The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Congress on ISP Data: Money > Privacy



Congress kicked consumer privacy right in the teeth this week with the vote to allow broadband Internet providers to sell customers’ data without consent. The decision rolls back a key rule implemented just a few months ago by the FCC and sends a clear signal that in Washington, now more than ever, money talks.

If you haven’t been following the debate, this week’s vote is the culmination of a short, intense effort by Republican leaders in Congress to get rid of a rule the FCC put into effect in January that required ISPs to implement certain protections and policies regarding user data. The rule was meant to bring ISPs into line with other telecom providers, who have had to abide by the Communications Act’s privacy requirements for decades.

Here’s the relevant section:

“The rules require carriers to provide privacy notices that clearly and accurately inform customers; obtain opt-in or opt-out customer approval to use and share sensitive or non-sensitive customer proprietary information, respectively; take reasonable measures to secure customer proprietary information; provide notification to customers, the Commission, and law enforcement in the event of data breaches that could result in harm; not condition provision of service on the surrender of privacy rights; and provide heightened notice and obtain affirmative consent when offering financial incentives in exchange for the right to use a customer's confidential information.”

Essentially, the rule ensures, among other things, that broadband providers can’t use or sell their customers’ information without consent. That data could include browsing history, demographic data, and other sensitive information that most people probably wouldn’t want in the hands of third parties. Seems like a reasonable idea, right? Not to Congress. Last week, the Senate passed a resolution that disapproved the rule, and this week, the House of Representatives followed suit. The House approval didn’t come without some serious opposition from Democrats — and a few Republicans — but the resolution is now in the hands of President Trump, who has said he supports it.

The removal of this rule is a tremendous setback for consumers, many of whom may not realize the effects it will have on them. Opponents of the resolution in Congress said it removes consumer choice in deciding who has access to their data.

“It simply makes no sense. Consumers should have the right to choose who and how they share their information with. Not having Internet access is simply not an option for many Americans. This isn’t the time to get rid of privacy rules,” said Rep. Jared Polis of Colorado.

Privacy advocates worry that the change also could have a detrimental effect on consumers’ security.

“Big Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways. They will watch your every action online and create highly personalized and sensitive profiles for the highest bidder. All without your consent. This breaks with the decades long legal tradition that your communications provider is never allowed to monetize your personal information without asking for your permission first,” Ernesto Falcon, legislative counsel at the EFF, said.

“This will harm our cybersecurity as these companies become giant repositories of personal data. It won't be long before the government begins demanding access to the treasure trove of private information Internet providers will collect and store.”

ISPs have a tremendous amount of insight into and data about their customers’ online lives. And for many people, the things they do online are at least as sensitive and personal as anything they do in the physical world. As Polis said, sharing that information should be the decision of the users, not the companies they pay for access to the Internet. Now, much of that choice has been taken away, all in the name of money.

Dennis Fisher

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.