• United States



EFF: Congress considers making it illegal to protect consumer privacy online

Feb 21, 20174 mins
Data and Information SecurityInternetSecurity

An obscure law from 1996 may be used to kill off the FCC's broadband consumer privacy rules

controlling privacy
Credit: Thinkstock

“When you go online you reveal a tremendous amount of private information about yourself,” wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.

But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?

The FCC did something about that last year by putting privacy protections in place for when you use your broadband provider.

Before the broadband consumer privacy rules were adopted, Wheeler explained that an “ISP would be required to notify consumers about what types of information they are collecting, specify how and for what purposes that information can be used and shared, and identify the types of entities with which the ISP shares the information.”

Opt-in, opt-out and congressionally recognized exceptions are the three categories of how ISPs can use and share data.

Under the broadband consumer privacy rules, ISPs need to obtain “opt-in” consent before sharing sensitive information. The FCC defined sensitive consumer PI as “financial information, health information, Social Security numbers, precise geo-location information, information pertaining to children, content of communications, web browsing history, application usage history, and the functional equivalents of web browsing history or application usage history. With respect to voice services, we also find that call detail information is sensitive information.”

Wheeler wrote, “All other individually identifiable information would be considered non-sensitive, and the use and sharing of that information would be subject to opt-out consent.”

The rules weren’t meant to stop ISPs from sharing or using their customers’ information; they were meant “to put their customers in the driver’s seat when it comes to those decisions.”

Companies push to remove consumer privacy protection

Now, however, “cable and telephone companies are pushing Congress to make it illegal for the federal government to protect online consumer privacy.” The EFF explained, “The cable and telephone industry are actively lobbying Congress to not only eliminate your new privacy protections, but to go even further and potentially make it illegal for the federal government to protect your personal information online.”

The plan to gut those privacy protections involve an obscure law passed in 1996 called the Congressional Review Act (CRA). President Trump has already signed a CRA to nullify a Security and Exchange Commission regulation. And The Hill previously reported that at least 10 CRA bills are moving through the House and Senate.

“That’s a big deal,” Carol Andress wrote in The Hill article. “Until now, only one CRA resolution had ever been passed and signed into law.”

CRAs are tricky beasts because they can also stop something similar from being enacted at a later date. The EFF wrote, “The CRA creates a procedure that can invalidate a recently enacted rule on an expedited schedule that bypasses the Senate filibuster and prohibits the enactment of ‘substantially similar’ rules in the future until Congress passes a new law. The ‘substantially similar’ provision has never been tested in courts and could possibly bar the FCC from enacting future consumer privacy rules even if they are more industry friendly.”

If a CRA is used to repeal the FCC’s broadband consumer privacy rules, the EFF said “years of your private information” will be “at the complete mercy of cable and telephone companies who would face no federal repercussions from monetizing and reselling your personal information without your permission and without your knowledge.”

According to the EFF:

The question remains whether Congress intends to eviscerate consumer privacy under this vehicle and recent reports indicate that a bill will be introduced soon unless you demand that your elected representatives protect your right to online privacy.

Please consider contacting your representative in Congress and making it clear that you are opposed to Congress taking away your privacy rights.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.