Information Privacy Law
Professor Ira Rubinstein
April 13, 2017
Title of Blog Post: Implications of the upcoming repeal of Internet privacy protections
Article: Brian Fung, The House just voted to wipe away the FCC’s landmark Internet privacy protections Wash. Post (Mar. 28, 2017), https://www.washingtonpost.com/news/the-switch/wp/2017/03/28/the-house-just-voted-to-wipe-out-the-fccs-landmark-internet-privacy-protections/?tid=a_inl&utm_term=.834762cb113f
Congress sent a proposed joint resolution of congressional disapproval of the FCC’s landmark broadband privacy rules to the White House. The moment President Trump sign the bill, internet service providers (ISPs) officially get rid of the FCC privacy compliance burden to collect, use, and sell personal information, browsing history, app usage history or the content of messages, emails and other communications of internet users. Without the online privacy protections promoted by previous Democrat administration, the scale of commercial benefit of ISPs and privacy of internet users significantly leans towards the former.
The repeal of broadband privacy rules may not be an entirely unexpected action in this administration. The job-creating slogan of President Trump has indicated that business entities are likely to have less regulatory restraints. The White House’s criticism that the FCC departs from the technology-neutral framework for online privacy established by the FTC could be regarded as a precursor of the lobbying success of ISPs. However, despite the public concern on privacy invasion by foreseeable increases of target-advertising, there might be more privacy problems for civil liberty groups to worry about from national security surveillance perspective.
Ever since the 911 tragedy, the FBI’s surveillance power has been substantially expanded by the USA Patriot Act. Before the USA Patriot Act came into force, 18 U.S.C. § 2709 of ECPA’s Stored Communication Act has already enabled FBI to compel ISPs to release customer records that were relevant to an authorized foreign counterintelligence investigation. The FBI can obtain such authority through certifying that “there are specific and articulable facts giving reason to believe that the person or entity to whom the information sought pertains is a foreign power or an agent of a foreign power” even without a court order. However, Section 505 of the USA Patriot Act eliminated the “specific and articulable facts” requirement and provides a gag order forbidding ISPs to disclose FBI’s access to the records, making easier for the FBI to gather information without strict scrutiny.
Now that the privacy obstacles have been removed, naturally for commercial purposes ISPs will establish more comprehensive user database in the future, which potentially further expand FBI’s surveillance scope: much more user information could be revealed through National Security Letters (NSLs). Even though NSLs are subject to judicial review and limited Inspector General audit, there are increasing risks of privacy violation as a result of concentration of user data. First, by issuing NSLs to ISPs, the FBI may be able to build bulk online activity surveillance based on ISPs data processing development incentivized by the repeal of FCC privacy protection rules, which the public could be kept in dark about the scale and capacity for a long time. Moreover, the more concentrated our information is, the more damages the leaks of it will create. Leak of information is an inherent risk of any information retainers and has long been a part of political ecosystem. A richer database can only magnify the damages of a possible leak.
It is undeniable that most aspects of our daily life have left traces on the internet. As ISPs’ information gathering capacity surges, without relatively limiting the national surveillance power under the current regulatory scheme, perhaps the fear of George Orwell may become reality.