Last week, FCC Chair Ajit Pai declared that he would halt the Commission’s new privacy rule before it kicks in on March 2. That last-minute decision is now under fire from within the FCC and beyond.
This privacy rule — delineating which user data an internet service provider can and can’t share without a user’s permission — stems from our old friend, net neutrality, which just happens to celebrate its second birthday today.
Two years ago today, the FCC voted to recategorize broadband so that it could be regulated more like a utility.
One of the side-effects of this decision is that privacy concerns about ISPs shifted from being the duty of the Federal Trade Commission to the FCC. And when the FCC finalized its version of these privacy rules in Oct. 2016, it created some new ISP-specific regulations that did not sit well with the telecom industry.
Basically, the rule says that ISPs must get users’ permission before they can share certain sensitive information with third parties. They must also give users a way to opt out of having their less-sensitive information shared with third parties. What rubbed ISPs the wrong way is that the rule only applies to service providers, not content providers.
They, along with a pre-Chairman Pai and his fellow anti-regulation regulator Commissioner Michael O’Rielly, claimed this is unfair to ISPs, glossing over the fact that the FCC can’t regulate content providers.
After the 2016 election, when it became clear that the winds of political change would be blowing through Washington in 2017, the telecom lobby filed a petition asking to have the FCC revisit and reverse the privacy rule… and the Title II reclassification along with it, eventually.
The industry has also been asking Congress to act to reverse the privacy rule, using the Congressional Review Act. That Act allows Congress to review, rule on, and reverse any piece of regulation put into place during the last days of the previous administration. It’s only been successfully used once prior to 2017, but has already been deployed twice by the Congressional majority during the first month of the Trump administration, with signs pointing to more uses coming.
Then on Friday, Pai issued a statement saying that he would be asking the Commission — himself, O’Rielly, and lone Democrat Mignon Clyburn — to vote on whether to adopt a stay on the data security part of the rule, which goes into effect on March 2.
If the Commission votes on a stay, it will almost certainly adopt one in a 2-1 vote. If the Commission does not vote on a stay, then Pai has — and will use — the authority to tell the appropriate FCC bureau to hold off. Either way, the rule will not be enforced.
Pai’s latest action has prompted an outcry from consumer and privacy advocacy groups, as well as from Senator Ed Markey (MA).
Markey, along with several other Senators, vowed earlier this month that if the FCC were to take action to reverse net neutrality, it would “unleash a political firestorm” the likes of which would make the record-smashing four million comments the Commission received over net neutrality in 2014 look “minuscule” by comparison.
He repeated the sentiment in a call with media today, pointing out that most consumers “are effectively captive to their ISPs,” having no real competition to choose from, and cannot simply change providers if they find their current provider’s privacy standards insufficient.
ISPs “can sell dossiers [of subscriber data] to the highest bidder without consent, and that is unacceptable,” Markey continued. “We cannot allow Republicans to put Big Broadband before competition, to put corporate interests before consumers. So let’s be clear about the ultimate goal here: Chairman Pai and his Republican allies in Congress want to do the bidding of Big Broadband … and will clearly try to do that through every avenue possible.”
Markey then vowed to “oppose every effort” by anyone who attacks broadband privacy, be it Congress or the FCC, adding, “we will rally millions of Americans to this cause. This is something that goes right to the heart of the 21st century, right to the heart of the relationship between Americans and the internet, and if the Republicans think that they will be able to roll back these protections without a huge fight, they are sorely mistaken.”
As to whether it will be Congress or the FCC that acts, however, that’s still very much up in the air. After his first FCC meeting as Chair, Pai demurred when asked whether he would rather the FCC dismantle its own rules or for Congress to do it instead, telling the press, “That’s entirely a decision for elected officials to make, and I don’t pretend to be in a position to either prescribe to them or even recommend to them what the course of action should be.”
The repeated rallying cry for opponents to the ISP privacy rule is that it’s not fair for an internet service provider to be treated and regulated differently than an edge provider — internet-based services like Facebook, Google, Amazon, and so on. Instead of the FCC imposing strict rules, the argument goes, instead regulation should be “harmonized” with the FTC’s standards.
The FTC, however, has expressed repeated support for the rule as-is. At the time the FCC voted to adopt the rule, then-FTC chair Edith Ramirez applauded the action, saying that the FCC’s rule “will provide robust privacy protections, including protecting sensitive information such as consumers’ social security numbers, precise geolocation data, and content of communications, and requiring reasonable data security practices.”
Ramirez, though, has since stepped down from the FTC. Maureen Ohlhausen is currently the Acting Chair, but has not yet delivered a statement about the FCC’s privacy rule.
However, FTC Commissioner Terrell McSweeny and FCC Commissioner Mignon Clyburn took the unusual step of issuing a joint statement [PDF] about the privacy rule, and FCC chair Pai’s method of backing away from it.
“Chairman Pai has created an unfortunate dilemma: accept a Bureau-level action that indefinitely unwinds key consumer privacy protections established by the FCC last year, or accept four business days (rather than the usual three weeks) to evaluate and vote on a decision that has massive ramifications for the security of private information held by broadband providers,” said Clyburn.
“I am very troubled by the news that the data security protections of the Broadband Privacy Rule will be put on hold,” the FTC’s McSweeny added.
“In an age of Internet connected everything, removing security requirements from broadband providers is needlessly dangerous for American consumers,” said McSweeny. “The rules the FCC adopted conform to long standing FTC practice and provide clear rules on how broadband companies should protect their customers’ personal information.”
“The outcome is clear,” both continued. “Chairman Pai is determined to take action that leaves consumers without a cop on the beat protecting their personal information from misuse by their broadband service provider.”
“This means no federal data security requirements whatsoever for broadband providers,” Clyburn and McSweeny concluded, calling it the “antithesis” of putting consumers first.