Security Experts:

Could Killing of FCC Privacy Rules Lead to End of Net Neutrality?

The Senate on Thursday voted 50-48 to overturn new FCC rules that would prevent ISPs from monetizing customers' information without their consent. The rules, passed during the Obama administration in October 2016, were due to come into force earlier this month, but were delayed by new Republican chairman Ajit Pai. 

This delay provided time for Republican senators to propose a Joint Resolution to 'disapprove' the new FCC rules. S.J. Res. 34 was adopted along party lines. It 'disapproves' the FCC rule "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services... and such rule shall have no force or effect." 

It is expected that this will be confirmed by Congress, which could then further prevent the FCC from issuing substantially similar rules in the future. However, many commentators also consider this to be the first step in dismantling the net neutrality rules imposed during the Democrat Obama administration.

Internet Privacy and ISP DataThe debate goes back to the Open Internet Order of 2010, and the subsequent reclassification of ISPs as common carriers in 2015. This was necessary to bring ISPs under the FCC's regulatory regime in order to enforce net neutrality -- but it also meant that the FCC was responsible for privacy enforcement.

The ensuing privacy rules were adopted on October 27, 2016, and were designed "to give broadband consumers increased choice, transparency, and security over their personal data so consumers are empowered to decide how data are used and shared by broadband providers."

In short, the FCC grabbed regulatory control of ISPs from the FTC in order to enforce net neutrality, but in doing so also became responsible for privacy. The effect was to place different internet giants (such as Comcast, Verizon and AT&T) under different regulations to others (such as Google and Facebook). The latter are allowed to monetize customer data, while the former are not.

The ISPs are not happy with this, and have been complaining and lobbying to get it reversed. "The unfortunate result of the FCC's extreme regulatory proposals," wrote Comcast in March 2016, "will be more consumer confusion and less competition -- and a bunch of collateral damage to innovation and investment along the way. This is most disappointing because it is entirely avoidable, since the Administration, the Federal Trade Commission, and others have examined this issue and marketplace for many years and have reached very different conclusions."

The Internet & Television Association trade group (NCTA) issued a new statement Thursday: "We appreciate today's Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality.  The Senate's action represents a critical step towards reestablishing a balanced framework that is grounded in the long-standing and successful FTC privacy framework that applies equally to all parties operating online..."

The ISPs would like the marketplace to be unified under the regulatory control of the FTC -- or at least to have no more regulatory control than that placed on other internet service companies. But ISPs provide a completely different service, and control the internet choke points. The Electronic Frontier Foundation (EFF) points out 'Five Creepy Things Your ISP Could Do if Congress Repeals the FCC's Privacy Protections'. These include selling data to marketers, hijacking searches, inserting ads, pre-installing their own spyware on phones, and injecting 'undetectable, undeletable tracking cookies in all of your HTTP traffic'. In each case, EFF provides examples of ISPs who have already done this.

It is noticeable that new UK laws focus on using the ISPs to exert the government's new surveillance (Investigatory Powers Act) and censorship (the Digital Economy Bill) capabilities. The former ensures that the government will simply be able to take the internet data that US ISPs are likely to be able to sell, while the latter will enable the government to use the ISPs to block public access to websites it deems unsuitable (as it already does in a limited form with sites such as The Pirate Bay). Both laws would almost certainly be struck down by the European Courts as unconstitutional if the UK remained within the European Union.

What isn't yet certain is whether disapproving the FCC's privacy rule in the US is really the first step towards dismantling net neutrality. Chairman Pai can legitimately claim that he had no role in this (other than providing time for it to happen). It is the Senate rather than the FCC that has done so.

Net neutrality has been in force since the FCC's Open Internet Order and the reclassification the ISPs imposed neutrality. It has already stood the test of time and would probably require government legislation rather than FCC action to reverse it. 

Writing in the LegalMatch law blog, Jonathan Lurie comments, "If the rule was to be fully stripped away, it would most likely involve an act of Congress explicitly doing so. However, Congress and the Trump administration do not seem to be making such legislation a priority." Instead, he suggests that, "it has been implied that [chairman Pai's FCC] would likely see changes allowing ISPs to prioritize data in certain situations -- basically creating carveouts to the general rule. There's no particular indication as to what these carveouts might include, but it is easy to imagine a situation where exceptions could swallow the rule."

The irony in the current situation is that ISPs have argued that the FCC privacy rules distort the advertising market and hamper innovative new approaches, while supporters of net neutrality claim that it will enable innovative companies with new approaches to internet services.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.