FCC Urged To Rein In Broadband Providers On Privacy Grounds

More than 50 U.S. consumer and privacy organizations including the Center for Digital Democracy and the Electronic Frontier Foundation have co-signed a letter to FCC chairman Tom Wheeler calling for “strong rules” to protect the privacy of broadband users by reining in ISPs’ and telcos’ ability to harvest user data without explicit consent.

Last year, as part of its net neutrality rule-making, the FCC reclassified broadband as a so-called ‘Title II telecommunications service’ under the 1934 Communications Act — a move that also paves the way for a more active regulation of how ISPs use consumer data, given that the FCC can issue proper privacy regulations, vs the FTC only being able to do so for minors (under the Children’s Online Privacy Protection Act).

Susan Grant of the Consumer Federation of America, another of the organizations co-signing the letter, cites the Verizon* super-cookie smartphone tracking system as an example of the kind of problematic behavior the NGOs are keen to see reined in by proper regulation. Initially Verizon offered no way for smartphone users to opt out of being tracked by its technology. (*NB: Verizon is the parent company of TechCrunch’s parent, AOL.)

“What tracking is going on now and how the info is being used is in most cases not readily apparent,” argues Grant.

The letter calls for the FCC to “move forward as quickly as possible on a Notice of Proposed Rulemaking proposing strong rules to protect consumers from having their personal data collected and shared by their broadband provider without affirmative consent, or for purposes other than providing broadband Internet access service”.

It also calls for data breach notices to be included in rules, and for broadband providers to be held accountable for any failure to take suitable precautions to protect personal data collected from users. And for providers to be required to “clearly disclose their data collection practices to subscribers, and allow subscribers to ascertain to whom their data is disclosed.”

Grant suggests it is widely known the FCC has been considering establishing privacy rules for broadband providers, noting it held a public workshop last year to discuss the issue.

“I expect that the FCC will be very receptive to this call as it has long regulated privacy in the other communications services that come under its jurisdiction,” she tells TechCrunch.

Also commenting on why there’s a need for pro-privacy rules to protect broadband users at this point in time, Jeff Chester of the Center for Digital Democracy argues the techniques being used by ISPs to track users have become as sophisticated as those being deployed by big data powered Internet giants like Google and Facebook.

“ISPs are using the same big-data tracking and targeting techniques that have raised privacy concerns about Google and Facebook when we go online,” he says, arguing these companies pose a new threat to consumer privacy because they can have such in-depth access to data —  including from computers and mobile phones but also because they can know what people watch via set-top boxes and connected TVs.

“Phone and cable broadband companies (such as Verizon and Comcast) are connecting our TV sets, for example,  to vast databases of information that enable advertisers and programmers to engage in ‘microtargeting’ us commercials, ads, political messages, and other content,” he notes. “[They] are retooling their technology so they can engage in what’s called ‘programmatic’ advertising, that uses sophisticated data tools to target us in milliseconds, regardless of what digital device we use.”

Chester points to various acquisitions — including last year’s Verizon-AOL purchase — as having enabled ISPs and their partners to build out fine-grained data-driven advertising capabilities in recent times, with user targeting techniques and technologies driving multiple developments in the space.

Verizon-AOL, for example, merged their ad networks last October to step up their ability to track users for ad targeting purposes — widely seen as the primary motivator for the $4.4 billion acquisition.

“With ISPs positioned to have so much information about our online use, and further expand data surveillance when we view video programming, the FCC must step in and create a set of fair consumer safeguards,” adds Chester.

The full letter and list of co-signing organizations follows below.