Photo by onephoto
If we merely politicize the issue of privacy, we’ll never have any.
When my first kid was born, I didn’t even have an internet account yet. But somehow, multiple advertisers knew that there was a new baby because we were inundated with direct mail offers for every infant-related product under the sun. Within a couple of years, I joined millions of Americans who got online for the first time and was present in more than a few meetings with advertising wonks talking about how much more effectively they would be able to “target” consumers via the web. These discussions invariably included a lot of speculation about how much privacy consumers would be willing to give up for the sake of convenience or savings.
It turns out we were willing to pretty much abandon privacy, but not quite in the way it was being discussed in the early 90s. Instead, Web 2.0 evolved differently from the way it was imagined in those days, and I think it’s fair to say that for many people, using the major online platforms is only barely optional. Shop online without Amazon, have a social media presence without Facebook, or do any number of things without Google? Not likely.
So, rather than make conscious choices to allow platforms to harvest and sell data about our online activities, I think we just passively accepted or ignored this reality for the sake of using platforms and apps. Who really reads Terms of Service or pauses to seriously contemplate that opt-in moment when an app wants access to various data? And with mobile apps, opt-in is typically not optional at all; it’s either integrated with some amount of personal data, or it just doesn’t work.
Of course, it’s no surprise that the internet lit up with headlines decrying the GOP’s overturning the ISP privacy rules that were put in place under Obama’s FCC Chairman Tom Wheeler. And there’s no question this is an issue to watch, but I predict that nobody really will watch it as long as it remains politicized through an Obama/good v. Trump/bad lens. Because let’s cut to the chase here. Under Obama, we did not really address online privacy in any meaningful way. Under Trump, we may continue to drop this ball, but for the moment, let’s at least try to keep our eyes on the ball and watch where it goes.
Ultimately, if we hope to have any kind of substantive privacy regulation, then consumers need to be shielded from certain practices conducted by both ISPs and “edge providers,” meaning platforms like Google and Facebook. During the Obama administration, NetNeutrality rules placed ISPs under the ambit of the FCC while the “edge providers” remained governed by the FTC. Then in October 2016, Chairman Wheeler introduced the privacy rules — rules different from those governing edge providers — for ISPs, which were just overturned, resulting in much scorn and fear.
The headline issue for consumers is that the ISPs can now sell your data without permission. This is true. But with or without this rule, Google and friends have been free to sell your data without permission for years—and they have certainly been doing so. According to FCC Chairman Ajit Pai’s own testimony, the discrepancy between ISP rules and edge-provider rules were at the heart of his initial criticism of the rules proposed by Wheeler last October. Pai has stated that he agrees with the goals of privacy regulation but that he was opposed to having two separate and inconsistent set of rules governed by two different agencies. I noted this in a previous post citing Pai’s dissent over adoption of that proposal.
So, what now?
It seems to me that if we actually care about privacy—and I’m not entirely convinced we do—that it’s what happens next that really matters. Does the FCC, and the GOP leadership, stop here, merely eliminate the ISP rules and move on? Or does Chairman Pai live up to the promise inherent in his past criticism and seek to forge new and better protections that uniformly govern both ISPs and edge providers? It could certainly go either way, but my cynical prediction is that consumers will continue to read this story through the lens of politics and (frankly) a fairly lazy press, while both ISPs and edge providers do whatever the hell they want with our data.
I see a lot of comments stating that an important distinction to make is that we have a choice to use one platform or another but no choice other than to connect to the internet via a single ISP—often one ISP in a particular market. This is true to an extent, but I have to say that it also seems like a self-soothing delusion to suggest that the world of edge providers is filled with choices. Google dominates search and a massive share in mobile, and there is only one Facebook. Are you planning to abandon either platform for the sake of privacy? And what happens in a market where a platform like Google becomes both ISP and edge provider? Which rules govern privacy then?
Moreover, as Pai observes in his dissenting opinion, people connect via multiple ISPs throughout the day; but that doesn’t mean our online activities are not identifiable by edge providers no matter where we go. Log into your Google account, Facebook, or Amazon, and it doesn’t really matter whose WiFi or mobile service you’re using in that moment—you’re visible as you; and all of these platforms are collecting and selling data about you.
As stated in other contexts, the web we have is not driven by altruistic principles like freedom, sharing, and speech; it’s driven by advertising and data mining. That the ISPs want to share the market with the edge providers is not in itself unreasonable. But the entire ecosystem should be subject to uniform privacy protections for all consumers. Chairman Pai may indeed fail to pursue his stated intent to achieve that goal, but it seems to me that’s the agenda to watch. Certainly, we’re unlikely to achieve effective regulations by “debating” the issues through the fog of politics and scary headlines.