2017 Broadband Consumer Privacy Proposal repeal

On 28 March 2017, the United States House of Representatives passed a resolution of disapproval (S.J.Res 34) to overturn the Broadband Consumer Privacy Proposal privacy law by the Federal Communications Commission (FCC) and was expected to be approved by United States' President Donald Trump. It was passed with 215 Republican votes against 205 votes of disapproval.

The repealed privacy protections, once approved in 2016, sought to regulate what companies can do with data of customers' browsing habits, communication contents, app usage history, location data and social security numbers and safeguard customer data against hackers and thieves.

Supporters of the vote argued that the privacy regulations stifle innovation by forcing Internet providers to abide by unreasonably strict guidelines.

Due to the repeal Internet service providers (ISP) like Comcast, AT&T and Verizon may sell Web browsing histories and other sensitive data directly to marketers, financial firms and other companies without consumers' consent. Furthermore, the FCC will be forbidden from issuing similar rules in the future.

Background
Internet providers have historically generated their revenue from selling access to the Internet and are now looking to increase their revenue by tapping the data their customers generate as they make use of the Internet.

The industry with its profit motive favors an interpretation of privacy that does not consider browsing history or app usage data to be sensitive and protected — the Federal Trade Commission's (FTC) interpretation. However the FTC is unable to enforce its own guidelines without new authority from Congress.

On 16 March 2017 CTIA claims that "Web browsing and app usage history are not 'sensitive information'" in a filing with the FCC.

History

 * On 27 October the FCC imposed new privacy rules that were scheduled to take effect by the end of 2017 that would have required ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties The FCC final rules were titled "Protecting the Privacy of Customers of Broadband and Other Telecommunication Services," 81 Fed. Reg. 87274 (December 2, 2016).
 * On 15 February 2017 Senator Jeff Flake confirmed that he plans to introduce a resolution that would roll back the FCC's broadband privacy rules via the Congressional Review Act.
 * On 7 March 2017 Senator Jeff Flake and 23 Republican co-sponsors introduced the resolution.
 * From 21 March to the resolution's passage more than 15,000 calls against the measure were made into the Capitol.
 * On 22 March 2017 advocacy groups including Free Press, Demand Progress, and the ACLU went to Congress to deliver nearly 90.000 petitions to "save broadband privacy".
 * On 23 March 2017 the United States Senate passes the resolution with the votes of 50 Republicans against 48.
 * On 28 March 2017 the United States House of Representatives passes resolution "S.J.Res 34"
 * On 28 March 2017 the White House releases a statement according to which the administration strongly supports House passage of S.J.Res. 34 and the President's advisors would recommend that he sign the bill into law.

Reception
Many of the privacy advocates who oppose ISP data sharing also oppose tracking by ad networks and technology companies such as Google but find ISP tracking extra worrisome as ISPs have access to all of one's browsing data − not just data from specific sites that share their data with particular ad networks, and as disabling cookies or adblockers can't prevent this sort of tracking.

Jeffrey Chester, executive director of the Center for Digital Democracy states that the vote means that "Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder".

Senator Brian Schatz states that "if this [resolution] is passed, neither the FCC nor the FTC will have clear authority when it comes to how Internet service providers protect consumers' data privacy and security. Regardless of politics, allowing ISPs to operate in a rule-free zone without any government oversight is reckless".

According to Anna Eshoo the consequences of the resolution's passage are clear: "broadband providers like AT&T, Comcast, and others will be able to sell your personal information to the highest bidder without your permission".

Michael Copps, a former member of the Federal Communications Commission, called the bill a "perversion of what the internet was supposed to be".

Dallas Harris, an attorney who specializes in broadband privacy and a policy fellow at consumer advocacy group Public Knowledge notes that ISPs might be able to figure out where you bank, your political views, and your sexual orientation based on what sites you visit and asserts that "the level of information that they can figure out is beyond what even most customers expect". Various information can be extracted from Internet traffic − for instance "the fact that you're looking at a website can reveal when you're home, when you're not home" and according to her "you don't need to see the contents of every communication to develop efficient ad tracking mechanisms".

Senator Ed Markey states that "President Trump may be outraged by fake violations of his own privacy, but every American should be alarmed by the very real violation of privacy that will result [from] the Republican roll-back of broadband privacy protections".

Cable lobby group NCTA says that they "appreciate today's Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality".

Michael Capuano asks "What the heck are you thinking? What is in your mind? Why would you want to give out any of our personal information to a faceless corporation for the sole purpose of them selling it?".

Evan Greer, campaign director of digital rights group Fight for the Future states that "today Congress proved once again that they care more about the wishes of the corporations that fund their campaigns than they do about the safety and security of their constituents". She also states that:

"Gutting these privacy rules won’t just allow internet service providers to spy on us and sell our personal information, it will also enable more unconstitutional mass government surveillance, and fundamentally undermine our cybersecurity by making our sensitive personal information vulnerable to hackers, identity thieves, and foreign governments"

Craig Aaron, Free Press Action Fund President and CEO writes in a statement:

"Ignoring calls from thousands of their constituents, House Republicans just joined their colleagues in the Senate in violating internet users’ privacy rights. Apparently they see no problem with cable and phone companies snooping on your private medical and financial information, your religious activities or your sex life. They voted to take away the privacy rights of hundreds of millions of Americans just so a few giant companies could pad their already considerable profits. Facing a growing public outcry, they rushed through this vote before more people could find out what was at stake."

SearchInternetHistory.com is a crowdfunding campaign trying to raise $1 million to buy the browsing history of Republican officeholders like Senate Majority Leader Mitch McConnell, and then Speaker of the House Paul Ryan, and FCC Chair Ajit Pai.

Management
Consumers may switch to ISPs with better privacy protections. However this could be difficult for some as many Americans only have a choice of one or two broadband companies in their area according to federal statistics. Senator Ron Wyden states that thus their only choice may be between "giving up their browsing history for an Internet provider to sell to the highest bidder or having no Internet at all". Furthermore, the existence of such ISPs is not guaranteed and Jeremy Gillula, a senior staff technologist at the Electronic Frontier Foundation notes that it's "unclear if they would even have to tell you they were doing it".

VPN can be used to protect one's data from ISPs. However good VPNs generally cost money, take some effort and minor technical skills to set up, and will slightly degrade the connection speed.

Furthermore, the Tor browser can be used to surf anonymously. This would however significantly slow down connection speed and not be adequate in most cases.

Also ISPs can't look into the encrypted traffic of sites that use TLS whose URLs starts with "HTTPS" but only the domain name. The HTTPS Everywhere browser extension allows for better protection via HTTPS. Also apps that use end-to-end encryption can be used to protect communication contents.

Some consumers might assume that they can protect their browsing histories by deleting them or by using privacy modes of browsers such as Chrome's "incognito mode" which is not the case.