Imagine a book filled with every website you’ve ever visited. What story would it tell about it you? Would you want some control over who might read it?
As on-ramps to the Internet, companies such as Comcast, Verizon and AT&T are privy to nearly everything we do online. This puts them in a position to piece together detailed profiles of their customers.
Last fall, the Federal Communications Commission ruled that if Internet service providers want to collect and sell personal information, like your browsing history, they needed to get your permission first — that is, ask you to “opt-in” to their data-sharing programs.
Consumer advocates hailed the measure as a major victory for online privacy. The telecom industry howled, saying the rules were unfair because they applied only to ISPs and not web companies such as Google and Facebook.
Now Congress has weighed in, with both houses voting largely along party lines to revoke the opt-in provisions entirely. The President is expected to rubber stamp the deregulation.
Advocacy groups argue that this is yet another example of a powerful corporate lobby — the telecom industry — overwhelming the political process to undermine consumer rights. (Considering the political contributions ISPs routinely make to politicians, this is a legitimate concern.)
Nevertheless, proponents have overstated the benefits of the FCC’s now-threatened privacy rule. Most obviously, the rules would not apply to the thousands of tech companies that harvest consumer information, leaving the largest data collectors like Google to continue business as usual.
That is because FCC jurisdiction only allows it to make rules for ISPs, not web companies. Congress, on the other hand, could write a simple law to apply more robust privacy protections across the board. While not a perfect solution, a universal opt-in framework would represent a significant step forward for Internet privacy. After all, a universal opt-in means that consumers would be opted out by default. Privacy, not surveillance, would be the standard.
This would be a major reversal for US policy that has historically been set up to facilitate data collection rather than consumer protection. It would also put us into greater alignment with the European Union’s much more proactive approach to internet privacy.
Instead, our representatives not only gutted the new opt-in protections, but also prevented the FCC from enacting future privacy rules, evening the playing field by permanently lowering the bar. This is a troubling development, considering that consumers generally want more online privacy, not less.
Apart from the GOP’s deregulatory fervor, piecemeal privacy rules face the broader challenge of going against the grain of a digital advertising economy worth billions of dollars. Requiring companies to obtain affirmative consent to sell certain types of user information does little to address the root of the privacy problem: that surveillance has become the business model of the internet.
The simple truth is that the vast majority of the internet industry brings home the bacon in ways that erode privacy. In broadband, search, social networking and nearly everything else, the options of the privacy-minded consumer are limited indeed.
In addition to ramping up political pressure for privacy laws, we must work to foster privacy enhancing alternatives in broadband and web services. This means thinking about business models that do not hinge upon surveillance. This is a tall order, but it’s the only way to give consumers real privacy choices.