On Tuesday, the House of Representatives voted to repeal privacy rules that prevent internet service providers (ISPs) from getting consent before sharing their customers' information. A week after the Senate approved the repeal, President Donald Trump's signing off is the final step before the privacy protections are officially gutted.
The rules, which were passed by the Federal Communications Commission back in October, would have required ISPs to get explicit consent from customers before selling their web browsing history and app usage data to the highest bidder. They hadn't gone into effect yet, and the first provision would have gone into effect earlier this month had FCC chairman Ajit Pai not blocked it.
Gizmodo points out that the rules were repealed using the Congressional Review Act, which was implemented only once before Trump went into office but has been used a whopping seven times in the past couple months. Republican lawmakers have opposed the rules, saying that the rules target internet providers while offering an advantage to other web companies like Facebook and Google, which are not bound by the FCC.
"We are one step closer to a world where ISPs can snoop on our traffic, sell our private information to the highest bidder, and pre-install spyware on our mobile phones," Jeremy Gillula, a senior staff technologist for the Electronic Frontier Foundation, told BuzzFeed.
So what does this mean? In essence, your ISP ould sell your personal information without your permission—a potentially grave scenario, considering it's quite difficult to prevent monitoring by internet providers. They can also use this information to further push targeted advertisements.
In addition, ISPs can use hidden tracking "supercookies" on our phones, which cannot be deleted and are used by major companies such as Verizon. As Gizmodo highlights, your ISP still has to allow you to opt out of having your information sold, so you can contact your ISP to figure out how to do that—but that doesn't mean that this isn't a major loss for personal privacy.
3 VERY INVASIVE THINGS Your ISP COULD DO If The PRIVACY RULES Are REPEALED:
1. Selling Your Browsing History
"The consequences of repeal are simple: ISPs like Comcast, AT&T, and Charter will be free to sell your personal information to the highest bidder without your permission — and no one will be able to protect you," wrote Gigi Sohn, counselor to former FCC chairman Tom Wheeler, in an op-ed at the Verge Monday.
While Americans can use free browser tools to block many types of web tracking, monitoring by internet providers is much harder to prevent. "Your ISP is in a privileged position, where they can see everything," said Gillula, who has written about the "creepy" data collection that ISPs can conduct if the regulations are gutted.
"Any attempt to block the ISP from monitoring you, they have the power to override," Ernesto Falcon legislative counsel at EFF, told BuzzFeed News.
2. Compiling Internet Profiles And Injecting Targeted Ads
"There are major medical, financial, and legal websites — like the US Courts, for example — that are largely unencrypted. ISPs will be able to build detailed profiles of their customers — knowing when they're at vulnerable points in their lives — and sell that information to practically whomever they wish," Gaurav Laroia, policy counsel at Free Press, told BuzzFeed News. If someone is visiting a medical website, for instance, third parties can infer what illnesses they may suffer from, revealing sensitive health information.
"It's well-established that these internet companies are looking hungrily at companies like Facebook and Google; they want in on that advertising action," Jay Stanley, a senior policy analyst with the ACLU, told BuzzFeed News. "This is an effort by them to preserve the ability to monetize people's information. And without these rules, they are going to plow forward."
3. Deploying Hidden Tracking Cookies On Our Phones
Following a 15-month investigation, the FCC settled with Verizon Wireless last year over the company's use of so called "supercookies" — tracking code that could not be deleted, which Verizon used to monitor customers' online activity without their permission.
"It didn’t matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway," the EFF's Gillula wrote. The browsing history, according to the FCC, was collected for several years without consent; Verizon and other third party companies used it for targeted advertising.
For privacy advocates, pervasive data collection of your internet activity can be enormously invasive. "The websites you visit can indicate information about your financial life, you sexual life, your medical life, what disease you have, what diseases you might be worried you have," said Stanley.
"We don't even know what other derivative uses exist, because no one has ever had this type of information on consumers," Falcon said, referring to new types of data collection and novel forms of the sale of personal data. "That's what's most frightening."