Antoinette Maria
Posted on March 29, 2017
On March 23, the internet lit up with chatter about Senate Joint Resolution 34 a.k.a the bill the Senate voted on to allow Internet Service Providers to sell your information to advertisers and marketers without your explicit consent. This bill is meant to repeal a new rule from the FCC signed during the Obama administration that requires ISPs get your opt-in as a customer to sell your data to other organizations. Yesterday, March 28th, Congress made it official it.
Upon taking over as Chairman of the FCC, Ajit Pai (known opponent to Net Neutrality) put an immediate hold on a part of these protections concerning customer privacy. The bill is the result of ISPs feeling like a requirement to get consent from customers before selling their data places them at a disadvantage against companies such as Google, Facebook, and Twitter. You can read more about the bill here and more about the law this bill repeals here. With the passage of this bill, along with not requiring opt-in to sell non-sensitive customer data (your browsing data mostly), the FCC is now prohibited from adopting any rules in the future that are similar to the privacy rules that were repealed.
Our data is commonly used as currency among large companies and marketers/advertisers. You are worth something. Well, you and millions of others aggregated together are worth something. In fact, in 2015 RadioShack fought in court for their right to sell off their database containing information from 117 million customers while selling off their assets during their bankruptcy filings. Just this February, the FTC took Vizio to court in New Jersey for selling off customer data without the customers' knowledge citing a direct violation of the FTC Act § 45 Section 5 (Unfair methods of competition). Twitter's privacy policy explicitly states that by using their service you agree and give them permission to share and sell your data to third parties and in contrast, Google uses your data to lease prime ad real estate across the web. Your data is already being bartered by the biggest players in the game.
So, what makes an ISP so different?
The concerns of selling data to third parties in the world of rampant data breaches, still exist whether we're talking about ISPs, data brokers, or internet services like Twitter or Facebook. The same goes for the risk of an ISP selling your data to known scammers. ISPs are different because the data ISPs have access to differ drastically from the information collected by individual services (i.e. Google doesn't have access to anything you do on a non-Google service). Your internet service provider can see everything and I'm not being hyperbolic. While many articles specifically reference your browsing history when discussing the data ISPs might sell, they actually have access to anything your devices talk to on the internet (think IoT), browser or no browser. Whether or not they collect, log, and report on that information is something you will have to find in their individual privacy policies.
ISPs are also different because you don't always have a choice in internet service providers. If I don't want to be tracked by Google or Facebook, I can easily choose not to use their services. There are alternatives available with internet services. That same kind of choice doesn't always exist in the context of internet service providers. Many internet users only have one choice in ISP.
For more information on what your ISP can do check out this article from The Electronic Frontier Foundation.
What regulations are in place to protect my data?
In January, a few of the major ISPs voluntarily signed a set of privacy principles based on the rules set forth by the FTC. The document specifically mentions providing "an opt-out choice to use non-sensitive customer information for personalized third-party marketing". This is the section to pay attention to because your browsing history is considered non-sensitive customer data. This voluntary agreement is based on the opt-in suggestions from the FTC. Since the agreement is voluntary and not legally binding, there are doubts about whether or not the FCC will monitor the collection and selling of information by ISPs and take legal action should it become necessary.
What can I do now if I don't want my information collected and sold to advertisers?
Opt-out - Find a way to opt-out of the information gathering. Best of luck going this route, it's likely this option will be tedious and buried somewhere in the privacy policy under legal jargon.
VPN - Set up an encrypted tunnel to hide all of your traffic. If you're a networking person this will probably be easy. As I write this, my co-workers are talking about how to set up a policy based VPN with high throughput as a reaction to the repeal. Warning: Netflix can detect VPN and proxy traffic and will block it. This option may complicate your life if you don't have more than a basic understanding of networks.
HTTPS all the things - This option will obscure the content of the pages you visit. However, the URLs will still be visible. Depending on your level of paranoia, that might be just fine. This is by far the simplest option.
I want to hear what you think. Talk to me.
Posted on March 29, 2017
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.