Congress voted to take away your privacy rights when it comes to how internet service providers (ISPs) may use your data, and President Trump signed it into law. Just recently they officially repealed Obama era privacy regulations out of the FCC which required ISTs to get permission before selling a customer’s data–their browsing history, how long you spend on a given site, how often you visit a given site, app usage, email addresses, etc.
As you can imagine, removing these protections has resulted in a bit of a panic over how ISPs will proceed under these new rules. In an attempt to alleviate some of those fears, several of the largest ISPs have made statements promising not to sell the browsing history of individual clients. However, it’s hard to avoid that they have worded their promises very specifically in every case-so specifically that their promises almost amount to nothing. Let’s a take a look at the words of the biggest ISPs and what exactly they have (and haven’t) promised as well as what that means after the repeal of these privacy protections.
From The Horse’s Mouth
As mentioned, the rule changes had big ISPs quick to release statements to reassure their customers. Comcast released a statement saying “We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so.” Verizon’s Chief Privacy Officer told their users “Verizon does not sell the personal web browsing history of our customers. We don’t do it and that’s the bottom line.” An AT&T Vice President said “AT&T’s privacy protections are the same today as they were five months ago when the FCC rules were adopted. [We] will not sell your personal information to anyone, for any purpose. Period.”
These certainly sound promising, but they are very carefully worded. They promise not to sell “individual browsing history” or “personal information.” However these promises, especially individual browsing history–perhaps intentionally–hit only the tip of the iceberg when it comes to how ISPs could and almost certainly will collect your data and metadata. The ISPs notably did not promise not to sell aggregate data (the most commonly way of selling metadata) or promise not to review and use the history for their own marketing-both potentially invasions of your privacy. Aggregate data is where they collect your browsing information, strip identifying information, then sell it along with the data of many other users–this is used for targeted advertising among other things. What’s more, once data is sold, those who buy it have no compunctions about how they must make use of that data.
This is far from a new concept, and at least one ISP has commented in the past that your browsing habits are already being collected and sold “by virtually every site you visit on the internet.” This is true, the biggest websites-the Facebooks, Googles, and Amazons of the world-gather and sell staggering amounts of data from their users.
However, as true as it is, the situation with ISPs is fundamentally different. ISPs have the ability to monitor you literally the entire time you use the internet–something no website can boast. The difference in the level of intrusion between an ISP and any website is a matter of degrees. No website could hope to have the sheer level of access to your internet activity that an ISP has–which is literally all of it. What’s more, you can choose to go to a website–even sites as ubiquitous as Google have alternatives which do not track your internet use such as DuckDuckGo. Over half of people in the U.S. have only one choice of internet provider–a large part of the argument behind treating the internet as a utility like electricity or water. This means that your options would be to either have every action you take on the internet potentially monitored and monetized or have no internet whatsoever.
ISP’s Seem to Be Forgetting Their Own History
The promises of the ISPs are also a bit hollow in light of their own past behavior regarding your data. Not so long ago, AT&T was in hot water for misleading customers by describing an opt-in agreement providing consent to track and sell its users browsing history as a “discount.” Comcast was in the news less than a year ago saying that it should be able to sell its users’ browsing information.
Back in 2014, Verizon got in trouble for including an HTTP header for its mobile customers which allowed third-party advertising companies to gather information on your browsing habits-even if you used a private browsing mode or cleared your cookies. Even after her own recent statements reassuring customers, Verizon’s Chief Privacy Officer acknowledged that Verizon intends to use your browsing habits in ways other than outright sharing your personal browsing history–specifically targeted advertising and selling data in aggregate as mentioned above.
The States May Come to Your Rescue
In this day and age, the internet is basically a necessity. While Verizon’s transparency is at least to be applauded, the very idea that your every internet action could be tracked and sold–with the alternative of never using the internet–is unlikely an attractive prospect to many. However, there has already been a move towards bridging the gap created by the recently repealed privacy protections through state law. Just a few days back Minnesota passed a law requiring ISPs to receive express written consent from a user before harvesting any of your data.
Whether this trend will spread remains to be seen, the changes to your privacy protections all still fresh. Keep an eye on state legislature, it seems likely that protecting your browser history will quickly become a hot button issue.