Privacy for Sale

In 1993, I was briefly involved with an initiative started by my then Member of Parliament to set up an internet access centre for lower-income people in my area. At the first meeting, the eight volunteers who attended introduced themselves and explained why they wanted to be involved in this project.

After the introductions were made, one volunteer (in a fit of overly-dramatic, overly-done pique) pointedly stated that no one present seemed to be interested in then-nascent concern of online privacy. I chimed in, stating that 1) simply because no one stated that doesn’t mean we aren’t, and 2) we couldn’t trust the government with our online privacy. To protect that privacy, I added, we had to take matters into our own hands.

From the looks on the faces some of the people in attendance, with that second point I’d just blasphemed. And in the MP’s riding office to boot. Sadly, the words I spoke on that day 24 years ago now seem prophetic.

On 28 March 2017, the United States House of Representatives proved me right. On that day, 215 politicians who are supposed to protect the interests of their constituents did the opposite. They took a sledgehammer to the wall that was the right to online privacy and gave internet service providers (ISPs for short) the right sell a customer’s web browsing information.

That vote, whether the representatives realize it or not, as wide-ranging consequences for the future of privacy not only in U.S but around the world. Those consequences definitely aren’t happy ones for the average person.

What Happened?

If you’re familiar with the situation, feel free to skip ahead. If not, keep reading to get a bit of background.

In October, 2016 the Federal Communication Commission (FCC for short) in the United States introduced new privacy rules, called the Broadband Consumer Privacy Proposal, that blocked ISPs from collecting and selling the internet browsing data of their customers. According to the FCC:

The bottom line is that the information you share with your broadband provider is yours. With the FCC’s new privacy protections, you will have the right to determine how it’s used.

On 28 March, 2017 that all changed. The door is now open for ISPs in the U.S. to sell your browsing history — information that includes the websites you visit, the browsers and apps you use, how long you spend on a site, the search terms you use, and more — to advertisers and marketers.

A major reason behind the repeal was a desire to level the playing field between ISPs and platform companies. Large ISPs like Comcast, AT&T, and Verizon (they’re not the only ones, though) saw how firms like Facebook and Google were analyzing user data to target ads and, by extension, were making money from that data. A lot of money. The ISPs just wanted a chance to rake in their share of those dollars. So, a lobbying campaign got rolling and the ISPs got what they wanted quite quickly.

The repeal of the FCC’s privacy rules doesn’t make the internet better place. It doesn’t benefit an ISP’s subscribers. It only enables a cash grab on the part of ISPs, with profits being made on the backs of people who throw money at those ISPs each month.

It’s a win for business. A big win. But it’s a loss for the rest of us, for personal rights, and for a freer, safer internet.

While there’s no guarantee that an ISP will sell your browsing data, there’s no guarantee it won’t. The paranoid part of me, along with the part that doesn’t trust large corporations or conglomerates, says to think the worst but hope for the best …

What It Means to You

Your online life is now an open book, one that anyone who can pony up enough cash can read. As The Guardian points out:

Your web browsing patterns contain a treasure trove of data, including your health concerns, shopping habits and visits to porn sites. ISPs can find out where you bank, your political views and sexual orientation simply based on the websites you visit. The fact that you’re looking at a website at all can also reveal when you’re at home and when you’re not.

Think about it for a moment. Information that should be private, information about you, will be for sale to whoever wants it. Your ISP can profit from what you do online, but you won’t see a penny of that money. You won’t have a say in who can buy your information or whether or not they actually should or can buy that information.

If your ISP does sell your browsing history, you’ll be bombarded with spam. You’ll be hit with countless unwanted offers. You’ll see more ads. And more of it than you’re bombarded with now. There’s more that can happen, too.

There’s also the potential personal cost of an ISP selling your browsing data. A few years ago, a teenager in the U.S. bought certain items at her local Target department store. Based on the pattern of her purchases, Target’s algorithms predicted that the young woman was pregnant. So, what did Target do? It sent coupons for various baby items to her family home. It turns out the teen was pregnant, but hadn’t told her parents. The sale of a person’s browsing history to marketers and advertisers could easily have a number of harsh personal and maybe even professional consequences. None of that matters when the almighty dollar is on the line.

During the lead up to the vote on 28 March 2017, a friend of mine in the U.S. (who’s an educator) tweeted to his representative warning that the repeal of the FCC’s privacy rules would put students and families at risk. The weak response he got was that there are laws that protect everyone. That’s cold comfort, if it’s even comfort at all. History has shown us how much corporations care about laws. If there’s a profit to be made, ISPs will do what they want until they get caught. If and when the authorities nail them, those ISPs will go through the cycle of denial, admitting (some) guilt, paying a small fine, issuing a half-hearted apology, then going right back to doing what they were doing before. They’ll just do it in a different way the second time around.

While three of the major ISPs in the U.S. — Comcast, Verizon, and AT&T — vowed that they won’t sell the browsing data of individual customers, I wonder how long that vow will last. Especially, once again, in the face of the quick and easy profits that can be had.

Will the Cheerleaders Stop Cheering?

Sometimes, when you say something can’t happen to, you reality comes back and bites you. Hard. It did in a situation like this in 2015.

You might recall the story about several senators and representatives who were avowed and unabashed cheerleaders for the National Security Agency’s (NSA) surveillance programs. The surveillance programs that Hoovered up everyone’s communications. When those same cheerleaders learned they were victims of NSA snooping, they became indignant and voiced their hypocritical outrage to whoever would listen.

You can bet that will happen again if (more likely when) the browsing histories of any of the 265 senators and representatives who voted in favour of the repeal, and that of their families, is sold. Expect outrage. Expect righteous indignation. Expect a lot of screaming and kicking in public. Yet another performance in the theatre of the aggrieved .

Will any of the politicians who voted for the repeal have a true Road-to-Damascus conversion? Will they actively press for stronger privacy rules? Probably not. Most of the politician who voted in favour of the repeal don’t have the moral or intestinal fortitude to go against their party and their president. The U.S. will have to wait until a stronger, less partisan Congress decided to return the right of privacy back to the hands of the average person.

What Can You Do?

With the internet being so deeply intertwined with and ingrained in our lives, not using it isn’t an option. You might be able to change ISPs, however. That’s not always an option, either, as some areas in the U.S. are only serviced by a small number of providers. And who’s to say that the provider you switch to won’t put your information on the block?

In the days leading up to the 28 March vote, and afterwards, there was a lot of advice published online that purports to help you take back a little of your privacy. Instead of repeating that advice, here are links to what I think are the best articles on the subject:

The measures detailed in those articles might not be completely effective, but they can at least skew the results and really mess up the marketers and others who buy your browsing information.

You can naively hope that ISPs will have the decency to let customers opt out of both data collection and their data being sold. Again, in many cases you’ll be dealing with a large corporation. If those ISPs do let you opt out, chances are you’ll need to pay extra for that dubious privilege. More on this in a moment.

You’re Not Safe If You’re Outside of the U.S.

Those of us who live outside of the U.S. can’t smugly sit back and say that Americans got what was coming to them. The repeal of the FCC’s privacy rules sets a dangerous precedent for other countries, too.

I can see ISPs and telecommunication companies in other parts of world smacking their lips at prospect of having the right to do what they want with the browsing data that they collect from their customers. As with ISPs in the U.S., they’ll see potential profits from selling information they’re already collecting.

In fact, I’m expecting telecommunication firms and ISPs in other parts of the world to start lobbying governments to relax privacy rules sooner rather than later. And to lobby hard.

Here in New Zealand, I won’t be surprised when I hear that Vodafone and Spark (the country’s two biggest ISPs) are approaching the government about these kinds of changes to privacy rules. With the ruling National Party taking many of it cues from the United States, and being very pro big business, I can see any lobbying of this kind finding sympathetic ears.

New Divides, New Opportunities

We don’t hear the term digital divide bandied about much these. That divide still exists, and I can see the repeal of the FCC’s online privacy rules creating two new divides in a nation that doesn’t need more divisions.

The first divide is financial. If, as I predict, ISPs will charge customers to opt out of data collection then that creates a barrier. You can bet that the opt-out fee will be monthly or yearly, rather than a one-time charge. It could be out of the reach of poorer customers who can only afford the basic internet services they’ve come to rely on.

The second divide is technical. Not everyone has the knowledge or the skill to choose and use a Virtual Private Network (VPN), Tor, encryption, or many of the other tools and measures available to protect themselves online. You just can’t drop the average computer user into the deep end of online security and privacy and expect them to be able to swim. They’ll need hand holding, and more than just a few articles published on the web.

Having said that, there are some opportunities for social entrepreneurs to help everyone take back their online privacy. One of those opportunities is to create what I call ethical ISPs. The idea behind that is for the ISP to respect the rights of its customers. That ISP won’t collect or store a customer’s browsing data, and it definitely won’t sell that information. An ethical ISP could also teach its customers, either for a small fee or free of charge, how to protect their online privacy. There are already ISPs around the U.S., like California-based Sonic, which operate on an ethical model. Most of those ISPs, however, are regional and there aren’t enough of them anywhere.

There’s also an opportunity for platform co-ops to fill in the gap. The idea of a platform co-op is to put the ownership of a company or service in the hands of the members who invest in that company or service. With a platform co-op ISP, you can bet members won’t be willing to sell their browsing information to anyone. While a platform co-op ISP would undoubtedly be a local phenomenon — centred around a single area in a city or maybe across a city — it could provide a viable alternative to larger ISPs.

The idealist in me wants to believe that the repeal of the FCC’s privacy rules will spark a small boom in ethical ISPs or platform co-ops or both. That boom won’t happen soon. Why? It will take a lot of money and a lot of time to set those entities up. I can see funding being hard to come by, and a number of smaller technical hurdles to clamber over before the ideas I just mooted become a viable reality.

Until then, all we can do is protect ourselves online. I’m hoping that developers of free and open source software will craft easy-to-use tools that everyone can use to protect some, preferably more than some, of their privacy online. I’m hoping that organizations like Riseup and Aspiration will expand their remit and teach ordinary citizens how to protect their digital privacy.

Those of us who live outside of the U.S. need to watch what’s happening there. And we need to watch what’s happening in our home countries. Very closely. We need to head off a repeat of the repeal of the FCC’s privacy rules before that repeal even gets to the proverbial pass. If we don’t, what little privacy we have left will be gone before we know it.

by: Scott Nesbitt


This essay is licensed under CC BY-NC-SA 4.0.