Pai, Pai, Mr American spy: FCC supremo rips up privacy protections for broadband punters
No need for ISPs to tell you what info they're slurping up
New rules due to take effect next week that would have restricted what ISPs can do with your private information have been killed off by the new chair of the US Federal Communications Commission.
In a statement put out Friday, Ajit Pai masked the impact of the decision by claiming that there needed to be a "comprehensive and uniform framework to protect Americans' online privacy," while failing to provide any details about when and how that framework will be developed.
Pai also claimed that the rules were "not consistent with the FTC's privacy standards" – a direct contradiction of what previous FCC chair Tom Wheeler argued in October when he said they were "in harmony with other key privacy frameworks and principles – including those outlined by the FTC and the Administration's Consumer Privacy Bill of Rights."
Under the rules, an ISP would have been required to notify consumers about what types of information they are collecting, as well as say how that information may be shared, and with whom.
And ISPs would be required to "take reasonable measures" to protect consumer data from breaches as well as notify customers if their data is compromised. The requirements were due to take effect on March 2.
ISPs were bitterly opposed to the new rules and lobbied hard against them, claiming it was unfair that they face stricter rules than companies such as Google and Facebook (who are regulated by the FTC).
At the time, FCC chair Wheeler argued that ISPs were in a unique position, as they can monitor any and all traffic from their customers. "It is the consumer's information, it is not the information of the network the consumer hires to deliver that information," he argued before the rules were passed 3‑2 in October 2016, with the two Republican commissioners voting against.
Now, following the election of Donald Trump as president and with Congress refusing for a year to re-elect commissioner Jessica Rosenworcel, those two Republicans are in a 2‑1 majority on the FCC and have decided to unravel the rules, as well as many other recent FCC decisions, particularly as they pertain to net neutrality.
The argument that the FCC rules are not consistent with FTC rules is a bit of a smokescreen given that the requirements are based on [PDF] FCC rules that apply to telecom companies. But it also highlights the problems inherent in the FCC deciding to extend its authority to broadband providers by reclassifying them as "Title II" carriers using legislation that stems from 1934.
Rules go pai-pai
Chair Pai has made it plain that he believes the FCC overstretched its authority in recent years and proposes instead a "light touch" regulatory regime.
By cancelling the new rules just days before they were due to take effect, Pai argues that he is "returning to a technology-neutral privacy framework for the online world and harmonizing the FCC's privacy rules for broadband providers with the FTC's standards for others in the digital economy."
In truth, the lack of rules means that ISPs can continue to use vast quantities of sensitive and valuable consumer data they possess with very little regulatory oversight: a situation that is unlikely to change while Pai is in charge.
Pai's statement – made through the FCC's Office of Media Relations – calls for a vote on the stay before March 2. If the sole remaining Democratic commissioner, Mignon Clyburn, refuses, the statement claims the FCC will stay the rules anyway "pending a full Commission vote on the pending petitions for reconsideration consistent with past practice."
Since Pai has taken over as chair, he has deleted a wide range of earlier FCC decisions, including: the requirement for all ISPs to reveal pricing and speed information; broadband subsidies for the poor; and a program that would require cable companies to end their cable-box rental rip-off. ®
Editor's note: We were under the impression that Pai's decision to stop the rules from taking effect would also scrap the opt-in requirement for ISPs before sharing customers' personal data. The FCC has since clarified that part of the rules are still under review by the Office of Management and Budget, and so were not due to go into effect on March 2. It is, however, unclear whether the FCC intends to let those rules go forward when out of review. Color us skeptical.
Sponsored: Becoming a Pragmatic Security Leader