After Trump repealed the privacy rights of American’s, US ISP’s have found themselves on the defensive on whether or not they would sell their customers browsing histories. Still, skepticism persists.
Earlier this month, president Donald Trump signed into law the repealing the privacy rights of Americans online. The move was so shocking, even his supporters were rattled by the move.
Shortly after the law was signed, many eyes were cast onto American ISP’s. This is because the move is seen as being beneficial to them. If a US ISP desired, they could now theoretically sell their customers browsing history for additional profit. Complicating matters, the ISP’s were quick to go on the record to say that they have no intention of selling their customers browsing histories to third parties. In response, some people suggested that it was the ISP’s that pushed for this repeal in the first place.
While that debate got heated, a number of American’s weren’t waiting around. Rather than risk their browsing histories winding up in the wrong hands, they opted to start seeking solutions for this new privacy vulnerability. As it turns out, many are fleeing to the safety of VPN services (Virtual Private Network). While this is good news for VPN’s because their business is skyrocketing, it suggests that American’s simply don’t trust ISP’s like AT&T and Comcast.
Having said that, it seems that ISP’s aren’t giving up on the PR front. They continue to push the messages that they have no intention of selling out their users. They want people to believe that nothing is going to change after this law was signed. Now, the Electronic Frontier Foundation is taking those claims to task. They say that the promises made by ISP’s are simply hollow.
In the blog posting, the EFF noted that the ISP’s suggests that fears are little more than hyperbole or hysteria. They took on the promises made by ISP’s with the following:
Comcast said it won’t sell individual browsing histories and it won’t share customers’ “sensitive information (such as banking, children’s, and health information), unless we first obtain their affirmative, opt-in consent.” It also said it will offer an opt-out “if a customer does not want us to use other, non-sensitive data to send them targeted ads.” We think leaving browsing history out of the list of information Comcast considers sensitive was no accident. In other words, we don’t think Comcast considers your browsing history sensitive, and will only offer you an opt-out of using your browsing history to send you targeted ads. There’s no mention of any opt-out of any other sharing of your browsing history, such as on an aggregated basis with third parties. While we applaud Comcast’s clever use of language to make it seem like they’re protecting their customers’ privacy, reading between the lines shows that Comcast is giving itself leeway to do the opposite.
Verizon similarly pledged not to sell customers’ “personal web browsing history” (emphasis ours) and described its advertising programs that give advertisers access to customers based on aggregated and de-identified information about what customers do online. By our reading, this means Verizon still plans to collect your browsing history and store it—they just won’t sell it individually.
AT&T pointed to its privacy policies, which carve out specific protections for “personal information … such as your name, address, phone number and e-mail address” but explicitly state that it does deliver ads “based on the websites visited by people who are not personally identified.” So just like Verizon, we think this means AT&T is collecting your browsing history and storing it—they’re just not attaching your name to it and selling it to third parties on an individualized basis.
In a filing to the FCC earlier this year, CTIA—which represents the major wireless ISPs—argued that “web browsing and app usage history are not ‘sensitive information’” and said that ISPs should be able to share those records by default, unless a customer asks them not to.
The common thread here is that Internet providers don’t consider records about what you do online to be worthy of the heightened privacy protections they afford to things like your social security number. Internet providers think that our web browsing histories are theirs to profit off of—not ours to protect as we see fit. And because Congress changed the law, they are now free to change their minds about the promises they make without the same legal ramifications.
The EFF concludes that simply making promises are no replacement for actual laws.
If anything at all, this shows that this debate isn’t going away any time soon. Just because the privacy repeal has been made law doesn’t mean things won’t continue to shift around in response.
Drew Wilson on Twitter: @icecube85 and Google+.
