Why the FCC’s Plan to “Protect” Consumer Privacy is Misguided
Technology has already solved many of the problems Chairman Wheeler cites
So much for a regulatory light touch. The Federal Communications Commission outlined a plan to require major Internet Service Providers (ISPs) to disclose, in detail, how they use consumer data and to force ISPs to provide consumers the ability to “opt-out” of any tracking.
According to FCC Chairman Wheeler, the plan is necessary because ISPs harm consumer privacy by “collect[ing] their customers’ personal and private information to create detailed profiles about their lives.”
Chairman Wheeler’s allegations, though, are largely untrue. According to a recent working paper from Georgia Tech’s Institute for Information Security and Privacy:
The evidence does not support a claim that ISPs have ‘comprehensive’ knowledge about their subscribers’ Internet activity, for encryption and other technological reasons. Similarly, ISPs lack ‘unique’ insight into users’ activity, given the many contexts where other players in the ecosystem gain insight but ISPs do not…
As with a number of the Chairman’s proposals, the plan harkens to the early days of the Internet, when ISPs had virtually unfettered access to a person’s web browsing habits. During those days, ISPs could collect data and, theoretically, link data to specific users through billing information, addresses and telephone numbers.
Those early days of the internet have passed. While he paints ISPs broadly, as villainous companies intent on collecting user data for targeted ads, technology has already solved many of the problems Chairman Wheeler cites in his plan.
In the “old” internet system, information was sent, unencrypted, to consumers’ desktop computers. In today’s connected world, consumers have multiple devices, such as tablets and smartphones. The Internet of Things connects in far different ways and for purposes beyond browsing the web. Consumers use wi-fi hotspots at Starbucks, McDonalds, at libraries and homes.
Much of the information transmitted over the web is now encrypted, and virtual private networks (VPNs) are starting to gain traction. In short, the data ISPs collect is neither “comprehensive – technological developments place substantial limits on ISPs’ visibility, [nor is it] unique – other companies often have access to more information and a wider range of user information than ISPs.”
The real threats to consumer privacy – if they can even be considered “threats” – are non-ISP services providers. Unlike ISPs, which provide connection to the internet, perhaps with some other telecommunications service, non-ISPs typically provide some form of internet related product or service. Non-ISPs, such as search engines, web browsers and social media platforms collect, retain, analyze and catalogue consumer data in far greater quantities, and in far greater detail, than ISPs. Google, for example, has the ability to store searches, follow consumers around the web, scan emails, scan contents of documents uploaded to its drive, and so on, so that it can provide advertising most relevant to the consumer.
Another federal agency, the Federal Trade Commission, is currently tasked with defending consumers, should a company, such as an ISP, truly violate a consumer’s privacy. There is no need for the FCC to encroach upon the FTC’s authority, where the “problems” cited are mostly from yesteryear.
The Internet, Internet service providers and other innovators need “light touch” regulation, not heavy-handed rules. Chairman Wheeler’s plan does not target actual harm to consumers, as technology has moved beyond his perceived harms. If proposed and finalized, Chairman Wheeler’s plan would stifle both innovation and competition by targeting one particular category of company for additional red-tape.