GOP POWERS BRING CONSUMER DATA SHOWERS: How Congress Just Sold Your Browsing History to the Highest Bidder

“I guarantee you there is not one person, not one voter of any political stripe anywhere in America who asked for this. No one in America stood up in a town hall and said, ‘Sir, I demand you let somebody else make money off my shameful desires. Maybe blackmail me someday.’[1]

The American news cycle has certainly been filled with its fair share of craziness in the past couple weeks. Did Russia hack the U.S. election? Is the battle for healthcare over? Was President Trump really wiretapped? Did you hear Beyoncé’s surprise new single? Most importantly: did Congress just put a price tag on your Internet privacy?

While I can’t definitively answer the first three questions, I can tell you that last week Congress voted to nix a set of prospective Federal Communication Commission Internet privacy protections and on Monday evening, President Trump signed the rollback into law.[2]

Let’s jump back in time and examine what exactly Congress killed. In 2015, the FCC reclassified Internet Service Providers (ISPs) as “common carriers” meaning just like water or electricity, the Internet is a public utility.[3] The Telecommunications Act of 1996 regulates public utilities under Title II, as “telecommunication providers,” as opposed to telecommunication companies, which are governed under Title I.[4] Notably, the FCC oversees Title II providers while the FTC oversees Title I companies. Those classified under Title II are subject to greater regulatory pressure and stricter oversight than those classified under Title I.[5] So while a company like Facebook or Google is a Title I entity, governed by the FTC under a looser authority, companies like Verizon and Comcast are Title II providers, and the FCC is granted a significant amount of power in overseeing their activities.[6]

Originally, this reclassification had nothing to do with Internet privacy but rather with the heated argument over net-neutrality.[7] The Democratic-led FCC implemented the 2015 Open Internet Order to prevent ISPs from prioritizing faster Internet speeds for those websites willing to pay more for it.[8] In treating the Internet as a public utility, the FCC was making a statement that the Internet is no longer a luxury, but a necessity for Americans.[9] Just as public water companies cannot provide “better” water for those who can afford it, ISPs cannot provide “better” Internet speeds for the highest bidder. (No, the irony of the Flint water crisis is not lost on me here.)

The privacy issue, however, was not central to the 2015 Open Internet Order. The Obama Administration Internet privacy policies were simply an addendum to the net-neutrality crusade.[10] Although typically, the FTC is charged with protecting consumers, in this case Internet consumers and ISP privacy policies, the FTC cannot regulate Title II common carriers.[11] The reclassification left a gaping hole for oversight of ISP privacy policies.[12] Thus, the FCC stepped in and implemented ISP-specific privacy rules.[13] These rules allowed ISPs to collect “nonsensitive” personal data, such as email addresses, without having to ask permission beforehand but were required to offer an opt-out option for consumers.[14] Other data, “sensitive” data, like Social Security numbers, children’s information, financial information, health information and location or geographic information, required an ISP to present consumers with the opt-in option, and required consumer permission before collecting that data.

Somewhere between “sensitive” and “nonsensitive” lies data like web browsing history and app usage information. These proposed rules, which were to be implemented in December 2017, sought to treat this information like “sensitive” information and require ISP, and ISPs only, to give consumers the choice to opt-in before ISPs could go ahead and share or sell that data with advertisers and other third parties.[15] This is the crux of consumers’ current dilemma.[16]

In Washington, just like in science, when there is an action there is most certainly an equal and opposite reaction. Anti-regulation Republicans were aggravated over what they believed was an FCC power-grab. Thus, a Republican triple-threat House, Senate, and Executive made it clear over the last week that this proposed privacy protection will never come to fruition.

Although it is important to note that thus far, ISPs have never been required to obtain consent before collecting browsing history and location data, the mobile advertising business is growing at an exorbitant rate and this measure was supposed to protect consumers from the consequences of that growth. Blocking this protection merely maintains the status quo of the Internet.[17]

Opponents of the protection, (proponents of the resolution), argue that pre-emptive regulations are the improper method for FCC oversight. Rather, they contend, that the FCC should pursue violations of public privacy through case-by-case investigation and enforcement.[18] Opponents believe that all Internet parties, ISPs and companies alike, should be entitled to operating under the same basic framework.[19] Namely, if Google can do it, why can’t Verizon? Ideally, the argument is that ad revenue would help to lower the price of ISPs’ core services for consumers.[20] Trickle-down telecomics, if you will. Ironically, Internet companies are quite happy about this resolution, as it sets the stage for the governmental acceptance of their business model.[21]

Proponents of privacy argue that the Presidents signature on Monday evening undoes “privacy rules that ensure consumers control how their most sensitive information is used.”[22] While companies like Google do collect this sort of information already, privacy advocates point out that it is much easier to switch websites than it is to switch ISPs.[23] Most notably, they discuss how in various rural areas, there are only a couple of ISPs to choose from.[24] This resolution forces the consumer to do a fair amount of work to protect their own information, constantly monitoring their own ISPs.[25] Finally, in allowing ISPs to use an opt-out procedure to sell their customers’ information, ISPs are “double dipping” from their customers.[26] ISPs are collecting cash and information from their customers, and selling that information to advertisers for even more cash. Constructively, customers are paying for their own information to be sold and used against them.[27]

The argument that ISPs and Internet companies should operate under the same framework overlooks the differences in how the two operate. First, consumers can disable app location services and are often prompted for permission at the outset.[28] Conversely, consumers may not even be aware that ISPs are collecting information. Second, while Facebook and Google are free services, consumers “pay” in information and this is viewed as a fair tradeoff[29]—there is no law mandating someone to have a Facebook account. On the other hand, it is nearly impossible to operate in 2017 without at least some degree of Internet access, and now consumers are paying for it both in cash and in information.[30] Additionally, companies are limited in the how they collect data.[31] While a Facebook user can “check-in” and alert the site as to that user’s current location, ISPs can determine real-time location of any of its customers by using cell tower information.[32] Internet companies use cookies to track a user’s web location. After visiting an online retailer, it is almost certain that an advertisement for that retailer will appear on a user’s Facebook in some form the next time that user logs on to his or her account.[33] Dauntingly, ISPs can combine both your digital Internet location and your physical location to target their customers—and can now do this all without your informed consent.[34]

Essentially, what ISPs are now free to do is to data-mine[35] your browsing history and physical location to create a unique user profile to package and sell to advertisers. While AT&T cannot legally sell the “Brette Berman” data package, ISPs can assign an anonymous identifier to my user profile.[36] In the aggregate, ISPs can gather profiles strikingly similar to mine so when an advertiser seeks to purchase the information profiles of the demographic[37] “white, student, female, aged 24-28, greater NYC area, frequent streamer of Comedy Central, caffeine aficionado, bi-weekly Zara shopper,” and the advertiser can identify, with laser precision, not just a target market, but a target customer.

What makes an ISPs information even more valuable is the ability to track the success of the advertisements[38], most notably in those ISPs that provide both home and mobile services. For example, if Verizon customer user searches “Red Hot Chili Peppers MSG” using the home Wi-Fi, that user will see Red Hot Chili Peppers concert ticket advertisements likely until the band moves on to the next city. Aside from the fact that Verizon is able to tell whether or not that user purchases the tickets due to the availability of the browsing history, using mobile location services, Verizon can also determine if that user was actually at Madison Square Garden the night of the show. This sort of information is invaluable to advertisers and gives ISPs even more bargaining power, driving up the premiums of ad space and information.[39]

The Telecommunications Act of 1996 did not anticipate apps, location services, or social media. For decades there has been a bi-partisan effort to protect the privacy of information contained in a phone call.[40] The efforts of the FCC under President Obama sought to extend these protections to Internet users. If what is said in a phone call is highly protected, shouldn’t what is entered into a search bar be afforded the same privilege? Why should a user be subject to advertisement and targeting because she conducted an Internet search as opposed to placing a phone call? Personal information should belong to that person, not the company paid to transmit it.[41]

While the Internet itself loves to joke about Siri or Alexa spying on your home, it isn’t that far fetched. If your Alexa is connected to an ISP, it could very well be a reality.[42] What is most troubling about this resolution is the slippery slope individual Internet privacies could easily succumb to. What happens when this information is not just sold to advertisers but to other third parties? Can insurers purchase it to determine premiums? Can banks purchase it in making credit extension decisions? Can individuals purchase it without a reason at all? And of course, if it can be purchased, it can certainly be hacked.[43]

Ultimately, privacy is becoming a commodity. While users can protect themselves by using VPNs and Web tools that cloud a users history with fake searches so as to throw off the advertisers’ hunt[44], it would not be surprising for a network of privacy-promising ISPs and browsers to corner their own market… for a price. Harrowing, of course, is the idea that traditional ISPs have the ability to upcharge for privacy.[45] So while all websites might be created equal, those who visit them are not.

Republicans[46], ISPs, and advertisers may celebrate this as a legislative victory but consumers must remain vigilant.[47] After all, the Internet was invented to liberate us, not dictate us.

 

Brette Berman is a secnd-year law student at Benjamin N. Cardozo School of Law and a Staff Editor of the Cardozo Arts & Entertainment Law Journal. She is pursuing a concentration in Intellectual Property Law and hopes to use her degree to focus on the legal aspects of media, advertising, and mass communications. Brette is also anxiously awaiting the final season of Game of Thrones.


[1] Harper Neidig, Trump signs internet privacy repeal, The Hill (Apr. 3, 2017, 7:24 PM), http://thehill.com/homenews/administration/327107-trump-signs-internet-privacy-repeal, quoting Stephen Colbert The Late Show.

[2] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[3] See Rebecca R. Ruiz & Steven Lohr, F.C.C. Approves Net Neutrality Rules, Classifying Broadband Internet Service as a Utility, The New York Times (Feb. 26, 2015), https://www.nytimes.com/2015/02/27/technology/net-neutrality-fcc-vote-internet-utility.html; See also  Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[4] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[5] Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[6] Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[7] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[8] Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[9] Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[10] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[11] See Allison Grande, FTC Still Top Privacy Cop Despite FCC Order, Brill Says, Law360 (Sept. 28, 2015, 8:27 PM), https://www.law360.com/articles/708010/ftc-still-top-privacy-cop-despite-fcc-order-brill-says; See also Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[12] See Maureen K. Ohlhausen, FTC-FCC: When is Two a Crowd? 33rd Annual Institute on Telecommunications Policy & Regulation (Dec. 4, 2015). Transcript can be found at https://www.ftc.gov/system/files/documents/public_statements/893473/151204plispeech1.pdf.

[13] See Rebecca R. Ruiz, F.C.C. Sets Net Neutrality Rules, The New York Times, (Mar. 12, 2015), https://www.nytimes.com/2015/03/13/technology/fcc-releases-net-neutrality-rules.html.

[14] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[15] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[16] Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[17] See Timothy B. Lee, What the Republican online privacy bill means for you, Vox (Mar. 29, 2017, 1:10 PM), http://www.vox.com/new-money/2017/3/29/15107110/republican-isp-data-privacy.

[18] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[19] See Alina Selyukh, U.S. Senate Votes to Repeal Obama-Era Internet Privacy Rules, NPR (Mar. 23, 2017, 3:25 PM), http://www.npr.org/sections/thetwo-way/2017/03/23/521253258/u-s-senate-votes-to-repeal-obama-era-internet-privacy-rules.

[20] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[21] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[22] Alina Selyukh, U.S. Senate Votes to Repeal Obama-Era Internet Privacy Rules, NPR (Mar. 23, 2017, 3:25 PM), http://www.npr.org/sections/thetwo-way/2017/03/23/521253258/u-s-senate-votes-to-repeal-obama-era-internet-privacy-rules.

[23] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[24] See Jeff Dunn, House Republicans just voted to let your internet provider sell your browsing history without your permission, Business Insider (Mar. 28, 2017), http://www.businessinsider.com/house-republicans-kill-fcc-broadband-privacy-rules-2017-3.

[25] See Timothy B. Lee, What the Republican online privacy bill means for you, Vox (Mar. 29, 2017, 1:10 PM), http://www.vox.com/new-money/2017/3/29/15107110/republican-isp-data-privacy.

[26] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[27] See Tom Wheeler, How the Republicans Sold Your Privacy to Internet Providers, The New York Times (Mar. 29, 2017), https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html?_r=0.

[28] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[29] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[30] See Tom Wheeler, How the Republicans Sold Your Privacy to Internet Providers, The New York Times (Mar. 29, 2017), https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html?_r=0.

[31] See Olivia Solon, Your browsing history may be up for sale soon. Here’s what you need to know, The Guardian (Mar. 28, 2017, 6:00 PM), https://www.theguardian.com/technology/2017/mar/28/internet-service-providers-sell-browsing-history-house-vote.

[32] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[33] See Timothy B. Lee, What the Republican online privacy bill means for you, Vox (Mar. 29, 2017, 1:10 PM), http://www.vox.com/new-money/2017/3/29/15107110/republican-isp-data-privacy.

[34] See Chris Ciaccia, How will ISPs collect and sell your browser history?  Fox News (Mar. 30, 2017), http://www.foxnews.com/tech/2017/03/30/how-will-isps-collect-and-sell-your-browser-history.html.

[35] See Brian Fung, What to expect now that the Internet providers can collect and sell your browser history, The Washington Post, (Mar. 29, 2017), https://www.washingtonpost.com/news/the-switch/wp/2017/03/29/what-to-expect-now-that-internet-providers-can-collect-and-sell-your-web-browser-history/?utm_term=.4ced339c476.

[36] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[37] See Timothy B. Lee, What the Republican online privacy bill means for you, Vox (Mar. 29, 2017, 1:10 PM), http://www.vox.com/new-money/2017/3/29/15107110/republican-isp-data-privacy.

[38] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1

[39] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[40] See Tom Wheeler, How the Republicans Sold Your Privacy to Internet Providers, The New York Times (Mar. 29, 2017), https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html?_r=0.

[41] See Tom Wheeler, How the Republicans Sold Your Privacy to Internet Providers, The New York Times (Mar. 29, 2017), https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html?_r=0.

[42] Anurag Harsh, Your Browser History Could be for Sale Soon. Are You Concerned? LinkedIn (Apr. 1, 2017), https://www.linkedin.com/pulse/your-browser-history-could-sale-soon-you-concerned-anurag-harsh?trk=eml-email_feed_ecosystem_digest_01-hero-0-null&midToken=AQGgHAVYOZizRg&fromEmail=fromEmail&ut=15cE4bzHzDgTI1.

[43] See generally Molly Olmstead, Congress Votes to Allow Broadband Providers to Sell Your Data Without Your Permission, Slate (Mar. 28, 2017, 6:36 PM), http://www.slate.com/blogs/future_tense/2017/03/28/congress_votes_to_allow_broadband_providers_to_sell_your_data.html.

[44] Anurag Harsh, Your Browser History Could be for Sale Soon. Are You Concerned? LinkedIn (Apr. 1, 2017), https://www.linkedin.com/pulse/your-browser-history-could-sale-soon-you-concerned-anurag-harsh?trk=eml-email_feed_ecosystem_digest_01-hero-0-null&midToken=AQGgHAVYOZizRg&fromEmail=fromEmail&ut=15cE4bzHzDgTI1.

[45] See Jeff Dunn, Trump just killed Obama’s internet-privacy rules ­– here’s what that means for you, Business Insider (Apr. 4, 2017, 10:55 A.M.) http://www.businessinsider.com/trump-fcc-privacy-rules-repeal-explained-2017-4/#how-did-all-of-this-get-started-1.

[46] See Steven Benen, Trump signs measure undermining Internet privacy safeguards, MSNBC (Apr. 4, 2017, 12:47 PM), http://www.msnbc.com/rachel-maddow-show/trump-signs-measure-undermining-internet-privacy-safeguards.

[47] See Molly Olmstead, Congress Votes to Allow Broadband Providers to Sell Your Data Without Your Permission, Slate (Mar. 28, 2017, 6:36 PM), http://www.slate.com/blogs/future_tense/2017/03/28/congress_votes_to_allow_broadband_providers_to_sell_your_data.html.