FCC Proposes Baseline Privacy Protections Against ISP Tracking

By Lucian Armasu
published

The FCC proposed some new privacy protections for broadband customers that would allow them to opt-out of various tracking that ISPs employ to improve their services, and it would make consent for collecting customer data that isn’t necessary for delivering broadband services opt in.

The Need For Basic Privacy Protections

After seeing an increased interest from ISPs and wireless carriers to adopt things such as “supercookies” and other tracking mechanisms that would be injected into their customers' Web streams, in the past few years the FCC has taken it upon itself to set some privacy ground rules. In many of those cases, the ISPs never told the customers about the tracking, nor did they allow their customers to opt-out of it, and the FCC wants to change that.

FCC chairman Tom Wheeler said in a statement that ISPs have too much visibility into their customers' online activities, and he doesn’t want them to misuse that information beyond what the customers would expect them to do with it (such as using the data to improve their service):

“Our ISPs handle all of our network traffic. That means an ISP has a broad view of all of its customers’ unencrypted online activity — when we are online, the websites we visit, and the apps we use. If we have mobile devices… our providers can track our physical location throughout the day in real time. Even when data is encrypted, our broadband providers can piece together significant amounts of information about us — including private information such as a chronic medical condition or financial problems — based on our online activity,” said Wheeler in an official statement.

Wheeler also believes that “When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy.” Although he admitted that many websites today track and store the same kind of information about their customers, he also thinks we have a choice in using those websites. We do not such choice when looking for an ISP.

A group of ISPs and carriers prevented the new HTTP/2 standard from remaining encrypted by default, as originally proposed. However, both Google and Mozilla have decided to only ever serve encrypted traffic over the HTTP/2 protocol in their browsers, which essentially makes encrypted traffic the default when using HTTP/2 anyway.

However, the vast majority of websites out there still use unencrypted HTTP/1.1, which gives ISPs an opportunity to see what their customers are doing. As Wheeler mentioned in the above statement, the ISPs can still derive certain information from encrypted connections.

The New Rules

The FCC proposed that the the use and sharing of customer information be split into three different categories:

Information that is necessary to deliver broadband services can still be obtained without customer consent.ISPs and their affiliates would still be able to market “communications-related” services, but customers would be able to opt-outAll other uses would require explicit opt-in consent from the customers

The new rules also say that if the broadband provider is collecting information about its customers, then it’s also the provider's responsibility to keep it secure. If companies are liable in some way for losing their customers’ data to data breaches, then the incentive is much higher to both collect less sensitive information and also to ensure that they invest significant resources in protecting whatever data they do collect.

Wheeler also wanted to make it clear that these new privacy rules apply only to the ISPs. They don’t apply to “edge services” such as Twitter or Uber, nor do they apply to government surveillance. The rules also don’t prohibit ISPs from sharing customer information -- they require only that the ISPs obtain customers’ consent before doing so.

Wheeler said that this should work similarly to how mobile apps request permission to use our location and that consumers should always have that kind of control about how their data is shared from the first instance of using a service.

The new rules seem to offer a baseline of privacy protection for consumers. Although ISPs are probably not going to like being restricted in how they collect or share their customers' data, in the long term it may be in their interest, as well.

When pressed, consumers eventually take matters in their own hands. The same thing could happen with tracking. The more it’s done in a way in which consumers feel they have no say over it, the more tools that completely block any kind of tracking (even that which could be considered “useful” for improving certain services) are going to be in higher demand.

For now, the FCC’s new privacy rules will be open to the public (as well as to ISPs) for consultation, before the agency decides what the final language will say. The FCC is also seeking additional comments on how to achieve its pro-consumer and pro-privacy goals.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Topics
Security
11 Comments Comment from the forums
  • jasonelmore
    Mr Wheeler, Just allow Competition and all of these other rules wouldnt need to be made up.. The ISP's would compete on privacy.

    simple solution, let us have competition in the broadband arena.. Not just mobile arena.. We want multiple cable choices, at least one fiber choice, and multiple dsl choices.

    thanks
    Reply
  • firefoxx04
    Can't compete without running multiple cables to each home.. Or several fiber lines. Too expensive. It has to be a controlled monopoly.

    What needs to happen is Google fiber needs to spread like wild fire.
    Reply
  • Brian28
    Mr Wheeler, Just allow Competition and all of these other rules wouldnt need to be made up.. The ISP's would compete on privacy.
    Competition would be good, but we still need some rules to provide transparency. Without that much, the ISPs could just lie or mislead about how they collected or used your data. (Verizon: "No, we don't have supercookies.") Even with more competition, the barriers to entry are still high to build new infrastructure, so we are unlikely to get enough choices to see the truly good options flourish.
    Reply
  • alextheblue
    Can't compete without running multiple cables to each home.. Or several fiber lines. Too expensive. It has to be a controlled monopoly.
    If the local and state governments didn't have contracts with cable firms establishing them as government-sanctioned monopolies, we could use the existing infrastructure. Just like they do with analog phone service as well as DSL. In fact some areas already do it, there are a few places where multiple cable companies share (rent/lease access from whichever firm owns them) the same lines and you choose which provider you want.

    I do feel that fiber is a better solution long-term and that DOES require new lines. FiOS for example is really fantastic, as shown by the ISP poll here at TH. Even so, if we had more competition in cable internet then FiOS would have more pricing pressure from the cable ISPs. This would lower costs even for FiOS subscribers.
    Reply
  • alextheblue
    Oh and as far as ISP tracking goes, that's a good start but... they're the least of our worries. That doesn't touch concerns about tracking by Google and the warrantless data-snooping of the Feds. I MEAN- all praise our wonderful overlords!! They're protecting us from ourselves, bless them!
    Reply
  • falchard
    Usually I am the screw the FCC let the free market do its thing sorta commenter. But this is a good idea.
    Reply
  • Richard_82
    Mr Wheeler, Just allow Competition and all of these other rules wouldnt need to be made up.. The ISP's would compete on privacy.

    simple solution, let us have competition in the broadband arena.. Not just mobile arena.. We want multiple cable choices, at least one fiber choice, and multiple dsl choices.

    thanks

    Execpt there is not competition, in this realm, no isp including google, privacy is something that consumers want, and isp's are unwilling to have competition over not a single one. As it is a touchy matter with our (US) own government this furthers the issue of privacy making an already unwilling isp have an excuse. So please spare me free market bull, free market works when companys want to compete, not when there all of the like mind-set.
    Reply
  • jasonelmore
    You cant really say that Richard, because there are a lot of ISP's that dont exist, that would exist if competition is allowed.

    What really needs to happen is the goverment needs to own the fiber and everyone else ride on top of it. Fiber is definitely the perfect cable for internet. Cable distance hardly matters, Latency is super low (light has no resistance to fight with vs copper and electrons), it's bendable/flexible, Temperature does not affect it, etc... the list goes on and on. So there is no reason to keep wasting money and time on laying new copper. I would hope 20 years from now most major highways have fibre buried underneath them. Atm, barely any of them have it.
    Reply
  • falchard
    Nothing could be worse for the internet than the government stepping in and owning all the fiber lines. Most people don't realize just the sheer amount of internet infrastructure growth happening in the United States. Most of it is done efficiently now instead of a patchy network of connected computers. It would be like mirroring the development of rail and probably have similar results.
    Reply
  • Richard_82
    17783429 said:
    You cant really say that Richard, because there are a lot of ISP's that dont exist, that would exist if competition is allowed.

    What really needs to happen is the goverment needs to own the fiber and everyone else ride on top of it. Fiber is definitely the perfect cable for internet. Cable distance hardly matters, Latency is super low (light has no resistance to fight with vs copper and electrons), it's bendable/flexible, Temperature does not affect it, etc... the list goes on and on. So there is no reason to keep wasting money and time on laying new copper. I would hope 20 years from now most major highways have fibre buried underneath them. Atm, barely any of them have it.

    its called a "standard of practice" there doing it so will I, and the fact that i can get money for your information in heaps, or other benefits. As far as FCC stepping in, that privacy should also include encryption, with a minimum end to end encryption to shut up other gov. agency's, IT is unfortunate that the FCC is needing to step in. if competition existed it wouldn't have been an issue. Whatever happened to the "right to remain silent" (via freedom of speech), or to have a private conversation without folks listening in and watching almost every move, take a look, at all the ways companies try to pry information from you for free (personally i call that slavery, making someone work for free, discounts are not a wage.) SO yes i can say that, consumers want privacy, ISP is not willing to compete on privacy, hasnt wanted to compete on that for 25-30 years. So yes free market can work, but like i said ONLY WHEN THEY WANT TO COMPETE. WHICH MEANS IF EVERY COMPANY IS DOING THE SAME THING, ITS NOT REALLY COMPETITION. 1970 people in majority where in favor of privacy by 60% 80's little more than 50%, 90's about 70%, 2k again 70%, 2k10 around mid 80% and rising, all in favor of having privacy as an option. So again yes i can say that, i can most defentaly say that ISP is not competing for privacy of its customers. Free market only works if the industry consernd wants to compete on a matter on any given matter.
    Do i wish that the FCC to step in no, Unfortantly, ISP was not competing and openly refused, I wish the law was written in a fashion that forced them to compete on the matter, but its easyer to enforce law that has clear lines, which i understand its better to have clear laws than abusable laws.
    Reply