The House voted Tuesday to repeal landmark internet privacy rules that required broadband companies to first get consent before sharing their customers' sensitive information, including browsing history and location data, with advertisers and other third-party companies. The repeal was passed largely along party lines, in a 215–205 vote; House Democrats were joined by 15 Republicans in opposition.
The vote comes a week after the Senate approved the repeal. Now President Trump's signature is the final step needed to abolish the privacy protections.
Passed by the Federal Communications Commission in October, the rules also forced broadband providers to tell customers about the data they collect and why they collect it, and to identify the kinds of third-party companies that might be given access to that information. Parts of the internet privacy rules were scheduled to take effect later this year. Others, including a provision that required broadband companies to protect consumer information from hackers and data breaches, had already kicked in. FCC Chair Ajit Pai, however, moved to block the data security rules earlier this month.
Republican lawmakers and the telecom industry have staunchly opposed the regulations. They have argued that the rules unfairly target internet providers, like Comcast and AT&T, and offer an advantage to other web companies that regularly harvest and sell customer information. Since businesses like Facebook and Google are not bound by the FCC rules, critics say the privacy regulations singled out broadband companies.
"These rules varied from the industry principles developed last year and established a double standard by creating different sets of regulation for internet service providers on the one hand and the rest of the internet ecosystem on the other," USTelecom CEO Jonathan Spalter said in a statement last week.
But a coalition of consumer and privacy groups have argued that internet providers occupy a powerful position in people's internet use. Groups including the ACLU, the Electronic Frontier Foundation, and Free Press say that the rules are a crucial protection in the digital age.
"We are one step closer to a world where ISPs can snoop on our traffic, sell our private information to the highest bidder, and pre-install spyware on our mobile phones," Jeremy Gillula, a senior staff technologist for the Electronic Frontier Foundation, told BuzzFeed News.
Unlike social media companies and other kinds of advertisers and web trackers, broadband providers can monitor all unencrypted internet traffic. Democratic lawmakers have also pointed out that many Americans only have a single internet provider serving their community, leaving them no choice but to accept whatever data collection practices are in place if they want internet service.
3 Invasive Things Your ISP Could Do If The Privacy Rules Are Repealed
1. Sell Your Browsing History
"The consequences of repeal are simple: ISPs like Comcast, AT&T, and Charter will be free to sell your personal information to the highest bidder without your permission — and no one will be able to protect you," wrote Gigi Sohn, counselor to former FCC chairman Tom Wheeler, in an op-ed on The Verge Monday.
While Americans can use free browser tools to block many types of web tracking, monitoring by internet providers is much harder to prevent. "Your ISP is in a privileged position where they can see everything," said Gillula, who has written about the "creepy" data collection that ISPs can conduct if the regulations are gutted.
"Any attempt to block the ISP from monitoring you, they have the power to override," Ernesto Falcon, legislative counsel at EFF, told BuzzFeed News.
2. Compile Internet Profiles And Inject Targeted Ads
"There are major medical, financial, and legal websites — like the US Courts, for example — that are largely unencrypted. ISPs will be able to build detailed profiles of their customers — knowing when they're at vulnerable points in their lives — and sell that information to practically whomever they wish," Gaurav Laroia, policy counsel at Free Press, told BuzzFeed News. If someone is visiting a medical website, for instance, third parties can infer what illnesses they may suffer from, revealing sensitive health information.
"It's well-established that these internet companies are looking hungrily at companies like Facebook and Google; they want in on that advertising action," Jay Stanley, a senior policy analyst with the ACLU, told BuzzFeed News. "This is an effort by them to preserve the ability to monetize people's information. And without these rules, they are going to plow forward."
3. Deploy Hidden Tracking Cookies On Our Phones
Following a 15-month investigation, the FCC settled with Verizon Wireless last year over the company's use of so called "supercookies" — tracking code that could not be deleted, which Verizon used to monitor customers' online activity without their permission.
"It didn’t matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway," the EFF's Gillula wrote. The browsing history, according to the FCC, was collected for several years without consent; Verizon and other third-party companies used it for targeted advertising.
For privacy advocates, pervasive data collection of your internet activity can be enormously invasive. "The websites you visit can indicate information about your financial life, your sexual life, your medical life, what disease you have, what diseases you might be worried you have," said Stanley.
"We don't even know what other derivative uses exist, because no one has ever had this type of information on consumers," Falcon said, referring to new types of data collection and novel forms of the sale of personal data. "That's what's most frightening."
Outside Your Bubble is a BuzzFeed News effort to bring you a diversity of thought and opinion from around the internet. If you don’t see your viewpoint represented, contact the curator at firstname.lastname@example.org. Click here for more on Outside Your Bubble.
Hamza Shaban is a technology policy reporter for BuzzFeed News and is based in Washington, DC.
Contact Hamza Shaban at Hamza.Shaban@buzzfeed.com.
Got a confidential tip? Submit it here.