Online privacy and consumer advocates are calling on federal regulators to give Internet users greater choice about the use of their information under new privacy rules under consideration for broadband service providers.
With the Federal Communications Commission’s release of a proposal for rules for Internet service providers, experts at a panel discussion hosted by the nonprofit Future of Privacy Forum pressed the agency to give consumers a clear choice about whether they share data with their Internet providers.
“We have to put the individuals back into the driver’s seat,” said Katharina Kopp, director of the Center for Democracy and Technology’s privacy and data project.
Kopp emphasized that service providers are “critical gatekeepers” of consumers’ data, and she believes that all users deserve the chance to “opt in or opt out” of providing their data to ISPs. In the draft version of the rules released Thursday, the FCC did include just such a provision, which Kopp hopes to see included in the final version of the document.
While Kopp conceded that she’d rather see “comprehensive” federal legislation address this privacy issue, she noted that this question of autonomy is a critical one for the FCC to consider.
Debra Berlyn, president of the advocacy group Consumer Policy Solutions, heartily agreed with that point, based on her work to get older Americans online. She believes the senior population remains “the most digitally divided group in United States,” and one of the key factors driving that disparity are senior citizens’ concerns about security and privacy.
Berlyn cited a survey by her group which found that seven in 10 senior citizens avoid commonplace Internet activities, like online banking or shopping, because of privacy concerns. Accordingly, Berlyn sees the need for clear rules about privacy that empower users to make decisions about their data to cut down on that sort of uncertainty.
“We don’t want concerns about privacy to slow down adoption and online usage,” Berlyn said.
Berlyn added that she feels the FCC and Federal Trade Commission “need to work together for a comprehensive plan for privacy protection” to help create the sort of clear standards that will encourage broadband adoption.
However, Jim Halpert, partner at the international business law firm DLA Piper, cautioned that strict rules by regulators could discourage smaller providers from entering the broadband market, reducing options for consumers.
“The main function of the FCC is to promote competition and protect consumers’ pocketbooks, not think about privacy,” Halpert said. “This could discourage new entrants, who don’t have the infrastructure for this kind of compliance.”
Peter Swire, a professor of law and ethics at the Georgia Institute of Technology, suggested that the FCC’s focus on Internet service providers could be misplaced. In a paper released late last month, he wrote that providers don’t have the “comprehensive visibility” of users’ data that most people believe they possess.
Specifically, he believes that website encryption “changes the whole equation,” cutting off providers’ access to all but the most broadly defined data from users. He noted that his survey of the top 50 most popular websites on the Internet revealed that 42 use encryption in some form.
Swire added that his research suggests that roughly half of all Internet traffic is now encrypted, up from roughly 14 percent of traffic two years ago. He also predicted that 70 percent of all traffic would be encrypted by the end of this year.
“The easiest answer for that is the Snowden effect,” Swire said. “Companies have really ramped up their encryption.”
Accordingly, he argued the FCC should focus more on the privacy issues surrounding targeted online advertising instead of simply targeting the service providers themselves.
However, Kopp cautioned that those encryption adoption numbers may sound significant, but huge amounts of Internet traffic remains unprotected and she feels “we won’t reach 100 percent encryption” for a long time yet.
“We can debate the exact numbers, but it seems more of a debate over whether the glass is half full or half empty,” Kopp said.
Even if a site is encrypted, Kopp believes that providers can still track metadata, particularly regarding location or usage patterns, which can violate users’ privacy. As the release of the FCC’s rules on broadband privacy nears, Kopp hopes that regulators don’t lose focus on the importance of these sorts of concerns.
“This is a rare and important occasion for the FCC to clarify privacy for broadband customers,” Kopp said.
Contact the reporter at firstname.lastname@example.org, and follow him on Twitter @AlexKomaSNG.