Posted By: Timothy Emmart
You spend an afternoon online. Your browsing activity ranges from dinner recipes, to banking, to alt-right political websites, to pornography, to the top Chinese food delivery near your zip code. According to new congressional action, your ISP may collect the information from your afternoon online. Your ISP now knows that you viewed pornography and it has this knowledge without your knowledge and without your consent. The Internet is not a private place and this is increasingly true.
Conceptions of privacy in the U.S. have been fluid throughout history and as it relates to technology and the Internet. Last year the FCC approved new privacy rules aimed at protecting consumer information in part by placing the consumer in the driver’s seat by requiring ISPs to gain consumer consent on data collection. The new rules would have required ISPs to 1) take reasonable steps to secure consumer data; 2) to inform consumers of what data was being collected, how the data is used, and who has access to it; and 3) to gain consumer consent to data collection. Unfortunately for consumers, the implementation of these new rules was blocked last month by the new head of the FCC.
Further action was taken last month when the House and Senate voted to overturn those rules in a Congressional Review Act. ISPs claimed that the new FCC rules would have placed them on unequal footing compared to entities such as Google and Facebook, which are regulated by the FTC. Consumers decry the recent abandonment of the new rules as a leap in the wrong direction in terms of Internet privacy. ISPs may now share consumers web browsing history with others without the permission of the consumer and without notice to the consumer.
The recent Congressional activity on Internet privacy begs the question: what should our conceptions of privacy in terms of ISPs consist of? If our expectations of privacy were on a continuum, on one end of that continuum you would find the home, which garners the greatest expectation of privacy. On the other end of the continuum you would likely find the public square where one could reasonably expect next to no privacy. Where, then, does the Internet fall on this continuum? For now, it seems that our expectation of privacy on the Internet is much closer to the level of privacy we would expect in the public square than in our own home.
The recent policy shift on how the FCC regulates ISPs is now more in line with how the FTC regulates entities such as Google and Facebook. The FTCs regulations on privacy could be characterized as inadequate. What is more, the entities that the FTC regulates such as Facebook have a history of violating the already lax privacy standards. Some would argue that the policy shift at the FCC on ISPs is not such a big deal in light of the fact that under the FTC entities such as Google and Facebook already collect personal data on users and without the knowledge or consent of the user.
What Does the Consumer Have to Say?
Do these policies reflect acceptance on the part of the consumer? Or, is the consumer simply insufficiently informed? Some have said of the recent act of Congress “this resolution is a direct attack on consumer rights.” This article has taken the position that, in terms of policy, our expectation of privacy on the Internet is closely related to our expectation of privacy in the public square. But, is our activity on the Internet analogous to our activities in the public square, or is it more private? Internet activity could be a Google search for a chicken masala recipe, or it could be activity that takes the user to their bank’s website. Or, a user may logon to a fringe political group’s website. The range of user activity on the Internet is wide, and some of that activity may innocuous to the user such that the user is not concerned about his/her privacy as it pertains to a particular activity. However, other activity such as banking may be viewed differently. With the new FCC regulations, ISPs will know the browser history of its users. They will know not just that a user frequents foodnetwork.com, but also bankofamerica.com. Are these activities the same type of activities that are accomplished in the public square for all to see in the absence of privacy? Probably not. It seems that many of us would characterize what we do online to be private, or at least somewhat private. So, why then are our policies not reflective this? Perhaps the answer is a lack of consumer knowledge.
The Need for Greater Consumer Knowledge
If it is the case that consumers expect a greater amount of privacy on the Internet as it pertains to ISPs and OSPs, then it is increasingly incumbent upon them to educate themselves sufficiently on the state of current U.S. policy. One solution that has been noted that enables consumers to shield themselves from ISP data collection is the use of a virtual private network (VPN). However, the use of a VPN is not without its own privacy concerns. Part of the problem for consumers is that much of the time when either the FCC or FTC finds an entity in violation of a policy the matter is settled, which may make it more difficult for consumer to know what is going on. Nevertheless, Internet privacy in this era will continue in the current vein until or unless consumers demand more. Unfortunately, for now conceptions of Internet policy will remain analogous to that which is expected in the public square.
At Least Pay Me
Why is data collection so important to ISPs? In a word: money. As an alternative to preventing ISPs from collecting the data that they are seeking, suppose a world where the consumer gets a monetary kickback every time their data is used to further line the pockets of the ISP. This would solve the knowledge issue, because it would give the consumer incentive to know who is doing what with their information. More, this type of policy would make what ISPs seek to do feel much less like stealing. Currently, an ISP can collect your data without your knowledge and without your consent. More, the ISP is monetizing this free data. There is something wrong about this, and I think many consumers would agree. Perhaps consumers would appreciate the opportunity to sell their data to the ISP.