were scheduled to become effective in December of this year.
What the Congress and president decided this week is to permit providers to access a broad array of customer information without seeking end users' explicit consent to access and share such data. ISPs are no longer obligated to provide additional protection of consumer information from hackers and thieves. Finally, and this is the real kicker, the new rules make it increasingly difficult for the FCC to attempt to restore its privacy rules at some point in the future. While the official line remains that this turnabout creates a more even playing field for the provider, consumer information is increasingly at risk. The larger the volume of data and the more end points there are, the more vulnerable the provider, and ultimately the consumer.
The bright light in all of this is that despite successful federal efforts to place shareholder value over consumer protection, some states have are stepping up and beginning to draft legislation that seeks to take over where the FCC's rules have fallen victim to political action. Once again, while on the federal level potential shareholder returns have trumped common sense consumer protection, the states have had the opportunity and ability to bring their own legislation to the floor. I've had the privilege to be part of the drafting of one such law that should make its appearance in a state assembly house in the very near future. This is cause for optimism, if not outright joy. When at least some of the 50 states get involved in creating their own legislation to fill a gap created by federal inaction (or in this case mis-action), the result can be a legal crazy quilt that's difficult to manage. But it's better than nothing.
While the arguments have focused on the conflict of FTC and FCC rules, keep in mind that the real issue is really about the money at the other end. The administration and Congress's recent actions reflect the preference for shareholder returns over consumer privacy and protection. I can only hope that those lawmakers who led the charge to retract the rules are the first to have their search histories mined and published.