FCC swivels to online privacy, gets bitten in the ass by net neutrality
Has America's telecom regulator finally pushed its luck too far?
Analysis When America's comms watchdog the FCC passed its net neutrality rules despite an onslaught of criticism from telcos, the world rejoiced.
That legal fudge was necessary to give the FCC the authority to act, since there was no chance at all that Congress was in a position to draft a new telecom law that adequately accounted for the modern internet world.
But that fudge has also come back to bite the regulator, in the latest of a series of proposals aimed at dealing with inequalities in the telco market: new privacy rules.
Since ISPs and phone companies are now equivalent in the FCC's eyes, it is attempting to impose the same rules regarding data privacy onto ISPs as well. And it doesn't work – not least because, as the Internet Society has swiftly pointed out, IP addresses are not telephone numbers. Nor will they ever be telephone numbers.
Although it has faced a barrage of opposition over its plans to open up the set top box and expand broadband access and speeds across the US, the opposition to its data privacy plans is reaching far beyond just the telcos.
As noted, the Internet Society is not impressed. In a blog post, it agrees that giving consumers more tools to enforce their privacy is a good thing, but "a blanket association between telephone numbers and IP numbers and domain names is simply not useful." In fact, correlating IP and telephone numbers is "a fundamentally flawed starting point."
It doesn't help that for over a decade, internet organizations and tech companies have been arguing repeatedly – and successfully – that applying old regulatory regimes to the internet is a recipe for disaster. It was that core argument that has been repeatedly used to beat back efforts by the UN's International Telecommunication Union (ITU) to take more of a role in internet governance.
Then we have the former head of the Federal Trade Commission (FTC), Joshua D. Wright, telling the FCC that its plan will actually harm consumers.
"The privacy interests of consumers are not advanced by the FCC’s proposal," he notes in a white paper [PDF]. "Consumers can – and those who care, already do – make informed decisions about whether to permit certain marketing uses of their data today."
But, he says, the FCC's approach "is not calibrated to the sensitivity of consumer data or to the potentiality for a given use to result in consumer harm." The proposal as it stands could result in higher prices, greater advertising and reduced innovation.
Amazingly, Wright is not even the only former FTC chair opposed to the plan. Jon Leibowitz has also weighed in, noting that while "parts of the FCC's proposed rule are consistent with the FTC approach, in many important areas it overshoots the mark, proposing regulations for broadband providers that go well beyond those imposed upon the rest of the Internet economy and which, if adopted, would undercut benefits to the very consumers it seeks to protect."
In effect, two former FTC chairs are telling the FCC, "you don't know what you're doing." And they are right: in granting itself jurisdiction over internet companies, the FCC also set itself up as the venue for consumer complaints – something that it has no experience with or understanding of.
When it published its proposed new privacy rules we noted two things:
- It was published under a "notice of proposed rulemaking," implying that the FCC was somewhat down the track in terms of deciding the policies.
- It literally asked more questions than gave answers, pointing out what everyone has been saying increasingly loudly: don't try to become an instant expert in a complex topic.
The FCC had to hire its first ombudsman as a result of its internet power grab, but rather than look outside its organization for experience, it simply gave the job to an existing staffer. Not only that, but the FCC was explicitly warned that it was getting out of its depth and chose to ignore it.
Earlier this week, the FCC published the number of complaints it has received through its net neutrality rules: over 20,000. And it is clearly swamped by the effort.
And if you don't buy all that, here is a technical explanation for why the FCC has got it all wrong, written by internet engineer Richard Bennett.
Talking about the FCC's proposal, he notes: "The assumption that ISPs have privileged access to web activity is not factual. ISPs have a limited view of user activity, and Identifiers that function like UIHD can be added and are added to HTTP data streams by websites as easily as they can be added by ISPs."
He continues: "User identification is a basic function of web cookies, IP addresses, and user account names. And unlike ISP-visible objects, web cookies function across platforms and devices. Users of a particular browser, such as Chrome, access the same cookies across desktops, laptops, tablets, and smartphones, whether connected by wired residential ISPs, business ISPs, or mobile ISPs."
In short: "The claim that ISPs have greater visibility and control over user web information is the polar opposite of the truth."
The FCC is to be applauded for standing up for consumers and facing down the big, previously unassailable lobbies for the cable and telecom industries. But as we have noted with increasing concern, its boldness is rapidly becoming arrogant and wrong-headed. The responses to this latest policy will, hopefully, give the commissioners pause for thought. ®