What a Flake: Congress mulls trashing privacy rules, letting ISPs go to town on your data

US Senator Jeff Flake (R-AZ) has suggested tweaking the law to permanently prevent America's comms watchdog, the FCC, from limiting what ISPs are allowed to do with your web browser histories and other private information.

Using what was – at least until the past month – an arcane piece of legislation called the Congressional Review Act of 1996, Flake proposes that the Republican-run Congress express its "congressional disapproval" of a rule passed in November by the FCC that required ISPs to notify subscribers about what types of information they are collecting on them, and say how that personal information may be shared, and with whom.

ISPs would also have been required to "take reasonable measures" to protect this sensitive information from hackers, and notify customers if their data was obtained by miscreants.

The requirements were due to take effect on March 2, but new FCC chairman Ajit Pai voted to block them at the last minute, claiming that there needed to be a "comprehensive and uniform framework to protect Americans' online privacy."

Flake's proposal [PDF] is a single paragraph that notes Congress "disapproves the rule submitted by the Federal Communications Commission relating to 'Protecting the Privacy of Customers of Broadband and Other Telecommunications Services', and such rule shall have no force or effect."

This formulation has already been used repeatedly by Congress this year to revoke decisions of the Obama Administration. Three such disapproval resolutions have already been signed into law by President Trump (previously it had been successfully applied only once, in 2001) and they have the effect of not only removing the rules but also prohibiting the reintroduction of that rule without a specific law supporting it.

Congress has 60 legislative days to register its disapproval in this way, which in reality means any Obama Administration rules going back to May 2016 can potentially be overturned.

Right now, Flake's proposed resolution is in the hands of the Senate's Committee on Commerce, Science, and Transportation to consider. The proposal is twinned with an identical resolution introduced by Representative Marsha Blackburn (R-TN); this version is with the House Committee on Energy and Commerce.

Misleading

In the same way that Pai masked the impact of his decision to stop the rules by claiming there needed to be a common framework, Senator Flake has also misleadingly framed his proposal as a way to "protect consumers from overreaching internet regulation."

How are consumers protected? According to Flake, by not having their ability to receive information about "innovative and cost-saving product offerings" limited. So next time you get that sales email or phone call from a company that bought your personal information from your ISP, be grateful for your "consumer choice."

Previous FCC chairman Tom Wheeler took a different view and passed the rules because he felt consumers "deserve to be able to make informed choices about their privacy and their children's privacy online. After all, it's your data – shouldn't you have a say over how it's used?"

Wheeler quoted a report from the Pew Research Center that found that 91 percent of American adults say consumers have lost control over how their personal information is collected and used by companies.

Both Pai and Flake argue that the new rules were an unnecessary expansion of the FCC powers over America's trade watchdog the FTC, and that the need to inform consumers about the information that ISPs store on you is a "dangerous deviation from successful regulation and common-sense industry practices."

Both, however, fail to note that the rules were based on existing FCC rules that cover what telecom companies can do with their customers' data.

Both FCC chair and senator also claim that since the FCC rules go further than FTC rules in protecting personal data, they introduce a dangerous inconsistency across the federal government.

Wheeler's argument was that since ISPs are able to track every single thing that people do online, the rules need to be stronger than the FTC rules, which are designed to cover what companies can do with, for example, a particular app that consumers install.

Reality bites

Pai and Flake's call for consistency purposefully ignores the reality of the current situation: that due to the fact that the Open Internet Order covering net neutrality is still in effect, the FCC continues to be responsible for the rules covering use of customer data by ISPs.

As a result, the effect of stopping the rules by Pai and blocking a future rule by Flake has the direct and immediate effect of lifting almost all rules surrounding what ISPs can do with their customers' data.

Until either new legislation is passed explicitly giving the FTC authority over ISPs, or the FCC runs a new process that reconsiders its privacy rules, that will remain the status quo.

If Pai and Flake really did care about consumers' rights, as they claim to, they could have chosen a dozen other routes instead of simply throwing the rules in the trash and sticking a lid on top.

There is one group happy about Flake's proposal however: the "Voice of America's Broadband Providers," the ITTA (Independent Telephone & Telecommunications Alliance).

"Passage of this resolution would return us to an environment in which broadband consumers receive consistent and uniform protection of the privacy of their personal information from all entities in the Internet ecosystem," said president Genny Morelli. ®