The House Agrees: ISPs Can Sell Your Data Without Permission

Last week, the U.S. Senate voted to reject the Federal Communications Commission's (FCC) soon to be implemented privacy framework that would’ve stopped internet service providers (ISPs) from selling your data without permission. It's now cleared the House, as well, in a 215 to 205 vote that would eliminate the FCC’s new privacy rules. Now only President Trump can stop this bill, but chances that he would do so are slim.

ISPs To Use Your Data Unhindered By Privacy Rules

Last fall, the FCC voted to increase privacy protections for broadband customers because over the past few years multiple ISPs have been tracking users' browsing habits across the web without consent. This has prompted some small fines from the Federal Trade Commission (FTC) and FCC, but ultimately ISPs could still attempt to track, collect, and then sell data in other ways.

The FCC wanted to establish clear guidelines for what kind of data they would be allowed to use, and when they should be asking users for consent.

Asking users for permission to sell their data didn’t seem acceptable to the ISPs, which protested the move and lobbied Congress to reverse the FCC’s rules before they went into effect. One of their arguments is that services such as Gmail or Facebook also track you and sell your data.

However, although some of those services can be rather hard to quit because of their widespread use and popularity, they aren’t mandatory, and it’s often easy to find a good alternative that doesn’t sell your data without consent. It’s much more difficult for Americans to change their ISPs, given the fact that most locations usually have only one good internet provider, or two at most. It’s also much more of a hassle to change your contract-bound ISPs than it is to change your email address.

Unlike Gmail or Facebook, which should in theory only track you in a limited context (although Facebook has been found before to break those bounds), ISPs will be able to track every single website that you access on your computer or mobile phone (wirelessly). The bottom line is that the tracking an ISP can do is much more comprehensive. Because the broadband market isn’t steaming with competition, you also don’t have much choice about it.

U.S. House Votes To Eliminate FCC Privacy Rules

The U.S. Senate voted to reverse the FCC’s privacy rules last week 50-48 on a party line vote. Republicans voted to eliminate the broadband privacy protections, while Democrats voted to keep them. However, it could be argued that if the Democrats wanted to stop this bill, they could’ve also filibustered it.

Once the Senate passed the bill, it should’ve been even easier for Republicans to reject the FCC privacy framework, and indeed it was. The House vote was 215 to 205, and again there was no filibuster to worry about. The House vote was also largely on party lines, with some exceptions.

In a way, this came as a surprise, because the House voted unanimously twice in a row for the Email Privacy Act, but the Senate never put it up for a vote. Therefore, it seemed like the House cared more about privacy than the Senate did. However, the difference between the two situations may be that the Email Privacy Act is mainly about restricting law enforcement to abuse data requests, while this bill is about helping ISPs make money by selling that data.

Fight For The Future, a non-profit civil liberties group that fought against the infamous SOPA bill, as well as for net neutrality, believes that this is tied to how many contributions the Republican Congressmen got from the ISPs.

“Today Congress proved once again that they care more about the wishes of the corporations that fund their campaigns than they do about the safety and security of their constituents,” said Evan Greer, campaign director of Fight for the Future.

The group also promised to put up billboards with the senators and representatives who voted to overturn FCC’s privacy framework.

“Congress should know by now that when you come for the internet, the internet comes for you. These billboards are just the beginning. People from across the political spectrum are outraged, and every lawmaker who votes to take away our privacy will regret it come election day,” added Greer.

Greer also believes that by allowing ISPs to collect all the data they want about their users, users will also be exposed to mass surveillance. AT&T has already been caught selling user data to the NSA and law enforcement for profit, and it’s likely that other internet providers do the same.

However, that form of data collection may have been in a more legal grey area, and it may have been more limited so as to not be too intrusive (and therefore, more detectable). If the ISPs believe they have free rein on what they can do to collect user data, then they may start collecting much more data on users and in more intrusive ways. Greer also said this could make ISPs bigger targets for data breaches, once they start holding more valuable data on hundreds of millions of users.

How To Fix It

There is a small chance that if enough people ask President Trump to stop the joint resolution that aims to overturn the FCC’s broadband privacy protections, he would not sign the bill. However, he appointed an FCC chairman that has publicly come out against net neutrality and these privacy rules, so chances are the President holds the same opinions.

Another solution, or rather a mitigation against invasive ISP tracking, is to use the Tor browser more often, or at least use a VPN service. Sending your traffic through a locally encrypted tunnel should prevent most if not all of the ISP intrusions.

Ultimately, the best solution is going to be one pushed through law that can’t be easily changed. Even the FCC rules are not that solid because they are vulnerable to a change of administration and a new FCC chair. If people make this a big policy issue, the two parties may eventually have to come together to establish broadband privacy rights into law. The only question is if such a law would offer similarly strong privacy protections as the FCC rules seemingly did.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Joe Black
    Business at all cost... The Trump way.
  • clonazepam
    My browsing history might lead to computer parts covered with beautiful women instead of RGBs.
  • ddpruitt
    There's a goFundMe page to buy the internet history of all those that voted yes on the bill haven't verified
    but it seems to be getting traction
  • Indirectllama
    I think its time TH does another article on VPN services and their cost and comparison.
  • dstarr3
    I pledge allegiance to the CEO of the United States of Americorp, and to the corporation for which it stands. One nation, under surveillance, uninsurable, with wealth and education for none.
  • why_wolf
    Yeah I went and singed up with NordVPN. Seems to work alright so far, though from my 100/10 connection it slows me down to around a 20-30/10 connection. Enough for everyday web browsing and the like. Though Netflix throws up problems which I assume is a combination of them closing connections with VPNs because of the media companies demands about out of region piracy and simply to many Nord users trying to connect to Netflix at once.
  • tigz1218
    I'm Seth be VPN industry will be happy about this.

    In fact, at first I was very angry about this legislation. However, after a lot of thought they do have a point - this let's Google have an unfair advantage since they can collect data, burn ISPs.

    In usual government fashion, they identified the problem, but presented the wrong solution. If they want to keep data private then NO Company should be able sell your data. That would be an even playing field, but will never happen.
  • tigz1218
    Wish I could of edit my comment- should say "I'm sure the VPN industry..." my iPhone did a stealth autocorrect.
  • DerpDerp1234
    People are all up in arms over this, but companies have been selling your data for decades, but for ISP's to do it, THAT'S OVER THE LINE. Hypocrites.
    You're on the internet, they are tracking you as we speak.
  • TJ Hooker
    19491203 said:
    In fact, at first I was very angry about this legislation. However, after a lot of thought they do have a point - this let's Google have an unfair advantage since they can collect data, burn ISPs.
    Google (the search engine and related services) doesn't compete with ISPs, I don't see how Google being able to collect data "burns ISPs".

    Also, Google:
    a) has no (monetary) cost to use
    b) has alternatives you could use instead
    c) is not mandatory in order to access the broader advantages of the internet which most of us would find difficult or impossible to do without

    You already pay your ISP, and there are few if any alternatives when it comes to ISPs. This is basically ISPs wanting to have their cake and eat it too, knowing that there's probably nothing you can do about it if you don't like it.