House Votes to Kill Privacy Rules Binding ISPs

The United States House of Representatives on Tuesday approved the Congressional Review Act, undoing privacy restrictions imposed on Internet service providers during the Obama administration.

The Senate passed the CRA last week in a 50-48 vote along party lines.

The White House has expressed support for the CRA.

“This is one time I believe the White House,” remarked John Simpson, privacy project director at Consumer Watchdog.

Privacy advocates have fought against the CRA, warning of its dire consequences, but ISPs and businesses support it.

Why Privacy Advocates Fear the CRA

“ISPs have unique insight into your online activities,” Simpson told the E-Commerce Times. They now can “steal your data, sell it, and never explain what they’re doing with it or who buys it.”

The CRA “destroys reasonable, carefully crafted privacy protections and opens up the possibility of … abuse,” Simpson said.

There are also concerns that the lifting of restrictions would make it easier for law enforcement and national security agencies to conduct surveillance on Americans, perhaps without a warrant, as various police agencies and the FBI have done on occasion.

The Business Side of the Issue

Supporters of the CRA argue that it puts ISPs on a level playing field with Google, which was exempted from the FCC restrictions even though it collects a considerable amount of customer data.

“If an opt-in requirement is not necessary for Google and other edge providers that collect Web browsing information, then it’s not necessary for ISPs either, since Google and other ad server companies can collect the same type of Web browsing data from third-party websites as an ISP,” said Fred Campbell, director of Tech Knowledge.

Google and ISPs “should be regulated the same way with regard to privacy,” Campbell told the E-Commerce Times.

The FCC didn’t do so, because it claims it doesn’t have jurisdiction over edge providers under Title II authority, and it lacks the U.S. Federal Trade Commission’s enforcement capabilities, Campbell pointed out.

“A far better and legally cleaner approach is for Congress to clarify that the FTC has authority over the privacy practices of both edge providers and ISPs,” he suggested.

“There’s not a whole lot more money in selling individually identifiable customer Internet traffic records than there is in analyzing and packaging those records in a way that enables effective advertising but is not readily identifiable,” observed Ryan Radia, research fellow at the Competitive Enterprise Institute.

“Advertisers really don’t care who you are,” he told the E-Commerce Times. “They just want to be able to figure out what people like you tend to do, and how to sell things to people who have similar habits to you.”

Consumers Will Protect Themselves

If consumers found out their providers were making it possible for their Internet behavior to be used in any way that might harm them, “they would flock to alternative providers — including wireless providers — and adopt tools like VPNs,” Radia said.

That already appears to be happening. VPN subscription sales have jumped dramatically since the privacy legislation came to a vote, according to Comparitech.

Consumers should be wary when signing up for a VPN, however, said Paul Bischoff, privacy advocate at Comparitech, which maintains a list of reputable free VPNs.

There are “hundreds of supposedly free VPN apps out there,” Bischoff told the E-Commerce Times, “many of which contain malware, inject ads into Web browsers, and mine user data.”