Last week the United States Congress voted to repeal new Federal Communications Commission rules which would have required that internet service providers (ISPs) notify their customers of the data they collect on them for their own commercial purposes unrelated to providing the service, and that customers had to specifically opt-in to the practice. The FCC voted 3 to 2 in favor of the new rules in October 2016, and they would have gone into effect on March 2 of this year had the FCC not stayed it on March 1 under new chairman Ajit Pai. Outgoing FCC chairman Tom Wheeler pushed for the new rules in order to spell out consumer privacy protections in relationship to ISPs, something which he and two of the other commissioners felt was inadequately addressed in Section 222 of the Telecommunications Act of 1996.
The Telecommunications Act goes back to 1934, when the original law went into effect creating the FCC and granting it the authority to regulate telecommunications companies as common carriers, which is to say the same as utilities. Section 222 of that law pertained to how the carriers could use their customers’ personal information, and it required them to keep the information confidential except as required by law or by consent of the customer. Congress has amended the Act periodically to reflect changes in technology, with the last major revision in 1996.
Common carrier or not is the logical puzzle in question. Substitute “Section 222” for Catch-22 to relish the flavor of the ISP regulatory mess.
Since the advent of widespread consumer internet service in the 1990s, there has been a regulatory battle over whether ISPs should be considered common carriers, and thus subject to oversight by the FCC under the Telecommunications Act. Since some providers, such as AT&T and Verizon, were also telephone companies, they were already partially subject to FCC oversight. It wasn’t until early 2015 with the FCC’s Open Internet Rules that all ISPs were brought under the same set of regulations as common carriers and bound by the consumer privacy protections of Section 222.
Previously the only regulatory oversight of some ISPs on behalf of consumer privacy came from the Federal Trade Commission, and it was limited to holding the companies accountable to the terms of their own privacy policies. The FTC does not regulate consumer privacy regarding the actions of common carriers. It does regulate consumer privacy regarding the actions of so-called edge providers that offer services by voluntary subscription, like Facebook, and of websites in general, but again only by holding them to their own privacy policies, as invasive as they may be. Since the implementation of the FCC’s Open Internet Rules in 2015, all ISPs must adhere to the more restrictive regulations applied to common carriers.
The 1970 film adaptation of Joseph Heller’s brilliant Catch-22 lays out a problem in logic. It does not attempt to explicate it, because that would be impossible and probably unhealthy.
Still, Chairman Wheeler and others felt that the language of Section 222 did not go far enough in spelling out consumer privacy protection in the internet age. Originally written in 1934 when the capacity of a common carrier to sweep up vast amounts of customer data was not even a pipe dream, and inadequately addressed in the major 1996 revision of the law, Section 222 did not explicitly deny ISPs the ability to sell customer data because the ISPs could interpret “with the approval of the customer” in Section (c)(1) to mean they could consider customers opted-in unless they stated otherwise. Being passive and silent rather than active and vocal has always been considered assent or approval, especially by sneaky people with an agenda, and it is a prevalent practice on the internet. That is a trick of the interactive internet age that no one foresaw in 1934, and apparently not even in 1996. In 2002, Democratic Senator Paul Wellstone of Minnesota introduced a bill which would have changed “the approval of the customer” to “the affirmative written consent of the customer.” The bill went nowhere.
Without legislation from Congress to clarify things in the new regulatory environment, Chairman Wheeler felt obliged to take up the slack by adopting Broadband Consumer Privacy Rules in October 2106. As already noted, the vote was 3 to 2. The 3 ayes came from Chairman Wheeler and the two other Democrats on the Commission board. The 2 nays came from the Republicans on the board, including Ajit Pai, now the new Chairman. When the new Republican Congress and President came to Washington, Chairman Pai stayed the new Privacy Rules before they could take effect, and Republican Senator Jeff Flake of Arizona introduced a bill to repeal the Rules and also prevent the FCC from making similar rules in the future.
That’s an android in the center, but it could just as well be you, an internet service customer, caught between government regulators and telecommunications providers.
The rest is history. We are returning to the regulatory environment of the past year and a half after the FCC ruled all ISPs were common carriers, but before it adopted new Privacy Rules to clarify the difference between “approval” and “consent” of customers. Now ISPs, though they are common carriers, have a gray area to navigate in Section 222 of the Telecommunications Act, and their claim that they will still be regulated by the FTC is disingenuous at best, considering the FTC does not regulate common carriers. It should be understandable now why ISPs lobbied to repeal the new Privacy Rules. Citing their own privacy policies in which they claim they never have and never will sell customer data, and which had been enforced by the FTC (they glide over the part about FTC regulation no longer applying to them as common carriers), they claimed the FCC was unnecessarily complicating the regulatory environment. They say they shouldn’t be held to stricter privacy standards than companies like Google and Facebook, thereby putting them at a competitive disadvantage. Except for the part about competitive disadvantage not being applicable to monopolistic utilities that are regulated in the public interest, that’s a fair point. Instead of raising the privacy bar for everyone, however, they and their mostly Republican allies in Congress and in the new FCC prefer to lower the bar, serving corporate interests instead of consumers. Trust us, they say. Uh-huh.