The FCC voted today to propose rules that would finally apply telecommunications privacy protections to the internet. We urge adoption of these privacy protections, with clear language to ensure that consumers have meaningful control over their privacy in ways that can鈥檛 be undermined by carriers.
This long-overdue step is not only consistent with the law, it鈥檚 pretty clearly required by it. Nevertheless, the agency鈥檚 action is provoking fierce opposition (and bogus arguments) from giant broadband carriers like Verizon, Comcast, and AT&T, which don鈥檛 want the FCC to enforce the law. With today鈥檚 action the FCC鈥檚 proposal will be opened for public comment, after which the agency鈥檚 five members will vote on whether the protections will actually go into effect.
The FCC and its chairman Tom Wheeler are to be praised for taking this step, which, like the victory for network neutrality before it, promises to be a huge milestone鈥攊n this case, in the preservation and restoration of our right to communicate privately. Too often, regulatory agencies become captive to the desires of the industries they鈥檙e supposed to regulate, so it鈥檚 reassuring to see an agency resolutely press forward with its mission in the face of howls and screams from industry, which is salivating at the prospect of eavesdropping on internet communications in a way that they鈥檝e never been allowed to do when it comes to telephone calls.
Americans have a right to a communications infrastructure that protects privacy. They may choose to use that infrastructure to do business with companies like Google and Facebook that offer free services in exchange for a certain amount of monitoring (and that monitoring is problematic in many ways), but that same privacy-invading business model must not be permitted to penetrate the very wires over which we communicate. Unlike with online services, we cannot choose to avoid broadband carriers if we want to connect to the internet. And broadband connectivity is not an ad-supported service鈥攚e pay our ISPs.
For now the question is whether the FCC will go far enough, or whether its proposal will be weakened under pressure from industry and its allies in Congress. Here鈥檚 what we鈥檇 like to see in the FCC鈥檚 final rules:
- A sufficiently broad definition of the information that is protected. As I discussed in greater detail here, the law requires companies to protect the confidentiality of 鈥渋nformation that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service.鈥 Such information is called 鈥淐PNI.鈥 The question is how that general description will be defined in the regulations as they apply specifically to broadband internet.
- Meaningful choice. Information collected about a customer by the carriers by virtue of the service they provide鈥擟PNI鈥攕hould not be shared except with the full opt-in consent of that customer. That consent should be meaningful, i.e. truly optional and not buried in a 42-page click-through agreement written in dense legalese.
- Access. Consumers should be able to access CPNI to see what data, if any, a carrier is holding about them and their internet usage.
- Transparency. Internet carriers need to make crystal clear how they will use any information they collect about customers.
- No 鈥淧ay for privacy.鈥 A big danger is that customers will be forced to pay for privacy protections that under the law should be their right. That may initially take the form of 鈥渟pecial discounts鈥 for those who agree to give up their privacy, but will quickly become equivalent to extra charges for those who wish to preserve that privacy. The result will be that the underprivileged (and disproportionately minority) population that lacks the discretionary income to devote to privacy will lose a right given to more affluent Americans. The FCC needs to include protections that prohibit carriers from forcing customers to pay extra for their privacy.
- No spying on content. Many of the rules under discussion would cover communications metadata (who and what a person is communicating with), but the FCC must also ban any eavesdropping on the content of customer communications (what a person is actually saying) under all circumstances. No customer should be allowed to agree to a discount in return for letting the phone company listen in on their phone calls, and there鈥檚 one simple reason for this: even if the customer agrees, the other people that customer is talking with have not agreed to have their calls listened to, and would have no way to know that monitoring is taking place. The same should apply to the internet: if I鈥檓 having an online chat with you, my privacy should not be violated just because you鈥檝e made a deal with the carrier. That would be a profound violation of privacy that is not permitted in other contexts.
Discussions of these elements of privacy protection can be found in excellent white papers produced by the and , among other places.
The good news is that most or all of these elements appear to be mentioned in the FCC鈥檚 new proposal as issues on which the commission would like to hear feedback. Now the process of submitting comments to the FCC begins鈥攕omething that any American can do鈥攖o press the agency to actually include good rules that cover these important protections. More on that to come鈥