The EFF reports that President Trump has signed S.J. Res. 34, the final version of the bill set to repeal an FCC internet privacy rule that prevented ISPs from sharing Consumer Proprietary Network Information.
Senate Joint Resolution 34 is the final product of the House and Senate’s versions of the bill to repeal rules put in place by the previous FCC Chairman Tom Wheeler. The rules laid out exactly how the FCC would be interpreting Section 222 of the Communications Act which states that telecommunications carriers are obligated to protect Consumer Proprietary Network Information. This information is defined as follows:
(A) information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship; and
(B) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier;
except that such term does not include subscriber list information.
The Communications Act was originally written with telephone land lines in mind and had subsequently been extended to cellular phones. Wireless and broadband Internet were brought under the umbrella of Title II in early 2015, classifying them as common carriers which have to essentially follow the same rules as telephones.
With the signing of S.J. Res. 34, ISPs are now no longer obligated to protect Consumer Proprietary Network Information as they were under the rules put in place by the previous FCC Chairman. For your average end user, nothing much has actually changed yet – the rules protecting CPNI had not yet gone into effect. It was already legal for ISPs to sell this class of information (within the bounds of other laws), but ISPs may have been holding off on these sales in anticipation of the forthcoming rules.
However, The Verge has a comprehensive article which explains that the signing of S.J. Res. 34 doesn’t mean that your entire browsing history will be up for grabs to the highest bidder. To start, any website that makes use of a secure HTTPS connection effectively conceals the details of what exactly you are browsing. In short, an ISP could see that you are browsing techraptor.net but it wouldn’t be able to see what exactly you are looking at on the site. Nearly all highly sensitive data like healthcare or banking information is sent over an HTTPS connection, so this data is more or less safe for now. This also means that the various groups of people who wanted to collect the browsing data of politicians wouldn’t have gotten very much in the way of particularly interesting or damning data.
As with most legal matters, laws and FCC rules need to be interpreted and enforced. Even with the passage of this bill, the change in how ISPs are obligated to handle CPNI and internet privacy isn’t going to be like flipping a switch. Current FCC Chairman Ajit Pai (appointed by President Trump and confirmed in January) has to interpret the newly-signed law, decide how the FCC will act, and what rules they may or may not establish surrounding CPNI. Chairman Pai is a conservative who believes in the free market and this likely means that he’ll let ISPs decide how to use your data. If you’re nonetheless concerned about protecting your privacy as much as possible, the /r/privacy subreddit has a post detailing numerous ways that you can make it more difficult for your ISP to glean any useful information.
How do you think the repeal of the FCC Rules regarding Consumer Proprietary Network Information will affect customers in the long run? Did you write your Senator and/or Representative to tell them to vote yes or no on the bill? Did you believe that S.J. Res. 34 would be signed into law by President Trump? Let us know in the comments below!