A panel of experts including a Federal Trade commissioner and former White House privacy adviser agreed Tuesday regulating privacy standards for Internet service providers is better left to the FTC than to the Federal Communications Commission.
“We believe that the best course of action is for the FCC to really just leave the entire issue of broadband privacy for the FTC,” Information Technology and Innovation Foundation telecommunications policy analyst Doug Brake said during the panel at ITIF’s Washington headquarters Tuesday.
The panel was timed to coincide with the release of an ITIF report on the topic, which found “[d]eviating from the historical privacy protections of the FTC framework would significantly disrupt ongoing dynamic competition in innovative new uses of Internet data, ultimately slowing the rate of growth of broadband deployment and adoption and also degrading the broadband users’ online experience.”
When the FCC reclassified broadband as a Title II common carrier service last year under Chairman Tom Wheeler’s net neutrality rulemaking, it opened to door to set privacy standards for broadband, usurping jurisdictional territory formerly held by the FTC.
In the order the FCC said new privacy protections would establish a “virtuous cycle” by convincing users their privacy is being protected, encouraging them to use broadband more, driving demand, investment and network growth.
“We dug into that assertion a little bit, and it’s really remarkably pale,” Brake said.
The report cites a National Telecommunications and Information Administration report stating “only 1 percent of household expressed privacy concerns … as their primary reason for not using the Internet at home.” Less than 1 percent of non-smartphone users similarly told Pew it was because they “worried about privacy/tracking,” and privacy wasn’t a reason at all among broadband non-adopters.
A TRUSTe survey from 2011 found while users care about privacy, 45 percent said they trust themselves most to protect it, while the second most responses said they trust ISPs. Only 9 percent, the fifth-most respondents, said they trust government/regulation.
Tuesday’s report said monetizing data for targeted advertising helps bring down broadband cost for consumers, which the FCC itself recently highlighted as the largest barrier to adoption in poor and rural regions of the country.
“It also potentially offers another revenue stream that can be driven into network upgrades,” Brake said. “This is especially important as we move into the 5G world where small cell densification networks is going to be very costly.”
Monetized data revenue streams of ISPs are already some of the least effective in the industry according to Peter Swire, the Georgia Tech professor behind a report from the university yesterday finding technology like virtual private networks, multiple devices and encryption fragment and mask all but the most surface level user data, the latter across almost 50 percent of the Internet.
“ISP access to user data is not comprehensive,” Swire told the panel. “Even though others in this space have said that it is, and also ISP access to user data is not unique.”
The ITIF report states the push for stricter privacy regulations is chiefly the result of privacy advocates seeking to circumvent Congress, instill broader rules across the online ecosystem and tackle edge providers like Google and Facebook’s expanding collection and use of user data.
“Harold Feld of Public Knowledge has been quite candid on this strategy,” the report reads. “On releasing a whitepaper that attempted to blur the jurisdictional lines between the FTC and the FCC, Feld explained, ‘you start with the broadband providers where you have a specialized agency with authority … That makes it a hell of a lot easier for the FTC … ‘ in working on privacy problems with respect to edge providers.”
Commissioner Maureen Ohlhausen of the FTC told the panel she agreed with the report’s findings, and added the FTC’s data privacy regulatory model, designed to accommodate fast-changing technology with case-by-case enforcement and generally approved principles instead of “rigid rulemaking,” is a better fit for ISPs.
“Forbidding actions that do not harm consumers is at best, useless, and at worst, actually harms consumers by forbidding beneficial business practices,” Ohlhausen said, adding tighter restrictions on half the online ecosystem could harm ISP innovation and restrict future business models and technologies that could make use of user data.
Former chief privacy and civil liberties officer at the Justice Department Nancy Libin said Communications Act Section 222, which gives the FCC authority over how common carriers like telephone networks use customer proprietary network information, was never intended by Congress to address service providers of access to the Internet, which was originally classified as an information service.
“It’s not just the CPNI rules that are a problem, it’s also Section 222. Like the rules themselves, the language of Section 222 applies to telephone voice services, not information generated in the Internet ecosystem,” Libin said, adding the FCC itself chose to forebear Section 222 in the Open Internet Order last year because the rules were too telephone-centric.
Jules Polonetsky of Future of Privacy Forum and former chief privacy officer at AOL said the FCC and the FTC should work together on a single standard for privacy online, as the broad range of technologies and standards already makes understanding and opting out of tracking, data collection and targeting an incredibly complicated collection of processes.
“Make it consistent from my point of view so that consumers can have one message: here’s what you do to opt out, here’s what you do if you don’t want data sent, here’s what you can do in one set of circumstances, and that it works,” Polonetsky said.
Harold Feld of the pro-net neutrality group Public Knowledge, who was specifically named in the report, pointed out the FTC’s common carrier exemption bars it from regulating privacy in the transportation, banking and medical fields, not just the telephone and Internet industries.
“So basically your argument here is, ‘it’s just bad the FCC extended its jurisdiction in this way and occupied the field, I’d like to clean up all the other mess too but, at least at the moment, I just feel that the FCC should not have elbowed the FTC aside,'” Feld said.
“Unlike banks and airlines, who are all regulated the same, here you’re going to have different parts of the ecosystem who are competing with each other, perhaps subject to different standards for the similar type of behavior,” Ohlhausen said.
The FCC is expected to announce more details on the rules between March and April.