Congress Votes To Let Internet Service Providers Sell User Browsing Data
WASHINGTON (CBSNewYork/AP) -- Congress has sent President Donald Trump legislation that would kill an online privacy regulation -- a move that could eventually allow internet providers such as Comcast, AT&T and Verizon to sell the browsing habits of their customers.
The Federal Communications Commission rule issued in October was designed to give consumers greater control over how internet service providers share information. But critics said the rule would have stifled innovation and picked winners and losers among Internet companies.
The House voted 215-205 to reject the rule. The Senate had already voted to the block it.
The vote is part of an extensive effort that Republicans have undertaken to void an array of regulations issued during the final months of Democratic President Barack Obama's tenure. But the vote was closer this time with 15 Republicans siding with Democrats in the effort to keep the rule in place.
Minority Leader Nancy Pelosi, D-Calif., said Republicans put profits over the privacy concerns of Americans.
"Overwhelmingly, the American people do not agree with Republicans that this information should be sold, and it certainly should not be sold without your permission," Pelosi said. "Our broadband providers know deeply personal information about us and our families."
Internet companies like Google don't have to ask users' permission before tracking what sites they visit. Republicans and industry groups have blasted that discrepancy, saying it was unfair and confusing for consumers.
But proponents of the privacy measure argued that the company that sells you your internet connection can see even more about consumers, such as every website they visit and whom they exchange emails with. That information would be particularly useful for advertisers and marketers.
Undoing the FCC regulation leaves people's online information in a murky area. Experts say federal law still requires broadband providers to protect customer information -- but it doesn't spell out how or what companies must do. That's what the FCC rule aimed to do.
The Trump-appointed chairman of the FCC, Ajit Pai, is a critic of the broadband privacy rules and has said he wants to roll them back. He and other Republicans want a different federal agency, the Federal Trade Commission, to police privacy for both broadband companies like AT&T and internet companies like Google. GOP lawmakers said they care about consumer privacy every bit as much as Democrats did.
Republican Leader Kevin McCarthy of California said the FTC has acted as America's online privacy regulator since the dawn of the internet. He called the rule an effort to strip the agency of that role.
"The internet has become the amazing tool that it is because it is largely left untouched by regulation--and that shouldn't stop now," McCarthy said.
Republican Rep. Kevin Yoder, of Kansas, parted ways with his Republican colleagues on the issue. He said the privacy protections were "commonsense measures" that would have ensured internet users continue to have control over their personal information.
"We don't want the government having access to our information without our consent, and the same goes for private business," Yoder said.
Broadband providers don't currently fall under FTC jurisdiction, and advocates say it has historically been a weaker agency than the FCC.
The American Civil Liberties Union urged Trump to veto the resolution, appealing to his populist side.
"President Trump now has the opportunity to veto this resolution and show he is not just a president for CEOs but for all Americans, said the ACLU's Neema Singh Guliani.
Republicans repeatedly discounted the privacy benefits generated by the rule. Over the last two months, they've voted to repeal more than a dozen Obama-era regulations in the name of curbing government overreach. The criticism of their efforts was particularly harsh Tuesday.
"Lawmakers who voted in favor of this bill just sold out the American people to special interests," said Rep. Jared Polis, D-Colo.
Now that both houses of Congress have voted to block Obama-era broadband privacy rules , what does that mean for you?
In the short term, not so much. The rules, which would have put tough restrictions on what companies like Comcast, Verizon and AT&T can do with information such as your internet history, hadn't yet gone into effect. So if President Donald Trump signs the measure, as the White House has indicated he will , the status quo will remain.
But the absence of clear privacy rules means that the companies supplying your internet service -- and who can see a great deal of what you do with it -- can continue to mine that information for use in their own advertising businesses. And consumer advocates worry that the companies will be an enticing target for hackers.
Here's how that could play out and what it means.
WHAT CHANGES NOW
Not much, at least immediately. For now, phone and cable companies remain subject to federal law that imposes on broadband providers a "duty to protect the confidentiality" of customer information and restricts them from using some customer data without "approval."
But it doesn't spell out how companies must get permission, how they must protect your data, or whether and how they have to tell you if it's been hacked.
WHAT THE RULES WOULD HAVE CHANGED
Under the Federal Communications Commission's rules, Comcast and its ilk would have needed your permission before offering marketers a wealth of information about you, including health and financial details, your geographic location and lists of websites you've visited and apps you've used.
Republicans and industry officials complained that the browsing and app history restrictions would have unfairly burdened internet providers, since other companies such as Google and Facebook don't have to abide by them.
That's important because the biggest broadband companies want to build ad businesses to rival those tech giants. This rule would have made that more difficult.
These rules also required broadband providers to take reasonable measures to protect customer information, although those weren't spelled out. They also required these companies to tell you if your information had been hacked.
CAN YOU STOP PROVIDERS FROM COLLECTING YOUR DATA?
Yes, but it's not easy. Broadband providers today let you "opt out" of using their data, although figuring out how to do that can be difficult.
Instead, the digital rights group Electronic Frontier Foundation suggests you might pay to use a virtual private network , which funnels your internet traffic through a secure connection that your provider can't see into. But good VPNs aren't free, you have to figure out which ones you can trust, and unless you go to the trouble of setting one up on your home router -- not a straightforward task -- you would need to set them up on every phone, tablet and computer in your home.
The EFF and other supporters of the privacy rules also point out that in many markets consumer choices are limited when it comes to home broadband, so you often can't just switch providers if you don't like their privacy policies.
DOES MY STATE HAVE MY BACK?
Maybe. Many state laws bar unfair or deceptive practices, which they can use against privacy violations. Other state and federal regulations aim to protect medical and financial records, but may not apply to internet service providers.
Only a few states regulate specific practices by broadband providers, according to the National Conference of State Legislatures, which tracks state laws. Minnesota, for instance, requires internet service providers to get customer permission before sharing their web-browsing histories.
The vast majority of states do require business and government to tell their residents when their information has been hacked, according to the NCSL, but they have different approaches. At least 13 states require businesses to have reasonable security practices .
(© Copyright 2017 CBS Broadcasting Inc. All Rights Reserved. The Associated Press contributed to this report.)