\u201cIf you\u2019re being watched, you change your behavior, and that means you have less freedom. I don\u2019t think you can have freedom without privacy.\u201d \u2014Kevin Mitnick, quoted in my new book, "Hacking the Hacker."The United States has a long history of protecting at least some individual privacy rights with respect to common carriers. Much of the current protection was gained with the passage of the Communications Act of 1934\u00a0and further amended by the Telecommunications Act of 1996. The 1934 act put radio and telephone companies under the control of the FCC, and the 1996 act added ISPs and cable companies.Although both laws have inherent flaws, companies that provide your telephone, cellphone, radio, satellite, what have you service have long been prevented from reselling your personally identifiable information to others without your consent. Legally, it\u2019s not much of a burden. All they have to do is proactively notify you of their intent, and if you don\u2019t stop it, they can collect it and sell it.Unfortunately, laws regarding telecommunications were not clear regarding the ISPs\u2019 obligation to obtain consumer consent about collecting information on their private internet behavior. So on Dec. 2, 2016, the Obama administration passed FCC 81 Fed. Reg. 87274, titled \u201cProtecting the Privacy of Customers of Broadband and Other Telecommunication Services.\u201d It not only required notification of what data is collected, but also opt-in consent.Last week, Congress passed\u00a0S.J. Res. 34\u00a0to roll back the new FCC rule, and President Trump has signed it. The White House\u2019s press statement even acknowledges that ISPs will be able to \u201cshare certain information, including app usage and web browsing history. It also allows ISPs to use and share other information, including email addresses and service tier information, unless a customer \u2018opts out\u2019\u201d (emphasis mine).Understand that for a moment: Cellphone companies and ISPs can share your web browsing history, physical location, application use, and email address with anyone without notifying you or asking for your permission. It may shock you that they were legally able to do that both before the Obama rules and now once again\u2014and some have done so. But most ISPs have not shared this information (although they may have been collecting it for future use) because the law was previously unclear.The Obama administration created a new rule against it, providing clarity but in a way the ISPs didn\u2019t like. The removal of the Obama rule by the new administration essentially clears the path for abuse. The sky\u2019s the limit.Some people argue that other privacy laws prevent your personal information from being shared with third parties in a way that specifically identifies you, including preventing your email address spreading for such purposes. Yet browser security experts have long known that anyone can be specifically identified when visiting almost any website.That\u2019s a big part of the reason the FCC privacy rule was created. It specifically made selling email addresses, for example, illegal, unless the vendor had prior consent. The rollback undoes this obligation. Not a single independent privacy expert thinks rolling back the new FCC rule is a good development.Why the FCC rule should standWhat the Obama FCC\u2019s rule required is not new, unduly burdensome, or excessive.Stipulating that people must opt in to have their personal information collected is part of the European\u2019s Union\u2019s 2016 General Data Protection Regulation,\u00a0requiring consent for all personal data used. The GDPR already applies to more than 20 percent of all global business, including American companies doing business with EU member states.Asking for opt-in consent is not a huge business hurdle. Any ISP could easily offer cheaper services to consumers in exchange for free use of their personal information. They could add a single paragraph among all the other complex paragraphs you are supposedly required to read while signing up or renewing an existing contract. It\u2019s already how most personal information is collected.I\u2019m not sure how many people would understand the nature of the opt-in language in an agreement. But I do know that when you explain to people that their privacy rights are about to be taken away, nobody likes the idea. Perhaps that\u2019s what the ISPs are worried about.No, Google isn\u2019t already doing ItSome proponents of the rollback counter that Google and others are already collecting your information in personally identifiable ways. What does it matter if a few ISPs get the same privileges?Although it\u2019s true that Google (and others) collect your browsing history (and even personal information, if you send it using Gmail), Google does not track everything. For example, it does not collect data on your use of non-Google applications. Plus, Google has always promised not to provide personally identifiable information.Even if Google did it, you could use other search engines that specifically promise not to collect your personal information, such as DuckDuckGo or Ixquick. With this new rollback now passed, you cannot avoid your ISP trying its best to collect and sell your personally identifiable history, whether individually or in aggregate form.Although I have more than a dozen browsers and many dozen search engines to choose from, I have at most a few ISP candidates. Some areas have no options at all. And you can bet that now the law is rolled back, no ISP will exclude itself from collecting more of your data. They would be stupid, financially, not to.Your data will get out\u2014that\u2019s a givenThere isn\u2019t a company on the planet that will completely ensure that your data is secured against malicious hacking or unauthorized disclosure. There isn\u2019t a security expert who doesn\u2019t think that every company with any valuable data hasn\u2019t already been thoroughly compromised or can\u2019t easily be thoroughly compromised at will in the future. That\u2019s the state of computer security today.On top of that, there are often untrustworthy third parties with legal access to the data that will supply your private info for a price. This already occurs with the myriad of shady online \u201cdetective research\u201d sites that not only collate public data records but can return very private information. This will certainly extend to your personal internet browsing history. Anyone with any interest in you at all\u2014your friends, your neighbors, that creepy old guy down the street\u2014will be able to see your most intimate moments.The only reason this isn\u2019t already happening today is that most companies didn\u2019t have our private internet browsing information to start with. It can\u2019t be stolen because it didn\u2019t exist in their databases.Of course, our financial information is all over the internet and is stolen all the time. But one difference is that when our financial information is stolen and reused, we can get new credit cards and have the money put back in our bank accounts. We can be made legally \u201cwhole\u201d again.But if someone learns something precious or private about you, you might never know that information was learned by someone else or being used against you. If your very private information is used by others, whether you\u2019re aware of it, the genie cannot be put back into the bottle. It\u2019s out there forever. Simply legally allowing databases to retain your internet browsing history is guaranteeing it will be abused, stolen, and revealed.Now that your ISP is legally allowed to harvest your internet browser history and sell it, you can bet it will. After all, ISPs in the past have even intercepted search engine requests and results and redirected them to other paid advertisers. This time, they will have even more legal backing and likely use more personally identifiable information. For example, if you check on our herpes lab test on your doctor\u2019s website, what\u2019s to stop pharmacies from trying to sell you the \u201cright\u201d medicine? That test result could leak into the public realm forever.The new law prohibit future laws respecting your privacyIt\u2019s common for federal laws to prevent related laws of lower municipalities (state, regional, city) from applying, in what is called preemption. But the rollback includes a clause that prevents future similar FCC laws that might try to implement even much needed and agreed-upon privacy protections.For example, suppose you find that the new law accidentally (or purposely) allows your children\u2019s privacy to be invaded or allows your neighbor to buy your personally identifiable data. That new law prevents Congress from fixing such a specific flaw without repealing the entire law (which is much harder to do).We need a world where more of our privacy is protected by default. Is it too much to ask of the people who supposedly serve us that we get notified by our ISPs and be required to opt in? I don\u2019t think so.