Last night, the House of Representatives joined the Senate in a joint resolution to repeal the FCC’s recent privacy rules, leaving only President Trump’s signature before the rules are officially revoked. It was a shocking turn for advocates of the open web, rolling back rules intended to stop carriers from sharing personal web histories and using subscriber data for marketing. The EFF responded with nightmare scenarios of what would be permitted under the new rules, including ISP-injected pop-up ads or preinstalled spyware. At the same time, some conservative groups insisted nothing will change at all, arguing the same protections are already available through the Telecom Act and other privacy laws.
In some ways, the conservatives have a point. Congress didn’t pass any new laws on broadband privacy last night; it only repealed an Obama-era rule that hadn’t yet gone into effect. The repealed privacy rules aren’t the only protections against misconduct by your internet provider, and they aren’t even the FCC’s only means of cracking down.
One of the basic principles of the internet is that it’s the same no matter where you’re logging on
But while the immediate impact of the joint resolution may be hard to see, it paves the way for a much larger shift in FCC enforcement and, ultimately, the structure of the web itself. For decades, one of the basic principles of the internet has been that it’s the same no matter where you’re logging on. Now, carriers are getting the chance to tie your online activities closer to your real identity, drawing on the name and address you gave when you signed up for service. Under Chairman Ajit Pai, the FCC seems to have little interest in holding them back. That could have a profound impact on the nature of the web — and after today’s joint resolution, there may be no going back.
It’s hard to pin down the direct consequences of Congress’ latest move because, on a statutory level, little is changing. Wheeler’s Privacy Rules are being rolled back, but the rules never officially took effect, so there won’t be anything that’s legal after the repeal that wasn’t technically legal before. As long as Title II is still in effect, carriers are bound by law to keep consumer information private, and it’s up to the FCC to enforce that. Pai’s replacement rules are expected to roughly follow the FTC’s guidelines, which have been used in the past to crack down on both supercookies and smart TVs building ad profiles without user consent. On a strictly legal level, that authority is more than enough to crack down on some of the more alarming scenarios that have been raised, like selling individualized browsing histories or hijacking web requests to divert to advertising.