Consumers should be able to expect a certain amount of privacy and recent rules adopted by the FCC are a step in the right direction. That step has also revealed some key differences between profit-driven national Internet service providers, smaller ISPs, and municipal networks. The different attitudes correspond with the different cultures, proving once again that small ISPs and munis have more than just profit in mind.
On October 27th, the FCC adopted an Order to allow ISP customers to determine how their data will be collected and used. According to the FCC, they made the decision in response to public comments about the concern for personal data protection.
The New Rules
Over the past few years, consumers have become savvy to the fact that ISPs have access to personal data and that they often sell that data to other companies for marketing purposes. Under Section 222 of Title II of the Communications Act, telecommunications carriers are bound to protect their subscribers’ private information. Because those rule are designed to change as technology changes, says the FCC and Congress, this same authority applies to private data collected by ISPs.
The FCC decided to divide the permission of use of personal information based on type, categorizing information into “sensitive” and “non-sensitive.”
Sensitive information will require ISPs to obtain “opt-in” consent from subscribers, which will allow them to use and and share this type of information:
- Precise geo-location
- Children’s information
- Health information
- Financial information
- Social Security numbers
- Web browsing history
- App usage history
- The content of communication
Non-sensitive information would include all other information and customers would need to "opt-out" in order to prevent their ISPs from collecting such data. Examples of non-sensitive personal information include service tier information.
The new rules also require providers to follow “up-to-date and relevant industry best practices” in reference to managing security risks, take care to provide accountability and oversight regarding security, and dispose of personal data properly. These are only a sampling of the rules, which are not complicated but add another layer of undertaking to the role of provider. Check out this Fact Sheet from the FCC for more on the new rules.
Not All ISPs Are Big ISPs - Thank Goodness!
At first, we were concerned that these new rules might create more work for munis and small ISPs that are already heavily burdened with reporting requirements. For municipal utilities that provide other services as well, such as electric, gas, or water, another round of administrative requirements seemed especially taxing.
While national providers with thousands on their payrolls may have entire departments to deal with paperwork, municipal networks often exist in small communities and employ small staff. Regardless of the number of employees, they still must submit the same amount of information to the FCC. But we didn't hear any of them complaining about the new privacy protections.
Large providers began complaining about the new rules as soon as they were released, including David Cohen from Comcast, who said the new rules “will likely do more harm than good for consumers, competition, and innovation in the all-important internet ecosystem.” AT&T senior vice president described the rules as “illogical.” The rules, according to the big national providers are just too tough.
Small ISPs and municipal networks are not known to sell customer data the way Comcast, AT&T, or CenturyLink do. In fact, we know of at least one, Xmission serving customers via the UTOPIA open access network, that has no problem telling the NSA to bugger off when they improperly ask for private data. On the other hand, AT&T is cozy in the NSA pocket, no warrant required. Local providers and munis are close to their customers, creating a higher level of accountability, which contributes to high scores in customer service.
We reached out to Xmission to get their opinion on the new privacy protections. Would they be difficult to implement? A burden? The company’s founder, Pete Ashdown told us it is “high time the government allowed individuals to take back their privacy” and that he supports the FCC ruling. We also talked with municipal networks in Iowa and Utah, but they did not report any potential problems with the rules.
If small providers have no problem respecting subscribers' privacy, why do big corporations like AT&T and Comcast complain so much? AT&T and Comcast see subscribers as numbers on a page to be transformed into dollar signs. Local providers and municipal networks consider them customers, community members, and neighbors.