This article originally appeared in TidBITS on 2017-04-03 at 10:07 a.m.
The permanent URL for this article is: http://tidbits.com/article/17143
Include images: Off

Congressional Republicans Kill FCC ISP Privacy Rules

by Josh Centers

The Republican majorities in the United States House and Senate have voted to roll back Obama-era privacy rules for ISPs [1]. The legislation is now headed to President Trump, who has indicated that he will sign it [2].

The rules set down by the Federal Communications Commission would have restricted your Internet service provider from collecting and selling your Internet browsing history to support advertising networks.

However, contrary to what many outlets are reporting, this rule rollback changes little, because the rules were never fully implemented in the first place. The FCC first approved them in October 2016, and they were set to go live later in 2017, but new FCC Commissioner Ajit Pai quickly halted implementation. However, this new legislation may embolden ISPs to expand existing data collection programs.

ISPs disliked the rules, arguing that they put them at a competitive disadvantage with online services like Facebook and Google. Bob Quinn, a senior vice president of external and legislative affairs for AT&T, said in a blog post [3], “If the government believes that location data is sensitive and requires more explicit consumer disclosures and permissions, then those protections should apply to all players that have access to location data, whether an ISP or edge player or search engine.” In a statement [4], the American Cable Association said, “ACA strongly supported Congress’ intervention to reverse the harms associated with the FCC’s unwarranted and burdensome broadband privacy regulations that singled out ISPs while exempting giant Internet edge providers, who have as much, if not more, access to similar consumer data.”

Ajit Pai isn’t entirely against Internet privacy regulation. He has consistently stated that all online service providers, including ISPs, should be subject to equal rules enacted by the Federal Trade Commission. However, as Jeff Dunn of Tech Insider explains [5], the fact that ISPs are now considered to be “common carriers” complicates that, since the FTC has limited power over such companies. Even if Republicans were to roll back the 2015 Open Internet Order that classifies ISPs as common carriers, firms that also offer phone services, such as AT&T and Verizon, will still fall under common carrier status.

There is one small hope left for the FCC rules: petitioning President Trump directly. Many of his fiercest supporters on Reddit are angry about the legislation [6], leaving open the possibility that Trump may veto it. But don’t hold your breath.

There’s also the possibility that states will enact their own privacy rules — Minnesota is considering its own measures [7]. If enough states pass such regulations, they may act as de facto national policy.

Regardless of whether or not the rule rollback will actually change anything, what can you do to protect your privacy online? As longtime Internet activist John Perry Barlow [8] once wrote [9], “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”

The best option, if it’s available to you, is to use an ISP with a strong privacy policy. In the United States, Sonic and XMission are widely celebrated for their dedication to user privacy [10]. Unfortunately, the U.S. broadband market isn’t very competitive, so you may not even have a choice of ISP. If you do, small local ISPs are likely to see a focus on privacy as a competitive advantage, and most probably don’t have enough customers to make that data valuable anyway.

Another easy thing you can do is use encrypted HTTPS connections to Web sites when possible. When you’re browsing with HTTPS, your ISP can see which sites you visit, but not what you see or do on them. The Electronic Frontier Foundation offers a browser extension called HTTPS Everywhere [11] for Chrome, Firefox, and Opera that forces an HTTPS connection whenever it’s available.

(The Take Control [12] Web site defaults to HTTPS, as Adam wrote about in “Why Take Control Was Briefly Labeled “Not Secure” [13]” (23 March 2017). You can use the TidBITS [14] site via HTTPS by merely changing the URL, but we don’t currently set HTTPS as the default. That’s because it causes a few problems, such as with displaying images in the print view. We’re looking into fixing that.)

Another option is a virtual private network (VPN), which tunnels all your Internet browsing through a secure connection. Your VPN provider could snoop on your browsing just like an ISP could, so it’s up to you to decide if you trust them or not.

If you’d like to try a free VPN that’s trivially easy to set up, the Opera [15] Web browser now features a built-in VPN. Quincy Larson wrote a Medium post explaining how to enable it and other privacy features in Opera [16]. I’ve been experimenting with Opera and have been pleasantly surprised by its speed and features. Note that using Opera’s built-in VPN protects only your Web browsing, not any other Internet traffic.

The Internet anonymizing service Tor [17] is more trustworthy than a typical VPN, but it’s slow, will likely draw the attention of intelligence agencies like the NSA [18], and can bring with it other unintended consequences (see “Why I Was Banned from WATCH ABC and Hulu [19],” 13 March 2014).

For more information, Joe Kissell’s “Take Control of Your Online Privacy [20]” will tell you all you need to know about defending your Internet privacy. Joe is currently working on the third edition, which will have up-to-date recommendations for VPN services, and anyone who buys the second edition now will get a free upgrade to the third edition when that comes out in a few weeks.

[1]: https://www.washingtonpost.com/news/the-switch/wp/2017/03/28/republicans-are-poised-to-roll-back-landmark-fcc-privacy-rules-heres-what-you-need-to-know/
[2]: http://www.businessinsider.com/fcc-ajit-pai-privacy-rules-isp-statement-2017-2
[3]: https://www.attpublicpolicy.com/privacy/reversing-obamas-fcc-regulations-a-path-to-consumer-friendly-privacy-protections/
[4]: http://www.americancable.org/node/6059
[5]: http://www.businessinsider.com/fcc-ajit-pai-privacy-rules-isp-statement-2017-2
[6]: http://www.theverge.com/2017/3/29/15111166/donald-trump-subreddit-internet-privacy-rules-backlash
[7]: https://arstechnica.com/tech-policy/2017/03/isp-privacy-rules-could-be-resurrected-by-states-starting-in-minnesota/
[8]: https://en.wikipedia.org/wiki/John_Perry_Barlow
[9]: https://books.google.com/books?id=1goAAAAAMBAJ&pg=PA22&lpg=PA22&dq=john+perry+barlow+peeping+tom&ots=dcO096lfK5#v=onepage
[10]: https://www.dailydot.com/layer8/sonic-isp-privacy/
[11]: https://www.eff.org/https-everywhere
[12]: https://www.takecontrolbooks.com/
[13]: http://tidbits.com/article/17121
[14]: https://tidbits.com/
[15]: https://www.opera.com/
[16]: https://medium.freecodecamp.com/how-to-set-up-a-vpn-in-5-minutes-for-free-and-why-you-urgently-need-one-d5cdba361907
[17]: https://www.torproject.org/
[18]: https://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/
[19]: http://tidbits.com/article/14586
[20]: http://tid.bl.it/tco-online-privacy-tidbits