In case you haven’t heard, Congress passed Senate Joint Resolution 34 on March 28th, 2017. The motion was signed by President Trump on April 3rd, meaning that it is now American law. With a 50-to-48 vote in the Senate, and a 215-to-205 vote in the House of Representatives – both relatively along party lines – Congress has decided to abandon the FCC’s broadband Internet privacy rules.
These rules were part of a larger FCC initiative, the Open Internet Order, which was developed under the Obama administration in 2015 and 2016 to protect American Internet users’ data from undue interference by Internet service providers. The rules would have made it more difficult for American ISPs to collect (and potentially sell or give away) their customers’ Internet activity data without their explicit knowledge or consent. During the hour-long debate preceding the vote, many points were raised for and against these rules, which were supposed to come into force in March. But now that SJR34 is law, they never will.
Since the FCC’s online privacy protections have been scrapped, there will be no new restrictions on the ability of your ISP to collect, share, or sell certain information about what you do on the Internet, at least for now. They still won’t have to tell you what information they’re collecting, directly ask for your permission to collect it, or let you opt out of allowing them to collect it.
Don’t panic, though! We’re going to break down exactly how this will affect you in the coming years, and give you some suggestions for what you can still do to protect your privacy on the Internet. We have your back, even if the government has said that they won’t.
Why the repeal of the FCC’s privacy rules (re-)opens the door to a big privacy problem
When you’re using a website, you can view its privacy policy to see whether it will collect and sell information on how you use it. If it does, and you’re not okay with that, you can use a different website that does the same thing but doesn’t track and sell your activity data. However, many people don’t have nearly as much choice when it comes to selecting an ISP. Because of their location or financial situation, they may only be able to get their Internet access from one of America’s “big four” ISPs: Verizon, Comcast, AT&T, or Time Warner Cable.
Without rules like the ones that Congress just struck down, it’s entirely possible that America’s major ISPs will one day make collecting and selling their users’ Internet activity data a widespread practice. And if Americans don’t have any competing ISP companies (that presumably promise not to track and sell Internet activity data) to switch to in their area, they may have to choose between paying for their Internet access with their money and their privacy, or not using the Internet at all.
What the demise of the FCC’s privacy rules might mean for you
1. Your ISP can collect your data and sell it to the highest bidder.
Though many Internet companies track and sell your Internet data already, they can usually only do so when you use services that they own. However, if your ISP starts doing it, they would have access to data on all of your Internet activity. Everything you search for online, every app you use, and even where on Earth you’re using the Internet at any given time – all of it could be tracked and sold. Here are some examples of information you might give out every day that could go to the highest bidder:
Location – where you are, at any given time, if location services are enabled on your devices.
What this could mean: Anyone can know roughly what city you live in, and track the places that you like to visit. For example, companies will know what other businesses like them that you visited, when you visited, and possibly what you bought.
Travel habits – where you’re thinking of going on vacation.
What this could mean: If travel companies know that you’re planning a trip somewhere, they can jack up the prices to that destination.
Using search engines – what you’re researching and your personal information/curiosities.
What this could mean: Would you still press “Enter” on every Internet search that you do if you knew someone was looking over your shoulder? For example, would searching for information about medical problems be too embarrassing if you were constantly shown advertisements for remedies everywhere you went online?
2. Think about how other Internet services that you use protect your privacy, or don’t.
While ISPs may not yet be collecting and selling your Internet activity data en masse, a lot of other services you use on the Internet probably already do. That’s why their privacy and data collection policies are even more important to review and understand now. And it’s why you should never ever use a website or app without reviewing its policies and terms of use.
Think about websites and services that are “free to use,” like Google or Facebook. They make a large portion of their money from targeted advertisements that they think you want to see, based on how you use them and where you go through them. Maybe you should consider using another service that doesn’t collect and sell your Internet browsing habits to advertisers, even if it charges money for use. Paying for privacy isn’t ideal, but depending on your situation, it may be better than the alternative.
3. There will be less competition for your business.
Many Americans already have a limited number of ISPs to choose from. In fact, those who live in rural or remote areas may only have one ISP as an option to them. This lack of competition among ISPs is a huge obstacle to Internet access in the United States. Unfortunately, now that Congress has stopped the FCC from leveling the playing field with their new privacy regulations, it’s likely only going to get worse.
If there are no rules stopping ISPs from collecting and potentially selling your Internet activity data without your knowledge or permission, then who’s to say they wouldn’t? It’s possible, though unlikely, that some ISPs may go for the “good guy” image and promise not to collect and sell your Internet data – or at least ask you if it’s okay first. However, for the ISPs that have little to no competition in an area, there is little incentive to play nice with their users. They stand to continue raking in the profits because they know that their customers have to play by their rules, since not having Internet access is increasingly becoming a huge liability.
4. If your ISP provides you other services, your habits for those might be tracked as well.
Many people choose to “bundle” their telecom services because ISPs offer discounts for subscribing to more than one service from them. But that potentially allows people’s ISPs to track and sell the data from other activities, too, such as watching television or talking on the phone. You may need to start thinking about whether the privacy of your television viewing habits is worth more than the few dollars a month you might save from bundling your services with one provider.
What can you do about ISPs – or anyone else – potentially spying on your Internet habits?
1. Browse the Internet using a virtual private network (VPN).
A virtual private network, or VPN, is a service that allows you to securely connect to the Internet over a dummy network that helps keep your online activity from being tracked. Oftentimes, this involves redirecting your Internet traffic through a server in a different country, so websites and apps hosting you – as well as your ISP – have a tougher time figuring out where you really are in the world. Not only does this make your Internet browsing habits more difficult to trace back to you, but it also sometimes allows you to access websites and apps that are blocked in certain regions.
Note, however, that some websites (like Netflix) are getting more successful at recognizing and blocking Internet traffic coming from VPNs. So, be aware that you won’t be able to access certain services when using a VPN, at least not without going through additional security checks. Another danger to be mindful of is the fact that VPNs funnel a lot of Internet traffic through a few select points, so they are particularly vulnerable to cyber attacks.
2. Switch to an ISP that won’t collect/sell your data without permission.
It’s possible that some Internet service providers may choose to advertise themselves by promising not to collect or sell your Internet activity data, at least without asking your permission first. Do some research to see whether or not any companies like this exist in your region, and look into each specific company you find to make sure that their policies line up with what they say they’re going to do (or not do, in this case).
3. Don’t stay signed into all your accounts on the Internet constantly.
Though it may seem convenient, don’t stay signed into your accounts on the websites and Internet apps you use all the time. If you’re constantly signed into Google Chrome or Facebook, you can bet Internet marketers will know to go there to scoop up your Internet data and target you with ads. It’s also a security risk, since you might allow a hacker to access an account without having to guess its password first. Try using two Internet browsers throughout the day, or choosing a private search engine like DuckDuckGo – or, better yet, a private web browser such as Tor – that doesn’t track your search or browsing habits.
4. Use only SSL-secured (HTTPS) websites.
Sites with “HTTPS” in the URL rather than just “HTTP” are SSL-secured. This means your data is encrypted on these websites, so an ISP can still see that you’re on the site (as well as how long you’re there), but they won’t be able to see the actual content you are viewing. Currently, ISPs don’t often do this anyway, because the time it takes to mine through all of the data doesn’t make it profitable or otherwise useful. But without new regulations like the Open Internet Act to restrict practices like this, who’s to say that ISPs won’t find a more efficient way to do it in the future?
5. Voice your concerns.
Call your ISP and talk to them! Discuss your concerns over the collection and sale of your Internet data, and explain what you want to see your ISP do about them. If enough people put pressure on ISPs to respect their online privacy, these companies may change their policies. At the very least, there’s no real harm in calling your ISP and letting them know that you’re aware of the issues.
6. Stay informed and take action.
It is, unfortunately, too late to stop SJR34 now. However, there are still things that you can do to make your government representatives aware that you are concerned about your privacy online, and that you are displeased with their collective refusal to support initiatives like the FCC’s broadband Internet privacy rules. For example, this clever crowd-funding campaign raised money in an attempt to buy the Internet activity data of the politicians in Congress who voted in favor of SJR34; they raised over $50,000 in their first week of fundraising!
At the very least, you should contact your local representative in Congress and let them know that you are paying attention to this issue. Explain that you expect them to support legislation like the Open Internet Order that protects Americans’ Internet activity from being spied on or meddled with by ISPs. Also insist that they oppose motions like SJR34 that aim to dismantle these safeguards. And tell them that, if they act otherwise, you won’t be voting for them – or their party – in future elections!
Just remember that, while there are things you can do to protect your privacy, no method is foolproof. The best thing to do is lobby your representatives in Congress – either on your own, or through an organization like the Electronic Frontier Foundation – to enact laws that protect your Internet privacy, so you don’t have to take matters into your own hands. Make your opinion heard, and fight for your online rights! Next time, let’s not wait to defend online privacy until it’s too late.
