Mobile Future

A Rethink is Needed on the FCC’s Proposed Broadband Privacy Rules

By: CTA, CTIA, Mobile Future, USTelecom and Wireless Internet Service Providers Association

When FCC Chairman Tom Wheeler proposed new rules for broadband privacy, he promised to “listen and learn from the public and ISPs before we adopt final, enforceable, rules of the road.”

Well, the public’s verdict on Chairman Wheeler’s plan to abandon the FTC’s well-tested and effective approach to online privacy and replace it with heightened and inconsistent rules for broadband providers alone is now in – and the result is clear. An overwhelming majority of the expert comments filed to date have urged the FCC to change course.

Privacy Experts Question the FCC’s Approach. Commenters with long experience in privacy and consumer protection questioned the FCC’s decision to break with the White House’s longstanding call for a uniform privacy framework and create separate rules for broadband providers alone. Remarkably, even the FCC’s sister agency, the Federal Trade Commission, criticized that idea as “not optimal” and warned that aspects of the proposed new rules “[do] not reflect the different expectations and concerns that consumers have for sensitive and non-sensitive data” – a blunt assessment from the lead federal enforcement agency with decades of experience protecting consumers’ privacy online.

President Obama’s former FTC Chair, Jon Leibowitz, echoed this sentiment, warning that in many important areas the draft rule “overshoots the mark, proposing regulations for broadband providers that go well beyond those imposed upon the rest of the internet economy and which, if adopted, would undercut benefits to the very consumers it seeks to protect.” And former FTC Commissioner Josh Wright submitted a detailed economic study explaining that the FCC proposal “fails to consider the economic costs affecting consumers, ISPs, and innovation” and “establishes a regime that would ultimately inflict significant consumer welfare losses.”

Commenters Warned that Consumers Would Be Harmed. Consumer and civic groups led by stalwarts like the NAACP and LULAC warned that the FCC’s “patchwork” approach would only confuse consumers and make it harder for them to understand and protect their rights. Overall, the broad range of comments in the record reinforce this fundamental point.

In fact, survey research provided to the FCC shows that consumers overwhelmingly reject the kind of disparate treatment of their online data that the FCC has proposed, with 83 percent agreeing that privacy protections should be based on the sensitivity of data, not who collects it.

The public’s instincts on this issue are backed up by expert commentary from groups like the Multicultural Media, Telecom and Internet Council – joined by eight partner organizations –explaining how the proposed rules will erect a damaging new barrier to broadband adoption “by restricting innovative products and services that offer flexible pricing options for cost-sensitive consumers.”

For these reasons, many commenters urged the FCC to develop a common, harmonized approach to online privacy. As former FTC Commissioner Jon Leibowitz urged, the FCC “should strive to harmonize its proposed rules with the FTC approach and other U.S. privacy laws, and carefully consider the consequences of failing to do so.”

Other Experts Showed that the Rules are Based on a Flawed Premise. Groundbreaking research from Clinton and Obama Administration privacy adviser Peter Swire, cited by many commenters, established that broadband providers don’t have unique or greater access to consumer data than other internet companies – refuting one of the core assumptions underlying the proposed new rules.  In fact, in a world where 70 percent of internet data will be encrypted (and thus invisible to broadband providers) by the end of the year, and in which consumers use multiple ISPs throughout the day, any ISP has only limited insight into its customers’ information and activities online. The Future of Privacy Forum likewise stressed that the FCC’s “rulemaking covers data that is already being used, shared, and traded by a wide range of companies other than ISPs for the identical purposes covered by this NPRM.”

The logical disconnect of differing regimes is so great that leading constitutional law scholar Laurence Tribe filed an extensive analysis concluding that the FCC’s proposed rules “would violate the First Amendment … and should not be adopted” because they “singl[e] out broadband ISPs for extremely burdensome regulation while ignoring that much of the same information is available to and routinely used by social media companies, web browsers, search engines, data brokers, and other digital platforms.”

Business and Tech Groups Highlighted Economic and Technical Problems with the FCC’s Proposed Approach. Advertising, business, health and technology groups found the rules would introduce profound “friction” into the online economy, distorting markets due to the patchwork treatment of data and stifling innovation with inappropriate opt-in and other requirements that are not tailored to the sensitivity of data or consumer expectations.

Others identified even more technical flaws with the proposed FCC approach. The Internet Society’s Mark Buell, Return Path and Farsight Security questioned a number of definitions and assumptions in the NPRM, including the inaccurate and misleading analogy of IP addresses to telephone numbers. The Messaging, Malware and Mobile Anti-Abuse Working Group similarly warned that the rules as currently framed could inadvertently undermine cooperation and communication needed to secure the web from malware, viruses and hackers online. Small companies like Earth Networks explained how FCC’s proposed rules threaten partnerships with “service providers with scale” that benefit energy markets and grid operators. And representatives of startups and tech innovators that cautioned that the FCC’s proposal “throws a wet blanket over startup engineers building additional, novel systems that may substantially increase consumers’ privacy and security.”

* * * * *

The record makes clear that the best course is for the FCC to abandon its flawed approach and harmonize privacy regulation for broadband providers with the well-established and effective approach implemented and consistently endorsed by the FTC and the Obama Administration for many years and that has both protected consumers’ privacy and fostered unprecedented innovation, investment, and broadband adoption. This is the core of the Consensus Privacy Framework first submitted by a wide range of industry participants to Chairman Wheeler in March, which is a more efficient, pro-consumer and pro-innovation alternative.

Chairman Wheeler promised to review the record and listen to the public. If he is to keep that promise, the FCC must change course.