FCC Privacy Rules: Why Repealing Them Puts Cyber Security at Risk

Media Division | April 3, 2017

It’s still illegal to open mail that isn’t addressed to you.  If someone could track your mail, see what went straight into recycling and what you actually opened, plus analyze how long you spent reading each thing, you’d have the snail mail equivalent of what internet service providers want to do: they want to monetize your personal information and internet activity.

Arguments for: the guise of a “free market,” where commercial opportunities are available, and tailor-made to you.  Think of “dynamic pricing,” ads, and everything else that is already sometimes done, but more so and without requiring your consent (and even with incognito browser windows!).

It’s not just annoyingly commercial; it is a danger to your cyber security.

The Rules

Under the Obama administration, the Federal Communications Commission (FCC) got a set of rules that some internet service providers were not particularly fond of, but privacy-concerned users adore.  Internet service providers cannot accumulate your personal information and then turn around and sell it to marketers.  Not every page you visit has tracking codes – if they are not “https” with that “s” for secure, they can be tracked.  Ads can be integrated into a page (think sidebar), but not connected to your other searches.  At least you currently have to opt-in for ISPs to do this sort of thing.

All of that may be about to change if congress votes to repeal those regulations.

One opponent, Garrett Graves (R-Louisiana) summed it up well when he told Wired magazine, “Think how you would respond if you hired a plumber to fix your sink and you later found him or her digging through your file cabinet, perusing your checkbook or reviewing credit card statements.  You would be appalled—and should be.  To a large degree, that is what is happening with our use of the internet.”

Though, theoretically in a “free market,” you could then choose to go with another service provider, except that much of the country has only one ISP in the area and so must use whatever behemoth corporation will connect them to the internet.

Privacy and Security

We can’t talk about all of that privacy without also discussing security: privacy and security work hand in hand.  As you interface data in more ways, in more connections, you are more likely to spring a leak in security.  For example, metadata collected about you has to be stored somewhere.  Sure, advertisers would love that information, but then again, so would hackers.  While ISPs could work to keep that information secure, there’s no guarantee that it would be.  (Though sometimes referred to as the most secure building in the world, even the Pentagon gets hacked).

As for that accumulated metadata, currently, the major ISPs have proposed a double encryption method: spy on all of your data, accumulate it, and then re-encrypt it before it completes the pass-through.  But then, since a chain is only as strong as its weakest link, both the encryption and the re-encryption stand to be other potential points for attack.

ISPs also want to insert tracking tags, which would make it possible to see what you see, what you purchase, and so on, even when you activate the incognito mode.  More data for them.  Less security for you.

Tracking at that level, to dig deep enough into your data (what engineers call “low level” access), could potentially act as a sewer system—access points all over the place, running underground in your devices.

Anyone remember Carrier IQ?  Under the auspices of better service (and data relayed back to service providers), smartphones were embedded with software that went so far as to track keystrokes.

Such a pathway provides a would-be tunnel for hackers to capture your login information, from anywhere for any purpose.

Real Value

How valuable is your personal information and browsing data?  Consider a site like Facebook, with an enormous amount of personal data about users, but a completely free service.  Despite not charging its own customers, Facebook was recently valued at $350 billion (the 6th most valuable company in the United States), and forecasters say it could one day be worth $1 trillion.

Mega providers like Comcast and Time Warner aren’t likely to look at an example like that without dreaming up a few dollar signs themselves.  In fact, telcos lobby to the tune of more than $12 million already.  All of those lobby dollars are arguing that your browsing history and app usage are critical to the free market concept, the open and available commercialization of your data.

They will use campaign donations and lobbyists to convince your representatives that your private information is too valuable to be so regulated by the FCC.  They don’t want it to require your consent.

But then again, neither do hackers.

For some, there is no such thing as privacy when you have a digital footprint, but it’s your cyber security that is put at risk.

So get proactive about cyber intelligence and get ahead of the game.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.