Celebrities are mobilizing online outrage in response to Congress’s repeal of internet privacy rules by raising funds to buy the browsing history of individual lawmakers and their aides, a protest tougher to accomplish than the rhetoric implies.
Actor Misha Collins of the The CW show “Supernatural” and Max Temkin, creator of the adult card game “Cards Against Humanity” are among those proposing to buy the web browsing history of lawmakers who voted to repeal Obama-era privacy rules for internet service providers (ISPs) like AT&T and Comcast.
— Max Temkin (@MaxTemkin) March 27, 2017
Thanks, Congress, for voting to put all of our private data up for sale! We can’t wait to buy yours. https://t.co/t8pq3p470f
— Misha Collins (@mishacollins) March 28, 2017
Rules passed by the then-Democrat controlled Federal Communications Commission in October would have forced ISPs to get permission from subscribers before collecting their data, including browsing history and app usage, and selling it to third party marketers for targeted advertising.
The House of Representatives led by Republicans voted 215-205, largely along party lines, to repeal the rules Tuesday. The Senate voted 50-48 along similar party lines last Friday, and the White House has already signaled President Donald Trump’s intention to sign the resolution into law.
In response, Collins’ GoFundMe page “to purchase the data of Donald Trump and every Congressperson who voted for [the repeal], and to make it publicly available” has raised more than $78,000 of its $500 million goal in two days. Another page set up by a self-proclaimed “privacy activist & net neutrality advocate” based in Tennessee with the same goal has raised over $188,000 from almost 12,000 users.
If signed the Congressional Review Act (CRA) resolution would not only repeal the FCC rules but prohibit the agency from enacting similar rules in the future. Though the debate over the rules has raged in Washington for more than a year, headlines and tweets like this one from Ars Technica proclaiming the “House could vote tomorrow to let ISPs sell your Web browsing history” and The Washington Post’s “What to expect now that Internet providers can collect and sell your Web browser history” only broke into mainstream media within the last week. And like those above, they’re misleading.
The reality is ISPs have been able to do this, and have been doing it, since the start of the contemporary internet in the 90s. Even after the Federal Trade Commission (which oversaw the privacy practices of ISPs before the FCC’s net neutrality rules brought ISPs under FCC jurisdiction in 2015) updated its privacy regulations in 2012 to require ISPs and edge providers (Google, Facebook, Yahoo, etc.) get permission before collections sensitive information like health and financial data, ISPs were still able to collect and monetize browsing history and app usage data.
Even after the FCC passed its rules in October, they weren’t scheduled to go into effect until March 2. The new Republican Chairman of the FCC, Ajit Pai, stayed the rules before they took effect, meaning the status quo hasn’t changed since before or after the outrage and subsequent protest, which itself is fundamentally flawed.
Marketers don’t buy data on or target individuals. Marketers buy data for targeted advertising in large swaths from ISPs and edge providers like Google and Facebook alike (who, by the way, would never have been subject to the new rules, despite being the largest targeted ad giants online).
It’s likely detailed data on individuals wouldn’t even be useful to marketers, since they’re interested in large groups who share certain specific points of data they can use to target them in widely distributed ad campaigns for products. So while it would be possible to buy the browsing history of members of Congress as a marketer, that data, however specific, wouldn’t specifically identify which individuals browsed what, and it would be grouped in with data from others with similar browsing habits, not necessarily other members of Congress (since it’s unlikely they all visit all the same places online).
Privacy policies instituted by providers themselves often prohibit such explicit use of user information. If a company engaged in practices in violation of that agreement, it could be (and has been) brought to court.
Under Section 222 of the the Communications Act, which outlines privacy standards for telecommunications providers including ISPs with access to customer proprietary network information (CPNI), providers can use “aggregate customer information” for marketing provided “individual customer identities and characteristics have been removed.” For the time being the FCC will police ISP privacy based on Section 222, just as it has since 2015 after passing net neutrality rules. The FCC still has the power to charge providers with violations of privacy, it just can’t rewrite rules similar to those repealed.
While some have argued the repeal will give ISPs more confidence to bend, break or even change their own rules, it seems unlikely they’ll start accepting cash for individual data. Even if the FCC declined to actively police the privacy beat, the self-described goal of both the current FCC and FTC chairs is to return privacy authority back to the FTC.
All that to say nothing has changed since February 2015, and privacy enforcement is likely to go back to the way it was even before that.
In the days since those initial tweets at least some of that reality seems to have dawned on those promoting the “buy their history” campaign. Temkin has since admitted, “We don’t know if there will be any data to buy, how it will work, or what will be available.”
“This means you should be very skeptical of any GoFundMe projects to buy this data,” he wrote on a Reddit post. “They are making promises they can’t possibly keep.”
A section at the bottom of Collins’ GoFundMe page reads, “PS: Proceeds from this campaign will be used to buy Congress’ data once it becomes available. If that is impossible for any reason or if there is a surplus from this campaign, 100% of the balance of proceeds will go to the ACLU to help them continue to fight for our privacy rights.”
The Tennessee GoFundMe has a similar disclaimer reading “if we can’t buy the data in the end for whatever reason, we’ll send funds to EFF [Electronic Frontier Foundation] so they can continue fighting for this mission.” Temkin also held a campaign after his tweet to match donations to EFF.