U.S. Congress Removes ISP Privacy Rules

The U.S. House of Representatives recently approved a repeal of regulations that required Internet service providers (ISPs) to protect customers’ privacy, Reuters reports.

The regulations to be repealed, which were adopted by the FCC last October but had not yet gone into effect, required ISPs to get customers’ consent before using and sharing their exact location, financial information, health information, children’s information, and/or browsing history for marketing and advertising.

In support of repeal, the Internet & Television Association (NCTA) said the action “marks an important step toward restoring consumer privacy protections that apply consistently to all Internet companies.”

“With a proven record of safeguarding consumer privacy, Internet providers will continue to work on innovative new products that follow ‘privacy-by-design’ principles and honor the FTC’s successful consumer protection framework,” the NCTA stated. “We look forward to working with policymakers to restore consistency and balance to online privacy protections.”

Similarly, the American Cable Association stated that it supports “Congress’ intervention to reverse the harms associated with the FCC’s unwarranted and burdensome broadband privacy regulations that singled out ISPs while exempting giant Internet edge providers, who have as much, if not more, access to similar consumer data.”

On the other hand, the Electronic Frontier Foundation (EFF) published a list of five things the repeal could enable ISPs to do, including hijacking user searches and inserting ads into traffic, and stated that the repeal “breaks with decades long legal tradition that your communications provider is never allowed to monetize your personal information without asking for your permission first.”

“This will harm our cybersecurity as these companies become giant repositories of personal data,” the EFF added. “It won’t be long before the government begins demanding access to the treasure trove of private information Internet providers will collect and store.”

Nathan Wenzler, chief security strategist at AsTech, told eSecurity Planet by email that while many websites leverage users’ browsing history to deliver targeted advertising, they can only do that for what the user does on their own site. “An ISP, being the means to connect directly to the Internet for a user, would be able to gather every single [bit] of usage data for a user, including every site ever visited,” he said.

Although ISPs say they need that data to stay competitive with sites like Facebook and Google in delivering browsing data to advertisers, Wenzler called that an apples-to-oranges argument. “ISPs were meant to provide the means for people to connect to the Internet at large, while sites like Facebook and others deliver the content that rides on top of it all,” he said.

“It has always been considered by most technology experts that this segregation was critical in order to allow individuals to connect to the Internet without being restricted, having information filtered from view or to have those users exposed in any way,” Wenzler added. “From an idealistic standpoint, the Internet was meant to freely provide information to all, without limit or condition.”

Thycotic chief security scientist Joseph Carson called the planned repeal a major loss for ISP customers’ security and privacy, saying it will make them an increased target of cybercrime. “You cannot have security without privacy,” he said. “Privacy is a major component of security, and any reduction or removal of privacy is a loss of security.”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles