Senate Resolution 34
S.J.Res.34 – A joint resolution providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”.
This bill, which passed the Senate last week by a mostly partisan vote of 215 to 205 (15 Republicans and 190 Democrats voting against) is designed to block an FCC ruling from 2016 (“Protecting the Privacy of Customers of Broadband and Other Telecommunications Services.”) that would have required ISPs (Internet Service Providers) to obtain permission from customers before selling their data to advertisers. It further invoked the Congressional Review Act (CRA) that allows the regulation to be immediately undone, and also prevents any agency (like the Federal Communications Commission or FCC) from passing similar regulations in the future.
Proponents of the bill stated that they felt the restriction on ISPs was unfair, given that companies like Facebook and Google are not subject to the same limitations, but opponents pointed out that ISPs get a larger cache of data, including private browsing using programs like Google Incognito and application use.
The bill will not be law until it is signed by the President, but all indications are that he plans to sign it.
Implications for Consumers
This bill indicates a shift in how consumers’ data is viewed by the Federal Government. Previously, consumers believed that their data was their property, controllable and shareable only by the consumer. This bill indicates that the consumers’ data is the property of the company whose service they use. ISPs can now sell location data, browsing history, financial and health data, and information about other online activities. Further complicating this matter for consumers is the reality that many only have access to one ISP, and therefore have no choice in what company to use to access the Internet.
All of this has led to some rather alarmist posts by major publishers like Vox, Techcrunch, Fortune and the Washington Post among most other major news publications. It has also led to various articles providing poor advice, like deleting browser history regularly, or using Incognito mode to search (neither of which will protect data from an ISP). Some of the better stories are urging consumers to access the web through a Virtual Private Network (VPN) or to only visit sites that are encrypted with HTTPS.
Implications for Companies
Companies will be impacted by this ruling because consumers will finally become hyper aware of their internet usage. Without encrypted websites (through HTTPS), ISPs will be able to sell your customers’ data, browsing habits, and even insert ads on websites (that haven’t been approved or controlled by the website owner) based on this customer data.
HTTPS creates an encrypted relationship with the consumer’s computer, so that even though their ISP will know the consumer visited your domain, the ISP won’t be able to see details like which pages they visited, how long they stayed, or whether they made a purchase.
Google’s Involvement in Privacy Controls
Google has seen this coming. About 5 years ago, they started urging all websites to go secure (to use HTTPS encryption) for all of their pages. In January, Google started marking non secure pages in Chrome (a Google owned browser and the market share leader) as “Not Secure”.
Google plans to eventually display the following warning on all non-secure sites accessed through Chrome:
You Need to Go Secure (HTTPS)
Due to the internet security and privacy concerns that have made their way into the forefront of consumer discussion and the treatment of non-secure pages in the Chrome browser, you need to make your site secure as soon as possible (don’t worry, I’m taking my own advice) even if you don’t collect any customer data. Be sure and hire an SEO to help you through this process, as you’ll need to redirect all of your old pages, make sure all of your assets and third party scripts are secure, and make sure all of your links are updated.
But do it. Do it now.