The broadband industry and the Federal Communications Commission are equally confused about the agency’s new net neutrality privacy order, which came out of its Enforcement Bureau last week and seeks to ensure providers are “taking reasonable, good-faith steps” to protect consumer privacy.
But in the age of daily data breaches compromising millions of users’ and consumers’ private data, “reasonable, good-faith steps” sounds slightly vague, according to one of the agency’s own commissioners.
“What does this mean? What exactly do broadband providers have to do to comply with the law?” FCC Commissioner Ajit Pai asked the International Institute of Communications, Telecommunications and Media Forum in Miami Wednesday. “I am an FCC commissioner and a lawyer, and I have no idea. Your guess is as good as mine.”
The memo circulated last Wednesday was meant to give providers basic instruction until formal standards can be developed, according to the FCC. Even still, the language of the memo implies providers could face consequences for failing to meet the agency’s undefined standards, which will go into affect with the full net neutrality regulations on June 12.
“Although no broadband provider is in any way required to consult with the Enforcement Bureau, the existence of such a request for guidance will tend to show that the broadband provider is acting in good faith,” the commission advisory reads.
Although such authority originally belonged to the Federal Trade Commission, the FCC usurped that authority with the adoption of Chairman Tom Wheeler’s net neutrality regulations earlier this year, which reclassified Internet service providers (ISPs) as public communications utilities under authority meant to govern telephone companies in the 1996 Telecommunications Act.
Included in the act, which updated the 1934 Communications Act, is Section 222, which says telecommunications providers have “a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers.”
Telephone companies must adhere to those standards while entrusted with customer data or face stiff fines (last October, the FCC fined two telephone providers $10 million for storing low-income customers’ names, address, Social Security numbers and driver’s licenses on unencrypted servers).
Those specific rules won’t apply to ISPs, according to the FCC. However, the authority to oversee how ISPs are handling customer data will still be enforced while the agency drafts new privacy standards for the industry specifically.
“[T]he Enforcement Bureau will provide informal as well as formal guidance to broadband providers as they consider how best to comply with Section 222,” the advisory states. “The application of Section 222 offers an opportunity for broadband consumers to increase their demand for broadband by knowing that their privacy is well-protected.”
So far, the only “guidance” ISPs have to go on from the two-page advisory is to ensure they are applying “reasonable, good-faith steps” and employing “effective privacy protections in line with their privacy policies and core tenets of basic privacy protections.”
Last Friday in its response to a stay request of the overall net neutrality rules by ISPs, the agency acknowledged providers’ confusion over the advisory, which industry representatives asserted was timed to exert pressure over ISPs ahead of what will likely be a lengthy court battle to try to repeal the regulations.
“[T]he FCC’s Enforcement Bureau recently announced it intends to target only bad faith, unreasonable behavior pending the promulgation of Section 222 rules or similar guidance,” the agency wrote in its response.
“This ‘guidance’ casts far more shade than sunlight,” Pai said.
Pai, who has spent the last year arguing Wheeler’s Open Internet Order is a breach of FCC authority and threatens broadband growth and innovation, said the Enforcement Bureau advisory over privacy is just another example of unnecessary regulation.
“That’s not the certainty investors need when deciding whether to risk massive amounts of capital in a market,” Pai said. “That’s not what entrepreneurs look for when deciding whether to innovate.”
During a recent trip to London, Pai said he was already hearing complaints about the regulations from foreign investors, who said they were more likely to invest outside the U.S. as a result of the market uncertainty bred by net neutrality.
“They thought China, Latin America, and Europe offered better opportunities for investment because none of them were facing the same regulatory headwinds as the U.S.,” Pai said.