If you’ve been on the internet recently, you may have heard of this new ISP Browser History law. A lot people are pretty upset; you’ll hear them making apocalyptic proclamations such as:
“Internet Service Providers have won. Net Neutrality is on the ropes. ISPs can now sell your data with impunity and without consent. Corporate data harvesters have our medical history, political views, and sexuality at their fingertips. Privacy is not a right, and definitely not a reality—at least not right now.”
Except, you’ve been here before. Look over the past decade; this is not the first time ISPs have worked to dismantle internet privacy. As frustrating as this new law may be, hearken to this: whenever service providers have attacked privacy before, the Internet has risen up and stopped them.
There have been many cases where ISPs have overreached. A lot of these cases sound a lot like what is happening now. Look at a few, and see how the people of the internet shut them down.
Case 1: Selling Your Data To Law Enforcement
What They Were Doing
Back in 2008, AT&T and the Drug Enforcement Agency declared a partnership that would help apprehend large scale drug distributors using AT&T's extensive phone records.
However, this was not the whole story. What was billed as a transactional partnership turned out to be a wholesale data dump, where AT&T was selling over 20 years of records and more data than was accessible by the NSA. It even got to the point where AT&T was selling this data to individual police precincts for up to $1 million per precinct per year.
What was particularly chilling about this program was how far AT&T and law enforcement went to hide this relationship from the public. Both parties signed a contractual agreement – essentially a non-disclosure agreement – which kept the program secret from the public, attorneys, and even other federal organizations.
How The Internet Stopped Them
After an investigation by The Guardian and other journalistic sources, The Electronic Frontier Foundation(EFF) filed suit against Hemisphere demanding the information on the program be released. This past December, a judge in California ruled in favor of EFF, demanding a full release of program documents, which have so far suggested violations of the First and Fourth Constitutional Amendments.
Case 2: Recording All Your Phone Data, Even Encrypted Traffic
What They Were Doing
In 2011, a small mobile intelligence company rocked the cell phone data analysis industry. This organization, branded Carrier IQ, had a simple mission statement: “aggregate and analyze wireless data to understand the quality of service that [wireless] customers experience.”
It turns out that wasn’t the whole story. In November 2011, software developer Trevor Eckhart published videos showing that Carrier IQ was collecting data wholesale from over 100 million individual devices. This wasn’t just usage data; they had access to account details, financial information, anything and everything a user accessed on their phone. They were even able to get around https encryption, which is the standard for web security today. You can see one of his videos here. It starts getting really interesting around 11:20.
How The Internet Stopped Them
Carrier IQ immediately tried to shut Eckhart down. They sent a cease and desist letter, threatening him with a $150,000 suit if he didn’t retract his findings and issue an apology. Eckhart reached out to the Electronic Frontier Foundation, who agreed to support him and his research.
On December 2st 2011, only three weeks after Eckhart released his first video, the litigation started with a class action lawsuit against Carrier IQ. Within a week, a flurry of civil actions were filed against giants such as Apple, HTC, Sprint, and AT&T. At this point, all the major wireless carriers killed their data tracking programs, and its technology has since been abandoned for fear of similar blowback. Note: It took less than a month from the time of Eckhart’s publication to kill Carrier IQ’s program. This is what happens when consumers stand up and take action against online privacy overreach.
Case 3: Secret, Indestructible Cookies Monitoring Your Web Traffic
What They Were Doing
In 2012, Verizon, in an effort to boost revenue by collecting user data, started inserting uniquely identifiable headers, so called “supercookies,” into their users’ data stream. These cookies could not be deleted or avoided. They collected all the data sent using Verizon, and connected that data back to its user’s personal identity. To add insult to injury, Verizon wouldn’t even opt you out if you requested it. They were selling your info whether you wanted them to or not. (This is why opting out by itself, although important, is seldom enough; you must have someone prepared and willing to take immediate legal action when your opt-out is ignored).
How The Internet Stopped Them
Jacob Hoffman-Andrews of the Electronic Frontier Foundation lit the fuse with a tweet exposing Verizon’s shady tracking programs. At this point, you should know what happens next. Civil Suits were filed, and the FTC fined Verizon $1.35 million dollars, and criticized specifically the failure of Verizon to notify its customers and respect opt out requests. (Note: this was a fine, and not a civil payout. It is important that ISPs be accountable to their customers as well as the government, which is yet another reason why you should have someone on your side who is prepared to take action when your ISP violates your rights).
Where We Are Today (And How this Bill is Different)
The programs mentioned above were stopped because they broke many laws, almost all of which are still in place. The privacy laws still on the books include :
However, the Internet Privacy bill is different for a number of reasons:
It Makes Some (But Not All) of These Programs Legal
Reclassifying ISPs to need less regulatory oversight opens the door for these kinds of programs to happen again. This time, however, it will be harder to fight them, because the law will have fewer safeguards in place to protect our privacy.
The FCC Is Not An Ally Anymore
The recently appointed FCC head is firmly against privacy regulations. He has pledged to roll back Net Neutrality, and seeks to return the internet to an era where large scale data collection was commonplace, and there were few, if any, privacy protections in place for general internet users.
How You Can Take Action Now
At this point, you should be noticing a pattern: an ISP breaks the law, a watchdog organization discovers the illegal activity, civil suits force the company to halt the program, and either the FTC or FCC hit them with violations and punitive measures.
This isn’t rocket science. We have the tools to defeat this law. We just need to wield them.
We have built a platform to stop the ISPs in three parts:
1) Protect Your Data by opting you out of ISP data collection automatically
2) Fight For Repeal: Consistently craft letter campaigns and generate new content to help you reach your representatives with personalized messages at the push of a button
3) Expose Privacy Violations: Have a legal fund that is ready to launch as soon as ISP’s start breaking the law again.
If you are looking for protection for your browser, or want to take up arms in the ISP war on privacy, Join our campaign here.
Join The Fight or subscribe below