On July 27, Washington, DC’s Office of Cable Television, Film, Music, and Entertainment proposed a set of rules restricting the city’s internet service providers from selling customer data and browsing history without their consent.
The proposal seems basic, commonsense and broadly supported by the public. And, if recent history is any judge, it’s doomed to failure.
Rewind back to March 2017: Congress voted to overturn a yet-to-take-effect Obama-era FCC regulation requiring ISPs to get permission from customers before collecting their data and selling it to advertisers. It was a victory for corporate giants like Comcast and Verizon, who nevertheless assured everyone that they had no intention of selling their customers’ internet histories.
In the wake of that repeal, about half of the country’s states chose not to take the ISPs at their word, and began crafting their own legislation to restore the FCC’s rules within their borders. Washington, DC is the latest example, and the National Conference of State Legislatures shows close to 70 similar bills on state dockets this year. So far, not a single one has passed.
The reason, according to online-privacy experts, is the lobbying muscle of the telecom and internet industries. “Companies have a lot more resources to send in lobbyists to argue against these bills,” said Natasha Duarte, policy analyst at the Center for Democracy and Technology. “Especially when were talking about state legislatures, things move really quickly.”
Only two states, Nevada and Minnesota, currently enforce privacy requirements on ISPs, according to Eric Null, policy counsel at the Open Technology Institute. But, Null says, those regulations actually predate Congress’s repeal of the FCC rule (in the aftermath of that repeal, Nevada also passed a bill to enhance the state’s existing privacy protections).
To see how a privacy bill can falter, look at California. Last year, the state’s landmark privacy bill, AB 375, stalled out due to pressure from telecom and Silicon Valley lobbyists. The Electronic Frontier Foundation called it “a massive misinformation campaign,” complete with ominous advertisements showing a child staring at a computer screen, with text claiming that AB 375 would make people more vulnerable to pop-ups, hackers, and cyber attacks.
“They made these vague arguments about why it would be bad for consumers and business,” said Duarte. “They brought a lot of lobbying power to stop it from getting a vote.”
Last June, AB 375 resurfaced, this time heavily amended and rushed through to passage with plenty of input from lobbyists. Duarte said that compared to the original, the new version had been “gutted,” and they were “two completely different pieces of legislation.”
In April, Oregon passed a major net-neutrality bill–an achievement in and of itself–but only after pro-privacy portions in earlier versions were amended out.
“Net neutrality is slightly easier because it’s become a cause célèbre, it’s very popular,” said Katharine Trendacosta, policy analyst at EFF. “The thing you run into with ISP privacy is all the companies are on the same side.”
She explained that while Google and AT&T might be on different sides of an issue like net neutrality, ISP privacy laws create a formidable alliance between tech companies and telecom corporations: “Every internet company is on the same side in privacy bills. They don’t want them. It’ll hurt their bottom line.”
With controversies like Facebook’s Cambridge Analytica scandal piling on the public’s consciousness, Trendacosta said she’s seeing a general uprising in the realm of internet privacy. But it’s especially important for potential legislation to focus on regulating what data ISPs collect and sell, not just Facebook. A social-media site only collects what information you give it, she said, while ISPs are one’s primary method for accessing the internet, and thus, could essentially collect anything.
Also, unlike social media, consumers rarely have a choice when it comes to their internet-service provider.
“The vast majority of people only have one option for their internet provider in their area,” said Trendacosta. “If you don’t have a choice, it doesn't matter if they have bad privacy policies–you’re gonna have to go with them. That’s why it’s important to have legislation.”