An obscure law from 1996 may be used to kill off the FCC's broadband consumer privacy rules Credit: Thinkstock “When you go online you reveal a tremendous amount of private information about yourself,” wrote the Electronics Frontier Foundation (EFF). “What you browse, what you purchase, who you communicate with—all reveal something personal about you.” These are examples of what your ISP knows about you.But it’s more than that for people with smart connected devices. Think about a smart refrigerator. As former FCC Chairman Tom Wheeler asked, “Who would have ever imagined that what you have in your refrigerator would be information available to AT&T, Comcast, or whoever your network provider is?” Who would have thought they could sell that type of information?The FCC did something about that last year by putting privacy protections in place for when you use your broadband provider.Before the broadband consumer privacy rules were adopted, Wheeler explained that an “ISP would be required to notify consumers about what types of information they are collecting, specify how and for what purposes that information can be used and shared, and identify the types of entities with which the ISP shares the information.” Opt-in, opt-out and congressionally recognized exceptions are the three categories of how ISPs can use and share data.Under the broadband consumer privacy rules, ISPs need to obtain “opt-in” consent before sharing sensitive information. The FCC defined sensitive consumer PI as “financial information, health information, Social Security numbers, precise geo-location information, information pertaining to children, content of communications, web browsing history, application usage history, and the functional equivalents of web browsing history or application usage history. With respect to voice services, we also find that call detail information is sensitive information.” Wheeler wrote, “All other individually identifiable information would be considered non-sensitive, and the use and sharing of that information would be subject to opt-out consent.”The rules weren’t meant to stop ISPs from sharing or using their customers’ information; they were meant “to put their customers in the driver’s seat when it comes to those decisions.”Companies push to remove consumer privacy protectionNow, however, “cable and telephone companies are pushing Congress to make it illegal for the federal government to protect online consumer privacy.” The EFF explained, “The cable and telephone industry are actively lobbying Congress to not only eliminate your new privacy protections, but to go even further and potentially make it illegal for the federal government to protect your personal information online.”The plan to gut those privacy protections involve an obscure law passed in 1996 called the Congressional Review Act (CRA). President Trump has already signed a CRA to nullify a Security and Exchange Commission regulation. And The Hill previously reported that at least 10 CRA bills are moving through the House and Senate.“That’s a big deal,” Carol Andress wrote in The Hill article. “Until now, only one CRA resolution had ever been passed and signed into law.”CRAs are tricky beasts because they can also stop something similar from being enacted at a later date. The EFF wrote, “The CRA creates a procedure that can invalidate a recently enacted rule on an expedited schedule that bypasses the Senate filibuster and prohibits the enactment of ‘substantially similar’ rules in the future until Congress passes a new law. The ‘substantially similar’ provision has never been tested in courts and could possibly bar the FCC from enacting future consumer privacy rules even if they are more industry friendly.” If a CRA is used to repeal the FCC’s broadband consumer privacy rules, the EFF said “years of your private information” will be “at the complete mercy of cable and telephone companies who would face no federal repercussions from monetizing and reselling your personal information without your permission and without your knowledge.”According to the EFF:The question remains whether Congress intends to eviscerate consumer privacy under this vehicle and recent reports indicate that a bill will be introduced soon unless you demand that your elected representatives protect your right to online privacy.Please consider contacting your representative in Congress and making it clear that you are opposed to Congress taking away your privacy rights. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe