The Illusion of Confusion and the FCC’s Broadband Privacy Proposal

The FCC has proposed new rules to protect broadband users’ privacy, and Free Press filed our comments urging the agency to follow the law and take this important step. We explained that Congress has already made this decision. It’s the Communications Act (not FCC Chairman Tom Wheeler, or advocacy groups like ours) that commands this result. Telecom carriers, including broadband providers, must get affirmative consent from their customers before using or selling their private information. Period.

Nevertheless, some of the current occupants of Congress would rather ignore the law governing agency action. Reps. Fred Upton, Greg Walden and Michael Burgess — the current chairmen of the House Energy and Commerce Committee and two of its key subcommittees — suggest that the FCC should freeze in its tracks rather than adopt strong rules protecting some parts of what they call the Internet ecosystem. Fortunately for internet users, the Communications Act says otherwise.

It’s important to understand why this law makes so much sense. As we’ve said again and again, your broadband provider has a comprehensive view of what you do on the internet. Your internet service provider provides the conduit for everything you see, say and share online. It can monitor the sites you visit and the content you access — and even if you use encryption or other measures to safeguard your identity and information, your ISP can piece together a ton of private information about you.

The Communications Act distinguishes between telecom services like internet access and the information such networks carry. The FCC is charged with ensuring that telecom networks are available to everyone in the United States, on nondiscriminatory terms and at reasonable charges. This means ensuring that the carriers  providing us with wired and wireless broadband connections don’t unreasonably meddle with the communications they carry.

But even if some members of Congress disagree with this reasoning, the law unequivocally commands the FCC to regulate broadband telecom carriers’ privacy practices. There’s nothing in the statute that says “the FCC should protect you from Comcast and Verizon unless Google and Facebook do bad things too, in which case all bets are off.” That wouldn’t make any sense. Why should the FCC refuse to protect users from one kind of threat or harm just because it can’t protect them from every threat or harm?

Does this mean Google or Facebook aren’t jeopardizing their users’ privacy? Of course not. But Congress gave the FCC clear jurisdiction over carriers, and then Congress required those carriers to protect the confidentiality of their customers’ private information. That’s the duty the FCC is enforcing now.

Despite this clear statutory mandate to protect people against privacy invasions by ISPs, companies like AT&T are (no surprise) opposed to new FCC rules that would apply to them. One of the ISPs’ more laughable claims is that they’re really just concerned about consumers — not about, say, improving their bottom line or having carte blanche to do whatever they want.

These ISPs say users would be hopelessly confused if the FCC established regulations for broadband providers that were stronger than the guidelines agencies like the Federal Trade Commission apply to websites, apps and other content providers on the “edge” of the internet. Opponents of the FCC’s proposal claim that regulating ISPs and edge providers differently will give internet users a false sense of security. In fact, in its comments to the agency, AT&T insists that “all but the savviest will assume that the same general privacy rules apply to their mobile operating system (or web browser or coffee-shop Wi-Fi operator) as apply to their mobile ISP.”

That’s nonsense. It ignores the law, the realities of commercial internet usage and the everyday experiences of consumers.

Regardless of what the representatives running the House Energy and Commerce Committee say, ISPs and edge providers are not “similarly situated entities.” They are legally and factually distinct. Congress distinguished between the two when it revised the Communications Act and gave the FCC different powers to regulate ISPs. Whatever validity exists in talking about an internet ecosystem, you’ll search high and low in the current law before you find any mention of it — let alone a basis for claiming that the same rules must apply to all parts of it before we get any protections at all.

Internet users engage with edge providers and ISPs in different ways. As we explained in our own FCC comments, people have a lot more choices when it comes to deciding which edge providers to use. You can choose among search engines, email providers and social media services that reflect your privacy preferences, but there’s no real competition among broadband ISPs — nor much room for entry by new ISPs trying to reach privacy-conscious consumers.

This doesn’t mean there’s no overlap among different agencies’ jurisdictions or the sectors they regulate. There’s quite a bit of overlap, and there’s room for the FCC and the FTC to cooperate too, as recognized in their joint FCC-FTC Consumer Protection Memorandum of Understanding. There’s nothing unusual or confusing about this either.

For example, when you rent a car using a credit card, both the FTC and the Consumer Financial Protection Bureau may regulate the personal information the credit-card company collects. The information the car-rental company acquires may be subject just to FTC oversight, at least at the federal level — but consumers may also have different levels of protection from state privacy regulations, such as Massachusetts General Law Chapter 93H or numerous sections in the California Civil Code.

None of this means we shouldn’t work for stronger online privacy protections across the board, or for new laws that apply those protections to more parts of the internet. But it does mean that the laws on the books protecting broadband users from ISP misuse make sense, and should be enforced.

AT&T can criticize the savvy of its customers all it wants, but those users deserve stronger FCC privacy safeguards, plain and simple. People understand that I Can Has Cheezburger has different privacy policies than Comcast does. That’s how the internet works: Every website and app has its own privacy policy. But about all the FTC can do is ensure that these edge providers abide by their stated policies. Odds are you won’t hear too many people complaining about how “confused” they’d be if FCC rules better protected their privacy.

In their letter last week, Reps. Upton, Walden and Burgess joined in the opposition to the FCC proposal and fell right in line with the broadband industry’s talking point on confusion, pretending that if the FCC proposal were implemented hapless “consumers will be left to question which privacy rules apply.”

Don’t buy the confusion illusion. The FCC’s actions are grounded in the law, while these members of Congress take their arguments straight from AT&T’s script. The strong privacy rules the FCC has proposed pose no risk of confusing anyone. Instead, they give users long-overdue protections.