Congress has sold off your privacy—and U.S. security

Allowing ISPs to sell your data isn’t only about eroding online privacy. It’s also dangerous to U.S. national interests

Congress has sold off your privacy—and U.S. security
Thinkstock

If you’ve read my blog over the past decade, you probably noticed that I stopped writing it last summer. After 12 years, I took a break that has extended longer than anticipated while I engaged in other stuff.

But recent events have pulled me back into the fray. I’m talking about the passing of S.J. Res. 34, which reverses the FCC privacy rules for ISPs.

Those rules were instituted very recently by the FCC under President Obama but are now poised to be scuttled completely by the Republicans. The only remaining step is a signature from the President, which will certainly come.

I strongly believe the bill represents a danger not only to consumer privacy, but also to our national security interests.

If certain data collected by ISPs land in the hands of foreign hacking groups or hostile foreign governments, it could quickly become blackmail fodder and disrupt the normal function of our government and society. This is not an exaggeration. Anyone paying the slightest attention to the smoke billowing from Capitol Hill and the White House would be foolish to dismiss this possibility. Moreover, foreign governments wouldn’t have to hack anything to get this data: They could simply buy it.

The bottom line is that ISPs will be able to sell the browsing habits and internet usage details of their customers without requiring consent. The weak argument for allowing this is that entities such as Google and Facebook can accumulate usage data and monetize it—why shouldn’t ISPs be able to do the same? Another argument is that ISPs can’t actually collect much data on browsing or internet usage since much of the traffic is encrypted.

Your history: An open book

Before we dissect those claims, let’s set the stage. First, data that’s collected on internet use by an individual or household, even if distributed in an “anonymized” fashion but with unique identifiers, can ultimately be traced back to that individual or household. We need only to look at the AOL search data leak on 2006 to see how simple this is. 

Second, that data is collected and stored somewhere in identifiable form, and if the security of that data is breached, then it’s the equivalent of everyone’s browsing history leaked to one or more third parties. 

Third, comparisons to Google are not intellectually honest, because Google services are not required and are offered for free. If you use their services, then you choose to let them access at least some of your data. 

Fourth, ISPs can collect a lot of data from their customers, even if the customers access encrypted sites. DNS queries sent to ISP servers or even third-party DNS servers can be used to determine which sites are accessed. That alone may be sensitive information. Many sites do not use encryption, so all data transactions can be cataloged. Email that is stored on ISP servers can be mined for information. Email transmitted through insecure means (common, unfortunately) could be fair game. 

The harsh reality

In 2017, allowing ISPs to monetize and distribute data on their users is no different than having someone follow you around all day recording your every move, then selling that information.

ISPs control internet access and can see every packet sent to or from their users, not only the traffic that’s sent to or from certain websites like Facebook and Google. Sure, many popular sites track your moves, but you’re not their paying customer, and they don’t literally know where you live or own data connections to your home.

Also—this is very important—in most locations in the United States, only one ISP offers reasonable internet services and bandwidth. In many locations, you cannot opt out of this privacy invasion by signing up with a competitor because there is no competitor.

The only reason the FCC ISP privacy rules should be reversed is to put in stronger protections. Outright reversal holds no benefit for any U.S. citizen or our national security. It only serves the voracious appetites of the major ISPs. And they have paid their congresspeople well.

I wish that my return to InfoWorld could have been on a more positive note. Yes, the internet has a history of routing around institutional affronts to privacy. But if the problems are inherent in the internet access itself, this barrier may be more challenging than most.