Your web browsing history is on the line.
On Thursday, the Senate passed a resolution to sell your private internet data without your consent. If the legislation gets the vote of the House and President Trump’s signature—which it probably will—the Federal Communication Commission’s latest set of broadband privacy rules will be as good as dead.
The regulations, implemented by former FCC Chairman Tom Wheeler, prevented internet service providers (ISPs) from collecting personal data without asking for your permission. The Senate action will allow “broadband providers to take control away from consumers and relentlessly collect and sell their sensitive information,” said the opponents of the resolution.
As the vote for the resolution was made entirely along party lines, the statements for and against it largely reflect party conflicts—and you’re stuck in the middle. Here’s what you need to know about the ongoing debate over user data and what it means for your privacy.
What’s at stake?
At the heart of the debate is the protection of sensitive customer information, such as precise geolocations, financial information, health information, children’s information, Social Security numbers, web browsing history, app usage history, and the content of communications.
As your gateway to the Internet, ISPs can have access to such information, though not necessarily all of it. In case you’re using encrypted websites and email services, ISPs won’t be able to view page and email content.
But they’ll still have access to information such as which websites you visit. This can reveal a lot about you, such as your age, gender, nationality, shopping and banking habits, and even political or sexual orientation.
ISPs are also able to create a profile of your life and social habits such as when you’re at home and when you’re not, which is becoming easier as your home becomes increasingly connected.
The FCC rules, which are now on the chopping block, required broadband ISPs to obtain opt-in consent from customers before using or sharing such data. For other, less sensitive information, such as email and IP addresses, they had to provide opt-out options. ISPs also had to be transparent about their collection and sharing activities.
The new Senate resolution will give ISPs free rein with your data and ultimately provide them with an unprecedented power.
While ISPs have the most favorable position, they’re not the only party that has the power to view and collect your data. Giant web-based service providers such as Google and Facebook also collect a wealth of user information in order to optimize their services and revenue.
In fact, when the FCC ruling was passed last October, privacy advocates called for similar regulations to be imposed on tech giants as well as ISPs.
How will ISPs use your data?
For the most part, ISPs are interested in commercial uses of your browsing data. And just as currencies fluctuate in value, the price of data has been on the constant rise in past years.
ISPs sell customer data to advertising companies interested in making their business more efficient by serving targeted ads. This means that, while surfing the web, you’ll see advertisements that are tailored to your needs and preferences and might be more tempting to click on.
According to the new resolution, ISPs are free to market your data without informing you about it. This is why advertising lobby groups welcomed the introduction of the legislation.
However, advertising groups are not the only ones who can benefit from the information ISPs collect and store. Cybercriminals are also avid customers of user information, whether to sell it on the dark web or use it for other nefarious purposes.
And ISPs regularly become the target of cyberattacks across the world. For instance, a data breach at the British broadband provider TalkTalk exposed the personal details of 157,000 customers, some of which included bank account and credit card information.
The FCC ruling forced ISPs to adopt data security practices to protect consumer information and legally bound them to inform customers in case of a suspect data breach. With the rules repealed, ISPs will be better positioned to avoid disclosing security incidents to avoid embarrassment and public scrutiny.
What does this mean for the future of privacy?
The FCC’s ruling was scheduled to take effect before December 2017. Technically, this means nothing has changed for consumers. But the Senate’s resolution will make sure that ISPs will continue to have their way in the future and can make more aggressive moves to monetize your data without fear of punishment.
Also, the Senate resorting to the Congress Review Act to repeal the rules is a big deal. The law allows Congress to revoke decisions made by government agencies and prevents those agencies from taking similar measures. This is effectively more damaging than the FCC revoking the broadband privacy rules itself because it effectively bars the commission from reinstating those rules in the future.
And given the FCC’s 2015 decision to classify home and mobile ISPs as common carriers, the Federal Trade Commission—the body that oversees the activities of the likes of Google and Facebook—will have no authority over ISPs either.
There’s a slim chance that the measure doesn’t pass muster in the House of Representatives, or gets rejected by Donald Trump. But that’s not likely to happen. That means you will be on your own to protect and deal with your privacy.
Fortunately, there are a couple of tools and practices that can help you take matters into your own hands.
What can you do?
The first thing you can do—if you disagree that Comcast, Verizon, AT&T, and any other ISPs should have the power to collect and sell what you do online—is to call your representatives in the House and tell them to vote against H.J. Resolution 86.
But that’s not all you can do.
As is the case with everything related to privacy, encryption is your best friend. There are three key steps you can take to protect your browsing data:
- Encrypted sites: Make sure the URL of websites you visit start with HTTPS (the S stands for secure). HTTPS websites encrypt their traffic, which means your ISP won’t have access to the content of your requests, including the form data you fill in registration and login pages. However, they will still be able to see which websites you access, which (as mentioned before) is still enough to deduce much about your habits.
- TOR browser: TOR is a free, open-source browser. It encrypts all of your incoming and outgoing browsing traffic and relays it through and number of volunteer nodes before sending it to its destination. Your ISP will be able to know that you’re using TOR, but it won’t be able to see which websites and pages you’re visiting, even if they’re unencrypted. One drawback of TOR is its slower speed. Also, some websites might not work as usual when you’re using it. And TOR does have its own set of vulnerabilities that malicious actors might exploit, so you have to keep it updated and patched.
- Virtual Private Network: VPNs encrypt your entire web traffic and channel it through a secure tunnel, protecting it from prying eyes—including ISPs. This means you have to trust the VPN company to safeguard your privacy. While not all VPN services are equal in the integrity of their services, they’re generally more reliable than ISPs in preserving customer data.
If you want to delve deeper into cloaking the internet traffic of your home, you can read this technical DIY guide on encrypting web traffic and concealing life patterns.
Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.