Tag: FCC

ISP privacy rules. What’s next is what matters.

Photo by onephoto

If we merely politicize the issue of privacy, we’ll never have any.

When my first kid was born, I didn’t even have an internet account yet.  But somehow, multiple advertisers knew that there was a new baby because we were inundated with direct mail offers for every infant-related product under the sun.  Within a couple of years, I joined millions of Americans who got online for the first time and was present in more than a few meetings with advertising wonks talking about how much more effectively they would be able to “target” consumers via the web. These discussions invariably included a lot of speculation about how much privacy consumers would be willing to give up for the sake of convenience or savings.

It turns out we were willing to pretty much abandon privacy, but not quite in the way it was being discussed in the early 90s.  Instead, Web 2.0 evolved differently from the way it was imagined in those days, and I think it’s fair to say that for many people, using the major online platforms is only barely optional.  Shop online without Amazon, have a social media presence without Facebook, or do any number of things without Google?  Not likely.

So, rather than make conscious choices to allow platforms to harvest and sell data about our online activities, I think we just passively accepted or ignored this reality for the sake of using platforms and apps.  Who really reads Terms of Service or pauses to seriously contemplate that opt-in moment when an app wants access to various data?  And with mobile apps, opt-in is typically not optional at all; it’s either integrated with some amount of personal data, or it just doesn’t work.

Of course, it’s no surprise that the internet lit up with headlines decrying the GOP’s overturning the ISP privacy rules that were put in place under Obama’s FCC Chairman Tom Wheeler.  And there’s no question this is an issue to watch, but I predict that nobody really will watch it as long as it remains politicized through an Obama/good v. Trump/bad lens.  Because let’s cut to the chase here. Under Obama, we did not really address online privacy in any meaningful way.  Under Trump, we may continue to drop this ball, but for the moment, let’s at least try to keep our eyes on the ball and watch where it goes.

Ultimately, if we hope to have any kind of substantive privacy regulation, then consumers need to be shielded from certain practices conducted by both ISPs and “edge providers,” meaning platforms like Google and Facebook.  During the Obama administration, NetNeutrality rules placed ISPs under the ambit of the FCC while the “edge providers” remained governed by the FTC.  Then in October 2016, Chairman Wheeler introduced the privacy rules — rules different from those governing edge providers — for ISPs, which were just overturned, resulting in much scorn and fear.

The headline issue for consumers is that the ISPs can now sell your data without permission.  This is true. But with or without this rule, Google and friends have been free to sell your data without permission for years—and they have certainly been doing so.  According to FCC Chairman Ajit Pai’s own testimony, the discrepancy between ISP rules and edge-provider rules were at the heart of his initial criticism of the rules proposed by Wheeler last October.  Pai has stated that he agrees with the goals of privacy regulation but that he was opposed to having two separate and inconsistent set of rules governed by two different agencies.  I noted this in a previous post citing Pai’s dissent over adoption of that proposal.

So, what now? 

It seems to me that if we actually care about privacy—and I’m not entirely convinced we do—that it’s what happens next that really matters.  Does the FCC, and the GOP leadership, stop here, merely eliminate the ISP rules and move on? Or does Chairman Pai live up to the promise inherent in his past criticism and seek to forge new and better protections that uniformly govern both ISPs and edge providers? It could certainly go either way, but my cynical prediction is that consumers will continue to read this story through the lens of politics and (frankly) a fairly lazy press, while both ISPs and edge providers do whatever the hell they want with our data.

I see a lot of comments stating that an important distinction to make is that we have a choice to use one platform or another but no choice other than to connect to the internet via a single ISP—often one ISP in a particular market.  This is true to an extent, but I have to say that it also seems like a self-soothing delusion to suggest that the world of edge providers is filled with choices.  Google dominates search and a massive share in mobile, and there is only one Facebook.  Are you planning to abandon either platform for the sake of privacy? And what happens in a market where a platform like Google becomes both ISP and edge provider?  Which rules govern privacy then?

Moreover, as Pai observes in his dissenting opinion, people connect via multiple ISPs throughout the day; but that doesn’t mean our online activities are not identifiable by edge providers no matter where we go.  Log into your Google account, Facebook, or Amazon, and it doesn’t really matter whose WiFi or mobile service you’re using in that moment—you’re visible as you; and all of these platforms are collecting and selling data about you.

As stated in other contexts, the web we have is not driven by altruistic principles like freedom, sharing, and speech; it’s driven by advertising and data mining.  That the ISPs want to share the market with the edge providers is not in itself unreasonable. But the entire ecosystem should be subject to uniform privacy protections for all consumers.  Chairman Pai may indeed fail to pursue his stated intent to achieve that goal, but it seems to me that’s the agenda to watch.  Certainly, we’re unlikely to achieve effective regulations by “debating” the issues through the fog of politics and scary headlines.

How Bad is the FCC Pause on Privacy Rules?

Photo by kentoh

By now, you may have encountered a handful of headlines stating that the new, Trump-appointed FCC Chairman Ajit Pai has temporarily halted new privacy rules passed under Obama’s Chairman Tom Wheeler.  As a general takeaway, you’re also likely to see statements like “Republicans favor corporations over consumer privacy,” and as with all things under the Trump imprimatur, trust is not going to be the default position for many of us. But, then, viewing every issue through the lens of Trumpism is also another way of distorting reality, making ourselves bananas, and failing to compartmentalize issues, which is almost always necessary.

On the subject of consumer privacy and the FCC, any criticism that Wheeler’s policies favored companies like Google and Facebook over other companies should be at least considered.  As readers know, I and others criticized Wheeler’s so-called “set-top-box” proposal as an attempted hand-out to Google at the expense of television creators.  So, when this story about privacy broke, I wasn’t prepared to take every headline at face value just because Pai is a Republican in the Trump administration. He was in the FCC before the election and would likely still be there regardless of who became president.

Let me jump to the main point here:  we consumers want and deserve control over the gathering, selling, and use of our data.  We do not have this control yet. There is no comprehensive, uniform body of law that is adequately protecting privacy in cyberspace for American citizens.  And these facts are central to Pai’s criticisms of Wheeler’s rules of October 2016.

With the adoption of NetNeutrality—another topic for another day—the FCC was empowered to regulate ISPs like AT&T and Verizon in the same way it regulates telephone carriers.  As a result, it was then empowered to establish rules for these ISPs regarding the manner in which they may gather and use consumer data.  This is fine in principle, but critics, including Pai, argued that these FCC rules were not consistent with the rules set by the Federal Trade Commission, which apply to data gathering and use by companies like Google and Facebook, referred to here as “edge providers.”

Because the ISPs hope to compete in online advertising with the “edge providers,” they argued that the disparity in rules creates an unfair advantage for the likes of Google in the market. And that’s when I will at least give these critics some benefit of the doubt. Because as much as I may admire President Obama on a wide range of topics, his administration consistently tilted in Google’s favor across many areas of governance.

In his dissenting opinion regarding the FCC rules now on hold, Pai quoted the Electronic Privacy Information Center in rebuttal to Wheeler’s assertion that providers like Google and Facebook only see a “slice” of our data:

The FCC describes ISPs as the most significant component of online communications that poses the greatest threat to consumer privacy. This description is inconsistent with the reality of the online communications ecosystem. Internet users routinely shift from one ISP to another, as they move between home, office, mobile, and open WiFi services. However, all pathways lead to essentially one Internet search company and one social network company. Privacy rules for ISPs are important and necessary, but it is obvious that the more substantial threats for consumers are not the ISPs.

That certainly jibes with my own experience as a consumer. Regardless of how I get online—whether at home, through my mobile device, or via my local coffee house WiFi—all of my substantive activity occurs on web platforms.  So, yeah, I think privacy rules governing ISPs and “edge providers” should be both robust and consistent. But are they either robust or consistent?

That’s the nitty gritty we’re going have to try to follow in the coming months; and the task is not made easier when editorials fall into the trap of reporting this matter as Republican = corporate favoritism and Democrat = consumer protection.  When it comes to the interests of the Big Data companies, that narrative just does not hold up.  Chairman Pai’s core complaint about Wheeler’s FCC privacy rules is that the providers with the most detailed view of our data (.e.g. Google) would have far more lenient governance than the providers who have less insight into our private lives (e.g. Verizon). So, to the extent that Pai is correct in this assessment, I have to agree that consumer protection is best served by consistent rules governing the entire internet ecosystem.

Stay tuned. Much more to follow I’m sure.

EFF Manufacturing Scandal in the Service of Google

eff-pinnochio2

On October 25, four days after the unprecedented removal of the Register of Copyrights from her office, the Electronic Frontier Foundation released a post on its Deeplinks Blog asserting rather stridently that the Copyright Office never would have reviewed the FCC “set-top-box” proposal if not for the urging of the MPAA.  I think we can now say that there is officially no line EFF will not cross, no lie it will not tell, in the service of Google’s interests over the public interest, which the organization claims to serve.  The thesis of the blog post boils down to the following syllogism:

1. We have argued that the FCC “set-top-box” proposal does not implicate copyright law.

2.  Because we are obviously correct in this view, the Copyright Office should have agreed with us.

3. Therefore, the only explanation for the Copyright Office disagreeing with us is that they must have been pressured by the MPAA.

And so, the EFF went looking for proof of the motion picture industry’s clandestine influence on the Copyright Office via a FOIA request, and they released supporting documents with their blog post that they know most people won’t bother to read.  If anyone does read the super secret emails betwixt FCC, MPAA, the Copyright Office, and the USPTO, they will discover (hold your breath) requests for meetings to discuss issues of concern with regard to the FCC proposal!  Ah ha! Meetings!

I know this may be a shocker, but there is nothing illegal or improper about any stakeholder, operating above board, requesting meetings to discuss concerns they may have with a proposal by any federal agency.  And emails to arrange meetings—I mean literally communications as banal as, “Hey, does next Tuesday work for you?”—are not subject to any rules regarding disclosure because they’re not substantive.  Nowhere in the “exposed” communications presented by the EFF is there any evidence of motion picture representatives drawing conclusions for Register Pallante that she would not have come to on her own with regard to the FCC “set-top-box” proposal.  The FCC proposal, like any other federal agency proposal, allows for comments from multiple stakeholders that become part of the public record and which members of any other agency may read and consider.  It is also neither illegal nor improper for a stakeholder to send an email to a member of an agency to say, “This is our statement for your consideration.”

The broader point is that one does not need to be an expert at the level of Maria Pallante or MPAA’s attorneys to consider that any proposal which fundamentally alters a licensing paradigm between producers and distributors—as the FCC proposal clearly does—is going to have at least some copyright implications.  Had the EFF made a more nuanced argument, that would be one thing, but to assert that the Copyright Office simply never would have entertained a copyright angle without pressure from the MPAA is just an outright lie.  What the EFF doesn’t like is that their position on the FCC proposal is wrong, and so they’ve tried to manufacture a scandal on the heels of Pallante’s unprecedented and bizarrely orchestrated removal from office.  Why?  Presumably, because they know that at least a segment of the public will find the Hollywood-intrigue narrative easier to follow and far more dramatic than the more complex, but less interesting, truth.

On the other hand …

If a hint of scandal is what the reader wants, consider the October 25th notice from the Campaign for Accountability, which asked FCC Counsel to investigate emails between the FCC Chairman Tom Wheeler and Google VP Vint Cerf.  What’s the problem? Unlike innocuous emails requesting meetings, the FCC’s rules require disclosure of ex parte communications that amount to substantive comments on policy.  In its letter to counsel, the CFA cites an April 8th email from Mr. Cerf to Chairman Wheeler expressing his substantive views with regard to the commission’s April 1 notice on protecting consumer privacy within the ambit of the “set-top-box” proposal. In case you’re not following the bouncing ball, Google likes to harvest user data and doesn’t have great track record on the privacy thing.

See what happened there is that a Google executive expressed a relevant, policy-focused comment via email pertaining to the FCC proposal, and the FCC was supposed to disclose the comment and didn’t.  At least that’s CFA’s view.  Whether or not there are more communications of this nature remains to be seen, but against the backdrop of Google’s now well-documented influence throughout the current administration, it’s hard to imagine that anyone is still believing the narrative that “Hollywood” is pulling the strings with regard to the FCC proposal.

Perhaps more significantly is that while the EFF pitches a non-scandal in an effort to erase the copyright implications of the FCC proposal, they seem remarkably unconcerned about those privacy implications, which one would think should to take precedence for an organization claiming to defend consumers in the digital market.  Why?  Assume for the moment that the producers are wrong about the proposal undermining the investment model that creates television shows. That would still leave the privacy concerns with regard to what kind of data Google would be allowed to harvest from the magic TV box it wants to put in your home.  The EFF’s overplayed hand on the copyright issues combined with their silence on the privacy issues related to the FCC proposal suggest that this organization largely cares about one thing:  whatever Google wants.