This post has been updated with a “how to protect yourself” sidebar (scroll down)
By Larry Magid
A few days ago I was clicking through Netflix and stumbled upon Inside Job, a 2010 documentary about how deregulation and greed during the Reagan, Clinton and George W. Bush administrations led to the financial crisis of 2008. Then I turned on the news and learned about the demise of more recent regulations through both executive orders and congressional legislation.
Among those was the passage of a bill by both the U.S. Senate and House of Representatives that will rescind an Obama-era FCC rule that would have protected consumers from having their personal information used or sold by internet service providers without their permission. President Trump, who has called for the elimination of two regulations for every new one, is expected to sign the bill.
The bill is a loss for consumer privacy and a win for giant internet service providers (ISPs) like Comcast, AT&T and Verizon.
____________________________________________________________________________________
Sidebar:
How to protect yourself
Regardless of what the government does, there are things you can do to protect your own privacy, even from your Internet service provider. These include:
- Virtual private network (VPN). A VPN encrypts and routes your connection through one of their servers, essentially hiding the point of origin as well as the content from your ISP. They’re not 100% full-proof but they do reduce the chances of anything being intercepted. Here is PCMag’s Best VPN Services of 2017. A free option is to use the Opera browser that comes with a free VPN built-in. You have to go to settings to enable the VPN.
- Tor browser: The free Tor browser not only routes your connection through other servers — often outside the United States, to make it harder for anyone to intercept. Like a VPN not 100%, but pretty secure.
- Use encrypted sites: If you look in your browser’s address bar look for the letters https to the left of the address. The “s” stands for secure, which means that the data is encrypted between your browser and the site.
- Read the ISP’s privacy and opt-out policies. The Federal Trade Commission doesn’t tell ISPs what they should do, but they do enforce whatever privacy policies they state. So, read the privacy policy and — if you have reason to believe your ISP isn’t following it, you can contacts that FTC. Some ISPs have opt-out policies which let you tell them what they can’t do with your data. Check out this ArsTechnica article on what some ISPs are offering
- Watch what you post and send: Be careful about what you post on social media (even with privacy turned on, it can be copied and shared) and send say anything, even in private email, that would get you in trouble.
- Check your state laws. States can have tougher laws than the federal government. Check with your state attorney general’s office to see what privacy laws are on the books and what they can do to protect you should a provider violate the law or their own privacy policies. Here is a partial list of state privacy laws.
________________________________________________________________________________
It means those providers, including mobile phone carriers, can record what you’re doing on their networks and use or sell that information for commercial purposes. That includes the sites you’re visiting, the apps you’re using and even your network connected devices.
I use my Amazon Echo to turn my bedroom lights off at night and I’m thinking of installing sensors under our mattress to help my wife and me analyze our sleep patterns. All that data travels through our internet connection, which makes me wonder if my internet service provider could sell data about our bedroom habits to the highest bidder.
The Federal Communications Commission rule that it rolls back would have required consumers to opt-in before their information could be sold. It may still be possible to opt-out in some cases and you may have other rights. The Federal Trade Commission requires companies to adhere to their published privacy policies so, as boring and hard to understand as they may be, it’s a good idea to read those policies.
FCC Commissioner Mignon Clyburn is not happy about the new law. Clyburn was appointed by President Obama in 2009 and voted with her Democratic colleagues to pass these consumer protection rules last year. But now, she said in an interview, “there is no cop on the beat” to limit what ISPs can do with information such as “where you are at a certain time,” as well as “medical information and information about your children.”
In response to a question about protecting the rights of companies to innovate and better compete, she pointed out that fear of being tracked, especially for seniors, inhibits broadband adoption.
“If you were to ask my mother why she doesn’t transact more business online, she’s afraid someone is tracking her,” she said. “There are millions of Americans, particularly those who are seniors and those who are low-income that believe that.” You can listen to the entire podcast below:
Evan Greer, campaign director of Fight for the Future, worries that the bill could also lead to increased government surveillance.
“Gutting these privacy rules won’t just allow Internet Service Providers to spy on us and sell our personal information, it will also enable more unconstitutional mass government surveillance, and fundamentally undermine our cybersecurity by making our sensitive personal information vulnerable to hackers, identity thieves, and foreign governments,” she said in a statement.
Greer has a point. Even without violating the constitution, any entity that warehouses personal information can be legally compelled to turn it over to law enforcement or government through a valid court order. As we’ve seen too many times, stored data is vulnerable to hackers whether motivated by money, politics or a relationship with foreign governments. Of course, that would be true whether the company was selling the information or not, but if a company can monetize data, it’s more likely to hang on to it, which makes it more vulnerable to legal or illegal snooping.
Bob Hedges, lead partner in global consultant A.T. Kearney’s Financial Institutions practice, argues that the erosion of consumer privacy is a bigger threat than cyber-security risks for digital commerce.
“The proposed relaxation of consumer data rights — and blurring of responsibility for the stewarding of the security and privacy of consumer data — actually poses a far greater and real challenge to the convenience and consumer benefits of digital commerce,” he said in an email. “Both consumers — and their banks and financial partners who facilitate commerce and payments — should be alarmed.”
One of the arguments in favor of the bill stripping away the FCC’s privacy rules is that it puts internet service providers on a level playing field with interactive services like Facebook and Google. But, aside from the fact that the FCC has no jurisdiction over Google and Facebook, there is a big difference between a service provider and an online service.
No one has to use Facebook or Google. There are other social media services and search engines, but internet service providers are more like public utilities. In many communities, there is only one broadband provider and it’s rare if there are more than two in a market. Plus, the information that services collect about you is limited to what you do on their or their partner’s sites or apps, while ISPs can know everything you do on their networks. It’s the difference between a business tracking you with its security cameras inside the store versus a city having a drone follow you around everywhere you go.
And, finally, two wrongs don’t make a right. Instead of taking away privacy rights on ISPs perhaps we should be increasing them for other services.
Disclosure: Larry Magid is CEO of ConnectSafely.org, a non-profit Internet safety organization that receives support from Comcast, Facebook, Google and other companiesaffected by issues discussed in this column.