Should our internet communications get less privacy protection than our phone calls? Telephone companies have not been allowed to compile and sell lists of all the parties you've called (friends, businesses, doctors, or anyone else). We don鈥檛 let phone companies transcribe the content of your conversations, perform keyword analysis, and then use or sell it. When an American calls a suicide hotline, an outreach service for gay teens, or a cancer doctor, he or she doesn't have to worry that the phone company will sell that information to others.
And why don't phone companies sell such data? It's not tradition, or politeness (that information could be worth a lot of money), or even fear of angering customers (most of whom would probably never learn of it, and if they did, might be powerless do anything about it). The reason is that they are prohibited by law from doing so. Specifically, by of the Communications Act. That law says that 鈥渆very telecommunications carrier has a duty to protect the confidentiality鈥 of the information they get from providing service to you, such as call details, and can't just use it for any purpose they want.
This law has never applied to the internet because in 2002 the FCC, dominated by regulators who didn't want to do their job and actually regulate, and acting in the face of the plain statutory definition of the term, decided that broadband internet service providers were not 鈥渢elecommunications carriers,鈥 and that therefore they were not subject to Section 222 privacy rules that apply to such carriers (or any other part of Title II of the Communications Act).
That all changed last year, when the FCC, acting on well-founded fears that absent protection of the law carriers would violate network neutrality, reclassified broadband internet as telecommunications service subject to Title II rules governing 鈥渃ommon carriers.鈥 When it did that, however, it held off from immediately applying many of the provisions of Title II to broadband carriers, including the privacy protections for consumers that are contained in Section 222.
But now, word is that the FCC will soon propose a rulemaking applying these privacy rules to internet broadband services. This is a really exciting development鈥攐ne that could potentially represent one of the biggest steps forward in the protection of online privacy we鈥檝e seen in a long time.
The catch is that the broadband carriers are going to fight it. That鈥檚 why the 老澳门开奖结果 has joined with in Washington to pushing the FCC not to falter. It鈥檚 not completely clear how the provisions of Section 222, which were written broadly but with telephone service in mind, will translate to internet service, and the danger is that under corporate-driven political pressure, the commission will propose something weak.
A straightforward application of existing statutes
Broadband carriers are resisting this sensible protection for privacy, but what the industry wants is for the government not to apply the law as it鈥檚 clearly written. Applying privacy protections to internet service providers is not some exercise in creative regulation; it鈥檚 the obvious outcome of a plain reading of the law.
First, Congress has telecommunications services in a way that clearly covers broadband internet: 鈥渢he offering of telecommunications for a fee directly to the public,鈥 where 鈥渢elecommunications鈥 means 鈥渢he transmission, between or among points specified by the user, of information of the user鈥檚 choosing, without change in the form or content of the information as sent and received.鈥 Although the Bush-era FCC resisted the plain meaning of that definition, it obviously applies to broadband carriers. Indeed, that鈥檚 what the FCC acknowledged when it those carriers under Title II last year in the culmination of the network neutrality battle.
Second, under the law, telecommunications carriers are subject to Section 222, which states that 鈥渆very telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to鈥ustomers.鈥 It imposes limits on what it terms 鈥渃ustomer proprietary network information,鈥 or CPNI, which basically means information about how you use the telecommunications service. Specifically CPNI is defined as:
information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship
It seems obvious that this would include information about how customers use the internet, including the web sites they visit, whom they communicate with, the applications they use, the amount of data they exchange, and many other kinds of information that would be a gold mine to advertisers but which internet users expect their carriers to keep private. And the that carriers are required to do so:
a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.
If Verizon or Comcast (or whatever other company you may use) were not your ISP, they wouldn鈥檛 have access to this information about you; they only have it 鈥渂y virtue of the carrier-customer relationship.鈥 Unless you specifically agree otherwise, they are only allowed to use or disclose CPNI for the purpose of providing the telecom service you鈥檙e paying for.
Unfortunately, the broadband carriers have already begun to in the kinds of privacy invasions that Congress intended to prevent鈥攁nd they appear to be hungry for more of the revenue that such invasions promises to bring them (more on that in a future post).
Internet services should be straightforward: we pay them money, they provide us with internet connections, transport our bits to and from whoever we connect to, and get out of the way. Their making money on the side by spying on our online activities should not be part of the bargain.