Last year the FCC proposed a rule requiring Internet Providers to get your permission before selling your data. The rule was set to go into effect in April. The large ISPs – AT&T, Verizon, Comcast and others – didn’t like this rule since it affected their revenue. They said that Facebook and Google didn’t need to get your permission, so why did they need to.
After President Trump’s inauguration, the control of the FCC changed and the new chairman, Ajit Pai, suspended the effective date of the rule and this week the Republican controlled Senate and House voted to permanently stop the FCC from implementing this rule or anything like it, now or in the future.
So what is the impact to you?
One needs to consider this. Facebook or Google only has access to your data when you visit one of their websites or their partner websites.
On the other hand, your Internet provider has more information about you, such as:
- Who you call, when you call, how long you talk, etc.
- Who you text, when and potentially the content
- For encrypted messaging like Whatsapp, who you are exchanging messages with and when
- What web sites you visit, how often and when – even if the data itself is encrypted
- Your location data – where you go and when and how long you stay there.
- In fact, they can likely track anything you do online
With no rules, you cannot opt out of this data collection.
A couple of years ago Verizon and AT&T installed secret apps on your phone (Caller IQ, for example), super cookies and by inserting universal identifiers or UIDs, all to track your traffic. They stopped some of that when it became public and the bad press outweighed the revenue.
Again, with no rules, ISPs can keep this data for as long as they want to keep it. In addition, they can sell it to whoever they want to. Or give it away.
Obviously, this does not overturn any other laws, but in general, there are very few rules in this arena. This is especially true when it comes to meta data. There is a difference between selling your emails and selling the fact that you sent an email at this time to this person.
There are also no rules regarding who they can sell (or give) this data to. Could be your employer or your insurance company or even law enforcement.
Recently we saw that Scotland Yard hired hackers in India via the Indian police to hack journalists they were interested in eavesdropping on.
Assuming your ISP decides to collect and keep this data, there is no reason why the police couldn’t either ask them nicely for it or subpoena it. We have already seen cases where the police want the data in your Amazon Echo and even the data in your smart water heater, so why not this data?
Could your insurance company or employer ‘acquire’ this data, directly or indirectly? I don’t see why not.
And, you apparently have no way to opt out – unless the ISP voluntarily decides to give you that option and I would not count on that. I do not expect this to change during the current administration, but it could if enough people complain.
We live in an interesting world.
Information for this post came from PC Magazine.