
FCC Vote Means Internet Providers Need Permission to Share Your Data - suprgeek
http://www.npr.org/sections/thetwo-way/2016/10/27/499606251/fcc-vote-means-internet-providers-need-permission-to-share-your-data
======
devindotcom
Interestingly there seems to be a loophole in that they can _collect_ the data
regardless of consent, but can't _use or share_ it without consent. So chances
are this sensitive data will be recorded and put in a database anyway, even if
they're not lawfully allowed to look at it without anonymizing first - but a
future law could also add an exception, keeping things for law enforcement for
instance.

I'm triple checking with the FCC on this though.

~~~
ez_psychedelic
This will probably just turn into a line in the terms and agreements that
everyone just clicks "yes" because they have to in order to use anything.

~~~
btown
From christianmunoz's comment:

Copied this from another comment of [his] on this post, but it answers part of
your question. From the FCC fact sheet[0] on the decision:

> The Order prohibits “take-it-or-leave-it” offers, meaning that an ISP can’t
> refuse to serve customers who don’t consent to the use and sharing of their
> information for commercial purposes.

So at least they can't cut you off entirely if you don't consent/opt-in.

[0]
[http://transition.fcc.gov/Daily_Releases/Daily_Business/2016...](http://transition.fcc.gov/Daily_Releases/Daily_Business/2016..).

~~~
daveFNbuck
But can they charge a lot more if you don't consent?

~~~
gergles
As AT&T already did until right before the FCC started talking about this
decision (and I'm sure they'll go right back to now that it's OK), charging
$30 to opt out of their spying program, plus a bevy of one-time fees that are
"waived" if you let them spy.

------
ars
This is completely pointless. They'll just add some form you have to sign
before giving you service and that's about it.

After all, do you read and act on the privacy notifications other providers
give you?

Does this at least require them to provider service irregardless of your
consent to share data? If not, this is a pointless law that just makes it look
like they did something.

~~~
devindotcom
You have to opt in and there can't be a penalty for opting out, the fact sheet
says. That said, there may be a bonus for opting in — perks or whatnot. That
will have to be settled separately, probably.

~~~
metaphorm
it's really hard for me to understand what the meaningful difference would be
between penalty for opting out vs. bonus for opting in. don't those amount to
the same thing, in practice?

~~~
devindotcom
heh pretty much yes, though I'm sure someone can think of times it would be
different. and since penalties for opting out are not allowed, the ISPs will
have to be very careful how they structure such bonuses - they would have to
be perks totally separate from the service they provide is my guess.

~~~
ncallaway
It probably has to do with the advertised price.

They probably can't advertise service as $49.95, then add an additional $20
charge if you opt-in to the privacy plan.

They probably would need to at minimum advertise both prices in their
marketing copy.

~~~
gruez
>then add an additional $20 charge if you opt-in to the privacy plan

probably not a viable option because a VPN offers complete privacy from the
ISP, and only costs $5/month.

~~~
NegativeK
VPNs are completely out of the question for the vast majority of internet
users, who the FCC is mainly concerned about protecting.

~~~
gruez
How so? They're easy to set up, especially with a compatible router.

~~~
ncallaway
I mean... why is it hard for the majority of users to use linux?

Why is it hard for the majority of users to use a password manager?

Because most people on the planet are _busy_ and _don 't give a damn_.

~~~
EdHominem
Right, so it's not at all out of reach. You can configure your OS to use a VPN
in under a minute, in my experience. Maybe five, if you were following
directions.

It also takes a few minutes to change your smoke-detector batteries...

------
anigbrowl
I'm sure this will lead to radical alterations on paragraph 117 of the typical
EULA, where everyone will notice it immediately and have a serious think about
the economic value of their personal identifiable information. I have not
looked at the actual motion yet but I suspect that companies will only have to
answer consumer inquiries in general terms rather than giving them detailed
statement. Oh well I've given up trying to safeguard my privacy anyway.

~~~
cordite
Does a 60 page EULA count as an explicit yes under this?

~~~
anigbrowl
It'll take several years of litigation for anyone determined enough to get a
straight answer to that question.

------
makecheck
If the data is collected at all, it can be collected incorrectly (e.g. stored
in such a way that it is stolen eventually, “permissions” be damned). Still
solving the wrong fundamental issue.

We desperately need to work on reducing the importance of data itself. We must
assume by default that all information _will_ be improperly handled pretty
much anywhere (or, that the task of keeping it secure indefinitely is just too
hard).

That means: data whose usefulness expires extremely quickly (with
corresponding protocols), and the complete retirement of stupid bits of
information we now carry like social security numbers and credit card numbers
that can instantly screw you in the wrong hands. In fact, we ought to have
proxies for EVERYTHING; I don’t know why I even have to hand out my home
address, for instance, when in theory I could give a company some temporary
proxy address that routes to my house only as long as I ALLOW that forwarding;
after that, it becomes meaningless and cannot be used for junk mail.

------
afarrell
I wish the UK had this. Mobile phone/data providers send a header with HTTP
requests to provide the site with your phone number which they can then use to
charge you without permission.

~~~
SEJeff
Wow seriously? That is semi-terrifying.

~~~
oldmanjay
Terrifying, horrifying, amazing... none of these words have any impact left
after huffpo and buzzfeed have watered them down to meaninglessness. They get
to join "evil" on the scrapheap of linguistic history.

------
wmf
I am kind of surprised that this wasn't already regulated, considering that
telephone privacy has been an issue for decades. Perhaps this is a case of an
unwritten common-sense policy that is only being codified when ISPs start to
break it (e.g. AT&T's now-canceled "Internet Preferences").

~~~
Spooky23
Only landline phones have that kind of protection.

~~~
wmf
By that logic I have wired Internet so...

------
supergeek133
In theory they were supposed to have my permission before sharing with the
government too... right? Not sure what this stops.

Think of it like when you authorize facebook or someone else to share data via
OAuth, how many people read that list?

~~~
whatupmd
B2B and B2G are a whole different ball-game. In B2B scenario they are exposed
to class-action lawsuit for bad-behavior or government fine. In B2G scenario
really only thing individual citizen can do is take it to the supreme court.

------
revelation
Maybe they can now regulate that ISPs can not modify IP payload?

What world are we living in where the post service is allowed to rip open mail
and deface it.

~~~
wmf
The FCC has spent years fighting for net neutrality.

~~~
revelation
I'm not sure yours and their definition of net neutrality overlaps much.

I personally don't think "not modifying user data" above IP is much of a net
neutrality issue either; it should be a felony issue, as is tampering with
mail.

~~~
GrinningFool
That would require a legal definition of tcp traffic as federal mail. AFAIK
there's no such definition.

(I agree with you, for what it's worth... I just don't see a path by which
it's possible under current law)

------
MayMuncher
I wonder if this applies to airport or arena wifi. Would they be considered an
ISP if they are providing internet to mobile devices?

~~~
chipperyman573
No, an ISP does more than provide the routers that broadcast internet.

------
dsr_
"Commissioner Ajit Pai, who voted no, cautioned that the "cold reality" is
that nothing in the new rules will stop those companies from "harvesting and
monetizing your data," including the websites visited, YouTube videos watched
or search terms entered on any device."

Any reasonable person reading that would infer that Pai thinks that these
rules are not sufficient and is in favor of stricter rules. That turns out not
to be the case at all.

------
Frogolocalypse
Remember the hoo-haa when Wheeler was appointed chairman of the FCC? He seems
to have proven his detractors wrong.

------
jgord
..because the fact that your _paying_ them, along with the general morality,
is in itself not enough of an inducement.

------
mankash666
About time

~~~
Spartan-S63
I agree. I'm also glad they specified "opt-in" consent and not "opt-out." They
can't start collecting your data without your prior knowledge and
authorization. This is a good thing.

Next step would be to disallow hijacking and data insertion into your stream
of data. It would be a step towards cementing ISPs role as a dumb carrier of
data.

~~~
tedajax
Does this also preclude ISPs from not allowing you access to higher tiers of
service without consenting to data collection? That is that in addition to
requiring an opt-in they can't incentivize it at all by giving users who don't
opt-in a degraded experience.

~~~
christianmunoz
I was able to find an answer to at least part of this question in the FCC fact
sheet[0] on the decision.

> The Order prohibits “take-it-or-leave-it” offers, meaning that an ISP can’t
> refuse to serve customers who don’t consent to the use and sharing of their
> information for commercial purposes.

So at least they can't cut you off entirely if you don't consent/opt-in.

[0]
[http://transition.fcc.gov/Daily_Releases/Daily_Business/2016...](http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db1027/DOC-341938A1.pdf)

Edit: source

~~~
r00fus
Interesting - so looks like UVerse's policies may still be permitted (ie, you
pay more for privacy).

------
mirimir
No matter what anyone says, it's prudent to assume that everything is logged.

------
1812Overture
We have a monopoly. Sign this or you don't get internet.

~~~
Spivak
Which is the absolute first thing they thought of.

ISPs are not allowed to refuse you service for opting out and they're also not
allowed to make you "pay for privacy". We'll see how strictly this is applied
but it implies that they're also not allowed to weasel out of it by giving a
'discount' to people who opt-in.

------
elhenrico
It's there any way to obfuscate my browsing data? As in a program that visits
random sites. I've searched but never found something like this.

------
6DM
After this comes an "update" to your privacy statement where you have to agree
or you loose service...

------
macawfish
"the vote was 3-2 along party lines"

for real?

------
cloudjacker
Permission like an android app

------
thomasthomas
lots of power for an entity of unelected officials....

~~~
hackuser
They are legally empowered by elected officials, just like the police, the
courts, the entire Justice Department, military, State Department, NIH, NSF,
IEEE (for some things), and many, many more.

What alternative is there? Our elected officials can't possibly have the time
or the expertise to perform all those tasks themselves.

~~~
Spivak
If Congress legally empowered an un-elected five person 'Super Congress' that
wielded the power of Congress itself to make laws independently would you feel
like your voice at the ballot box was being undermined?

I'm not saying the US regulatory agencies are at that point, but I would feel
better about them if their power was more directly checked by the Executive
branch.

Instead of "FCC voted today on a new ISP resulations..." it would be "Today
President Obama approves new FCC recommendation...".

~~~
Frogolocalypse
> I would feel better about them if their power was more directly checked by
> the Executive branch.

They can. The executive can always modify or repeal the act that defines their
constitution and authority.

~~~
pdonis
_> The executive can always modify or repeal the act that defines their
constitution and authority._

Um, what? Once it's signed into law (which the acts that empower agencies like
the FCC are), the executive branch can't modify the law at all. Only Congress
can. The only thing the executive can do is veto a bill when it comes, to
prevent it from becoming law in the first place.

~~~
Frogolocalypse
> Only Congress can.

Sorry, I should have said 'government'. There are three branches of the US
government : the legislature, the judiciary, and the executive. You have a say
in all of them though. Don't you vote in your congress-people and senators?

So...

They can. The government can always modify or repeal the act that defines
their constitution and authority. They're your representative. If you don't
like an act, get them to change it.

~~~
pdonis
_> I should have said 'government'._

Ah, ok. Yes, the government--specifically the legislative branch--can always
modify or repeal a law.

 _> The government can always modify or repeal the act that defines their
constitution and authority._

If by "their" you mean "the FCC's" (or some other agency), then yes. But if by
"their" you mean "the government's" in general, it's not so easy. A
Constitutional amendment has a much higher threshold of passage than a simple
law. It takes a 2/3 majority of both houses of Congress to propose an
amendment, and then it takes 3/4 of the states ratifying it before it actually
can take effect.

 _> If you don't like an act, get them to change it._

Sure, as long as enough other voters agree with you to get their attention.
Which practically never happens.

~~~
Frogolocalypse
> A Constitutional amendment has a much higher threshold of passage than a
> simple law.

You are misunderstanding the word 'constitution'. Every company and regulatory
body has one. It defines who does what, and the 'what you can do, and more
importantly, what you should do' of a regulatory body is defined within the
act. It is not the 'american constitution'. It is created and modified during
the regular practice of government with the creation and modification of an
act. Every democratic government, and indeed, even non-democratic ones, does
it roughly the same way. If it didn't happen this way, cars would still be
driving with lead petrol.

> Sure, as long as enough other voters agree with you to get their attention.

It happens all of the time.

You know dude, I'm not really sure you know how the government functions. This
is what they do, and there are so many levels of it. It's true that large
multi-state regulatory bodies have larger impacts, and therefore require more
support, in order to be enacted. But they get created in the first place for a
reason, and end up getting modified for a reason. Your representatives create
and modify acts that allocate funds to fund regulatory bodies to enforce laws.
That's democracy. That's how it works.

~~~
pdonis
_> You are misunderstanding the word 'constitution'._

If you want to use that word in an unusual way, that's fine; but I didn't
understand that that's how you were using it in reference to regulatory bodies
created by US statutes. ("Statute", btw, is the usual way of referring to laws
that tell what regulatory bodies can and should do.)

 _> You know dude, I'm not really sure you know how the government functions._

You know, I'm not really sure you know how to describe how the government
functions using proper terminology. If you had said "statute" in the first
place, which, as above, is the correct term for what you are referring to, I
would have understood what you said right away. But you didn't.

 _> Your representatives create and modify acts that allocate funds to fund
regulatory bodies to enforce laws._

Yes, and these are called "statutes", not a "constitution".

~~~
Frogolocalypse
In different countries it is called different things. The point being, you can
change it through your elected representatives if you so choose.

