Broadband alarmists should stop misrepresenting FCC’s privacy rules

Policymakers and the public can—and should—have a thoughtful discussion about the merits of Congress’s decision to repeal the Federal Communications Commission’s broadband privacy rules. But any such dialogue must be rational and grounded in facts, free from the exaggerated claims and breathless warnings coming from some corners of the debate.

 

For example, Professor Paul Ohm’s recent suggestion that repeal of the rules would lead to the “greatest legislative expansion of the FBI’s surveillance power since 2001’s Patriot Act” is shockingly misleading. Professor Ohm implies that repeal of the FCC’s rules, which were never in effect, will allow ISPs to engage in unfettered collection of customer information, and that as a result the FBI will have access to information from ISPs that was not available before the repeal of the rules. Neither is true.

 

{mosads}Professor Ohm asserts that it is “obvious” ISPs opposed the rules because they wanted to “engage in significantly more user surveillance than they had ever before had the audacity to try.” He offers zero evidence. He merely asserts that “this must be the reason” for their opposition, and speculates that as a result of the repeal, ISPs may feel “encouraged” to “spy on all of us as they never have before.

 

But the FCC’s privacy rules did not regulate ISPs’ collection of customer information. The statute under which the FCC issued the rules governs the use, disclosure, and access to information that has already been collected. And the FCC’s rules were limited to precisely those activities. The debate at the FCC therefore was not about information collection, but about whether ISPs should be governed by the same rules with respect to the use and disclosure of customer information as those that apply to myriad other entities in the internet ecosystem that collect information. ISPs wanted a level regulatory playing field. The FCC did not.

 

The FCC’s privacy rules, however, would have significantly impeded ISPs’ efforts to compete by requiring them in many instances to obtain consent from their customers before they could use customer information to advertise new services to them. Meanwhile, large edge providers would have remained under the Federal Trade Commission’s more flexible framework that allows companies to infer consent to use customer data for first-party marketing. Likewise, they would have treated a much larger swath of data as “sensitive” information requiring affirmative opt-in consent, even though non-ISPs are permitted to use and share that very same data under an opt-out model.

 

Reasonable people can differ over what kind of consent, if any, companies should obtain before using customer information for direct marketing. But this was the issue at stake—not how much information ISPs could collect or whether, as Professor Ohm so damningly says, ISPs should be able to “spy” on their customers. 

 

ISPs are not in the business of “spying” or conducting “surveillance.” That is what intelligence and law enforcement agencies do. Professor Ohm is correct, however, when he says that the laws regulating government access to information are outdated. The Electronic Communications Privacy Act (ECPA), for instance, was enacted in 1986, long before the advent of the commercial internet. Congress could not even have contemplated at that time the vast amount of digital information that would be available to law enforcement today with a mere subpoena or even a court order. There is a bipartisan bill in Congress to modernize the law, and ISPs are among those who support those efforts.

 

But the FBI’s access to personal information is unrelated to the repeal of the FCC’s “broadband privacy” rules. Repeal of these rules does not enhance ISPs’ ability—or incentivize ISPs—to collect information about consumers, and the FBI will not have more access to greater amounts of personal information from ISPs as a result. By conflating these issues, Professor Ohm has confused the debate and has taken the spotlight off of the place it belongs: Congress and the FBI – the two entities that must work together to reform laws governing federal law enforcement’s access to personal information.