On Tuesday, the U.S. House of Representatives voted to eliminate rules blocking Internet Service Providers (ISPs) from selling personal information about their customers. This follows a Senate vote on the same subject. Here's what you need to know about the vote, the rules, and what happens next.
1. IN 2016, THE FCC MADE NEW RULES TO PROTECT CONSUMERS' INFORMATION.
In 2016, the Federal Communications Commission (FCC) developed a series of rules around what ISPs could do with their customers' information. The rules were intended to force ISPs to keep sensitive information private, unless their customers specifically opted in to let this data be sold. The category of "sensitive information" includes things like your web browsing history, Social Security number, location, health data, app usage, children's information, and contents of email and other communications.
In addition to the sensitive information, the 2016 rules also specified that ISPs could collect and sell non-sensitive information, as long as customers were notified and given a chance to opt out. (This is similar to how credit card companies notify consumers of what data they collect and sell, and specify how to opt out.) Examples of non-sensitive information are a customer's email address and tier of internet service.
Another part of the rules were requirements that ISPs implement strong protections for consumer data and disclose security breaches (hacking incidents) to consumers.
The rules were adopted on October 27, 2016 against the objections of Republicans on the commission. (The FCC vote approving the rules was 3-2, along party lines, with Democrats in the majority.) The rules would have gone into effect at the end of 2017.
2. THIS WEEK, REPUBLICANS VOTED TO REMOVE THOSE RULES.
With the change in administrations, Republican Ajit Pai became Chairman of the FCC and set about reversing the 2016 rules. (That's Pai pictured above, testifying before the Senate Judiciary Committee's Privacy, Technology and the Law Subcommittee.) Resolutions were approved by the Senate and then the House eliminating the privacy rules. These votes were just as partisan as those that established the rules, passing with only Republican votes. (Some Republicans did vote against the bill, but no Democrats voted for it.)
The key argument of the rules' opponents is that non-ISP businesses operating online (including social networks like Facebook) are not restricted by these rules. This means that if Facebook (for example) wants to sell data it has about you, it is not subject to these rules because Facebook is not an ISP. Major web companies are therefore operating at a competitive advantage over ISPs.
The counter-argument is that ISPs are special because they can peek at everything you do online. They own the wire (or cell tower) that your data passes through, and they can watch what goes through it. Companies like Facebook don't have this level of access—and thus, they don't have this level of regulation.
These votes came under the authority of the Congressional Review Act, which enables Congress to remove regulations by a "joint resolution of disapproval."
3. NEXT, PRESIDENT TRUMP EITHER SIGNS OR VETOES THE BILL.
The next step is for President Trump to weigh in. It's widely expected that he will sign the bill, making it law and thus nullifying the FCC rules in question before they go into effect. It's important to note that the new FCC rules never went into effect, so ISPs have been allowed to operate free of them all along. The change, assuming the bill is signed into law, is to block the rules in the future. (One side effect of using the Congressional Review Act to reverse these rules is that the FCC will not be able to set similar rules in the future without Congressional involvement.)
4. WHO WANTS TO BUY THIS DATA ANYWAY?
The most obvious buyer of consumer data is advertisers. If advertisers have access to specific data about individuals, they can target their ads far more effectively. For instance, if someone is trying to buy a new car—perhaps indicated by browsing car listings online—rival car dealers want to know that.
Some activists have vowed to purchase data about members of Congress and publish it in protest. Although the bill is not yet law, it’s not impossible that this could happen.
5. WHAT CAN CONSUMERS DO ABOUT IT?
The key things consumers can do are: contact their ISPs and inquire about opting out of data sharing (to the extent the ISP allows it); learn about encryption measures to prevent ISPs from snooping; and consider using a VPN (Virtual Private Network) to encrypt all web traffic.
Using a VPN is controversial because it routes data through another company's servers, which means that company must be fully trustworthy. VPN technology also slows down web access, due to the extra routing step. Finally, as WIRED points out, sites like Netflix block VPNs to keep people from streaming movies and shows that aren't licensed in their area.
As a general rule, privacy-sensitive consumers should look for the "lock" icon (indicating a secure connection) within their browsers in order to ensure their browsing is encrypted. There are even plugins for some browsers that automate this process.