Earlier this year the GOP and Trump administration rushed to kill consumer broadband privacy rules. While the broadband industry cried like a colicky toddler when the rules were originally proposed, they were relatively modest -- simply requiring that ISPs clearly disclose what they're selling, who they're selling it to, and provide working opt out tools. The rules were proposed after ISPs repeatedly showed they were incapable of self-regulating on this front (see Verizon's zombie cookies, AT&T's attempts to charge you more for privacy, and CableOne's declaration it wanted to use credit scores to provide even worse customer support).
As a direct result of the GOP and Trump administrations attack on consumer privacy rules, more than a dozen states began proposing their own privacy rules to try and close the gap. While there's a real threat of these state laws being downright bad and/or inconsistent, that's probably something ISP lobbyists should have thought about before killing the FCC's modest and more uniform rules. You might recall that the EFF threw its support behind California's privacy law (AB 307, pdf), noting that it was solid enough to provide a template to other states for some uniformity on the consumer privacy protection front.
But thanks to some immense, cross-industry lobbying pressure, that proposal was killed back in Septmeber. In a new blog post, the EFF details precisely how Google and Facebook (under the blanket proxy of the Internet Association) joined forces with their historical nemeses in the broadband industry, using a rotating crop of outright lies to vilify the proposal:
"Big Telco’s opposition was hardly surprising. It was, after all, their lobbying efforts in Washington D.C. that repealed the privacy obligations they had to their customers. But it’s disappointing that after mostly staying out of the debate, Google and Facebook joined in opposing the restoration of broadband privacy for Californians despite the bill doing nothing about their core business models (the bill was explicitly about restoring ISP privacy rules). Through their proxy the Internet Association, which also represents companies like Airbnb, Amazon, Etsy, Expedia, LinkedIn, Netflix, Twitter, Yelp, and Zynga, among others—Google and Facebook locked arms with AT&T, Verizon, and Comcast to oppose this critical legislation. What is worse, they didn’t just oppose the bill, but lent their support to a host of misleading scare tactics."
Among the bullshit used by these companies to kill the proposal included claims that the rules would somehow result in consumers being magically inundated by popups and all manner of new cyber threats, as this ad featuring a vulnerable toddler insists:
But this coagulation of lobbyists also repeatedly told lawmakers that the new rules would also only act to embolden nazis and extremists, another blatantly false claim. Documents submitted to lawmakers went so far as to use the recent violent attacks in Charlottesville as fear mongering fodder. From one "fact" sheet circulated to lawmakers in the state:
"This would mean that ISPs who inadvertently learned of a rightwing extremist or other violent threat to the public at large could not share that information with law enforcement without customer approval. Even IP address of bad actor [sic] could not be shared.
As the EFF points out, this claim wasn't even remotely true.
AB 375 specifically carved out exceptions to consumer approval for any “fraudulent, abusive, or unlawful use of the service.” The bill also included a “catchall provision” that allowed ISPs to disclose information “as otherwise required or authorized by law.” In other words, nothing in the bill even remotely got close to hampering law enforcement's ability to do its job. The California Electronic Communications Privacy Act (CalECPA) also makes it clear that ISPs can disclose information to law enforcement provided it doesn’t run afoul of state or federal law. Of course Google and Facebook knew this -- because they supported it.
Underneath all of this bullshit sits one undeniable truth. Silicon Valley and telecom giants didn't like this bill for one reason: an informed, protected consumer is more likely to opt out of invasive behavioral tracking, costing the giants money. Of course a lobbyist can't just come out and say this, so instead California lawmakers were inundated with all manner of distasteful, but clearly effective, bullshit. Bullshit most of them were willing to happily swallow to protect campaign contributions.
But as the EFF notes, the consumer broadband privacy problem isn't going away, and is only going to get worse. The broadband industry isn't competitive and in many areas cable's monopoly over broadband is growing faster than ever, meaning less market pressure to behave. With no competition and the rise of rubber stamp regulators at Trump's FCC and FTC, there's little to nothing keeping these ISPs in check as they hoover up everything from user location and GPS data to everything you're doing with your IOT devices.
Belief that mindless deregulation of the telecom sector is going to magically fix this problem remains an antiquated canard, as ongoing privacy violations in the space should be making abundantly clear. The FCC's privacy rules, which would have taken effect back in March, were the very least we could do to protect these captive customers from privacy abuses. But thanks to joint lobbying by Silicon Valley giants and companies like Comcast, we're now staring down the barrel of a very uncertain future. One where AT&T and Comcast make protecting your privacy a luxury option -- if that option exists at all.
Our IP Address: