Senate was right to block FCC’s broadband privacy rules

The Senate voted this week to reverse the Federal Communications Commission’s so-called Internet Service Provider (ISP) privacy rule. The House is expected to pass a similar measure, which will then go to President Trump’s desk.

Internet privacy is a great idea. Creating a tilted field, though, where one industry has a government-enforced advantage is a poor idea. The ISP privacy rule, promulgated by the FCC when Tom Wheeler was chair, was always a bad idea. If nothing else, it provided companies that profit on big data, such as Google, an edge in the online marketplace. More than that, it did not even protect consumer data, as it assumes technology from the 1990s is still pervasive.

{mosads}A couple of former Federal Trade Commission senior officials warned, while the FCC was still considering the rules, that “the proposed rules would do very little to promote the cause of ‘privacy’ in the first place. If they are adopted, all other participants in the Internet ecosystem will remain exempt, will continue collecting all of the same information that the ISPs would have collected, and may continue selling the same information as before to the same data brokers. The Big Data marketplace will carry on—except, ironically, the FCC will have insulated its largest players from ISP competition.”

In the 1990s, consumers usually accessed the Internet from desktop computers and over wireline services from their homes. The ISPs provided Domain Name System (DNS) lookup services, and most Internet traffic was unencrypted.

DNS lookup services are necessary, incidentally, to translate domain names as consumers know them to the numerical addresses computers understand. For example, a consumer may type “www.google.com” to access Google’s website. Google’s physical Internet address is 172.217.7.174.

Technology and practices have changed significantly. Today, people access the Internet in a number of different ways, using a number of different devices. Sure, consumers still access the Internet from their homes. But the Internet and devices are much more portable. Consumers access the Internet at coffee shops, restaurants, airports, and many other locations. Consumers use desktop computers, laptops, cell phones, tablets, and other electronic devices. Personal computers represent, perhaps, 53 percent of Internet traffic today, with that percentage likely to drop substantially in the next few years. Internet providers have largely ceded DNS lookup services to independent companies, such as DYN, or consumers can instruct their computers to use a specific, non-ISP related, lookup service.

Compared to the 1990s, many more websites encrypt their traffic. According to Google, the percentage of requests to its servers using encrypted connections has grown from about 50 percent in 2014 to 75 percent as of January, 2017. In the United States, Google states that just under 75 percent of the requests it receives are encrypted.

Divorcing DNS services from Internet delivery services and the exponential increase in encrypted traffic means ISPs see significantly less browsing data than they did a decade ago.

When ISPs controlled the DNS lookup system, they knew exactly what websites consumers visited and could see what information consumers requested. Encrypted traffic means ISPs see significantly less meaningful data— often just a limited version of a website’s address— than to which they previously had access.

Increasing the number of devices and Internet access points also narrows the universe of data available to ISPs. Assuming, only for the sake of argument, ISPs can see entire browsing habits, a single ISP may not see consumers’ habits when they browse the Internet on cell phones or at coffee shops.

Now, to compare the data an ISP may see to the personal data a service such a Google can see. Assume a consumer has a Gmail account, uses Google Drive, Google Maps, GooglePay, has a Google+ account, browses the Internet with Chrome while logged into her Google account, and uses an Android phone, which is linked to her Google account.

In this case, Google knows the consumer’s name, has access to her emails, can access her documents, her Maps history, has her payment information, has access to her browsing history, and so much more. Google, therefore, has much greater access to information about the consumer than an ISP could ever dream of having.

Technological advances along with changes in how consumers access the Internet, have addressed a number of former Chairman Wheeler’s consumer privacy concerns. While ISPs certainly have access to a sliver of consumer data, services such as Google have greater access to personal information. The ISP privacy rule regulated the former, while saying nothing about non-ISP related services. Rather than protecting consumer privacy, the rule improperly tilted the Internet ecosystem toward services such as Google.

Jonathon Paul Hauenschild, J.D. is a technology policy analyst. He is the founder and principal of Franklin Adams & Co., LLC.

The views expressed by contributors are their own and are not the views of The Hill.