March 17, 2016 4:48 PM

FCC Chairman Wheeler's Privacy Shell Game

In the past week, Chairman Wheeler has become the pied piper of the tech press.  He's been fawningly referred to as "the Dragonslayer," and, "the broadband industry's worst nightmare" (an encomium previously reserved for Comcast).  

Starting with a Huffington Post editorial entitled, "It's Your Data: Empowering Consumers to Protect Online Privacy," the Chairman has spawned copy that would draw an immediate FTC fine if it were attached to a product instead of a policy.  For example, NPR's headline, says the Chairman's proposed Internet privacy rules are going to "Let Consumers Set the Cost of Internet Privacy." New York Magazine's headline went further, saying  "The FCC Wants to Let Us Choose How Much the Internet Knows About Us."  

Unfortunately for Internet users, the reality is that--on the Internet--privacy is binary; you either have it, or you don't.  Moreover, as the Erin Andrews case demonstrates, on the Internet, when your information is lost to one person, it's available to everyone.  What is most concerning is not that the Chairman's proposed ISP privacy rules can't deliver on these fantastic promises, but that in the Chairman's Set Top Box NPRM, consumers are actually losing privacy that they used to have.   

Your Information Is Already on the Internet

It's no secret that, "your information is the commodity that drives the internet economy."  Nor is it any secret that this is the price the largest "free" websites/services charge for their services--such as those provided by Apple, Google, Facebook, and Microsoft.  

Likewise, Google is the leading online advertiser because it knows the most about you--and, according to the NY Times it is only getting better at gathering your information.  If you're interested, and have a Google account, here's an article with some links that allow you to see how much Google knows about you, based on your self-identified use of its apps.  But, these links don't tell you how much "pretty close to personal" data Google has collected on you, or what it has acquired through your use of its Android mobile operating system and mobile apps--which now account for 60% of mobile devices in the U.S.

The firms mentioned above are just the ones that you know have your information.  There is a whole industry comprised of firms, the names of which most people wouldn't recognize, called "data brokers."  These data brokers also track your Internet usage--and combine that information with other, personal information that they buy from your online merchants--to form a pretty accurate personal profile of all your online activity, which they make available to anyone willing to pay. 

ISP Privacy Rules Won't Give You "More" Privacy

Not surprisingly, according to experts, your ISP doesn't have any information about you that isn't already available from multiple other sources.  In fact, Professor Peter Swire of Georgia Tech says that, due to consumers' increased use of encryption, multiple connected devices, and proxy services, like VPNs, your ISP may actually know less about your Internet behavior than the websites you visit.

Of course, every expert doesn't agree completely with Prof. Swire's conclusions. In a thorough article presenting the opposing side, Computerworld reports that some experts disagree with Prof. Swire about how much of a consumer's Internet traffic ISPs can see--because encryption isn't always as effective as consumers might think, and even VPNs/DNS proxy services can be configured poorly.   Thus, Computerworld counsels readers to assume the worst, and that, "[m]uch like Google, your ISP knows everything about you."


                Now you all know everything about me . . .

Said differently, "the Internet" will not know one less fact about me if my ISP stops being the nth company to tell advertisers that I'm the leading YouTube viewer of "Lancelot Link: Secret Chimp" videos.  Rather, as Roslyn Layton explains, the effect of the proposed rules will be confined mostly to the ISPs, who must rely on consumers to pay an even larger share of the network costs, and the online advertising market--which needs more competition, not less. But, as for me, I get no "more" privacy than I have now.

Set Top Boxes Aren't Cheaper If You Pay with Your Privacy

Almost 30 years ago, during the politically polarized Senate confirmation hearings on President Reagan's Supreme Court nominee--Judge Robert Bork--some of the Judge's opponents were able to obtain his video rental history from his video store.  His opponents didn't find anything embarrassing, but they sparked a bi-partisan public outcry for laws to protect citizens from this type of repulsive invasion of privacy. Here's a contemporary article from the Chicago Tribune.   

Congress, though, was in front of the public this time, and Judge Bork's enemies could not have obtained his TV viewing records (if he was even a cable subscriber at the time), because in 1984 Congress had passed the Cable Communications Policy Act, protecting video subscribers' privacy. 47 U.S.C. 631   Since then, the FCC has had rules in place preventing the disclosure of personally-identifiable viewer information to third parties. 

In its Set Top Box NPRM, the Commission asserts that it will not totally ignore the requirements of the law, but the proposed rules would require the regulated entity (your cable or satellite MVPD) to send your personally-identifiable information to an unregulated third party providing a video navigation service.  The Commission suggests just asking Google and the data brokers to "self-certify" that they are complying with the legal obligations that apply to cable/satellite companies. See, NPRM at paras 73-74, 78.

Putting aside the dubious legality of the FCC's proposal, the Commission is exhibiting an almost-willful disregard for the purpose of the statute--or even worse, the importance of television as a shared medium.  The very nature of specific, viewer-tracked, ad delivery--of the kind Google proposes--is invasive.  Unless everyone gets the ad for [insert embarrassing product], then only the consumer gets embarrassed--when his friends watching March Madness ask, "why do I only see this ad at your house?"  

The Commission is expected to initiate an NPRM at its March 31st Open Meeting, for the purpose of ensuring that "consumers know what they are agreeing to when they sign up for Internet service."  There is nothing wrong with this goal.  In fact, it sounds a lot like the 32 year old law requiring TV providers to tell consumers the "nature of personally identifiable information collected or to be collected with respect to the subscriber and the nature of the use of such information."  Let's hope the data brokers are OK with that . . .

Leave a comment