2017 Broadband Consumer Privacy Proposal repeal


On 28 March 2017, the United States House of Representatives passed a resolution of disapproval to overturn the Broadband Consumer Privacy Proposal privacy law by the Federal Communications Commission and is now expected to be approved by United States' President Donald Trump. It was passed with 215 Republican votes against 205 votes of disapproval.
The repealed privacy protections, once approved in 2016, sought to regulate what companies can do with data of customers' browsing habits, communication contents, app usage history, location data and social security numbers and safeguard customer data against hackers and thieves.
Supporters of the vote argued that the privacy regulations stifle innovation by forcing Internet providers to abide by unreasonably strict guidelines.
Due to the repeal Internet service providers like Comcast, AT&T and Verizon may sell Web browsing histories and other sensitive data directly to marketers, financial firms and other companies without consumers' consent. Furthermore, the FCC will be forbidden from issuing similar rules in the future.

Background

Internet providers have historically generated their revenue from selling access to the Internet and are now looking to increase their revenue by tapping the data their customers generate as they make use of the Internet.
The industry with its profit motive favors an interpretation of privacy that does not consider browsing history or app usage data to be sensitive and protected — the Federal Trade Commission's interpretation. However the FTC is unable to enforce its own guidelines without new authority from Congress.
On 16 March 2017 CTIA claims that "Web browsing and app usage history are not 'sensitive information'" in a filing with the FCC.

History

Many of the privacy advocates who oppose ISP data sharing also oppose tracking by ad networks and technology companies such as Google but find ISP tracking extra worrisome as ISPs have access to all of one's browsing data − not just data from specific sites that share their data with particular ad networks, and as disabling cookies or adblockers can't prevent this sort of tracking.
Jeffrey Chester, executive director of the Center for Digital Democracy states that the vote means that "Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder".
Senator Brian Schatz states that "if this is passed, neither the FCC nor the FTC will have clear authority when it comes to how Internet service providers protect consumers' data privacy and security. Regardless of politics, allowing ISPs to operate in a rule-free zone without any government oversight is reckless".
According to Anna Eshoo the consequences of the resolution's passage are clear: "broadband providers like AT&T, Comcast, and others will be able to sell your personal information to the highest bidder without your permission".
Michael Copps, a former member of the Federal Communications Commission, called the bill a "perversion of what the internet was supposed to be".
Dallas Harris, an attorney who specializes in broadband privacy and a policy fellow at consumer advocacy group Public Knowledge notes that ISPs might be able to figure out where you bank, your political views, and your sexual orientation based on what sites you visit and asserts that "the level of information that they can figure out is beyond what even most customers expect". Various information can be extracted from Internet traffic − for instance "the fact that you're looking at a website can reveal when you're home, when you're not home" and according to her "you don't need to see the contents of every communication to develop efficient ad tracking mechanisms".
Senator Ed Markey states that "President Trump may be outraged by fake violations of his own privacy, but every American should be alarmed by the very real violation of privacy that will result the Republican roll-back of broadband privacy protections".
Cable lobby group NCTA says that they "appreciate today's Senate action to repeal unwarranted FCC rules that deny consumers consistent privacy protection online and violate competitive neutrality".
Michael Capuano asks "What the heck are you thinking? What is in your mind? Why would you want to give out any of our personal information to a faceless corporation for the sole purpose of them selling it?".
Evan Greer, campaign director of digital rights group Fight for the Future states that "today Congress proved once again that they care more about the wishes of the corporations that fund their campaigns than they do about the safety and security of their constituents". She also states that:
Craig Aaron, Free Press Action Fund President and CEO writes in a statement:
SearchInternetHistory.com is a crowdfunding campaign trying to raise $1 million to buy the browsing history of Republican officeholders like Senate Majority Leader Mitch McConnell, and then Speaker of the House Paul Ryan, and FCC Chair Ajit Pai.

Management

Consumers may switch to ISPs with better privacy protections. However this could be difficult for some as many Americans only have a choice of one or two broadband companies in their area according to federal statistics. Senator Ron Wyden states that thus their only choice may be between "giving up their browsing history for an Internet provider to sell to the highest bidder or having no Internet at all". Furthermore, the existence of such ISPs is not guaranteed and Jeremy Gillula, a senior staff technologist at the Electronic Frontier Foundation notes that it's "unclear if they would even have to tell you they were doing it".
VPN can be used to protect one's data from ISPs or theoretically to subscribe to foreign ISPs with better privacy protections. However good VPNs generally cost money, take some effort and minor technical skills to set up, and will slightly degrade the connection speed.
Furthermore, the Tor browser can be used to surf anonymously. This would however significantly slow down connection speed and not be adequate in most cases.
Also ISPs can't look into the encrypted traffic of sites that use TLS whose URLs starts with "HTTPS" but only the domain name. The HTTPS Everywhere browser extension allows for better protection via HTTPS.
Also apps that use end-to-end encryption can be used to protect communication contents.
Some consumers might assume that they can protect their browsing histories by deleting them or by using privacy modes of browsers such as Chrome's "incognito mode" which is not the case.