We live in an era of outrage.
Sometimes that outrage is justified, but more often, outrage is a tactic—a manipulative spin that is borne more out of anger than a care for accuracy.
The recent, widespread claims that Congress has “repealed your internet privacy” fall far closer to manipulation than to accuracy.
If the only victims of this misleading spin were politicians, we might just shrug and say, “Caveat Socius”—Latin for “Let the member beware.”
Unfortunately, in addition to causing a great deal of unjustified outrage, this campaign resulted in donations of more than $200,000 to, frankly, fraudulent efforts to buy the browsing histories of members of Congress. This cannot be done.
Here is the real story.
During the final weeks of the Obama administration, the Federal Communications Commission, over the protests of the Federal Trade Commission, enacted strict new rules on internet service providers that took away the FTC’s jurisdiction over broadband privacy.
Proponents claimed the rules were needed to protect the privacy of internet users, something the FTC had done for nearly two decades.
The FCC’s extraordinary decision to play in the FTC’s sandbox had more to do with the FCC’s decision to assert much greater authority over the internet—to treat it as a regulated utility—than it did with any threat to user privacy.
The FCC did not actually prohibit companies from exploiting user data. Instead, it simply said that some companies (such as Google, Facebook, and others) could use it (on an opt-out basis), while internet service providers could not (unless they got users to opt-in, which is far harder).
As Veronique de Rugy explained the FCC’s rulemaking:
… exempted powerful data-hogs, such as Facebook and Google, while subjecting other service providers to new and confusing rules with the potential to strangle innovation, all thanks to one agency’s unauthorized power grab. Companies such as Verizon and Comcast were suddenly required to secure your consent before selling or sharing your browsing history, app usage and other private information with advertisers and other companies.
That sounds sensible, but it actually represents an abrupt departure from decades of established practice under competing regulatory regimes. Indeed, ever since the advent of the internet, the default position was that consumers had to opt out of the program if they didn’t want their information sold or shared. The practice was unsurprisingly successful, considering the billions of dollars and attention that tech companies invest in data security to protect consumer privacy.
Earlier this year, Congress quite reasonably decided to reject the FCC’s intrusion in the FTC’s policymaking arena.
Led by Sen. Jeff Flake, R-Ariz., in the Senate and Rep. Marsha Blackburn, R-Tenn., in the House, the Congress ensured the proposed FCC rule never went into effect, leaving in place a generation of privacy protection rules that have been, and remain, in force. So let’s be clear about what happened.
The FCC asserted exclusive authority over internet privacy rules in 2015, and, in late 2016, issued a formal regulation that was to take effect in mid-2017.
In March and April, Congress repealed that new regulation, which meant that the FCC simply had to go back to doing what it had done since 2015 under Democratic leadership: police broadband privacy on a case-by-case basis.
At no point did the FCC’s new rules take effect. No internet user experienced any change to their privacy. Nothing changed.
And yet, somehow, thousands of internet users were told Congress had undermined their privacy—that, by maintaining the rules that internet users had not been outraged about in 2015, Congress was changing the internet.
Newsweek profiled activists who alleged that the congressional vote would “’fundamentally undermine’ online security and enable unconstitutional mass government surveillance.”
Internet privacy had been “repealed,” they alleged, and internet service providers would now be allowed to sell your “private browsing history.”
This is, of course, ridiculous. Nothing changed. It remains illegal “to sell the individual browser history of a person.” And no one was actually offering such data for sale in the first place.
But ridiculous is not surprising. Hyperbole, outrage, and doom are the tools of the trade for activist groups. These groups need to keep their supporters in a constant state of panic and froth.
Rhetoric about a “jurisdictional change that allows only some companies to collect and sell user information” doesn’t keep the doors open and the lights on like “the end of the internet as we know it.”
The result, unfortunately, is a debate driven by the shrillest and least responsible activists. The more responsible and cautious voices (on either side) are drowned out.
The good news is that the FCC and FTC can now work together to create a single, more coherent set of privacy rules so that internet companies can operate on a level playing field, and internet users can depend on consistent privacy protections.
That’s good. Or, to take a lesson from the outrage artists: Maintaining the light-touch regulation may be “the best thing to ever happen to the internet.”