This evening, the acting chair of the FTC and the newly appointed chair of the FCC jointly published an op-ed piece in the Washington Post defending their decision to remove 2016 privacy protections from ISPs that prevented them from using or selling the most private data without opt-in, and forcing the establishment of an opt-out mechanism for the remainder.

That these two bureaucrats felt it important to write this article at all shows that there has been significant public outcry at a policy move that benefits not a single member of the US public, but rather the media and network companies that are keen to become data and advertising companies and use this to try to sell you things (and possibly sell the data to others in the process).

Before we go any further, please take a moment to read the opinion piece here:

Ok, welcome back. I want to take issue with a number of things in this piece. Here we go…

1) “…professional lobbyists lit a wildfire of misinformation about Congress’s action…” It is not just professional lobbyists that feel this way. The fact that when described by colleagues, parents and friends the voice of shock at what might be collected and how it could be used without regulation or protection is palpable.

2) “So as the nation’s chief communications regulator and the nation’s chief privacy enforcer…” So act like it and take steps to actually protect our privacy, not enable it to be used in ways we have no control over. Walk the talk. Let us have control over the levers of how our own data is used, and ensure we are clearly told what is being collected, exactly whom it is shared with and exactly what is being done with the data, and give us the right to delete that data at our discretion without forcing us to abandon the service itself for just this reason.

3) “…Internet service providers have never planned to sell your individual browsing history to third parties.” Just because they have no plans to do so today doesn’t mean that they won’t change their minds in a few months and decide to do so since the rule that prevents them from doing so (and not requiring them to get my consent to do so) has now been rolled back. Bottom line, I don’t trust the ISPs to do what is right for citizens, but rather what is good for their bottom lines.

4) “Up until that decision, the FTC was an effective cop on the privacy beat, using a consistent framework for protecting privacy and data security throughout the entire Internet ecosystem.” This refers to 2 years ago, when the FTC lost its right to enforce privacy on ISP’s and it also refers to enforcement of a meager set of rules that doesn’t actually protect anyone’s data but rather just requires that companies tell you in obscure, 56 page long legalese that they are bending you over and selling your info to whomever they call a “partner”. And in the case of ISP’s there is often no competition to go to if you want the current 25Mbps down/3Mbps up definition of broadband access. So what can you do? Prett much nothing.

5) “…in 2015, the FCC decided to treat the Internet like a public utility…” The Internet is now a commodity service that is as key to life as electricity, natural gas and telephone service. That the use of telephone service is protected but Internet is not is ludicrous and the declaration as a Common Carrier service is truly in the public interest. Said differently, the Internet is so intrinsically part of American life that treating it as something other than a utility is irresponsible.

6) “As we feared, this 2015 decision has not turned out well for the American people.” How has it not been good for the American people? This is a Trumpian definition akin to “it will be great!” He won’t tell you how, but just know it will be/is. On the contrary, rules raising the definition of broadband to meet consumer technology demands were put in place, an amazing national outcry in support of the original tenet of the Internet, Network Neutrality, showed that Americans wanted to preserve competition and ensure that media monopolies such as Comcast, AT&T and others could not give their own content undue preference across their own networks, thus forcing out competition. The previous FCC also started to give Americans control over how our data is used, and this was remarkable, until Monday when it was taken away.

7) “…the FTC concluded that “any privacy framework should be technology neutral…” I actually don’t disgree with this statement, however the FTC should raise its standards to actually protect the citizens of the USA that use the Internet and not just be shills for the corporate lobbyists that pay to get votes to go their way.

8) “The FCC’s regulations weren’t about protecting consumers’ privacy. They were about government picking winners and losers in the marketplace. If two online companies have access to the same data about your Internet usage, why should the federal government give one company greater leeway to use it than the other?” It has nothing to do with this at all, it has to do with giving the consumer the ability to choose how their own (our own!) data is used and by whom. This statement by Pai and Ohlhausen is pure BS. If you really valued consumer privacy you would fight to give us full transparency and control over our data and how it is used an shared.

9) “ISPs have neither comprehensive nor unique access to information about users’ online activity. Rather, the most commercially valuable information about online users . . . is coming from other contexts,” and such as social-media interactions and search terms.” and

10) “Google dominates desktop search with an estimated 81 percent market share (and 96 percent of the mobile search market), whereas Verizon, the largest mobile broadband provider, holds only an estimated 35 percent of its market.”  The difference here is that I have the choice to use/not use social media and search terms over my Internet connection. I do not have the ability to choose my ISP and maintain broadband speeds. For example where I live in a major university city I can get 105Mbps from Comcast and only 18Mbps from AT&T over DSL (and nothing else since CLECs seem to have been squeezed off AT&T’s copper over the past 15 years) and even AT&T won’t guarantee me their HDTV service at this bandwidth. Broadband definition is 25Mbps, so Comcast is the only one that meets the definition. I can use Duck Duck Go or Google or Bing as I choose. I have no choice on ISPs, so therefore I guess I have to give Comcast all my search and usage data. They are already hijacking HTTP sessions, so why not let them have the whole enchilada?

11) “As a result, it shouldn’t come as a surprise that Congress decided to disapprove the FCC’s unbalanced rules.” You are right, with this particular Congress, I am not the least bit surprised.

12) “…FTC’s criticism of the FCC’s rules last year noted specifically that they “would not generally apply to other services that collect and use significant amounts of consumer data.”” Once again, don’t bring the level of consumer protection down to the pittance that is the FTC’s historical level, but rather bring the unified, consistent stance up to the level of the FCC (and maybe even keep going beyond!)

13) “But we understand that more needs to be done to protect online privacy. The American people deserve a comprehensive framework that will protect their privacy throughout the Internet. And that’s why we’ll be working together to restore the FTC’s authority to police ISPs’ privacy practices.” The last sentence talks about authority but not that steps will be taken to make it actually protect the American people that are referred to here. At present the FTC controls are inadequate and give the control to service providers (did you know you can’t opt out of your credit card usage data being sold to 3rd party “affiliates”?) instead of the people about whom the data actually pertains.

At the end of the day, regulation serves to enforce compliance in areas where if left to their own devices, companies may not make the right decisions, or put the right level of protections in place. For example, without HIPAA regulations, it would be a much different discussion in cash-strapped healthcare systems (many of whom are for-profit) when deciding whether to pay for the firewall or encryption of the patient data, not knowing they need to be experts in such a topic, or invest in the technology to protect. The same thing goes here for the ISPs who are not in the same position because they are far from cash-strapped and are more inclined to do anything to pad their bottom line, especially when they are in monopoly positions. If these companies did more to make me trust them, then their fierce, defensive claims that they have no plans to sell user data (not that they will never sell it, mind you) might not be met with such cynicism, but until they prove over long-term that profits do not trump (pun intended) the best interests of the citizenry, then regulation is needed.

BTW: Comcast, if you really wanted me to trust you, you wouldn’t tell me that I can opt out of targeted ads, you would tell me that I, as someone who pays you for a service every month, a) can opt-out fully from you collecting and storing any data collection of my activity online, or even better b) I can explicitly opt-in (if I want to and feel there is good value in doing so) to you collecting data and getting targeted ads. That you assume I want in and have to figure out some archaic way to get out of it that is browser-specific and doesn’t follow me from computer to computer in my own house is not an indicator of a company I can trust.