Later this week, the Federal Communications Commission will be voting on a proposal intended to protect some of your personal data from being shared by your Internet service provider, by requiring that the ISP first get your permission. As the vote approaches, the broadband industry is trying to make the case that your ISP’s collecting and sharing of customer data is no different than Facebook or Google’s.
The FCC now has privacy jurisdiction over ISPs, thanks to last year’s Open Internet rule (more popularly referred to as “net neutrality”), which reclassified broadband providers as “common carriers.” Although the Federal Trade Commission still protects consumers’ privacy with regards to most services, the FCC steps in where common carriers are concerned.
We Know All About You
The data-heavy services you use online — called “edge providers” in the formal parlance — know a lot about you. Netflix knows what you’re watching and what you’ve searched for. Google and Facebook between them know pretty much everywhere you’re going on the web and what apps you have on your phone.
But ISPs are the conduit for everything you do online, meaning they have access to a lot of potentially sensitive information about you.
While phone companies have long had access to “metadata” about your calls — what numbers you called, which numbers called you, when these called happened, and for how long — in the 21st century, there’s so much more information to collect.
Your ISP can access data about what sites you visit. When. For how long. How much data you move to or through them. What apps you’re using, on what operating systems and devices. And more.
No Big Deal?
The ISPs contend that their ability to know all that data — called Customer Proprietary Network Information (CPNI) — isn’t that big a deal because the edge providers like Google and Facebook have roughly equal access to all that same data, pieced together from a different direction. The way they see things, if the FCC regulates how ISPs acquire and use CPNI, it would put them at a competitive disadvantage against the content companies that don’t also operate infrastructure.
The full text of the FCC proposal won’t be made public until after Thursday’s vote, so much of the debate surrounding this issue has been based primarily on what’s disclosed in the single fact sheet [PDF] released by the Commission.
But that lack of available granular details didn’t stop a recent panel at a Consumer Federation of America conference from exploring the topic.
One panelist, Debbie Matties, formerly of the FTC but now an executive with the mobile industry lobbying group The CTIA, voiced frustration with her industry being singled out.
“It’s different with the voice market because only a small group of businesses has access to the data,” Matties explained. “On the Internet the ISP can see that, but it may be encrypted. But your ISP knows, your OS knows, your browser knows, advertisers and trackers know it,” so the ISP is not in a unique position that voice service companies once were.
“The idea that the ISP has this singular view of everything you do is outdated,” said Matties. If the ISPs, both mobile and fixed, have to live in an “an opt-in regime for everything” while nobody else does, she concluded, “it’s not solving the larger problem.”
Katharina Kopp, from the Center for Democracy and Technology, acknowledged that privacy and consumer advocates would love to see all those edge providers brought in line but, “what we have here [is] the FCC with its statutory duty to act” specifically on ISPs, and so the Commission is regulating what it has the authority to regulate.
A Matter Of Choice
There is, in fact, a difference between those edge services and your ISP. While you can choose whether or not to subscribe to Netflix, shop on Amazon, or have a Facebook account, you probably can’t choose your ISP — and if you can, it’s from a very limited pool.
Also, by choosing to use a service that you log into, you are in fact affirmatively opting in to everything it does, and its access to your data is part of the value exchange. If you have a Gmail account, you know — or should know — you are exchanging some level of your personal information, and access to you, in exchange for a free email service.
But what about services you actually pay for, like phone and Internet access? If you’re giving these providers money, should you also be expected to pay with information? Where is the line if the answer is “both”? Is there an exchange rate for how much a certain level of access to information is worth?
Paying For Privacy
The panel discussion grew heated when moderator Ariel Johnson, from Common Sense Kids Action, asked about discount “pay for privacy” programs like the one AT&T now offers, where you can see significant savings on its GigaPower fiberoptic service, but only if you allow the company to share your browsing data.
AT&T regulatory affairs executive Jacquelyne Flemming took issue with the very premise of the question, saying, “I’m not sure that labeling it ‘pay for privacy’ is the way to characterize that.”
“We, AT&T, have a broadband Internet access service that we market to customers that if you agree, if you opt-in, to the use of your data for various reasons, then you get a discount,” Flemming continued. “That doesn’t mean that other people who don’t get the discount are paying for privacy. I wouldn’t say that,” she explained, even though that is in fact actually the case.
“I think that there is a benefit to the customer,” Flemming finished, “and it’s not as if we’re talking [all] broadband Internet access services, of which there are a wide range of them that are available to customers. In this particular instance, if you like to get this benefit, then there is a reciprocal benefit to the customer and the company.”
However, most consumers do not have a wide range of broadband services available, which consumer advocate and Georgetown University visiting professor Laura Moy alluded to when she spoke.
“You shouldn’t have to make a choice between privacy protection and going online,” Moy said.
Referencing the “digital divide” — the fact that lower-income Americans lag behind the rest of the country in their access to online services — Moy theorized that “We could end up with something like a privacy divide. If you have pricing tiers that are based in part on privacy options, then you’re going to see those that end up with the privacy protections tend to be those who can afford to pay, and that those who don’t have them — even if they think they need them or prefer to have them – -those will tend to be people who can’t afford to pay that extra amount.”
If You Don’t Like The Boat, Jump Off
A question from the audience seemed to bolster Moy’s position.
“All of us don’t have access to a wired Internet,” explained the conference attendee. “Some of us only have over-the-air access. And so it’s expensive already and we’re already limited in what we can use it for.”
The woman began to explain the concern about the concept of being expected to pay more just to have privacy, when AT&T’s Flemming responded that, “If you dislike the way that AT&T is providing that service to you, there are a number of choices you can make.”
“But they’re all still expensive, and limited bandwidth,” responded the woman in the audience. And as we’ve shown before, cost and data caps are common problems for satellite and wireless Internet users. “With the caps that all of them have — I don’t have access to the same kind of Internet that other people do.”
Flemming responded, “So if there was an ad-supported service available to you that was cheaper, a different model of service — is that something that would seem reasonable to you?”
“If they’re ads that are based on using my information to target things to me,” she answered, “then no, I’d rather not have it.”
Flemming challenged, “So you’d rather have ads that are not relevant to you?”
But the woman in the audience enthusiastically responded, “Yes!” and pointed out that targeted ads are not only intrusive, high-data, and annoying, but also often wrong: they’re advertising you a flight you’ve already taken and returned home from, a shirt you’ve already bought, or a service that you already subscribe to.
What “value” is there in that?
The audience laughed in appreciation, but Moy took the chance to point out the greater policy implications of the issue: “[As has just been] pointed out, whatever privacy options are going to be available to consumers should be available what their income level is and no matter whether they’re using fixed or mobile broadband service.”
Editor's Note: This article originally appeared on Consumerist.