In Rescinding the FCC's Consumer Privacy Protections, Republicans in Congress Should Not Get a Free Pass

-- By JohnOMeara - 11 Jan 2018

Congress Passes Two Laws Infringing on Internet Freedom

In 2017, Republican Party policymakers generated widespread outrage for two reversals of Obama-era policies concerning Internet privacy and freedom––apparently catering to telecommunication giants.

Of the two, the recent repeal of the FCC’s 2015 rules supporting net neutrality triggered more, and more sustained, public outcry. Since President Trump appointed FCC Chairman Ajit Pai on January 23, 2017, the prospect of net neutrality repeal provoked strong preemptive opposition among individuals, politicians, online businesses, and consumer protection groups around the country. Congressional Republicans and President Trump supported Chairman Pai’s march to pull back regulations implemented under his predecessors. On April 26, Chairman Pai proposed repealing net neutrality protections, eventually proffering a new set of lesser regulations called “Restoring Internet Freedom.” Subsequently, the APA-mandated notice and comment period was marked by peculiarities in its public comments and glib nose-thumbing from Chairman Pai. Chairman Pai’s proposal engendered disappointment and anger from politicians (Democrats, largely but not exclusively), online communities such as Reddit and Facebook, and leaders in the tech industry. For months, the public’s attention was captured––if ultimately ignored. On December 14, three FCC commissioners finally voted to repeal net neutrality protections. Democratic politicians and free Internet advocates immediately seized on the unpopular move, generating campaign fund donations and political goodwill by vowing to re-implement net neutrality protections through legislation and in court.

The First Such Law Presents Political, Not Legal, Challenges

The prior policy reversal took a different form, and it will be more difficult to staunch the damage to personal freedoms. Several months before the net neutrality repeal came to pass, a thin majority of Republicans in Congress removed Internet user protections concerning the privacy and property of their web activity. So far, this reversal does not appear to carry the same political price as net neutrality. I argue it should.

The first salvo in the Republican Party’s battle against Internet freedom was not an FCC action. Rather, the Republican-controlled Congress lifted the Congressional Review Act, Pub.L. 104—121, from obscurity and wielded it to dismantle regulations from President Obama’s last months in power. (Before the Trump administration, the Congressional Review Act was successfully invoked only once, in 2001. President Trump has signed 15 Congressional Review Act bills at time of writing, the most recent in November 2017.) On March 7, 2017, Senator Jeff Flake of Arizona introduced a bill -- S.J.Res. 34 -- to nullify the FCC’s “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” rule, which then-FCC Chairman Wheeler promulgated on December 2, 2016, to vest the FCC with jurisdiction to regulate and enforce Internet privacy security. Sen. Flake serves as the Chairman of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, and his office characterized the repeal bill as a “resolution to protect consumers from overreaching Internet regulation.” By March 28, 2017, Sen. Flake’s bill narrowly passed both houses; President Trump signed the bill into law on April 3.

The FCC's Privacy Protection Rules

During its brief existence, the “Protecting the Privacy of Customers of Broadband and Other Telecommunication Services” rules appeared to be a no-brainer consumer protection mechanism. Under the rule, pursuant to the FCC’s power to regulate ISPs under Title II of the Telecommunications Act of 1934, the FCC imposed a duty for ISPs to protect the privacy of their customers’ Internet activity:

… Privacy rights are fundamental because they protect important personal interests—freedom from identity theft, financial loss, or other economic harms, as well as concerns that intimate, personal details could become the grist for the mills of public embarrassment or harassment or the basis for opaque, but harmful judgments, including discrimination. In adopting section 222 of the Communications Act, Congress recognized the importance of protecting the privacy of customers using telecommunications networks. Section 222 requires telecommunications carriers to protect the confidentiality of customer proprietary information. By reclassifying BIAS [“Broadband Internet Access Service”] as telecommunications service, we have an obligation to make certain that BIAS providers are protecting their customers' privacy while encouraging the technological and business innovation that help drive the many benefits of our increasingly Internet-based economy. (81 FR 87274, § 1, eff. Jan. 3, 2017.)

... And Why Internet Users Need Those Privacy Protection Rules

“Protecting the Privacy of Customers of Broadband and Other Telecommunication Services” identified three tenets of Internet privacy: “transparency, choice, and security.” (81 FR 87274, § 7.) The rules applied the privacy requirements of the Telecommunications Act of 1934 to ISPs, established guidelines for securing personal or proprietary information and web log data, and adopted common sense notification requirements in case of security breaches. The rules also prohibited ISPs from selling users’ information without notification and consent; wise, as interpreting Big Data commoditized consumer behavior information. In effect, the new regime transferred oversight and enforcement mechanisms from the Federal Trade Commission to the FCC. Telecommunication corporations such as Verizon leaned against the rule, insisting that they (a) did not already sell user data to advertisers and (b) would not do so in the future. The telecoms argued that the rules were a solution in search of a problem.

It has not been reported whether or under what terms telecoms are indeed selling Internet users’ Internet activity information to third-party corporations. That speaks to the nub of the law. Absent the FCC’s oversight, the relatively weaker regulatory regime at the FTC is left to police such activity, and practical results are occluded from public view.

The Rupublican Party Should Bear the Full Political Weight of Their Deregulatory Scheme

Unfortunately, the status quo will remain in place until and unless Congress reverts to an Internet policy agenda that favors privacy and personal freedoms over corporate rents. The Congressional Review Act contains a provision, at 5 U.S.C. § 801(b)(2), that states a rescinded agency rule may not be re-administered in any substantially similar form “unless the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule.” This complicates the work to be done in the public’s interest. House Republicans passed the law 215–205, and Senate Republicans passed it 50–48, and they face relatively little political heat for this decision. Their justifications don’t hold up. We, the public, should not hold them up, either.