On March 6, the Federal Communications Commission will receive the first round of comments on petitions for the Commission to suspend and ultimately to rescind new rules on privacy by broadband providers. These rules are intended to stop Internet service providers from providing customers with certain options. The Commission should repeal these rules.
Everyone is in favor of privacy, and privacy is under siege in America. In recent years, Yahoo! has announced security breaches from outside criminal hackers affecting hundreds of millions of customers. Sinister agents have also breached security systems at major financial institutions and other businesses. Compromising the privacy of millions of federal workers and job seekers, information from the federal Office of Personnel Management was stolen, apparently by foreign governments. Recently, highly classified information about private conversations by American citizens has been leaked to the media, reportedly by government employees.
The common thread in all of these and other incidents is that forces of evil—such as hostile foreign governments, our own government employees who illegally leak classified information, and global as well as local criminals–can and do attack the privacy of ordinary Americans. The FCC has tried but utterly failed in efforts to improve online privacy. The new FCC rules would not have avoided even one of the problems listed above. Even worse, they solve no such predictable problem in the future.
I am addressing the theft of private information by criminals, not the free exchange of information by law-abiding businesses and law-abiding consumers. Consumers who do not want their shopping patterns followed can simply set their browser not to allow tracking and sign up for email services that do not review emails.
On October 27, 2016, less than two weeks before the 2016 election, the FCC adopted a 200-page with new rules on broadband privacy. This included more than 7 pages of new rules alone, a substantial quantity of new rules even for the FCC.
The first question the FCC should have asked is whether the FCC had any statutory authority to address broadband privacy. And the second question should have been, if there were statutory authority, whether the benefits of a proposed FCC rule would have exceeded the costs.
Neither of these questions was clearly asked or answered by the FCC.
It is difficult to look at the broadband landscape over the past two decades and not reach some obvious conclusions. First, consumers are better off with broadband today than they were 20 years ago without it.
Second, there is an obvious reason that the FCC has not adopted FCC broadband privacy rules in the past 20 years: the FCC has no specific statutory authority. The FCC’s October 2016 order bases new rules on Section 222 of the Communications Act, which specifically limits the use of “customer proprietary network information” by “telecommunications carriers” for marketing purposes. Section 222 was written to limit the use of long-distance calling pattern information for marketing from a time when there was a separate long-distance industry and when there was no broadband industry.
Times have changed. Recognizing that Section 222 did not fit the broadband world, the FCC last October effectively attempted to rewrite the statute to include a new set of concepts that are not found in the statute such as “customer proprietary information,” “personally identifiable information,” and “content of communications.” The terms the FCC created may make sense, but those are rationally and legally decisions for Congress to make through new legislation and not for the FCC to invent where Congress has chosen not to.
In the privacy order, the FCC also compounded its prior error in defining “broadband Internet access service.” As I have explained , no entity in the world provides “the capability to transmit data to and receive data from all or substantially all Internet endpoints.” Thus, there are no broadband Internet access service in America.
Finally, the FCC’s order is silent on qualifying either the costs or the benefits of the new rules. As I have testified before the House Judiciary Committee, the FCC is largely exempt from rules requiring calculating the costs and benefits of proposed rules. What are the benefits of the new rules? The FCC claims without proof or evidence that consumers will benefit. What is the quantity of benefit? As usual, the FCC is silent. What are the costs? The FCC did not identify much less tally costs.
Forces of evil are using the Internet for illicit purposes including stealing the privacy of ordinary Americans. We must fight back, not with half-baked rules that remove sovereignty from the American consumer. The American consumer needs more not less sovereignty. And that sovereignty comes from better technology, more not fewer choices, and laws that can and will be enforced against wrongdoers and criminals, not rules aimed at hobbling American businesses.