Analysis President Donald Trump has rescinded America's digital privacy protections over what ISPs can do with their subscribers' data, signing into law on Monday a joint resolution of Congress.
The president's action makes official the "congressional disapproval" of rules passed by US consumer watchdog agency the FCC that were due to take effect last month. Those rules would have required ISPs to obtain users' consent before selling their personal data – including location, browser history, health and financial data and other sensitive information – to advertisers.
As has become increasingly common in American politics, however, the issue was decided almost entirely along partisan lines. That, combined with its high-profile nature – it was the lead topic for most late-night chat shows following the vote – meant that we were all subjected to a wave of misinformation masquerading as truth, and even to documents purporting to counteract "myths" that are themselves carefully worded works of fiction.
And so, since it is now the law, we have brought out The Register's patented bullshit detector to wade through the execrable arguments of the past few days and highlight the most significant and/or most inaccurate.
Let's start with the FCC
It was the FCC that had passed the rules, under the chairmanship of (Democrat) Tom Wheeler. And it was also the FCC that stopped them just days before they were due to take effect, under the chairmanship of (Republican) Ajit Pai.
Pai has this to say about the president's signing the joint resolution: "President Trump and Congress have appropriately invalidated one part of the Obama-era plan for regulating the Internet. Those flawed privacy rules, which never went into effect, were designed to benefit one group of favored companies, not online consumers."
We call BULLSHIT on the last part of that sentence, that the rules were "designed to benefit one group of favored companies, not online consumers."
The rules were developed entirely and absolutely to protect online consumers. They required ISPs to get an opt-in from customers for sensitive information, to offer an opt-out for other uses of that data, and to ensure that they appropriately protected that data.
Now, the end result of those rules is that ISPs were put under stronger privacy rules than others. But not at the FCC. In fact the rules were developed from FCC rules covering telephone calls. Your telephone company cannot sell your personal data or who you called to advertisers.
The plan was to extend that to ISPs since the FCC decided that in 2016, the internet had become a utility rather than a service.
What the ISPs were upset about was that companies like Google and Facebook – who offer services on top of internet provision – would not be included in these rules but only the weaker rules run by consumer watchdog agency the FTC.
Now, there is a good argument to be had – and The Register has repeatedly made it – that Google and the FCC got far too chummy with one another, and that many of the FCC's decisions at the tail-end of the Wheeler FCC benefited Google to the detriment of Comcast, AT&T et al.
But that is a wholly different argument to claiming that the FCC privacy rules were "designed to benefit one group of favored companies, not online consumers." They weren't.
Pai Part 2
FCC chair Pai also said in response to Trump's signing: "In order to deliver that consistent and comprehensive protection, the Federal Communications Commission will be working with the Federal Trade Commission to restore the FTC's authority to police Internet service providers' privacy practices. We need to put America's most experienced and expert privacy cop back on the beat. And we need to end the uncertainty and confusion that was created in 2015 when the FCC intruded in this space."
That is largely TRUE, albeit a little misleading.
The FCC does in fact have very limited experience in consumer issues and the FTC is a much better bet in that sense. However, by deciding that the internet was effectively a utility, the FCC had little choice really but to pull ISPs under its privacy rules, which it did, largely using the rules it already had on the books.
That decision did create uncertainty (although "confusion" is pushing it a bit – who exactly was confused?). And, yes, Pai has announced that the FCC will work with the FTC to come up with "consistent and comprehensive protection."
But. Pai is being disingenuous about what is going to happen and how long it will take. First the FCC will have to unravel its legal authority over net neutrality, and then it will have to figure out how to persuade the FTC to adopt new rules.
The reality is that the FCC is going to have a hard time legally defining ISPs. It will be literally the third time that the regulator has tried to do so: the first was struck down by the courts, and the second was upheld, but the FCC itself has now decided to dismantle it.
Any change will have to go through another lengthy and painful process and the idea that the FCC will be able to forge a new data privacy agreement with the FTC at the same time is pure fantasy and everybody knows it.
Pai simply made the decision that it was better to kill off the privacy rules and give himself more room to play with than let them take effect and be boxed in. He made that decision in the full knowledge that every internet user in the US was losing regulatory oversight of what ISPs can do with their personal data.
Fellow FCC Republican take on things
The other Republican commissioner on the FCC, Mike O'Rielly, had his own statement that, unfortunately, layered bullshit upon bullshit.
"I applaud President Trump and Congress for utilizing the CRA to undo the FCC's detrimental privacy rules," he said. "The parade of horribles trotted out to scare the American people about its passage are completely fictitious, especially since parts of the rules never even went into effect. Hopefully, we will soon return to a universe where thoughtful privacy protections are not overrun by shameful FCC power grabs and blatant misrepresentations."
What O'Rielly does, however, is pinpoint the beating heart of the bullshit: the claim that since something hasn't happened yet, it means that it won't happen.
For someone who is a commissioner at a federal regulator, this willful blindness over how the real world works is borderline obnoxious.
Here is the absolute solid reality of what this decision to scrap the FCC rules means:
- ISPs were previously able to do what they can do now, ie, sell their customers' private data.
- But they were previously at risk of being investigated by the FTC and then, later, the FCC.
- If they had been found to have broken data privacy rules, they faced huge fines and most likely the requirement to get prior approval from the FTC/FCC before doing anything similar in future.
- Now, however, there is no backstop. The FTC does not have jurisdiction. And nor does the FCC. The ISPs currently exist in a regulatory-free world.
What this means is significant and it is the source of (Democrat) claims that ISPs will soon be selling your private data and the counter-claims (by Republicans) that people are fear-mongering and inventing problems.
Sponsored: Webcast: Ransomware has gone nuclear