Joint Resolution to Eliminate ISP Privacy Rules Passes in Congress

Jon Brodkin, Ars Technica:

The US House of Representatives voted Tuesday to eliminate ISP privacy rules, following the Senate vote to take the same action last week. The legislation to kill the rules now heads to President Donald Trump for his signature or veto.

The White House issued a statement today supporting the House’s action, and saying that Trump’s advisors will recommend that he sign the legislation. That would make the death of the Federal Communications Commission’s privacy rules official.

Though this joint resolution does not create nor eliminate any rules already in place, Please see update below. its approval gives a green light for ISPs to track customers’ browsing activity and sell advertising against it without their explicit consent.

The vote was virtually along party lines, with just fifteen Republicans joining the Democrats in voting against the bill. Six Republicans and three Democrats abstained. Because this was passed under the Congressional Review Act, once signed, the FCC will never again be able to create similar rules.

Emmett O’Keefe of the Data and Marketing Association, a lobbying group for advertising companies, reacted to the vote:

If these rules were to be enacted, they would disrupt the framework that has allowed the marketing ecosystem to responsibly use data to develop vital services that consumers now rely upon while also injecting dynamic innovation and growth into the U.S. economy. This framework is backed up by strong industry self-regulation, enforced by DMA and other partners, and continues to protect consumer privacy. Today’s vote keeps that system – and the responsible use of data – in place, and is a signal that the current self-regulatory system works.

What a load of crap. When Verizon and AT&T quietly began tracking mobile users with a non-deletable identifier in 2014, privacy advocates reacted with appropriate outrage. Even after opting out, Verizon continued to track their customers — they simply did not sell ads against users’ history.

After the press began reporting on the use of these “super” cookies, AT&T stopped using them, but Verizon kept going until the FCC fined them $1.35 million.

Julia Angwin, ProPublica:

However, the settlement does not apply to Verizon’s tracking of its customers who visit the 40 percent of websites that use AOL’s ad network. That is because Verizon owns AOL, and therefore it is not considered a third party that requires opt-in.

That means that unless Verizon users opt out, they can still be identified when they use their smartphone or tablet to browse Web pages containing AOL’s tracking code.

The advertising industry cannot self-regulate; it is positively addicted to data collection. They dream of nothing more than creating vast profiles for each of us and targeting them with new advertising products. By visiting practically any website or using any service, we’re assumed to have opted into whatever data collection policy they have in place, and it is becoming increasingly difficult to opt out — even using a VPN is no longer sufficient.

American legislators had the opportunity to restrict that disturbing trend, if only by a little bit. They could have began enforcing the FCC rules drafted last year. Instead, the Republican party elected to put the creepy desires of ISPs over the privacy of their customers.

I wonder if legislators in the porn watching capital of America are aware that their favourite websites probably aren’t secure and, thus, will be part of their advertising profile.

Update: Contrary to what I wrote earlier, the privacy rules were implemented in October though these rules were not considered final. I apologize for my confusion on this. I’ve updated the headline for accuracy.