Your Browsing History is For Sale

If you’ve been following tech news, you’ve probably heard that your Internet Service Provider (ISP) is allowed to give away your private browsing history. They may share it with their partners, sell it, or utilize it for customized advertisements as they see fit. Privacy Groups are decrying the decision as an unprecedented invasion into user rights, but if you’ll give me a minute I’d like to explain why it is actually a good thing.

The issue at hand is that on April 3rd, President Trump signed into law a “Congressional Review” bill that repealed last-minute Obama-era FCC Internet Privacy Rules that set strict limits to the ways that ISPs are allowed to use records of your personal browsing. The bill passed on a party line with no Democrats voting for the bill and only about a dozen Republicans in the House voting against. The rules had been approved by President Obama’s FCC appointees but had not yet gone into effect since the new Republican Chairman that Trump assigned to take lead of the commission put a hold on them until Congress could act.

Should Republicans count this as a victory? I see little reason why they should. As civil libertarians and cultural critics have noted, there is no citizen constituency for this rule reversal. The Electronic Frontier Foundation (EFF) has been outspoken against it, pointing out that this not only reverses the Obama-era rules but also prevents the FCC from making rules to police ISPs in the future. Late night comedians like Stephen Colbert lampooned the Republicans for selling out to corporate sponsors. “No one in America stood up at a town hall said, ‘Sir, I demand you let somebody else make money off my shameful desires! Maybe blackmail me someday.’”

To be fair, the ISPs have a leg to stand on when they point out that the rule unfairly targeted them without including companies like Google, Facebook, and Apple. Since these companies provide search engines, social profiles, and computing ecosystems they don’t fall under the same sorts of regulatory schemes as ISPs. AT&T’s top lobbyist, Bob Quinn, made the case, “If the government bans the ISP from that data but allows, for example, OS providers, app developers and everyone else who has software running on your phone to collect your location and internet data, use it, share or sell it, that does not protect but rather confuses the consumer.”

The Devil is in the Details

The problem is not whether the proposed FCC rules were good or if the rollback is bad for consumers, but that it would be easily circumvented with the shell game of corporate subsidiaries. As an example, Google Fiber is a Broadband company that offers Fiber-optic Internet service. (While they keep their official numbers close to the chest, they are reported to offer service to over one million households in the Kansas City Metro alone.) The important part of the equation is that “Google Fiber” is a separate corporate entity from regular old “Google”, which offers Web searching and Gmail, even though they still fall under the same umbrella of Alphabet, Inc.

If the FCC Internet Privacy Rules had been allowed to go into effect then Google Fiber would not have been allowed to collect your browsing history and use it to target you for ads. However, you need a Google Account in order to sign up for Google Fiber as your ISP. When you are logged into your Google Account, most of what you do will be tracked by Google: every web search, every YouTube view, and every time you visit another website which is using Google Advertisements to interact with the Google Cookie in your browsers.

Other companies have and will be following suit. Verizon bought AOL in 2015 and is putting the finishing touches on a deal that will merge Yahoo into the unit as a new web services company. Verizon has already migrated their email users over to this unit and the addition of Yahoo will allow them to be much more like Google in the scope of their offerings. This is another example of a company that would not have been affected by the FCC rules. Do we have any doubt that Comcast would follow suit?… Or are they called Xfinity now? It’s hard to keep up.

The thing about web services and cookies is that we voluntarily give them access to our personal information. Sure, it’s done as part of a long User Agreement that we just scroll through to find the Accept button so we can get back to our digital content – but willful ignorance is no excuse for allowing our information to be exploited. And even if we hit the Decline button there is no guarantee that the system administrator will respect our wishes, as we have caught Verizon before with their hand in the virtual cookie jar accessing the data of people who had opted out.

As in life, our government can make as many laws and regulations as we wish but it doesn’t mean that we will be protected from bad actors. Each of us need to realize that we are responsible for our own digital security by taking reasonable precautions in the same way we do in the physical world. We should not expect that our ISP is going to protect our privacy from themselves, from their advertising partners, or even from malicious hackers who might use their network to exploit our systems.

In Colbert’s monologue he compares the situation to a hotel that says, “Yeah, you can stay here but heads up we don’t lock the doors…” This is actually a very good analogy, even if it’s not in the way he thought it was. When we stay in a hotel we all know that the front door is not locked. We should assume that every employee has access to the master key that would allow him or her into our private room. That’s why we should secure the privacy bar when we go to sleep at night and lock our items up in the safe when we leave. And if that hotel has a Samsung SmartTV in the room they may also be allowing hackers to get videos of us… doing whatever it is we do in bed.

Finding a Real Solution

Perhaps in a better world we would have independent Internet Service Providers who are proud to offer privacy protection as a service that they offer, but it’s not going to happen until users make it more economically valuable to not sell our information to advertisers. The creation of every technology is influenced by the values of the designers, whether it is personal values or a market incentive. The market incentive already exists to collect and distribute our personal information so we need to find ways to make sure it is never collected in the first place.

If you are looking for away to secure your digital life, the first thing you can do is visit the Electronic Frontier Foundation and read their tips on protecting your Internet privacy. Be sure you understand the roles that Internet Cookies play in tracking your online movements and how HTTPS protocol provides a secure connection between your system and your destination on the web.

Be sure you understand where you, as the user, fit in the financial scheme of the service you are using. If you aren’t the customer you are probably the product. Facebook and Gmail are free because they know so much about your habits that merchants and advertisers can easily target you with products you may want to purchase. They are paid handsomely for that information.

If you wish to opt out of directed advertising, consider using an ad blocker extension for your browser. Adblock Plus is an open-source project that filters out advertisements from webpages, with the exception of a small subset of “certain non-intrusive ads” (which they describe as a way to promote ethical advertising). uBlock Origin is a harsher alternative that offers no exceptions (except those made by the individual users).

Of course content creators still need to have an incentive to produce. Think about what media you want to consume and the fact that if you opt out of the advertising ecosystem you should probably find another way to help pay your share. Perhaps you should go ahead and subscribe to your local newspaper to get web access or put money in the tip jar at one of your other favorite news sites!

Finally, look at ways that you can mask browsing information from your ISP completely. You can use the free open-source project TOR (The Onion Router) to mix your traffic with the traffic of millions of other users in a way that makes you anonymous. Or, for a more reliable solution you may want to pay for a personal VPN (Virtual Private Network) connection that protects your identity. Make sure you use an unbiased source to evaluate the different companies offering services.

While it’s not good that our Internet usage data is up for grabs by so many entities, it is good that we are having this discussion about ways to make it better. Hopefully better laws and regulations will be put into place to prevent privacy abuses in the future… but they won’t matter unless we all do our part to make the digital world a better, safer, and more secure place.

A version of this piece was published in The Federalist on April 13, 2017.

Facebook Comments