Our Institute Fellow Gigi Sohn testified today before the Maine Legislature’s Joint Committee on Energy, Utilities and Technology in support of legislation that would require broadband internet access providers to protect their customers’ privacy.
Sohn, who has been a public interest advocate in technology policy for over 30 years, was a Counselor to former FCC Chairman Tom Wheeler when the FCC adopted the 2016 Broadband Privacy Rules, on which Maine’s proposed legislation is based. The federal broadband privacy rules were reversed by a controversial Congressional vote under the Congressional Review Act in April 2017.
Speaking in support of the Maine bill, L.D. 946, Sohn noted the unparalleled access broadband providers have to their customers’ private information:
“Broadband providers receive, store and use a vast amount of consumer information, including sensitive information. As the FCC found in 2016, a broadband provider “sits at a privileged place in the network, the bottleneck between the customer and the rest of the network….” This gatekeeper position allows them to see every packet that a consumer sends and receives over the Internet while on the network, including its contents.
The FCC’s record showed that only three companies have third party tracking capabilities across more than 10 percent of the top one million websites, and none of those has access to more than approximately 25 percent of web pages. In contrast, a broadband provider sees 100 percent of a customers’ unencrypted Internet traffic.
Broadband providers also see all the encrypted traffic over their networks. Though they do not see the contents of these packets, they see when and how long a person is watching TV, visiting a website, turning on the lights, or using other devices. In addition, because broadband Internet access services are paid services, the broadband provider has the subscriber’s name, address, phone number and billing history. This gives them a uniquely detailed and comprehensive view of their customers.”
L.D. 946 would prohibit a provider of broadband Internet access service from using, selling or sharing customers’ personal information without express consent, and requires providers to take reasonable measures to protect customers’ personal information.
Service providers’ practices have received increased attention since a January 2019 investigation by Vice Motherboard reported that AT&T, T-Mobile and Sprint sold customers’ geolocation data to data brokers, who then marketed it to bail bond companies and other third parties without customers’ knowledge or consent.
Referencing Congress’s repeal of the 2016 broadband privacy rules and recent actions by the FCC that have reduced the FCC’s authority over broadband internet access services, Sohn noted:
“When the federal government abdicates its responsibility to protect consumers, the states must step in.
Broadband providers complain that if every state were to pass a similar law, they will be forced to comply with a “patchwork” of different consumer privacy protections, and that a federal framework would be preferable. I have little sympathy for an industry that was the driving force in convincing Congress to repeal the existing federal broadband privacy framework – the FCC’s 2016 rules - and then performed an encore by pushing the FCC to abdicate its oversight over broadband. . .
The solution to the alleged “patchwork” problem is for the companies to comply with the highest level of privacy protection a state requires.
You can read Gigi’s full testimony here.