When the FCC changed how it classified the Internet almost a year ago, they did it so that they could usher in new net neutrality rules across the web. But some groups think they could use it to do even more.

Credit: perspec_photo88Last February the FCC changed its rules to start governing the Internet as a telecommunications service it did so with one purpose mainly in mind: Under Title II of the Communications Act, the FCC now had the clear, legal authority to enact net neutrality guidelines on the Internet. Which they did. But now a coalition of nearly 60 consumer advocacy groups wants to see if they can use that power for additional Internet regulations. Though the two-pronged approach is high-minded, the FCC could really shake up the game if they were take up the ideas.

Data Breaches

These days no one seems to be safe. Over the past couple of years, data breaches are getting more commonplace, and with bigger targets.

Though President Obama announced an initiative last year to improve consumer security, and the FTC won the rights to being top cop with respect to cybersecurity, overall the federal response to data breach is moving glacially relative to the speed of the web.

The coalition’s letter echoes those desires, and calls on the FCC to provide notices on data breaches, as well as hold broadband providers accountable for any failure to take sutible precautions to the protect personal data collected. In the letter, they echo FTC Commissioner Julie Brill’s stance that now that the reclassification of Internet could allow the FCC to become a force to be reckoned with in this arena:

As Commissioner [Brill] stated in a recent speech on broadband and privacy, the Federal Communications Commission’s (FCC) reclassification of broadband as a Title II common carrier service adds it as “a brawnier cop on the beat” on privacy issues. She welcomed the opportunity for the two agencies to work in cooperation to create “strong consumer privacy and data security [that] are key ingredients of our data-intensive economy, including the practices of broadband providers.”

…The FCC is now well positioned to take its place as that ‘brawnier cop on the beat’ focusing on broadband providers…[and] also provide for notice of data breaches, and hold broadband providers accountable for any failure to take suitable precautions to protect personal data collected from users.

The FTC hasn’t been shy about its big data concerns in the past. By teaming up with the FCC, they might be able to put their money (and other resources) where their regulatory mouth is, and firmly establish what reasonable security practices look like on either end of the issue. After all, some of that falls to what providers are asking their customers to agree for.


Affirmative Consent

Chances are, the average consumer doesn’t know how much data they have out in the world, let alone that’s been collected on them in their lifetime. The coalition, which includes the ACLU; Consumer Watchdog, and the World Privacy Forum; wants to change that. In their letter, addressed to FCC Chairman Tom Wheeler, they specifically asked that the FCC develop a system where consumers had more say in what data was collected and used by the services they use.

“We therefore strongly urge that the FCC move forward as quickly as possible on a Notice of Proposed Rulemaking proposing strong rules to protect consumers from having their personal data collected and shared by their broadband provider without affirmative consent, or for purposes other than providing broadband Internet access service,” states the letter. “In addition, the rules should require broadband providers to clearly disclose their data collection practices to subscribers, and allow subscribers to ascertain to whom their data is disclosed.”

That’s a lofty goal, but it’s one consumers desperately need. Though it may seem overwhelming to have to register what each and every gadget, app, or website is collecting, it’s one of those best practices that pays off in the long run. Though data collection tends to conjure up images of the NSA, Fred Abrams notes in a post on the Asset Search Blog that collection practices are everywhere—and lucrative:

According to the 60 Minutes episode, the end result is that people “are making dossiers…about individuals” and “[t]he largest data broker is Acxiom, a marketing giant that brags it has, on average, 1,500 pieces of information on more than 200 million Americans.”  If you are not already convinced that the private sector’s collection of your personal information violates your privacy, perhaps Senator Richard M. Burr’s recent speech will convince you.  As the transcript available here demonstrates, the Senator suggested during his speech last week that your private sector grocery store collects more information about you than the National Security Agency does.

The amount of information being collected by almost any site, program, or app gives a fairly comprehensive view of consumer behavior, but without leaving much room for privacy protections, which remain largely unclear. As it stands now, there’s not much recourse for consumers to avoid data collection, and with the Internet being such an overwhelming and increasingly large part of daily life, that’s a whole lot of potential for discriminatory practices. The FCC taking steps to make some “commonsense protections” as the letter calls them could lead to broader, easier, and more effective adoption and use of the Internet.

Of course, as always, none of this is set in stone. The FCC itself is still awaiting the D.C. Circuit’s judgment as to whether or not its net neutrality means are legitimate. But if they did, the law might just be able to keep pace with cybersecurity threats.