Republicans in Washington are showing they really don’t care much about your online privacy.
Over the past week, Republican policymakers at the Federal Communications Commission and in Congress have taken steps to undo a modest but important set of privacy rules governing broadband providers approved by the FCC last year. The moves could soon allow broadband providers to track your online activities and collect whatever personal information they’d like about you without getting your permission first. They’d also alleviate the broadband providers from having to take any concrete steps to protect your personal data.
As you might expect, consumer advocates, many of whom have fought long and hard for Washington to take steps to protect citizens’ privacy, panned the moves.
The congressional action in particular “will produce a losing situation for all,” John Simpson, director of Consumer Watchdog’s privacy project, said in a statement. “Consumers will lose their privacy and business will lose the essential trust of their customers. What can (the Republicans) possibly be thinking?”
The moves came in two steps. Earlier this week, nearly two dozen Republicans signed on to a resolution proposed by Sen. Jeff Flake, R-Arizona, that would not only discard the broader broadband privacy rules the FCC voted in last year, but would prohibit the agency from ever crafting new ones without first getting Congressional approval.
The resolution was filed under the authority of the Congressional Review Act, a law that allows Congress — through a simple majority vote of both houses — to overturn regulations issued in the waning days of a presidential administration. The resolution requires presidential approval, but it can’t be filibustered in the Senate, meaning Republicans could potentially pass it on a simple party line vote.
What’s worse, resolutions approved under the CRA essentially bar the agency that issued the overturned regulations from issuing new rules on the matter. That means that if the privacy resolution passes, the FCC wouldn’t be able to issue new rules governing what data broadband can collect or how they safeguard it.
“Jeff Flake and his colleagues in the Senate will make a lot of noise in the coming days about how much they value your privacy. Don’t believe them for a second,” Matt Wood, a policy director at consumer advocacy group Free Press, said in a statement. “At this point, Flake’s commitment to privacy is as empty as his rhetoric.”
The proposal followed by just days a move by the new head of the Federal Communications Commission to put on hold one piece of those privacy rules — a requirement that broadband providers take “reasonable” steps to protect the personal information they collect from their subscribers. The hold came in the form of a stay issued by the commission that blocked the rules, which were due to take effect last Thursday, from becoming effective.
The Republicans’ moves are in response to the privacy rules put in place by the FCC under former Chairman Tom Wheeler. Those rules require broadband providers to get customers’ consent before collecting certain private data and to protect what data they collect. Sounds reasonable enough, no? It also doesn’t sound like something that ought to be a partisan issue; we all — Republicans, Democrats and independents — care about protecting our privacy, right?
But Republican policymakers made this a partisan issue when Wheeler proposed the rules last year. And they and their broadband industry allies have been determined to reverse Wheeler’s reforms now that President Trump’s pick, Ajit Pai, has taken his place as chairman.
The Republicans and their broadband allies have argued that the privacy rules represented a regulatory overreach by the FCC and that protecting privacy should be left up to the Federal Trade Commission, which oversees the corporate practices of companies other than broadband providers. They’ve also argued that it would be unfair and confusing to consumers to have different privacy rules for broadband providers than for internet companies like Google and Facebook.
Indeed, FCC Chairman Pai’s statement regarding the stay of the data security rules was headlined: “FCC Moves To Ensure Consumers Have Uniform Online Privacy Protection.”
But that headline seems a cruel jest, and the broader arguments ring hollow. There is no overarching privacy law for the Federal Trade Commission to enforce and the agency has no authority to write any rules on its own. Instead of limiting what data companies can collect or directing them how to safeguard that data, the FTC is confined to making sure companies abide by the terms of their privacy policies and offering some suggested guidelines on how companies should protect the data they collect from consumers.
In fact, it’s long been a joke among privacy advocates that for the most part, companies can do whatever they want to with consumers’ private data and it would be OK with the FTC as long as the companies disclose what they’re doing in a “privacy” policy.
What’s more, the FTC by law has no authority over so-called common carriers, companies that are required to offer services like broadband on a non-discriminatory basis. By contrast, federal law charges the FCC with regulating common carriers and particularly with making sure such companies protect customers’ privacy.
While it’s true the FCC rules wouldn’t cover companies like Google and Facebook, which are collecting gobs of consumer data, that doesn’t make them either unfair or worthless. The FCC has no authority over the privacy practices of internet companies, so it can’t restrict what data they collect or what they do with it. While it would be great if some federal agency had that power, that would require a new federal privacy law — something Flake and his friends aren’t exactly pushing for.
What the rules would do is protect consumers from a privacy threat that’s potentially even more disturbing than that from Google and Facebook. Broadband providers have the ability to see everything you do online — not just what you search for and what websites you visit, but the emails you send, the movies you watch, the songs you listen to and the apps you use.
And while you can choose to use a different search engine than Google or to not use Facebook at all, you generally don’t have much of a choice over your broadband provider, at least not the one that provides the internet connection to your home. That’s because most Americans typically have at most just one provider that offers internet access at what’s now considered broadband speeds. So, if you don’t like how much data your broadband provider is collecting or what they’re doing with it, you generally can’t just go to another provider.
But now, even the modest protections promised by the FCC are at risk. Assuming the Republicans pass their resolution, there will be few concrete limits on what data providers can collect, what they can do with it and little in the way of requirements for how they protect it.
Don’t worry, though, I’m sure Pai, Flake and friends will come through with privacy rules that cover both broadband providers like Comcast and internet companies like Google. With their latest moves, they’ve shown just how much they really care about your privacy.
Illustration: Jeff Durham, BayAreaNew Group