FCC Privacy Rules Rollback Presents an Opportunity

Posted on April 03, 2017 by Sam Pfeifle

For those of us in the privacy community, the headlines this week have been a little shrill. “For Sale: Your Privacy Browsing History,” for example. Or perhaps, “How the Republicans Sold Your Privacy to Internet Providers.”

That second one is by Tom Wheeler, the democratic Federal Communications Commission Chairman who lost his job when Trump ascended to the presidency. And it’s understandable that he’s upset. The process the FCC went through to create the privacy rules Congress undid was lengthy and arduous. Many stakeholders provided input. The FCC hoped to regulate broadband providers in the same way it regulates telephone service providers, fixing what it considered a loophole created as technology outpaced the law.

It is unquestionably ironic that, now, the very same information that can’t be harvested by telecom companies via a phone call can absolutely be harvested by via navigation to a web site.

However, that’s the way the world has worked for decades. These privacy rules hadn’t even come into effect yet. Your internet service provider could already “sell your browsing history.” So, in fact, can lots of other people, unless you opt out. You know how you go shoe shopping online and then you hit up Facebook and see an ad for the shoes you were looking at? How do you think that happens?

Further, it’s a bit disingenuous to act like these ISPs would be keeping a file on you and then someone could come along and say, “Hey, I’d like to buy Sam Pfeifle’s browsing history. What’s the cost?” Rather, your browsing history becomes part of the ad-targeting network and, when companies make a buy to target a specific type of person, your browsing history contributes to whether you receive a targeted message or not. Those kickstarters claiming to raise money to buy the browsing histories of Republicans who voted for the bill are total bollocks.

That’s because people would get really upset at their internet service provider if they found out they were selling a file on them that showed a list of all the web sites they hit up in the last month. It would not be tenable for a business to do that. People would shut off their service.

And that’s the opportunity here for the telecom industry and consumers alike. It’s time to compete on privacy. Already, we’re hearing about ISPs that are promising not to sell any browsing history or personal data about their customers. I expect more telecom providers to use privacy to make you feel better about their relationship with them. They’ll emphasize their opt-outs. They’ll talk about aggregated and de-identified data. Maybe they’ll even offer to sell you a slightly more expensive plan that allows you total privacy (AT&T has tried this already).

We’ve already seen this happen in the social media world. After a period of wild, wild west, the Federal Trade Commission whacked a number of web sites for not being entirely straightforward in the way they collected and sold data. Now you see Facebook releasing expanded ways to manage privacy settings and understand data flows. Twitter prides itself on fighting government requests for data. Apple makes privacy part of its annual event hyping its newest products.

One would think we’d see similar developments in the ISP space — if businesses see it as advantageous to do so. If you have concerns about the way your ISP collects and handles your personal information, give them a call. While you can argue that there often aren’t many choices for getting Internet access in your location, I can guarantee you that ISPs are tracking how many people use their cellular data exclusively for Internet access. Is your LTE all that much slower than your broadband?

Here at the International Association of Privacy Professionals, we’re seeing massive growth. We didn’t exist in 2000, and now we’re approaching 30,000 members. Why? Because privacy is now an important part of doing business. Companies don’t hire privacy pros out of the goodness of their hearts. They do it because it’s vital to running a business in the digital age. Screw up privacy and you screw up your business.

Just ask Yahoo, which saw hundreds of millions of dollars shaved off its asking price after disclosing data breaches. Or Target, which replaced much of its upper management following its own headache.

Now, the general public is discovering that privacy is more than data breaches. It’s about what consent you have given companies for the use of your data. If you actually care about that, it’s time to actually manage that consent. Find your ISP’s opt-out and use it. Invest in a VPN. Only fraternize sites that use HTTPS.

Or don’t. That’s your choice as a consumer. Some people love to save a buck on cereal with a coupon. Others don’t care. Some people sue Subway because their sandwich isn’t actually a foot long. Others are fine with the 11 inches.

Maybe these shrill headlines are a wake-up call, and we’ll see consumers suddenly value their privacy in ways they haven’t previously. Maybe they’re just a sign of our partisan times, where it’s an outrage if the colored-party you don’t like does something your favorite person on Twitter tells you is outrageous.

That’s what we’re about to find out.

Contributors

Sam Pfeifle

Content Director, International Association of Privacy Professionals

Privacy

privacy

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.