Looks like Pandora's "Internet" box is now open...
Regards
Craig
http://www.nytimes.com/2016/03/11/technology/fcc-proposes-privacy-rules-for-internet-providers.html?ref=technology
F.C.C. Proposes Privacy Rules for Internet Providers
WASHINGTON — Federal regulators on Thursday proposed a set of privacy rules for
Internet service providers that would significantly curb the ability of
companies like Comcast and Verizon to share data about their customers’ online
activities with advertisers without permission from users.
In the proposal, before the Federal Communications Commission, the agency’s
chairman, Tom Wheeler, called for broadband service providers to disclose
clearly how data may be collected about users’ online browsing and other
activities. The plan also called for the companies to bolster the security of
customer data.
The proposal, if approved, would for the first time establish privacy rules for
the companies that manage the traffic of the web and would create some of the
strongest privacy regulations for any segment of the technology and
telecommunications industries. They represent the first major regulatory action
involving broadband providers after the F.C.C.’s declaration last year that
high-speed Internet carriers should be treated like utilities.
In a statement, Mr. Wheeler said that since Internet service providers handle
all network traffic, the companies have a “broad view of all of your
unencrypted online activity.” He added that “even when data is encrypted, your
broadband provider can piece together significant amounts of information about
you — including private information such as a chronic medical condition or
financial problems — based on your online activity.”
The proposed regulations would put broadband providers under stronger privacy
oversight than Internet companies like Google and Facebook. Those companies are
monitored by the Federal Trade Commission, whose ability to create specific
privacy rules is limited.
Many privacy advocates have pushed for a greater role by other agencies because
the F.T.C. cannot create rules for online privacy and can only monitor data
collection practices as an enforcement agency.
“This is nothing short of a historic moment,” Jeffrey Chester, executive
director of the Center for Digital Democracy, a privacy advocacy group, said of
the proposed new rules. “Unlike the Federal Trade Commission, the F.C.C. has
the legal authority to enact safeguards that will allow an individual to have
real control over how their information can be gathered and used.”
Some privacy experts said an Internet service provider was capable of stitching
together a more complete picture of a consumer by tracking the sites the
consumer visits using its network. Because more devices in the home are now
being connected to Wi-Fi, the broadband providers also have more ways to
collect data on their customers for online advertising, said Harold Feld, a
senior vice president of the nonprofit media advocacy group Public Knowledge.
In an enforcement action against Verizon this week, the F.C.C. found that the
company was using “supercookies” to continue tracking the activity of users
through mobile browsers even when the customers tried to delete cookies from
browsers and clear their browsing histories. Cookies are small files created by
sites that are stored on devices and used to track activity.
Under the proposal, broadband service providers could still collect and share
data with other communications-related affiliates without permission. That
would allow Verizon’s broadband business, called Fios, for example, to give
personal information about a user to its wireless service to market mobile data
plans.
But the Internet service providers would not be able to share data with
noncommunications partners without permission. This would prohibit a broadband
service like Google Fiber from blending consumer information with search, maps
and email habits of a consumer, the F.C.C. said. Verizon also would not be able
to share customer data with AOL, a media site it owns, without permission.
The F.C.C.’s proposal drew protest from telecom and cable companies, which have
pointed to the F.T.C. as a strong privacy enforcer. The F.C.C. has argued that
after it reclassified broadband as a utility, it was compelled by law to create
privacy rules.
In a recent blog post, AT&T said Internet service providers were collecting
less data as more sites became encrypted. Also, consumers are choosing virtual
private networks that prevent broadband providers from seeing the sites people
visit, the company said. Websites like Google are leading behavioral
advertising companies that should be held to the same standards as broadband
access providers, AT&T said.
“Given the realities of this complex market, there is no basis for treating
I.S.P. data as somehow ‘proprietary’ or subjecting I.S.P.s to unique privacy
requirements,” wrote Bob Quinn, senior vice president for AT&T’s federal
regulatory affairs, referring to Internet service providers. “Consumers expect
and deserve consistent privacy protections for their online data, regardless of
which company is collecting it and the technology used to collect it.”
The F.C.C. will vote on the proposal on March 31 and then will begin to take
public comments, in what will be a monthslong process before final rules are
considered.