Skip to Content

Welcome to Internet Privacy Limbo

Trump’s first move on consumer Internet privacy was decidedly pro-business, but mostly it made the future of online privacy a lot more uncertain.
April 17, 2017
FCC chair Ajit Pai

The public outrage over the Trump administration’s decision this month to roll back rules that put limits on what Internet service providers can do with their customers’ data seems to be dying down, but an important question still doesn’t have a clear answer: what actually changed?

The rules, which required that ISPs obtain explicit opt-in consent from customers before “using or sharing” information about their browsing, hadn’t gone into effect yet, and some ISPs already admit in their privacy policies to using and sharing anonymous, aggregated browsing data. But it’s hard to deny that the move reflects a fundamental shift away from the Obama administration’s approach to Internet privacy. The future of online privacy is much more complicated than this particular fight, though, and where we are headed is far from determined.

The most tangible change since Congress and President Trump removed the ISP privacy rules is that the future of ISP privacy regulation is more uncertain. Now we’re in a sort of “limbo situation,” says Joel Reidenberg, a professor at Fordham University School of Law. The FCC can still technically police privacy violations, but it’s not clear which practices are and aren’t allowed, and no one is sure how the Trump administration plans to replace the rules.

How did we get here? Under Obama, the FCC changed the way ISPs are regulated, designating broadband Internet a “telecommunications” instead of a “communications” service and opening the door for so-called net neutrality rules.

One consequence of the change was that the FTC, the government’s main consumer privacy cop, lost its authority to regulate ISPs. Now that responsibility is the FCC’s, and that’s why last October it passed the now-ditched privacy rules, which raised the bar for consumer privacy protection in the U.S. by requiring that ISPs get opt-in consent to use and share information about Web browsing.

Opponents to these rules, including new FCC chair Ajit Pai, argued that they would reduce revenue and stifle innovation, and that ISPs should not be regulated differently from Internet companies like Google and Facebook, which are still under the jurisdiction of the more flexible FTC.

Pai and Maureen Ohlhausen, acting chair of the FTC, recently took to the pages of the Washington Post to “set the record straight” about the decision to repeal the privacy rules, which they said amounted to “government picking winners and losers in the marketplace.” The argument advanced by privacy advocates that ISPs have more access to personal data than companies like Google and Facebook is “not true,” they wrote.

It’s true that many Internet companies use various methods to extensively track users across the Web, combining that information with the data users give them to create advertising profiles. Comparing the customer data that ISPs can access directly with what companies like Google and Facebook can access is comparing apples and oranges, though, says Nick Feamster, a professor of computer science at Princeton University. Your ISP does have a unique view into what you do on the Internet.

A growing number of websites use encryption, which allows your ISP only to see that you landed on a certain site, not pages you visit once you are there. But ISPs can also see the traffic associated with Internet of things devices, which can be revealing, encrypted or not, notes Feamster. Traffic patterns from devices like connected thermostats, appliances, and other smart home systems can provide insights into what their users do and how they live.

Now that the rules are gone, Pai has multiple options as to how to proceed. His agency could try to replace the rules, a process that would take months at least. Perhaps what is most likely is that Pai will seek to overturn the FCC’s net neutrality rules, and in the process return the job of overseeing ISP privacy to the FTC. If the public’s reaction to repealing the privacy rules is any indication, though, that could be politically challenging.

It’s also not clear what it would mean if the FTC were to take over again as the federal government’s only consumer privacy cop. What constitutes “unfair or deceptive” is a matter of legal interpretation, and at this point Trump’s FTC has given us few indications about how it will approach privacy, says Reidenberg.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.