In a party-line 215 to 205 vote, the House of Representatives has approved legislation to allow internet service providers to sell information about their customers’ web browsing histories to advertisers and other third parties. The legislation has already been passed by the Republican-controlled Senate, so it is now headed to President Donald Trump’s desk for his signature.
“We are one vote away from a world where your ISP can track your every move online and sell that information to the highest bidder,” wrote Kate Tummarello of the Electronic Frontier Foundation, a group that advocates for online privacy rights, ahead of today’s vote.
The bill overturns regulations the Federal Communications Commission passed in the waning months of the Obama administration. Those regulations, explained in detail by Ars Technica, required ISPs to get approval from their customers before they could sell information about what websites they visit to third parties.
But a 1996 law called the Congressional Review Act set up an expedited procedure for Congress to overturn regulations by agencies like the FCC. Republicans in Congress have seized on the CRA as a way to roll back parts of Obama’s regulatory agenda.
The Senate passed legislation blocking the FCC rules on a strict party-line vote, with 50 Republicans voting yes and 48 Democrats voting no. The House vote was also highly partisan, with most Republicans voting yes and most Democrats voting no.
Sen. Jeff Flake (R-AZ), the lead sponsor of the Senate legislation, described it as “the first step toward restoring a consumer-friendly approach to internet privacy regulation that empowers consumers to make informed choices on if and how their data can be shared.” But the legislation doesn’t so much increase consumer choice as change the default: allowing ISPs to sell your data unless you specifically ask them not to.
ISPs hope to boost profits by selling customer data to advertisers
Traditionally, internet service providers make money by directly charging their customers for connectivity. But in recent years, ISPs have been looking for ways to use their unique access to information about their customers’ online activities to generate additional revenues.
AT&T has led the way here. “Starting in 2013, AT&T charged fiber Internet customers at least $29 extra each month unless they opted in to a system that scanned customers' Internet traffic in order to deliver personalized ads,” writes Ars Technica’s Jon Brodkin. “AT&T killed this ‘Internet Preferences’ program shortly before the FCC finalized its privacy rules.”
ISPs argue that this is little different from the business models pursued by internet giants like Google and Facebook. These companies develop profiles of their customers and then use this information to help advertisers show ads that are most likely to be relevant to each customer’s interests.
And ISPs could have a unique advantage in this market, because they can see all of the websites their customers visit, not just the ones that happen to participate in a particular company’s ad network. If you visit a lot of travel sites, for example, your ISP might have software that tells ad networks to show you more ads for airline flights or hotel rooms.
But privacy advocates see this as a violation of customer trust. In their view, ISPs’ greater access to their customers browsing history comes with a correspondingly higher responsibility to keep that information private. They say it’s wrong for an ISP to collect or share this information without a customer’s explicit permission.
The FCC regulations established an “opt-in” rule for programs like this. ISPs could only sell customer data to third parties if customers explicitly signed up for this kind of information sharing — something few customers are likely to do. But if President Trump signs the bill the House passed today, that default could switch. ISPs could potentially start sharing customer information by default, with the only notification being some boilerplate buried in the terms of service that few customers ever read.
Customers likely would retain the right to opt out of information sharing. But privacy advocates worry that most customers won’t know their information is being shared or how to opt out.
“Any Member of Congress who thinks this bill is a good idea ought to release their personal browsing history to their constituents,” said Rep. Keith Ellison (D-MN), an opponent of the legislation, in an emailed statement before the vote. “It's only fair.”