A fight over privacy at the Federal Communications Commission, sparked by last year's net neutrality rules, is heating up.
The FCC is expected to craft regulations in the coming months on how broadband providers handle sensitive customer data – and advocates on both sides of the issue are gearing up to make their case.
Consumer advocates are hoping the commission drafts stricter rules for how companies like Comcast and Time Warner Cable treat customers’ information.
"They’re in a unique position to have knowledge of all sorts of extremely sensitive information," said John Simpson, the director of the privacy project at Consumer Watchdog.
But industry groups are wary of the FCC crafting new rules and say any framework should match standards already in place.
Before the net neutrality ruling, the Federal Trade Commission policed privacy at both Internet service providers and online companies like Google and Facebook, using the same standards.
“Well, I think essentially, the key point is that consumers have certain expectations as to how their private information will be treated,” said Lynn Follansbee, a vice president for law and policy at USTelecom, which represents broadband providers.
“And we just take a position that no matter, across the whole Internet ecosystem, no matter what kind of technology is involved, consumers shouldn’t be surprised."
The privacy fight stems from the net neutrality rules approved in a party-line vote by the FCC a year ago.
The commission treated Internet service providers like traditional phone service to apply new rules requiring all Web traffic to be handled in the same way. That left the FCC in the difficult spot of applying privacy regulations for phone companies to broadband providers. Those rules protected information on whom a customer called and when, for example.
But applying those regulations directly to new technology would have been a tall order for the agency. The commission decided last year to instead create new regulations exclusively for broadband service.
So far, Chairman Tom Wheeler has not floated a proposal for his fellow commissioners to consider, and the item didn’t show up on the agenda for the FCC's February open meeting.
An FCC spokesperson said she couldn’t provide any new information about timing but noted that Wheeler said in November that the commission would tackle the issue in the “next several months.”
It's also possible that a federal court will rule that the agency’s action on net neutrality was illegal —upending the FCC’s role in regulating Internet service.
Barring a court ruling, however, the commissioners could vote on dealing with new privacy rules as early as March. That's triggered a flurry of advocacy this month from industry and privacy advocates anticipating a Notice of Proposed Rulemaking, which starts the process of creating new regulations.
Mid-January brought a letter from 59 advocacy groups to Wheeler urging him to move forward with new rules.
“In addition to the Commission’s important decision last year to retain authority to protect consumer privacy on broadband telecommunications services, the FCC has worked diligently under your administration to enforce existing privacy protections for voice communication, and to require greater transparency for broadband provider service practices,” the groups said.
“We look forward to working with you to modernize these existing rules to clarify crucially important protections for consumers online.”
The commission will have to determine not only what data is covered by the rules, but also how companies should be compelled to protect it.
Privacy groups hope the FCC uses its authority in ways that the Federal Trade Commission, which previously had legal authority over Internet service providers, couldn't.
They argue that the FTC’s privacy standard, which is based on whether a certain practice is “unfair or deceptive,” isn’t strong enough to police broadband providers, and that the FCC has the ability to give their rules more teeth.
“They, under reclassification [of Internet providers], can explicitly make rules that say thou-shalt-this, thou-shalt-not-that,” said Simpson. “And that’s an entirely different situation than what the FTC does."
Telecom groups disagree. In a letter this week, seven major trade associations said that the FCC should look to align its rules with the FTC’s, should it choose to pursue them at all.
The groups said a privacy framework based on the FTC’s guidelines would “identify privacy or security goals, and afford providers, including smaller providers with limited resources, flexibility in achieving those goals.”
Follansbee, with USTelecom, rejected the idea that the FTC is too weak to regulate the data privacy of broadband customers.
“I think that the FTC has a very strong approach,” she said. “Things have been working, so let’s move forward and have everything be harmonized so consumers know what to expect.”
Critics also say that new regulations governing service providers could confuse consumers who would see broadband companies held to one set of rules and web services, like the sites they visit online, to another.
Public interest advocatesdismiss the idea that consumers may be confused by rules that apply to their Internet provider but not the websites they visit.
“I think there’s a sense that we can do better on privacy protection,” said Matt Wood, policy director at Free Press. “And the FCC has some tools to do that the FTC may not.
"I guess in the end, I’m much less concerned about allegedly duplicative or different rules applying to different providers than I am about getting it right for the user and making sure there actually is protection for them,” he added.