
The House just voted to wipe out the FCC’s landmark Internet privacy protections - blazingfrog2
https://www.washingtonpost.com/news/the-switch/wp/2017/03/28/the-house-just-voted-to-wipe-out-the-fccs-landmark-internet-privacy-protections/
======
pnathan
This, right here, is the consequence of the withdrawal from politics many
geeks advocated very strongly in an earlier time. "Everything is corrupt, it
doesn't matter"... turns out to only be a viable philosophy when things
_mostly work well enough_.

What we have in protections and freedoms were purchased through a ton of hard
work by prior generations: the liberty to slack and think that it just works
ok is a nice side effect of the prior sweat.

~~~
_alias
This whole discussion is disheartening. When I first heard about this is came
to HN to get the facts and try to actually form an opinion, because honestly I
can't figure out what the bill is supposed to change and how. Instead I find
people pontificating along party lines like every comments section across the
internet. Where's the analysis and insight? Where's the objectivity? I've come
to expect more from this site and I know we can do better.

~~~
Kryptor
The text of the resolution is very short, it simply says the FCC rule is
repealed. You can read the rule here:

[https://www.federalregister.gov/documents/2016/12/02/2016-28...](https://www.federalregister.gov/documents/2016/12/02/2016-28006/protecting-
the-privacy-of-customers-of-broadband-and-other-telecommunications-services)

At 73 pages, it's a doozy. I don't know exactly what the effects would have
been, but one important thing to note that I did not see mentioned once in any
of the reporting about this is that the rule has only been in effect for 84
days. So I wouldn't expect any changes to be too noticeable.

Also worth noting is that whatever restrictions on ISPs are removed by this,
it doesn't guarantee that ISPs will start doing that thing immediately, if at
all. I also haven't seen reporting on what past behavior ISPs have already
engaged in that this rule would have stopped.

~~~
zu03776
The first fifth of the linked resolution addresses what is customer personal
information (protocols, ports, IP addresses, MAC addresses, contained
information, etc.)

Paragraph 106 mandates that the information released should not be able to be
de-identified, and third parties must be contractually obligated to not de-
identify customers from the data.

Paragraph 117 says the clause must be transferable to third-parties all the
way down the list, but a middle-man can hire a company in a different country
to do the necessary work, outside the jurisdiction of the FCC.

Paragraph 115 says the ISP can share the IP address, and no other identifying
data, and meet the requirements of de-identification. A clause to "revisit
this topic later" is present. Damn right you better -- combined with other
data sources from social media and search engines, I can trivially combine
multiple data sources using the IP address and build a "personal profile" of
your entire Internet usage, including those really unique "outlier"
destinations.

Paragraph 143 says that no periodic reminder is required, so expect the
"privacy notice" to be buried in a sea of required checkboxes at point-of-
sale, and never seen again. There are provisions that it be available on a
website and via other methods, etc., but "available" versus "easily found" are
two different things.

Most of these rules will take effect in 12 months, not immediately. (The rule
of preventing ISP services requiring you waive your privacy to provide service
is 30 days (paragraph 295, § 64.2011), data security requirements in 90 days
(§ 64.2005), and data breach notifications and requirements in 6 months (§
64.2006).)

------
tomohawk
Before getting all spun up, I'd dig a little deeper on the issue than what the
WaPo does in this piece.

These regulations were only voted on late in 2016 and never went into effect.
To do the regulations, the FCC reclassified the internet as basically ye olde
telephone system, which then made it subject to their purview based on laws
created in the 1930s. This is classic overreach. Congress never gave this
authority to the FCC and is acting to put them back in line with the law.

It's pathetic the the WaPo used their platform to create more heat than light
on this, by selective quoting. Here's a more full quote from Rep Blackburn
that explains her position more fully.

“The FCC already has the ability to oversee privacy with broadband providers,”
Blackburn explained. “That is done primarily through Section 222 of the
Communications Act, and additional authority is granted through Sections 201
and 202. Now, what they did was to go outside of their bounds and expand that.
They did a swipe at the jurisdiction of the Federal Trade Commission, the FTC.
They have traditionally been our nation’s primary privacy regulator, and they
have done a very good job of it.”

The lesson here really is that if the issue is really important, then get an
actual law passed instead of trying to contort regulatory authority based on
laws from the 1930s. The previous president could certainly have done this,
but chose not to.

~~~
mythrwy
<edited> So as it's going to be a flame war apparently I've deleted the
comment.

I'd just like to register my opinion that I don't see Washington Post is an
objective, nor even a trustworthy source at this point. When they print
something it's often worth looking deeper into I believe.

~~~
alistproducer2
>Although Washington Post isn't quite Brietbart yet they appear to be headed
rapidly in that direction from my perspective

So you've never actually been to Breitbart then? I checked it regularly before
the 2016 elections and, in those days, it certainly earned its nickname
"stormfront lite." They've toned it down since the additional scrutiny and
subsequent mainstreaming of the Trump era, but WaPo has never been and will
never even come close to Breitbart. Also Breitbart is an overt propaganda
outlet. WaPo may seem biased, but it certainly does not engage propaganda on
the same level as Breitbart.

~~~
masonic

      WaPo has never been and will never even come close to Breitbart.
    

Well, they certainly weren't close to the Obama administration or Clinton
campaign like WaPo was, as clearly revealed in numerous WikiLeaks-exposed
email exchanges.

Meanwhile, if you see any factual errors on Breitbart, by all means post them.

~~~
brownbat
> Meanwhile, if you see any factual errors on Breitbart, by all means post
> them.

I liked this one:

[http://talkingpointsmemo.com/edblog/breitbart-issues-best-
co...](http://talkingpointsmemo.com/edblog/breitbart-issues-best-correction-
since-forever)

------
callcallcall
Please do not complain into the echo chamber of comments here. Please take a
moment to support the EFF, call your representatives, and speak to friends and
family.

EFF: [https://www.eff.org/](https://www.eff.org/) Find your reps:
[https://tryvoices.com/](https://tryvoices.com/)

~~~
masonic

      support the EFF
    

Not to say that most of what EFF does isn't valuable, but this privacy
exposure has been going on for _over a year and a half already_. Why didn't
the EFF call attention to it until now?

~~~
burkaman
What do you mean? They talk about this stuff all the time.

[https://www.eff.org/deeplinks/2015/02/fcc-votes-net-
neutrali...](https://www.eff.org/deeplinks/2015/02/fcc-votes-net-neutrality-
big-win)

[https://www.eff.org/deeplinks/2016/12/network-
neutrality-201...](https://www.eff.org/deeplinks/2016/12/network-
neutrality-2016)

[https://www.eff.org/deeplinks/2017/02/congress-
contemplating...](https://www.eff.org/deeplinks/2017/02/congress-
contemplating-making-it-illegal-protect-consumer-privacy-online)

[https://www.eff.org/deeplinks/2014/11/verizon-x-
uidh](https://www.eff.org/deeplinks/2014/11/verizon-x-uidh)

[https://www.eff.org/deeplinks/2015/01/verizon-and-turn-
break...](https://www.eff.org/deeplinks/2015/01/verizon-and-turn-break-
browser-privacy-protections)

etc.

~~~
warlox
I wonder where masonic is now.

------
vancan1ty
Something that is not mentioned in the article is that the FCC regulations in
question were passed in October 2016 and have never gone in to effect. So, to
be strictly accurate, the vote does not roll back any regulations which
actually ever affected the internet.

Sources: [http://www.usatoday.com/story/tech/news/2017/03/02/fcc-
sets-...](http://www.usatoday.com/story/tech/news/2017/03/02/fcc-sets-aside-
new-net-data-privacy-rule/98599438/)
[http://www.usatoday.com/story/tech/news/2017/03/28/broadband...](http://www.usatoday.com/story/tech/news/2017/03/28/broadband-
rules-axed-congress-headed-trump/99744078/)

~~~
niftich
A few posters on the thread [1] for the Senate version's passing have noted
[2][3][4] that this is the case, but those points appeared largely lost in the
discussion to follow. To quote the comment at [2]:

 _" This undoes the 73-page publication published on 2016-12-02 by the FCC,
most of which took effect 2017-01-03, some parts later on 2017-03-02, both
after the election and one of them after the inauguration."_

Meanwhile, [4] says:

 _" This pending rule change is not in effect at all yet; it was only put
through 3 weeks after the 2016 election and wouldn't have taken effect until
next December."_

Not sure if it's [2] or [4] that's wrong about the dates of taking effect, but
it's clear that the FCC rule was enacted very late.

[1]
[https://news.ycombinator.com/item?id=13942345](https://news.ycombinator.com/item?id=13942345)
[2]
[https://news.ycombinator.com/item?id=13943942](https://news.ycombinator.com/item?id=13943942)
[3]
[https://news.ycombinator.com/item?id=13943458](https://news.ycombinator.com/item?id=13943458)
[4]
[https://news.ycombinator.com/item?id=13944790](https://news.ycombinator.com/item?id=13944790)

~~~
DrScump
The actual rule[0] as recorded in the Federal Register says: "The notice and
choice rules we adopt today will become effective the _later_ of (1) PRA
approval[1], or (2) twelve months after the Commission publishes a summary of
the Order in the Federal Register[2]."

So, given that it was published on 2 December 2016[2], the _earliest_ it could
possibly have taken effect is December 2 or even 4 (December 2 is a Saturday)

[0]
[https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.p...](https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.pdf)
(Item #312. Page 132 of 219 of the PDF. Yes, it's a huge file.)

[1] "PRA approval, as defined herein, is not complete until the Commission
publishes notice of OMB approval in the Federal Register", so it was _also_
conditional on approval by the Office of Management and Budget. AFAIK, that
never happened, either.

[2]
[https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.p...](https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.pdf)

------
doctorshady
It's a bit disappointing to see that aside from a few abstained votes,
everybody just chose to vote along party lines. Do these people just rubber
stamp a bill because there's a D or an R next to it? Even if it meant more nay
votes for the bill, I really wish we had representatives that vote based on
critical thought rather than what their friends were doing.

I mean, as long as I'm dreaming too, we should give assembly programming kits
to first graders.

~~~
afarrell
One problem is that legislators need to make decisions on a wide range of
domains. This leaves them subject to influence by expert lobbyists and party
whips. Critical thought about an issue requires much more time and study than
most people have except for their own specialization.

I assume you know how to pitch manure, program a computer, and cook a tasty
meal. Yet tell me, how long would it take you to butcher a hog from carcass to
grocery portions? Have you ever done so?

How long would it take you to plan an invasion of the scale of the landings at
Inchon? Have you ever done so?

~~~
guelo
They're not voting on _that_ many issues. This is their job, they're supposed
to study and try to understand the issues.

And really, this isn't that hard of an issue, I could probably ask my gramma
"should AT&T be able to sell your browsing history to advertisers" and she
would say no.

~~~
gnaritas
The question you're asking your grandma isn't the issue they're concerned
about. The quesiton they're asking themselves is if I go against my party, how
is this going to affect my re-election. That's why we have party line votes
like this. They don't give two shits about the people they're representing,
they only care about maintaining office.

------
vvanders
As someone who grew up during the early days of the internet I don't know of
any other way to describe this than utterly depressing.

The internet was supposed to be this bastion of knowledge, information and
free exchange of ideas. Now it's just heading towards another avenue for
large-organizations monetize the individual.

~~~
malchow
...he posted, on Hacker News, a bastion of knowledge and information.

~~~
mtrpcic
You're conflating a single anecdotal example with the overall issue. Of course
this vote doesn't mean that all websites that are free, open, or focused on
knowledge will go away. What it _does_ mean that your ISP can now sell the
fact that you post here to Microsoft, who will know that malchow is you (tied
to your real name, since the ISP knows that), and now Microsoft can start
targeting you in new and exciting ways.

~~~
malchow
If my argument was impaired, it was certainly less impaired than the parent,
who declared that the glorious free and open internet is over (b. 1974, d.
2017) because of this regulatory rollback.

By the way, the fact that you cannot predict Microsoft's "new and exciting"
ways of targeting me is a great example of why your argument is unconvincing.
Do you really want me to believe that, as long as we kept this rule in place,
network providers would never conceive of novel ways to participate in the
advertising business using the network-level data they enjoy?

Your best friend, if you are looking for a no-tracking digital lifestyle, is
the free market's likelihood of delivering to you just that. It may come at a
premium price, which I assume you'll be happy to pay. At the moment, you are
just making everyone _else_ pay a premium price for the no-tracking digital
lifestyle you prefer, and relying on bureaucrats in D.C. to patch up the rules
from time to time to keep up with novel targeting methods.

~~~
warlox
If you knew the first thing about economics, you would know that the natural,
regulation-free state of ISPs is for them to merge together into a single
company the way that oil companies merged together to form Standard Oil at the
turn of the 20th century. In that scenario, what you would get is the choice
of one product, and you would pay an unreasonable amount of money for it.

Of course, since you don't know the first thing about economics, what we're
treated to instead is some false ideological platitudes about the free market.

~~~
malchow
You are embarrassing yourself. Care to offer a testable hypothesis? You appear
to predict that the market, with this rule repeal, will not yield any non-
tracking ISP options. Is that your prediction?

You may wish to read this (now antiquated) document, which details why
verticalization was market-motivated in the oil industry in the industrial
age: [https://www.aei.org/wp-content/uploads/2017/02/Vertical-
Inte...](https://www.aei.org/wp-content/uploads/2017/02/Vertical-Integration-
in-the-Oil-Industrytxt.pdf)

And, again, do you really want to be in the position of saying that the ISP
industry will consolidate the way the oil companies have? Do you have any idea
how rambunctious the energy industry is at the present moment? At best, you've
shown that you are correct for a very short timeframe, and proven that you are
wrong on a longer timeframe.

~~~
vvanders
Nice personal attack there.

For what it's worth the parent is right. I have a single ISP available to me,
as is the case with the majority of the US(or maybe two if you're lucky enough
to live in a large metro that hasn't signed exclusivity agreements).

The free market isn't going to bring a solution to this. When the internet
started out there were tons of ISPs, now there's only a few large ones that
are split by region so they have an effective monopoly.

------
alistproducer2
One aspect of this that is being missed is how well this illustrates the
inability of the Democratic party to take advantage of an obviously
advantageous situation.

It's a no brainer that most people would recoil at the idea of everything they
do on the Internet suddenly being for sale. It would be super easy to come up
with at least a dozen relatable nefarious use cases and stuff them into TV
commercials and ads and tying it to the Republican party.

But nope, silence. It's almost like they don't want to be in power. It feels
like I live in a de facto one-party state.

~~~
maxerickson
Realistically it is a fringe issue and people have 18 months to forget about
it before there is an election.

~~~
alistproducer2
The GOP has survived, and thrived, on fringe issues for generations. In the
poli-sci world such tactics are known as wedge issues. The Dems know they
exist, but are very poor at the successful execution of them. At the end of
the day, the federal government has very little daily impact on most people's
lives. In order to get people's interest, one has to elevate fringe issues and
create strawmen to get people interested. The GOP has understod this forever.

~~~
maxerickson
The wedge issues they use have pretty big blocks of motivated voters.

I don't think privacy has that.

EFF has 25,000 members. NRA has 5 million. EFF has a budget of ~$16 million a
year. NRA has a couple hundred million.

------
Gustomaximus
If you want an idea to get mass movement against this;

Start some display campaigns injecting peoples names and other personal
information into ads. Have this follow people around the web. Even if data is
not taken from what has been allowed here, most people will find it creepy.
Link ad to a website explaining whats going on and how to contact their local
member.

I suspect with a fairly reasonable spend you could get some strong resistance
and media attention.

~~~
kowdermeister
This, I'd suggest to feature add porn viewing history too in those ads.

------
gwu78
This thread may grow long and maybe turn to the topic of HTTPS. SSL with SNI
exposes plaintext hostnames/domainnames on the wire for anyone to read,
aggregate and sell, not to mention tamper with. It should be an _optional_
extension. For many users it adds no benefit. For some users, it breaks their
software and adds needless complexity. Now the privacy advocates have a reason
to dislike it too. Just say no to SNI.

~~~
Dylan16807
Please describe a way to do SSL without the domain being visible that can work
for most sites.

What would you encrypt the hostname _with_?

~~~
mjevans
Establish an enciphered, unauthenticated, connection to an IP.

This is now a tunnel.

Over that tunnel:

* If you've connected before attempt to reuse the cached credentials to further establish a connection to the requested certificate. This validates prior authorization of being the target host.

* If the above fails or if it's a new host, ask for the certificate, perform extensive validation including REQUIRING that the external revocation check authenticates and confirms non-revoked.

~~~
openasocket
How do you create an encrypted connection to an IP address? Just a regular
Diffie-Hellman key exchange? That's pretty easy to MitM, and then the attacker
can view the certificate the server passes, which will contain the domain
name. A little more involved than sniffing SNI, because now you need to scale
out MitM-ing instead of DPI, but pretty much the same problem.

~~~
cesarb
Once the connection is MitM'd, the certificate validation would fail, since
the MitM host cannot sign the "hash of everything that's been exchanged in
this connection so far" with the correct server certificate. So the MitM would
have to choose between either learning the domain name but failing the
connection, or letting the connection pass but not learning the domain name.

~~~
openasocket
Darn, that right. I guess I fall back to my other answer then: the ISP can
always get the domain name from the server ip address and reverse or passive
DNS, and there's nothing you can do about that.

------
orbitingpluto
What about COPPA?

[https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Pr...](https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act)

~~~
k_sh
You raise a good point- IANAL, but I can see this being a good avenue for
challenging this soon-to-be law. Per COPPA, you have to confirm that someone
is 13 years of age before collecting information on them.

What are they going to do, repeal a law that was sold on the premise of "think
of the children"? Sounds like something that would come up during re-election:
imagine a "Rep. X voted to make it easier for online predators to find your
children online" campaign.

~~~
tiglionabbit
Anything goes at this point. They have no shame.

------
dbg31415
# House

YEAs ---215

R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R R R R R R R R R R

NAYs ---205

D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
D D D D D D D D D D

Not Voting ---9

R R R R R R D D D

House Results -
[http://clerk.house.gov/evs/2017/roll202.xml](http://clerk.house.gov/evs/2017/roll202.xml)

# Senate

YEAs ---50

R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
R R R R R R R R R R R

NAYs ---48

D D D D D D D D D D D D D D D D D D D D D D D I D D D D D D D D D D D D I D D
D D D D D D D D D

Not Voting ---2

R R

Senate Results -
[https://news.ycombinator.com/item?id=13943060](https://news.ycombinator.com/item?id=13943060)

(I liked this format.)

~~~
libertymcateer
This really couldn't be clearer, could it?

------
kevinpet
While I'd definitely like to see restrictions on internet browsing being
protected at least as much as library circulation records [1] and video
rentals [2], as a fan of checks and balances, the mere concept of a regulatory
agency passing "landmark" regulations on anything is troubling. Either that
power is in the law giving regulatory authority to the agency, and hence, it
shouldn't be called "landmark"; or the power is outside the scope of what
Congress intended when enacting the law, in which case it's a a bureaucratic
power grab.

1\.
[http://www.ala.org/advocacy/privacyconfidentiality/privacy/s...](http://www.ala.org/advocacy/privacyconfidentiality/privacy/stateprivacy)
2\.
[https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act](https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act)

------
marvindanig
Before we jump in a shock and talk about the TFW political disaster there is
happening in DC at the moment I want to ask a question:

Is there a simple guide or steps that I can follow to make myself anonymous? I
know there is TOR and VPNs, how can I go about setting it up?

~~~
subpixel
Here are two good how-tos on the subject:

[https://medium.freecodecamp.com/tor-signal-and-beyond-a-
law-...](https://medium.freecodecamp.com/tor-signal-and-beyond-a-law-abiding-
citizens-guide-to-privacy-1a593f2104c3)

[https://medium.freecodecamp.com/how-to-set-up-a-vpn-
in-10-mi...](https://medium.freecodecamp.com/how-to-set-up-a-vpn-
in-10-minutes-for-free-and-why-you-urgently-need-one-12a6f63e5ddb)

~~~
marvindanig
Awesome, thanks!

------
alistproducer2
Please share your VPN setups. I would like to have my VPN connection at the
router level, if possible.

Edit: Here's sort of an answer to my own question
[https://www.howtogeek.com/221889/connect-your-home-router-
to...](https://www.howtogeek.com/221889/connect-your-home-router-to-a-vpn-to-
bypass-censorship-filtering-and-more/)

~~~
chrisper
But where would your VPN go to? It would have to be outside of the US, I
assume. That means slower speeds and higher latencies.

~~~
pythonaut_16
It doesn't have to be outside the US to avoid your ISP selling the data.

If you run through a 3rd party VPN you have to trust the provider to not sell
your information.

If you run through a US based datacenter your data is still within reach of a
subpoena but your ISP won't have access to it.

------
harryh
To all of you who are you who are saying that it's now vital to use a VPN I
have to ask:

Why weren't you running a VPN already?

This was a vote to head off the implementation of a regulation that hadn't
gone into effect already.

~~~
skynode
I also found it quite shocking at the sheer volume of requests for VPN
guidelines; something I already take for granted. Just when I thought 2013 A.D
changed everything.

------
pcmaffey
Welp, now there's a real market opportunity for 'open' ISP's. I would gladly
pay more to a smaller ISP with slightly higher latency for guaranteed privacy.

SpaceX's planned satellite internet will _hopefully_ fill this void for the
world... until Elon dies and it's taken over by the evil, ignoramuses of
corporate greed.

~~~
deathanatos
Given the obvious barriers to entry for an ISP, realistically, how is there a
"real market opportunity for 'open' ISP's" when new ISPs themselves can't even
get a foothold? For example, Google's recent attempt with Fiber: as much as I
wish it were to succeed, they seem to have run into a lot of red tape.

For broadband Internet, my understanding is that most have exactly one choice;
in my experience, usually one of Comcast or TWC. (Currently, where I live in
the Bay Area, Comcast is my only choice. And it shows: Google Fiber would
offer a speed _500%_ higher, for the same price, if it could only
materialize.)

If you allow for non-broadband options, okay, yes, I have choices. That gets
me AT&T — who sells their users data — and mobile cell carriers (the latency
is unacceptable).

~~~
pcmaffey
Yes, it's troubling. Huge infrastructure costs. Regulations. And with little
to no differentiation between service providers, the incentive really hasn't
been there for competition.

But all is not lost. There are municipalities that are providing a competing
internet service. Internet is fast approaching a public good/right, so I
believe this is a worthy approach. Here's an example near me:
[http://www.timescall.com/longmont-local-
news/ci_28030675/lon...](http://www.timescall.com/longmont-local-
news/ci_28030675/longmonts-nextlight-internet-ranked-third-fastest-u-s)

As mentioned, SpaceX will circumvent the local restrictions and limitations of
'wire in the ground' with their satellites.

And now, if there are some ISPs that will sell your data and some that won't,
that differentiation may open up the door to greater competition. Perhaps
even, that's a silver lining to breaking up the ISP oligarchy that exists now.

------
quillo
I would expect that this will have an unexpected (?) side effect of further
weakening the capabilities of packet inspection by intelligence agencies
through increased utilisation of VPN services, especially those outside of the
US.

At face value this is a good thing for privacy, but I am concerned that when
lawmakers realise their error they will just legislate themselves out of the
hole by making access to VPN services harder.

~~~
warlox
Your average internet user doesn't even know what a VPN is, let alone the
significance of this law.

------
slang800
Isn't doing this type of data collection without consent already banned under
the [Wiretap
Act]([https://www.law.cornell.edu/uscode/text/18/2511](https://www.law.cornell.edu/uscode/text/18/2511))?
What part of these protections weren't redundant?

~~~
mikeyouse
Without consent is the important part, it will soon be part of your ISP's TOS
to allow them to sell your data. The wiretap act has a specific call out for
this occasion:

> _(d) It shall not be unlawful under this chapter for a person not acting
> under color of law to intercept a wire, oral, or electronic communication
> where such person is a party to the communication or where one of the
> parties to the communication has given prior consent to such interception
> unless such communication is intercepted for the purpose of committing any
> criminal or tortious act in violation of the Constitution or laws of the
> United States or of any State._

~~~
slang800
But the FCC rules that were repealed allowed data collection if you "opt-in"
too, right? I haven't read the entire text of the legislation, but their news
release covers this:
[https://apps.fcc.gov/edocs_public/attachmatch/DOC-341937A1.p...](https://apps.fcc.gov/edocs_public/attachmatch/DOC-341937A1.pdf)

> Opt-in: ISPs are required to obtain affirmative “opt-in” consent from
> consumers to use and share sensitive information. The rules specify
> categories of information that are considered sensitive, which include
> precise geo-location, financial information, health information, children’s
> information, social security numbers, web browsing history, app usage
> history and the content of communications.

~~~
pseudalopex
The FCC rules prohibited making consent a condition of service.

------
vhost-
Doesn't this mean the government can basically buy user data through shell
corps and bypass warrants all together?

~~~
gravity13
Does this mean we can crowdsource and buy the private browsing history of our
favorite representatives and post them online for everybody to see?

~~~
supernintendo
That's a lot of money that could go to other causes like the EFF. Black hat
hacking is cheaper and has the potential to reveal much more about the people
that voted for this.

~~~
plink
This vote will be a lubricant for just such black hat cracking. The Congress
opened the barn door on their own members' privacy.

------
asimjalis
Is there another side to this debate or is it really this black and white?

~~~
aero142
I'll take a stab at it because I think it's a useful discussion. Allowing
internet companies to make contractual arrangements with their customers will
result in situations similar to Google. Google shows you ads for things you
are interested in, and in return you get a really great search engine for
free. Similarly, if ISPs are allowed to collect information about your
browsing habits, and sell it to advertisers, they will lower the monthly rates
for consumers. The consumers can then choose whether they would rather pay
lower rates and their ISP sells their browsing information to advertisers, or
pay more.

The obvious followup is complaints about how ofter consumers don't have a
choice. Perhaps the reason there is so little competition is that local
municipalities enter into franchise agreements where in order to add internet
to one house, you have to agree to cover the entire area. This makes it so
that only big pockets and people that can influence politicians get the build
an ISP. Also, we could look at access fees to explain monopoly providers.
[https://www.wired.com/2013/07/we-need-to-stop-focusing-on-
ju...](https://www.wired.com/2013/07/we-need-to-stop-focusing-on-just-cable-
companies-and-blame-local-government-for-dismal-broadband-competition/)

If there were genuine competition perhaps real consumer preference would win
out, whichever that may be. Rather than deciding how much people value
privacy, perhaps we should let people choose for themselves at a level other
than the federal one.

~~~
st3v3r
See, I don't buy the market based arguments. This is not something we want
anyone doing, regardless of ISP. So why allow it to happen at all?

~~~
dredmorbius
The "market" counterargument is to set an infinite price on the practice.

Or in other words: a taboo.

------
cmurf
[https://www.govtrack.us/congress/votes/115-2017/h202](https://www.govtrack.us/congress/votes/115-2017/h202)
215 yea, 205 nea. All yeas were Republicans.

~~~
esaym
>> ISP companies also contended that the FCC rules have placed them at a
disadvantage with other non-ISP Internet companies that also collect user
data, like Netflix or Facebook.

I think there is always a flip side and I think this is it. Why can facebook
take my data and sell it but for the ISP, my data is treated like a health
record? Personally, I don' think anyone should be able to sell my data.

~~~
kelnos
I think part of it is choice. You can legitimately choose to not use Facebook
(even though admittedly for some people that's difficult due to network
effects). Don't like Google's data collection policies? Use Bing, Yahoo, or
DuckDuckGo. Don't like Netflix? Use HBO Now, Prime Video, Google Play, iTunes,
Hulu, or buy a cable subscription.

However, most people in the US have a choice of only one or two ISPs, so there
may not be an option to choose a company that doesn't sell your data.

------
msutherl
Any clarity re: this comment[1], which seems to suggest that things are not as
they seem?

[1]
[https://news.ycombinator.com/item?id=13942989](https://news.ycombinator.com/item?id=13942989)

> In June 2015, the FCC reclassified the ISP's as common carriers. Tada, the
> FTC rules no longer apply. So the FCC regulated them with roughly the same
> set of rules. Now they've undone this.

~~~
DrScump
The legislation, if enrolled into law, undoes the _future_ privacy changes.
The existing privacy exposure (since 2015) goes on until then regardless.

Implementing this change via legislation also means that changes in these
regulations require _statute_ change (not purely by the whim of any
President).

------
AndrewDP
The underlying argument here is there is no difference between say Google and
Verizon: the customer has to opt in (or pay) for both. And from a free market
(aka conservative) economic perspective if this is a concern shared by the
population, someone will offer it as a service that people will pay for (a VPN
tax if you will).

This is an unfortunate example where government is not set up to address
concerns of today's environment. They are trying to apply legal constructs of
20-50 years ago to a quickly changing age. And while you can argue whether the
prior administration did the right thing legislating in this environment, the
one thing they did was understand that access to the Internet should be a
right as opposed to a privilege. Like education, access to 911, etc. As more
services move exclusively online, this fundamental access question only
becomes a greater concern.

If individuals aren't guaranteed access nor have any protections online, then
we are heading into a very dangerous area (if the only way to lodge a claim
against your internet provider is online, then they will know what you are
doing).

------
tehabe
I wonder if this has any consequences for the US EU Privacy Shield agreement.

------
Tepix
So the GOP argues that it's unfair because streaming services and search
engines can already collect this data and ISPs couldn't.

I don't understand how they fail to recognize that ISPs will

a) see all of the sites you will visit and

b) many people can't choose between ISPs because there are only a few in their
area

It seems that for the GOP, as long as there is profit for corporations, they
are willing to give up the privacy of the voters.

How is this different than the telephone company eavesdropping on your calls
and selling the information gained to marketing companies?

------
virmundi
So why is this necessarily bad? My understanding is that the Congress repealed
a fiat control by the executive branch. They can now, if they are are so
inclined, enshrine in law, a more durable medium than agency policy, a freer
Internet. Let's assume that the Republicans don't. Let's also assume that they
make local municipal Internet or competition harder. The Democrats could get
elected in 2018 at which point they could enshrine privacy. How is limiting
the executive branch bad?

------
cwkoss
So, how should we write an daemon that pings high-advertising-value domains to
poison their dataset?

------
prirun
I hear people say how important it is to participate in the political process.
But when the process itself is broken, what's the point of participating?

We can vote alright, but what we are actually voting for is the person who is
the most convincing liar and makes the most appealing "promises", without them
being obligated in any way to actually implement their promises once elected.

As I see it, individuals only have a couple of effective ways to influence
politics:

\- withdraw your financial participation in things you don't agree with. This
is extremely difficult: most people are not willing to endure the sacrifices
necessary, and we're not coordinated to do it together. If everyone (or even
10%) canceled their Internet service, cable service, or whatever, for 1 month,
THAT would get attention. If 10% were willing to lower their standard of
living in order to reduce the government's tax take by 10%, that would get
attention.

\- regular individuals need to donate more money to politicians than
corporations and wealthy individuals. It's a sickening thought to me that the
only way to get public servants to actually serve the public is to bribe them,
but obviously that works.

------
CrippledTurtle
Can anyone explain why, when this went through the Senate, it wasn't
filibustered? I was under the impression that almost all controversial
legislation had to pass the filibuster threshold, and since Democrats were
united in opposition against it, I would have expected them to filibuster
this. Was there some loophole preventing them from doing so, or did they not
consider it important enough to filibuster?

~~~
GabrielF00
This bill is under the Congressional Review Act, which allows Congress to
overturn rules enacted by the executive branch in the last 6 months. A joint
resolution of disapproval under this act can't be filibustered.[1]

[1][https://fas.org/sgp/crs/misc/R43992.pdf](https://fas.org/sgp/crs/misc/R43992.pdf)

------
callinyouin
Does anyone know if this works retroactively? Is every data-hungry company
soon going to know all of our past browsing behavior?

~~~
skylark
My understanding is that this repeals a law which was passed at the end of the
Obama administration which never actually went into effect. If that's the
case, it's already been happening - this bill just brought the issue front and
center.

------
chrisallick
Well, they had unlimited bullets and needed just one to hit. We needed to
block everyone. But how can people follow a story let alone a lobbying effort
with our current ADHD news cycle...

Can someone give people like me a "5 things to fight back" list?

------
Jach
Maybe someone at YC could reach out to Thiel who could convince Trump to veto?
Something like that is probably the only realistic chance of this failing, and
I have no idea how much Thiel personally cares about this issue anyway.

~~~
acdha
A presidential veto is a big deal, especially going against his own party
whose support will be critical for getting anything done (or staving off those
pesky ethics investigations).

I don't think Thiel has that kind of juice. Maybe Bannon does but it really
seems like this would have to be an issue he cares deeply about personally,
and it's hard to think of one where there's much space between the president
and the modern GOP.

~~~
acdha
I should have added last night that those are the pragmatic reasons why I
don't think that's likely. The stronger argument is that Thiel's most likely
reaction is going to be expanding Palantir's data sources or investing in more
data mining companies.

------
Slackwise
Welp, time to pipe all port 80 and 443 traffic in my home through
[http://privateinternetaccess.com](http://privateinternetaccess.com) , via the
OpenVPN config in OpenWRT.

------
heurist
Awful. I stand to profit greatly from that data being commercially available
but the personal violation underlying it is unjustifiable.

Who will be the first to start a "privacy-driven" ISP with marked up prices?

------
MBCook
Why don't articles like this ever link to the votes so you can actually look
up how your rep voted (mine? Party line, no surprise)? Took me a few minutes
to find it.

------
adam_ellsworth
What's the immediate consequence of this ruling? What is liable to change? Who
can buy "my" data? What kind of time-frame are we looking at? Can foreign
nationals buy data en-masse directly and/or will their purchases be proxied
through "US citizens"? What depth of archives will be up for purchase? So man
questions regarding this... I'd like to know the general fallout of this in
both short and long-term results.

------
thomastjeffery
Time to start paying the VPN tax.

~~~
hprotagonist
given the fact that deep packet inspection is real, to what extent will this
actually help?

~~~
eikenberry
VPNs are encrypted.

~~~
Jach
Good ones anyway. Many don't. Even
[https://github.com/jlund/streisand](https://github.com/jlund/streisand) if
set up on ec2 won't warn you that your ipv6 connections probably aren't
blackholed.

------
username223
(1) This wipes out almost all the value of surveillance companies that don't
require logins. Why bother with doubleclick et al when you can get data
straight from the ISP?

(2) HTTPS makes a limited amount of sense. Even on encrypted connections, ISPs
know which domains you visit. In some situations they may also be able to MITM
your certificates and read the data you transmit.

(3) Any semblance of privacy now requires either a reputable VPN or TOR.

------
SteveNuts
Not that I'm necessarily OK with either, but what's the difference between
this and the myriad of other sites that are collecting your browser
habits/search history and selling it?

I'm not for this at all vote at all, and I'm not sure why Trump supporters
are, I'm just trying to come up with a good argument for why it's worse.

~~~
wfo
I don't think Trump supporters are actually behind this. It's one of those
things he never campaigned on but we're going to get anyway. Plus, it's
congress that pushed it. Presumably, if it's unpopular enough he could veto
it.

And the reason ISP is much worse is your ISP is your gateway to the internet.
Everything you do can be tracked and it's directly tied to your personal
identity. You can't avoid being tracked by it by using a different site. Want
a list of cat owners in San Fransico? Comcast has that list and they'll sell
it to you, names, addresses, etc. How about a list of people who have googled
'given medical condition' in the tri-state area? How about a list of names and
addresses of people who are interested in gay sex in Utah? How about who have
visited Ashley Madison in Washington, DC?

------
xnx
I wish Google would offer VPN service again (waaaay back they had some Windows
utilities that would proxy your web connection).

~~~
alphabettsy
That's would be an interesting privacy improvement.

------
equalarrow
Being that this is a pretty red vs. blue issue, there's not a ton ton can do
about it if you live in non-red states.

The eff is an obvious choice and I'm a member and have been for almost 20
years.

In my mind the big thing is people that vote for republicans don't fully
understand that they are voting for non-privacy, pro-business, and really,
pro-military. Granted, there are some dems that can fall into this trap and
9/11 pretty much ensnared all but a few into the reactionary mindset. This
actually took true visionaries and leaders to overcome; few and far between.

So, really, local debate has to happen in the red states where these
majorities are elected. This is a long uphill battle, but the message of
"mega-corporations are not your friends" has to be paramount and when you're
not earning tech salaries, we are part of the problem.

For coal miners and all these higher profile ise cases, we need to re-connect
with the human and community level. That's the disconnect right there; it's
easier to get angry about 'the swamp' than it is to try to take your own local
municipality into your own hands or figuring out how to stay local vs. state.

California, New York, etc - these aren't the battlegrounds. They are the
future. The majority of their population already agrees on global warming,
privacy, tech, etc. They're one step behind bitcoin/ethereum/altcoins
globalization.

But for somone in W. Varginia that's a coal miner that has been laid off (a
big Trump talking point), these things matter On a massive level.

So there's our schism - how can we provide a forward thinking, longer term
vision that helps the common citizenry? In my mind, everything this repubican
extremist 'president' represents are big interests and reducing their
unfettered access to unlimited profits, regardless of what that means.

Your (what's left of it) privacy and whatever else is fair game.

I'd advise to (of course) moving to tor, vm's and seriously, cryptocurrencies.
Currency is a great way to start hacking back towards 1:1, person:person
transactions which leads to a less decentralized money system.

And, If course, money underpins pretty much all us entrepreneurs do.

So, we _do_ have options. :-/ These options include vpn, tor,
cryptocurrencies, ethereum, etc.

Edit: mobile spelling corrections.

------
dfar1
I never cared too much for privacy, but that's one step too far. Lawmakers
probably don't understand how this makes them a target, and how their own
information will be accessible. Hopefully this will create a market for ISPs
that want to protect you. I see VPN markets growing even more.

~~~
adventured
> Lawmakers probably don't understand how this makes them a target, and how
> their own information will be accessible.

Your "will be" should be changed to "has been." The data selling was possible
(100% guaranteed to be occurring rather) prior to Trump's election for
example.

------
sixothree
How can I as a user buy access to my own personal information? Maybe this is
an opportunity for a new venture.

------
coldcode
I don't care whose fault it is, what can we actually do to defend ourselves?

------
cmath
Does anyone have suggestions on staying private that my mom could easily
follow?

~~~
esaym
I'd think not using the ISP's DNS server would be a good start. Either find
one somewhere else or run your own.

~~~
wfo
Does this even help? Are DNS requests encrypted? I had thought that they were
not.

~~~
pseudalopex
They aren't.

------
colordrops
This indicates to me an architectural flaw with the internet. We need to start
exploring other techniques to circumvent tracking, perhaps through more
distributed systems. The politicians can not be trusted.

------
danso
I know the political issues are different than in SOPA, but this situation
reminds me of how powerful publicity is as a factor in legislation. SOPA was a
mostly-unheard of bill that seemed certain to pass (had a huge number of
bipartisan sponsors in the Senate [0] and the House [1]) until it blew up into
a big online campaign and became mainstream with the blackout [2]. I remember
many legislators' staff saying it was the most email and calls they had ever
received in a day/week, and these are for members of Congress who voted on
Obamacare and the 2002 authorization of use of force in Iraq.

I can't pretend I know what it's like to be a general layperson about tech,
but my base instinct is that this issue of Internet privacy protections is
much more salient to the average person than SOPA. Yet even as a follower of
politics, I barely heard about this until last week when the Senate voted on
it.

I can think of a couple of factors:

1\. Internet giants advocated heavily against SOPA. Those same companies have
less incentive to argue against selling user data, even though selling data at
the ISP level is, to me, substantially different than at the website/service
level.

2\. So much political energy and attention has been spent on the Trump
Administration, particularly on the recent push to repeal Obamacare. IIRC,
even though SOPA didn't get much media coverage until around the week of the
blackout, it wasn't competing with anything quite as big as this past week's
vote on Obamacare (nevermind the other issues surrounding the executive
branch).

[0] [https://www.congress.gov/bill/112th-congress/senate-
bill/968...](https://www.congress.gov/bill/112th-congress/senate-
bill/968/cosponsors)

[1] [https://www.congress.gov/bill/112th-congress/house-
bill/3261...](https://www.congress.gov/bill/112th-congress/house-
bill/3261/cosponsors)

[2]
[https://en.wikipedia.org/wiki/Protests_against_SOPA_and_PIPA](https://en.wikipedia.org/wiki/Protests_against_SOPA_and_PIPA)

Edit: Worth pointing out the Senate vote from last week, in which no
Republican broke ranks in a 50-48 vote. 2 Republicans were not present (edit:
I originally wrote "abstained"), including Sen. Rand Paul who is listed as a
co-sponsor:

[https://projects.propublica.org/represent/votes/115/senate/1...](https://projects.propublica.org/represent/votes/115/senate/1/94)

[https://www.flake.senate.gov/public/index.cfm/press-
releases...](https://www.flake.senate.gov/public/index.cfm/press-
releases?ID=D739A8C2-2B70-4D7B-9FFB-4E62CA992DB4)

------
snorrah
The UK and USA engaged in a fierce battle of 'hold my beer'.

------
ReinholdNiebuhr
Question. When were these FCC rules implemented? I know they were under Obama
but right now as I try to learn the history google just keeps giving me the
news of the repeal.

~~~
dragonwriter
> When were these FCC rules implemented?

Adopted last November, published in December, parts went into effect in
January and parts earlier this month, with more parts due to go into effect in
June and December.

~~~
ReinholdNiebuhr
Thank you.

------
LeicaLatte
What are the plans to anonymize the data? Are there any standards in the
advertising industry for sharing such information?

~~~
Tepix
Not sure they have to anonymize the data after this. Do they?

------
raverbashing
Where's the crowdfunding to buy the navigation history of the representatives
involved in the approval of the law?

------
bikamonki
What VPN provider do you guys recommend?

------
rb666
Just move to Europe, where there is still some semblance of reasonable
regulations and politics (for now).

------
dmode
I hope someone buys browsing history of all Republican Congressman and
publishes them on the web

~~~
dredmorbius
[http://resistancereport.com/resistance/crowdfunding-
lawmaker...](http://resistancereport.com/resistance/crowdfunding-lawmakers-
internet/)

------
howard941
Could and should have been filibustered in the Senate

edit: note Senate....

~~~
kelnos
Democratic Senators need to be careful what they filibuster. Absurdly, it only
takes a majority vote for the Senate to change the rules to disallow
filibusters.

Then again, the vote to change the rules to disallow filibusters could
_itself_ be filibustered.

But, the Senate, despite all that, could (on motion) declare the filibuster
unconstitutional, and only require a simple majority vote to affirm it.

Man, our Congress is so broken.

Source: 2nd paragraph of
[https://en.wikipedia.org/wiki/Filibuster_in_the_United_State...](https://en.wikipedia.org/wiki/Filibuster_in_the_United_States_Senate)

~~~
DrScump

      Then again, the vote to change the rules to disallow filibusters could itself be filibustered.
    

That's what the Wikipedia article says, but I don't think that's correct.
Otherwise, I think the Republicans would have filibustered Reid's invocation
of the "Nuclear Option" that changed Senate rules to disallow filibusters on
Federal judge appointments.

------
intrasight
Isn't "https everywhere" going to make this a moot point?

~~~
adventured
Only partially. Your ISP can sell what domains you visit and the details of
those visits such as duration. Your ISP can push various trackerware that
steps in front of the https. Your ISP can do trackerware pre-installs on
hardware you buy for example, such as smartphones.

~~~
intrasight
But that trackerware would be easily filtered out with ad blockers. Not that
we should have to do so, but we can.

------
davidf18
The Register: Your internet history on sale to highest bidder: US Congress
votes to shred ISP privacy rules

[https://www.theregister.co.uk/2017/03/28/congress_approves_s...](https://www.theregister.co.uk/2017/03/28/congress_approves_sale_of_internet_histories/)

"Now, the really big question is: can your ISPs see the content of your online
interactions? Can it read your emails? Can it read your search results? Can it
store and search through the words you typed into a webpage?

And the answer is: yes, sometimes.

If the website you visit is not secured with HTTPS – meaning that any data
between you and the website is encrypted – then your ISP can see exactly what
you are doing."

Read the article for suggestions on how to protect yourself.

Also read:
[http://www.theregister.co.uk/2017/03/28/so_my_isp_can_now_se...](http://www.theregister.co.uk/2017/03/28/so_my_isp_can_now_sell_my_browsing_history_what_can_i_do/)

------
orthecreedence
Don't worry, the president will veto this. /s

~~~
m_herrlich
because he's worried about losing incognito mode?

~~~
adjkant
Last I checked his dirty laundry has been aired and the public gasped and
forgot. Golden shower anyone?

Not to mention that he already publishes his browsing and TV history via
Twitter for anyone who cares to really track it down.

