While the overturning of old broadband privacy rules won’t make much of a difference as internet service providers (ISPs) have always been able to collect our data, it has indeed raised many concerns among internet users about their online privacy. Here are 10 important questions about the broadband privacy repeal answered by some of the most reputable names in the cyber security landscape.
Q.1 -What led the FCC to adopt/develop such anti-privacy rules? Any background information?
Paul Bischoff, Freelance Journalist and Online Privacy Advocate: I think there's some confusion here. The FCC adopted “pro”-privacy rules under the Obama administration that barred ISPs from selling their customer's browsing data to third parties without consent. The law that just passed is not an FCC rule; it's a law passed by Congress and President Trump. It repeals that pro-privacy FCC rule put in place under Obama so that ISPs can now sell users' browsing data.
What led to the new law is simple: money in politics. ISPs are massive corporations that donate huge sums to lawmakers. The votes in the House and Senate were almost entirely along party lines, in which Republicans made vague arguments about competition and free markets. In reality, Republicans voted that way to keep the contributions coming, and the only other ones benefiting are the ISPs.
Q.2 – Didn't ISPs already have data on me? How will scrapping off broadband privacy protections affect me as a consumer?
Francesco Petruzzelli,Co-founder of Privacy Conscious, Philanthropic Search Engine, WhaleSlide: They did! It’s this complete flexibility around the sale of your data that’s a major concern. They will no longer need your permission.
Director of Cybersecurity EFF/ Tech advisor at freedomofpress also has an interesting viewpoint in this regard: In the US, the ISPs already had that data, but they were not allowed to sell it to advertisers. Now, advertisers can have it and use it to draw conclusions about you and try to sell you things.
Q.3 –What can ISP providers do with my data, as in what could be the worst case scenario?
Dr. Tim Lynch, President of Psychsoftpc, Ph.D. in Psychologyof Computers and Intelligent Machines, Boston University: Sell it or use it. Develop a profile of you using Big Data analysis and personality profiling and sell that. Figure out if you are sick or having legal, emotional or psychological issues by your browsing activity and sell that to advertisers, insurance companies, healthcare providers, health insurance companies, employers, lawyers, etc.
Q.4 -Is there anything ISP providers can't see?
Paul Bischoff, Freelance Journalist and Online Privacy Advocate: ISPs can't see the contents of HTTPS-encrypted websites, although they can see which website you're visiting. If you're connected to a VPN or Tor, the contents of web traffic are encrypted, and the websites you visit are also hidden.
Q.5 -Can encryption lead ISPs to employ methods to crack the encryption? How likely or unlikely is this scenario?
Digital Guardian, Provider of Data Protection Solutions and Services: As long as a strong algorithm is used, I doubt ISPs would try to decrypt the data – that has proven challenging to say the least.
Q.6- Does this differ from the way Facebook and Google collect and use our data?
Shea Stamper, SaferTech: Yes, Google and Facebook already collect your data to learn your preferences and sell to third-party advertisers so they can advertise at you more accurately. Those kind of companies collecting your data for ad-based revenue are more innocuous than your ISP browsing data collection, though. That's because your ISP can collect your data across all of your devices and identify you more clearly than Facebook or Google.
Since your personal data will reveal so much about you in an unprecedented way, it is REALLY attractive to hackers, and maybe even other agencies. It's not just your browsing history now – it's your location data, health/financial/Social Security info, identifying not only you but your family members. This list is endless.
Q.7 – Holding data literally worth trillions of dollars might lead hackers and other agencies to go after ISPs? What's your view on this?
Paul Bischoff, Freelance Journalist and Online Privacy Advocate: ISP's customer data has been breached in the past and will probably be breached in the future. The difference now is that the data can be sold to third parties, which don't necessarily have sufficient security measures in place to protect it. If your data exists in more than one place, it's more at risk of being exposed in a breach. Hackers might not need to attack the ISP’s servers if they can find easier-to-exploit flaws on the servers of a third-party advertising agency.
Q.8 – Since a user does not have any way to opt out, what exactly can I do to prevent this?
Francesco Petruzzelli,Co-founder of Privacy Conscious, Philanthropic Search Engine, WhaleSlide: I would recommend using a search engine like ours that doesn’t track you, and tie that in with a good VPN.
Q.9 -Will these laws result in increased litigation against ISPs?
Francesco Petruzzelli,Co-founder of Privacy Conscious, Philanthropic Search Engine, WhaleSlide: Let’s wait and see. I’m sure we’re going to see a whole world of potential lawsuits opening up.
Q.10 -With broadband privacy officially kaput, how can I protect my browsing history and avoid the prying eyes of greedy ISP providers?
Scott Schober, President, Cybersecurity Expert, Author of Hacked Again: A virtual private network (VPN) can help protect your privacy and is my number one choice to keep personal data safe from your ISP. There is a small cost (typically around $10/month) but there is always a cost for privacy. A VPN uses advanced encryption technology protecting your personal data which is essential.
When selecting a VPN, inquire about the bandwidth that will be provided. Many people choose a free web proxy which acts as a middleman between yourself and the destination web site, however over 75% of free web proxies are untrustworthy so I avoid them – you get what you pay for.
You can also choose to use Tor which is a network pairing and software. It hides your identity by bouncing your traffic around many Tor servers. Your traffic is encrypted as well so your private information stays private. That being said, the US Department of Justice has allegedly cracked Tor, so it’s not 100% safe.