FCC Best Situated To Address Broadband Privacy, Say Public Knowledge, Others
The FCC is well positioned to write privacy rules to protect broadband consumers, Public Knowledge and allies said Wednesday. Broadband providers are collecting huge amounts of information, leaving consumers, in effect, “sitting naked in a glass house,” said PK Senior Vice President Harold Feld at a news conference hosted by the group and New America’s Open Technology Institute (OTI), joined by members of the Center for Democracy & Technology (CDT) and the Alarm Industry Communications Committee. The FCC may consider a broadband privacy NPRM at its March 31 meeting, informed sources have told us.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The FCC can address broadband privacy by giving consumers “opt-in” rights, said Feld, who disputed the arguments of ISPs and others that the agency should limit itself to basically following the FTC’s general privacy approach (see 1602110054). He said the FCC has communications-specific authority, years of experience in dealing with telco and cable privacy issues, and generally open proceedings that can ripple outward. “What the FCC does today helps the FTC decide what it will do tomorrow” about Internet companies such as Twitter and Google, and could inform Congress if it decides to pursue comprehensive privacy legislation, he said.
The FCC’s use of its authority shouldn’t preclude a broader examination of privacy, agreed Sarah Morris, OTI senior policy counsel. Erik Stallman, director of the CDT’s Open Internet Project, said his group backs an FCC rulemaking, given its defined role in the “ecosystem,” but ultimately wants to see a comprehensive privacy solution that moves toward “more symmetrical” privacy rules for edge providers and broadband ISPs.
Feld said the FCC should act as comprehensively as possible using all its Communications Act authority under Title II affecting telecom carriers, Title III affecting wireless providers, and Title VI affecting cable companies. He said a broad approach would prevent ISPs from playing a “shell game” to evade narrowly targeted rules. But “you’re never going to solve everything at once,” he said, so it’s better to be pragmatic, start with an FCC-focused effort, and move on from there.
“Congress placed with the FCC -- and the FCC alone -- the responsibility to ensure that the privacy of communications networks remains absolute,” said a detailed PK paper issued Tuesday on the commission's privacy framework. “The FCC is uniquely designed to carry out this role, protecting our most uniquely sensitive information. All the information we protect today through specialized agencies -- medical information, financial information, government information -- effectively becomes accessible for any purpose if the means by which we send that information from one person to another can be compromised by the carrier.” The paper said the FTC “plays an important and complementary role to the FCC in protecting consumer privacy, as it does with other specialized agencies,” but it doesn’t have the authority or capacity to adequately police broadband providers or protect competing services that must expose their proprietary customer information to provide service.
Feld said the FCC’s Section 222 efforts to protect telecom customer privacy were particularly successful and should be expanded to broadband providers now that they've been reclassified as offering a Title II telecom service. He said it was no accident that consumers in a Pew poll ranked traditional landline phone service as the most secure, given Section 222 protections that include requirements to ensure the confidentiality of customer proprietary network information (CPNI). Consumers felt much less secure about their Internet communications, he said.
The FCC’s advantage is “these are not new challenges” and it can tap its experience to build the “next generation” of privacy protections, Feld said. The agency’s CPNI safeguards include “high standards,” annual certifications and timely reporting obligations of data breaches, he said. CPNI rules can address ISP concerns about issues relating to law enforcement, billing and protecting provider property, he said, adding that it’s the broadband providers that are proposing a “radical” change by seeking to escape such duties. Telcos aren't allowed to listen to customer phone calls, so ISPs shouldn't be allowed to use deep packet inspection to mine consumer Internet content and data, he said.
CTIA, NCTA and USTelecom joined with other tech industry groups last week to send a letter asking the FCC to harmonize any broadband privacy rules with the FTC’s "flexible" and "time-tested" framework. That approach is grounded in preventing “unfairness and deception” and protects consumer privacy while allowing industry to innovate in a dynamic market, they said. CTIA, NCTA and USTelecom didn't comment Wednesday, referring us to that letter.
A recent OTI paper said broadband ISPs are different from other online players -- such as Apple, Facebook or Google -- because of their unique role as "gatekeepers" in the market for consumer last-mile Internet service. “Their umbrella-like ability to capture individual interactions over the Internet and all aspects of an individual subscriber’s daily use patterns is notable,” the paper said. “And unlike other actors in the Internet ecosystem, wireline and wireless ISPs are always able to connect individual Internet use patterns to a subscriber’s real name, address, phone number, and billing history. With its rulemaking authority, the FCC should set privacy baselines that help to define the minimum standards that Americans can expect from their ISPs.”