
Senate Guts Privacy Rules. Will House Follow Suit? - tfo
https://www.eff.org/deeplinks/2017/03/congress-debates-reversing-course-decades-consumer-privacy-protections
======
wodencafe
What a bunch of sell-out traitors.

Is there no party that values privacy, individual liberty, or the
constitution?

I thought these "Senators" took an oath to protect the constitution. From the
way they vote, it seems they never even read it!

~~~
rrggrr
(1) Don't bet on many of them understanding their vote. It was billed as a
removal of an unfair restraint on the free market.

(2) Oddly silent were folks like Google, Microsoft, etc. I fully expect to
have to pay for privacy, or to have to choose whom I trust with my data:
Comcast or Google.

Its a shitty time for privacy, period.

~~~
brantg
I also don't fully understand this. Jumping in to see if someone can clarify.

Here's the text of the bill (it's pretty short):
[https://www.congress.gov/bill/115th-congress/senate-joint-
re...](https://www.congress.gov/bill/115th-congress/senate-joint-
resolution/34/text)

It looks like all this does is undo an FCC rule from Dec 2, 2016. My
understanding is that if this passes, our internet privacy will be the same as
it was on Dec 1, 2016.

Am I wrong? Why is this so bad?

~~~
mikeyouse
> Am I wrong? Why is this so bad?

Prior to August 2016, the FTC regulated all aspects of consumer protections.
Unfortunately, the FTC has a specific call-out ceding authority to the FCC for
certain parts of the regulation of 'common carriers', which ISPs fell into.

AT&T sued and said that the FTC carve-out for common carriers means that the
FTC can't regulate _any_ part of their business, not even consumer protections
like data privacy. In August, the US Court of Appeals ruled in favor of AT&T,
which meant that the FCC would have to enact new rules and would have
responsibility for consumer protection with regards to common carriers.

The FCC passed consumer protection rules in October (which came into force in
December). The FCC has authority on rulemaking unless there's an explicit
congressional action saying otherwise. So along comes the new Republican
Senate and they pass this bill to nullify the FCC rules. It's written
ambigiously enough that you'll likely need another act of congress to undo it,
which would require a Democratic congress / senate / President.

In summary: before August, the FTC protected your data. Since last winter, the
FCC was protecting it. If this passes, nobody will be protecting it.

~~~
brantg
Great summary - thanks.

I read into it a bit more. The original FTC suit was brought against AT&T in
2014, but in 2015 the FCC reclassified ISPs as common carriers under Title II.
So the 9th Circuit's August ruling just reflected that reclassification by the
FCC.

The FCC's new consumer protection rules from last year are much harsher for
ISPs than the previous FTC rules, so now there is a two-tiered system of data
protection.

Senator Flake suggested in the WSJ that he wants the FCC to come up with
consumer protection rules for ISPs that use the FTC's framework. (Source:
[https://archive.is/hKz0a](https://archive.is/hKz0a))

 _To protect consumers from these harmful new regulations, I will soon
introduce a resolution under the Congressional Review Act to repeal the FCC’s
flawed privacy rules. While the resolution would eliminate those rules, it
would not change the current statutory classification of broadband service or
bring ISPs back under FTC jurisdiction. Instead, the resolution would scrap
the FCC’s newly imposed privacy rules in the hope that it would follow the
FTC’s successful sensitivity-based framework._

This seems pretty reasonable, but we still need Congress or the FCC to come up
with another system that will fill the regulatory gap left by the 2015 rule
change.

------
JumpCrisscross
Here's the roll-call vote [1]. Find your Senator. If they voted in agreement
with your views, call and congratulate them. If they didn't, call and explain
why you're disappointed. Then immediately call your Congressperson.

[1]
[https://www.senate.gov/legislative/LIS/roll_call_lists/roll_...](https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=115&session=1&vote=00094)

~~~
rosser
TL;DR on the roll-call:

    
    
      Yea:    50, all R
      Nay:    46 D, 2 I
      Abstain: 2, all R
    

EDIT: Thanks, zedpm.

~~~
zedpm
Nay: 46 D, 2 I actually.

------
wickedlogic
If you do talk with your representatives, remind them this essentially means
their browsing history, and the histories of their families, their
constituents, and their constituents families _will_ be available for sale at
best, or once collected and sold are highly likely to be in a databreach
before long. The aggregate of that information _will_ be used to treat those
people differently in some aspect or another.

~~~
dforrestwilson1
Trying to get caught up on this. How big a difference is this to what Google
and Facebook are doing currently?

~~~
Ductapemaster
While there are similar practices that Google and Facebook have (eg. tracking
your activities outside of their website), this is much more problematic and
sinister for a couple reasons:

Access: Many people in this country do not have a choice as to which ISP they
use. They are locked in due to anti-competitive practices, rural homes, or
some other reason. You can make the choice much more easily not to use a
certain website that tracks your behavior.

Cost also comes into play here, as you pay your ISP to deliver service. Google
and Facebook are free, because they subsidize their services by selling and
collecting data. Your ISP charges you a large amount of money already, and are
increasing their own margins through this practice. It would be different if
they did something akin to what Amazon did with their Kindles, where you
provide the same service with and without tracking, and charge appropriately.
The way things are now, you don't have a choice.

Lack of notification: Your data is being collected and sold through an
implicit agreement with your ISP, likely entombed in a bunch of fine print
that no one ever reads, nor anyone but a lawyer could decode. While this is
the case with Google and Facebook, it's pretty much common knowledge that they
do this. The carriers and ISPs implemented their tracking under-the-radar, and
provided no way for anyone to opt-out.

I'm sure there's a lot more arguments out there, but that's what I have on top
of my head right now.

~~~
ericd
Also, FB and Google are much more competent than your local ISP when it comes
to security.

------
js2
I won't be surprised if AT&T revives its "Internet Preferences" targeted ads
program[1]. Most customers apparently didn't care and were willing to put up
with it for a $29/mo discount. AT&T never indicated why they canceled it, but
my money is that it was due to the FCC regulations that were put in place.

[1] [https://arstechnica.com/information-
technology/2016/09/att-t...](https://arstechnica.com/information-
technology/2016/09/att-to-end-targeted-ads-program-give-all-users-lowest-
available-price/)

~~~
et-al
Considering that a good number of people used NetZero back in the day, this
isn't a stretch. We've come to accept privacy as a luxury service.

~~~
korethr
At least some people used NetZero not because they were willing to tolerate
ads, but because it was some way, any way, of getting a net connection. Hell,
I tried find way to keep that annoying ad setup from even loading. I thought I
was very clever that summer I used an independent PPP program under Linux to
get the net connection, but no ads. Of course, that was detected and blocked
after a while.

------
macawfish
We need good p2p mesh network applications! Relatively slow, asynchronous,
person to person flow of information was, and arguably still is, the
foundation of society, and the technology must be capable of fluidly falling
back to this capability without dependence on unstable centralized networks!

------
wfunction
I would have preferred them to vote the other way, but I'm trying to do a
reality check here. Given that on HTTPS sites it's just the domain name +
timestamp, and that more and more sites are transitioning to HTTPS, is the
mere domain name and timestamp really _that_ useful? I can imagine it being
useful to know you order pizzas at 7pm Thursdays, but how useful is it
actually to know you e.g. browse Amazon 2pm Mondays, or use YouTube 10pm
Saturdays, or send emails with Gmail every hour of every day? They have no
idea what you're buying or watching or sending. (eBay seems to be the major
exception since it's HTTP.)

~~~
jdavis703
Let's give a few examples of information they could find about you:

Visits nytimes.com, huffingtonpost.com and cnn.com: user is interested in
current events and is probably liberal

Visits webmd.com and kaiserpermanente.org: user is probably sick

I'm sure you can extrapolate further. Now let's say I'm a gay person growing
up in a conservative house and ads start popping up for all the family members
on our shared IP for gay dating sites. That might be problematic for certain
people.

~~~
wfunction
Okay thanks, let me try to dissect this a bit:

1\. You fall in the category of, "What if <my closest family members or
friends> find out private information XYZ about me, based on which domain
names I visit? My life would be ruined."

2\. You don't fall in that category.

Group 1 has real fears. For some of them, even knowing whether they're home
might be a life threat, and I understand that. But I don't imagine ISPs are
fighting so hard just for the sake of targeting group 1; I imagine they might
even avoid them if they could, for legal fears. They must be reaping immense
benefits from gathering domain name browsing history about group 2 as well,
and I assume those in group 2 are still terrified at the thought _personally_
(as opposed to only because they're terrified of what would happen to group
1).

So let's leave the first group aside in this discussion. I'm trying to figure
out what the most serious (but realistic) things are that people in group 2
are risking, and how ISPs are reaping profits from them. For example, ID theft
or burglary is something that can happen to anybody. How much is your ISP
recording & selling when you're home increasing the risk of burglary? etc.

Also: if you think group 1 is the vast majority of people and group 2 is the
real minority hear, I'd be interested in hearing that argument as well, since
I really don't have data on this (data would be welcome). My current instinct
is group 2 is the majority.

~~~
jdavis703
For the record while I'm for protecting online consumer privacy, I'm not
terrified of it being violated either. I was simply giving examples of how it
might be problematic.

I work in ad tech, so as a matter of principle I don't have any ad or privacy
blockers turned on. But even in my personal life I always keep my blinds open,
I don't care if my neighbors see me living my personal life. I also keep all
my Facebook posts public, etc.

But I realize that there are all kinds of situations I can and can't imagine
where people need more privacy. My own life situation could even change such
that I feel the need for more privacy. That's why I believe that people should
by default have a right to privacy, but give it away only if they so chose.

------
joshontheweb
Is there a good reason why a representative would vote in favor of this?

~~~
maxxxxx
They read papers prepared by lobbyists, think "makes sense" and vote for it.
That's how law making often works.

~~~
joshontheweb
I'm having a hard time imagining a compelling case that the lobbyists could
present though. Are most of these representatives just willfully corrupt? I
hate to vilify people unduly but it is becoming hard to understand the thought
process here.

~~~
pdkl95
> Are most of these representatives just willfully corrupt?

Yes, but they prefer the terms "lobbying" and "campaign contributions".

While theoretically they are concerned with their constituency so they can
keep their job, the big problem with our system is the expense of running
campaigns. While serving in congress, our representatives a massive amount of
time is spent "dialing for dollars". The parties even require ("encourage")
spending time "fundraising".

This makes lobbying easy. Constructing a compelling case isn't necessary. Just
promise to _free up their time_ by making various donations to their campaign
and/or their party. This is legal as long as there isn't specific _quid pro
quo_ , thanks to McDonnell v United States.

John Oliver's overview of the problem:
[https://www.youtube.com/watch?v=Ylomy1Aw9Hk](https://www.youtube.com/watch?v=Ylomy1Aw9Hk)

~~~
rayiner
It's illegal for corporations to make campaign donations. _McDonnell_ has
nothing to do with that.

~~~
pdkl95
If the corporation is donating directly, it should be possible to show that
the legislation was _quid pro quo_.

I'm sure you're familiar with the numerous ways corporations (and others) add
indirection when donating. Especially in the era of "Super PACs".

------
superobserver
Ask Trump to veto it. He may oblige.

------
robertwalsh0
Is there any way to protect your browsing?

~~~
aleksei
VPN outside the US.

~~~
0xcde4c3db
Note that the NSA openly claims authority to actively snoop on (i.e. not just
incidentally record, but deliberately examine) your communications in this
case, as your connection appears to be a foreign one. The FBI also has a legal
strategy around hacking anyone whose actual location is obscured and has some
kind of nexus in the US (as they could be presumed to be "crossing state
lines" and thus subject to Federal jurisdiction); I'm not sure exactly how the
execution of that shook out so far, but I doubt the story is over in any case.

------
unhappycyanide
Help out here please. Is the house doing something different/worse than the
senate to gut our privacy protections? Not that I'm ok with this crap (and I'm
looking into a vpn now) but I hear they could already sell our data to whoever
because they gutted Tom Wheeler's plan.

~~~
thomastjeffery
The Senate voted. Now is the House's turn.

------
wnevets
Ok trump/republican supporters, please help me understand why this is a good
thing.

~~~
ignoramceisblis
You appear to be another victim of "divide and conquer", and like many of
them, perpetuate it. Life is not as simple as you like to believe:
Trump/republican supporters may not necessarily think this is a good thing.

~~~
wnevets
/r/iamverysmart

