Internet providers now just need a signature from President Trump before they’re free to take, share, and even sell your web browsing history without your permission.
The House of Representatives passed a resolution today overturning an Obama-era FCC rule that required internet providers to get customers’ permission before sharing their browsing history with other companies. The rules also required internet providers to protect that data from hackers and inform customers of any breaches.
The resolution was first passed by the Senate last week and now heads to the president, who’s expected to sign it. At that point, there’ll only be a vague baseline of privacy rules governing internet providers and some promises from them not to misbehave.
It’s hard to see this as anything but a major loss for consumers. While reversing the FCC’s privacy rules will technically just maintain the status quo — internet providers have actually been able to sell your web browsing data forever (it’s just not a thing we think about all that much) — they were about to lose permission to keep doing it, unless they got explicit consent or anonymized the info.
This is an increasingly important issue as Americans spend more and more time online — and keep more and more devices with them at all times. Internet providers can see what sites you visit and what apps you use, and they can see how long you’re using them for. That information is extremely revealing, and it’s easy to imagine most people would prefer to keep their reading habits private.
“The consequences of passing this resolution are clear: broadband providers like AT&T, Comcast, and others will be able to sell your personal information to the highest bidder without your permission,” said Representative Anna Eshoo (D-CA) on the House floor this afternoon. “And no one will be able to protect you, not even the Federal Trade Commission that our friends on the other side of the aisle keep talking about.”
So why did Congress block the rules from being implemented? Republicans bought into internet providers’ arguments that the rules discriminated against them and could confuse consumers. The rules would prevent internet providers from selling your web browsing history even though, the argument goes, websites like Google and Facebook would remain free to do the same thing. ISPs say that’s unfair and makes it hard for consumers to understand who gets to see their browsing data.
But the argument is extremely misleading, if not outright wrong: Google and Facebook can’t see your web browsing history, they can only see what you click on while you’re on their own websites or on websites connected to their ad networks. Meanwhile, internet providers get to see a bit of nearly everything you do and visit; and even with the rules in place, they have every right to build the kind of ad-tracking websites that Google and Facebook have built. It’s just hard work, and they don’t want to do it.
The rules, if anything, put internet providers on a level playing field with companies like Facebook and Google. But Republicans don’t like that it creates more work for them. “These rules do little to enhance privacy but clearly add a layer of red tape on innovators and job creators,” Representative Greg Walden (R-OR), chair of the House’s commerce committee, said ahead of the vote. The rules, he said, “have the potential to stifle one of the most innovative sectors of our economy.”
This was a common line of argument from Republican representatives, who continually conflated internet providers with companies that build businesses connected to the internet. They frequently took issue with creating a distinction between these two types of companies, despite the fact the huge distinction exists: ISPs like Comcast essentially create digital roads, while companies like Google create hugely innovative businesses along those roads. There’s good reason to treat the two differently.
Republicans and internet providers also complained that the FCC’s rules didn’t perfectly align with the Federal Trade Commission’s privacy framework, which governed internet providers up until the 2015 net neutrality order went into effect. In reality, the differences are slight — the real argument here is just over ISP’s ability to share your browsing history.
Representative Marsha Blackburn (R-TN), chair of the House subcommittee on communications and technology, actually claimed that removing the rules would improve privacy by closing that distinction. “Consumer privacy will continue to be protected and will actually be enhanced by removing the uncertainty and confusion these rules will create,” she said.
The vote was surprisingly close, coming in at 215 in favor of the resolution and 205 against; 15 Republicans even voted in opposition.
With these rules all-but killed, the FCC will now be left without any firm regulations for internet providers on the books. The commission may now go about proposing and passing a weaker set of restrictions that better match up with what the FTC has on the books.
In a statement following the vote, FCC chairman Ajit Pai indicated his approval of Congress’ action, saying the rules — which he voted against last year — represented commission “overreach” and were “designed to benefit one group of favored companies over another group of disfavored companies.”
Pai reiterated his intention to realign the FCC’s rules with the FTC’s weaker privacy framework. But how that’ll happen is unclear. Pai says the FCC will work with the FTC, but he also says he’d prefer to just kill the 2015 net neutrality order so that the FCC doesn’t have a say over privacy at all.
In an added blow to privacy advocates, the FCC won’t be able to pass privacy restrictions protecting all web browsing history again, since the resolution prevents it. Though the commission will, it seems, still be able to block internet providers from sharing info related to children, banking, or medical history, which the FTC considered sensitive in the first place.