The feds want to keep your broadband provider's nose out of your online life

Companies say they're just trying to deliver more relevant ads, but consumer advocates contend we need stricter rules about what Internet providers can see.

Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
Marguerite Reardon
3 min read

Is that pop-up ad on your phone for a diaper discount annoying or helpful when you walk into the grocery store? That may be what's at stake as the US government looks to make online privacy its next priority.

The Federal Communications Commission is preparing a proposal that lays out new rules governing how broadband providers handle your online activity. The rules would put the FCC in charge of consumer privacy, a duty previously handled by the Federal Trade Commission.

The proposal comes amid heightened concern about personal privacy, thanks to the ongoing fight between Apple and the FBI over whether the government has the right to compel a company to create a "backdoor" into our devices. It also comes just days after the FCC fined Verizon $1.35 million for using technology that allowed marketers to track its customers' online activity. Internet providers argue they merely want to deliver relevant advertising to consumers, but privacy and consumer advocates worry that the information could be exploited or hacked.

The FCC is using Net neutrality rules, which it passed a year ago, as the foundation for the new regulations. The Net neutrality rules have given the FCC new authority by reclassifying broadband as a utility like a telephone network.

The agency could begin circulating its proposal this month, according to testimony that FCC Chairman Tom Wheeler gave last week to a Senate subcommittee.

FCC Chairman Tom Wheeler

FCC Chairman Tom Wheeler says a proposal about how broadband providers can track your online activity may be released to the public this month.

Marguerite Reardon/CNET

Privacy and consumer advocates are calling on the FCC to create stringent regulations that would limit how broadband providers can track their customers' activities on the Internet. In a letter to the FCC last week, 12 privacy groups called these tracking practices "invasive and ubiquitous."

Internet service providers like Comcast and Verizon, meanwhile, have expressed a desire for looser restrictions that will let them experiment with more-targeted advertising. On March 1, five telecom and cable trade groups, including the CTIA wireless association and the NCTA cable group, sent their own letter to the FCC. Their letter calls for "flexible" rules similar to the FTC's guidelines that look for unfair or deceptive conduct.

"Consumer information should be protected based upon the sensitivity of the information to the consumer and how the information is used -- not the type of business keeping it, how that business obtains it, or what regulatory agency has authority over it," they said in the letter.

The broadband providers are already trying to get the Net neutrality rules thrown out and are awaiting the outcome of a federal lawsuit challenging the agency's authority.

A complex issue

The FCC gave hints of its direction when it settled with Verizon over the use of so-called supercookies, which are bits of code that track activity and can't be easily erased. As part of the settlement, Verizon changed its policy so consumers must actively choose to participate in the program, rather than being automatically enrolled.

The change signals that the FCC is interested in giving consumers more control over their personal data.

Some question whether stricter regulation on Internet service providers is necessary. Peter Swire, a law professor at the Georgia Institute of Technology who worked as chief privacy counsel in the Clinton White House, co-authored a report last month that indicates Internet providers have access to less personal information from consumers than previously thought.

Instead, online players such as Google, Facebook and Twitter, along with messaging apps like Snapchat, collect far more data about consumers that is used for advertising. Those online and app companies don't fall under the jurisdiction of the FCC.

The information that broadband providers can get from consumers is minimal, according to the report. A large reason for this is the rise of encryption, which scrambles data so that it can't be read by those lacking the proper credentials. The top 10 websites use encryption by default, so Internet providers aren't able to see what information customers are accessing online.

"The evidence does not support a claim that ISPs have 'comprehensive' knowledge about their subscribers' Internet activity," Swire's report concludes.

Still, privacy advocates say it's important for the FCC to make sure privacy regulations for broadband match those of other networks it oversees. The agency currently regulates privacy for cable TV networks and telephone service, and advocates say it's done a pretty good job.

"I've never heard anyone say, 'Gosh I wish I had less protection than I have on my voice telephone line,'" said Harold Feld, senior vice president at consumer advocacy organization Public Knowledge.