One of the quietest regulatory battles is happening at statehouses rather than with regulators. The large ISPs and big Silicon Valley companies have joined forces to kill any legislation that would create Internet privacy.
The privacy battle got started in 2016 when the FCC passed new privacy rules that required ISPs to get permission from customers before selling their personal data or browsing history. Those new rules would have gone into effect in April of 2017. But Congress intervened to kill the new privacy rules before they went into effect. In an effort led by Senator Jeff Flake, Congress added language to the Congressional Review Act, the bill used to approve the federal government budget, that rolled back the FCC’s new rules and that also prohibited the agency from introducing new rules that were ‘substantially similar’.
Since that time there have been numerous attempts in state legislatures to provide privacy rights for citizens. According to Michael Gaynor of Motherboard there have been over 70 bills in state legislatures in the last year that have attempted to introduce consumer privacy – and all have failed.
That’s an amazing statistic considering the public sentiment for putting curbs on ISPs being able to use customer data. A Pew Research poll from earlier this year showed that over two-thirds of people support stronger privacy rules.
The legislative failures have all come due to intense lobbying from ISPs. The big telcos and cable companies have always had a strong presence in statehouses and have contributed to campaign funds for key legislators for years. The lobbying effort has paid off many times in the past, but not always. The lobbying effort for the privacy issue has been particular effective since the big Silicon Valley companies like Google and Facebook have joined forces with the big ISPs.
Those two sets of companies are rarely on the same side on issues, but they all have a vested interest in monetizing customer data. The big web companies like Facebook and Google make most of their money by leveraging customer data. The big ISPs are newer to this business line, but they all have acquired data firms over the last two years to help them compete with Google for advertising dollars.
It’s not talked about a lot, but Silicon Valley firms now spend more money on lobbying in DC than the big ISPs. These companies are newer to lobbying at the state level, but the privacy issue has drawn them into local lobbying in a big way.
The privacy laws passed by the last FCC are similar to those in effect in Europe. Web users there get the choice to opt out of being tracked by online companies and ISPs. Interestingly, a lot of people in Europe elect to make their data available to the web companies. Many people like the personalized advertising and other benefits that comes along with the surveillance. It turns out that many people, particularly Millennials don’t mind being tracked, and are not opting out. Apparently, though, that’s not good enough for the big web companies who want to track everybody online.
There are still ways for consumers who don’t want to be tracked to reduce their web presence. People can use VPNs to bypass their ISP, although there is still a risk of the VPN provider harvesting their data. There are several companies working on creating an encrypted DNS service that hides web searches from ISPs. Numerous people (like me) have dropped services like Facebook that are openly tracking everything done inside the platform. Search engines like Duck Duck Go, which don’t record web searches are growing in popularity.
Of course, one of the best ways to cut down on surveillance is to change service to a small ISP. Small telcos, WISPs, fiber overbuilders and municipal ISPs don’t track and monetize customer data. Unfortunately, most people don’t have an option other than a big ISP. I always advice my clients, who are all small ISPs to emphasize that they don’t spy on their customers – it’s a strong selling point to people who care about privacy.