Analysis New privacy rules put forward by the US Federal Communications Commission (FCC) that are intended to give consumers more rights over what ISPs do with their data have left policymakers scratching their heads.
When FCC chairman Tom Wheeler announced last month that he would issue a "notice of proposed rulemaking" – or NPRM in the lingo – it was just the latest in a series of actions taken to plug longstanding policy holes in the world of Big Cable.
But following the release of the NPRM on "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services," some are starting to wonder whether the impending US election is starting to drive the FCC's actions rather than normal policy processes.
As the name implies, a notice of proposed rule-making typically comes in a fairly finished form: a set of problems identified, a set of solutions proposed, and some precise wording for people to react and respond to.
In the case of the 148 pages of data privacy rules, however, there are more questions than answers – literally. The paper contains hundreds of questions. We have counted 500. Everything from asking whether to create a special category for "highly sensitive information" – and if so what should be in it – to asking if its definitions of "customer" and "end user" are any good.
There are so many questions on so many aspects, in fact, that it is clear the FCC is trying to learn about data privacy rather than use its expertise to propose improvements to the current system.
Hire the guy with the
most least experience
And the reason for that is quite simple: the FCC does not have any experience in this field. The issue of data usage has always been the preserve of the US Federal Trade Commission (FTC), a federal regulator tasked with looking after consumers' interests. It is telling that in almost every sentence of the NPRM where it is building a factual case for action, the FTC is referenced.
The situation is very similar to the way the FCC hired its first ombudsman last year (it gave the job to an existing staffer).
Under the Open Internet Order, aka net neutrality rules, the FCC gave itself the authority to hear complaints from ordinary consumers (as opposed to large corporations). It doesn't have any experience in doing this, and is largely winging it. It has become painfully apparent that it is doing the same with the topic of data privacy.
Making matters worse, others warned this was going to happen. Back in July, the House Energy and Commerce Committee's memo on the changing landscape noted:
With the application of Section 222 on Internet privacy protections, and the announcement of additional rules to come, the FCC has removed broadband Internet service providers from the jurisdiction of the Federal Trade Commission (FTC) ... the reclassification created a regulatory vacuum by removing from the playing field the referee that had policed consumer privacy protections on the Internet since its inception.
It also noted, with some sharpness:
The Commission's nullification of the FTC's jurisdiction and entry into the sphere of consumer online privacy raises significant and immediate concerns ... the FCC has made clear through the Enforcement Advisory of its intention to scrutinize practices and hold broadband internet service providers liable notwithstanding the lack of established rules.
The phrase "notwithstanding the lack of established rules" is the Congressional way of saying: despite not knowing what the hell they are doing.
The wrong process
Beyond its power grab without requisite ability, what is really troubling policymakers is that the FCC has put its paper out as a "notice of proposed rulemaking."
There is a whole process for the FCC to gather information on something it is not fully versed on, and that is called a "notice of inquiry" or NOI.
Under an NOI, the FCC says it is looking at a topic and it wants people's views on it. It then provides a series of questions and uses the responses to start on a formal policy process, eventually ending up with an NPRM. The fact that the whole NOI process has been effectively bypassed is setting off alarm bells.
The FCC may have persuaded itself, following its reclassification of the internet as a "Title II" network, that the internet and ISPs are basically the same as traditional telcos. If so, everyone is in for a rocky ride.
That reclassification was an unfortunate necessity, dragging modern technology into old law, in order to give the FCC the authority to act in consumers' interests. It was necessary because Congress was never going to pass the required legislation to pull the internet world into a proper legal framework for review.
The fear is that the FCC, as a slow-moving bureaucracy, is not rethinking its approach but has started simply applying its old-world mindset and approaches to the modern internet.
Losing the votes
The other possibility is that Wheeler's determination to get things done before the US election later this year risks robbing him of his 3-2 voting majority. This has blinded the FCC's staff to the fact that they may not know what they are doing.
The increasingly partisan nature of the FCC – which itself was a main topic at a different Congressional hearing – is having the same damaging impact as it does everywhere else in the US political system: sides are picked and compromises suffer. And good policy is nothing but solid compromises.
What should the FCC do? It should look to the FTC to provide it with guidance – possibly even set up a joint group to develop new rules. If the FCC is insisting on taking the authority for these issues rather than finding a way to let the FTC expand its reach into this critical area, then it should at least go to the organization that has the skills and requisite knowledge and ask it for assistance.
And it should do that before it puts out a notice of inquiry, and most definitely before it puts out a notice of proposed rule-making. The fact that it hasn't means the FCC continues down a dangerous path that everyone is going to regret soon enough. ®