Mounting security concerns surrounding the proliferation of wireless devices is renewing a long-running internet privacy debate.
Traditional partisan rifts over regulation of private companies exploded Tuesday at a hearing of the House Energy and Commerce Subcommittee on Communications and Technology. Democrats were still steaming about repeal in late March of Federal Communications Commission’s broadband privacy rules, passed by Congress and signed by President Donald Trump, under the guise of the Congressional Review Act, aimed at eliminating regulations considered burdensome by Republicans.
The FCC’s privacy rule did not outline specific security measures for ISPs but recommended they follow a cybersecurity framework set by the National Institute of Standards and Technology and gave the FCC oversight over complaints of security breaches.
“When Congress repealed privacy rules in the CRA, they also removed security measures,” said Rep. Mike Doyle of Pennsylvania, the ranking Democrat on the subcommittee.
The since-repealed FCC privacy rules included a provision requiring that internet service providers take “reasonable” measures to protect user data, such as Social Security numbers and health information.
Rep. Frank Pallone of New Jersey, top Democrat on the full Energy and Commerce Committee, said Republicans are playing politics by ignoring three bills the minority has put forward to address related cybersecurity concerns.
“Democrats are trying to address these issues head on in a nonpartisan way,” he said. “These are good bills that were introduced more than three months ago. Every day that goes by with no action is another day the American people are at risk.”
Among those bills is the Managing Your Data Against Telecom Abuses Act of 2017, which Rep. Jerry McNerney proposed and would, according to the California Democrat, prohibit “providers of Internet broadband services or of Internet content, applications, or devices from using unfair or deceptive acts or practices relating to privacy or data security.”
Rep. Marsha Blackburn (R-Tenn), chairman of the subcommittee, dismissed that idea.
“We have bills we would like to see action on too,” she countered.
Blackburn’s office confirmed she was referring to her BROWSER Act, which would force companies such as Google and Facebook to acquire consent from users before collecting their personal information. The legislation is billed as a way to level the playing field between broadband providers like Comcast and Verizon and “edge providers” like Google and Facebook. The latter two tech giants are regulated by the Federal Trade Commission. Blackburn and allies contend they don’t have to adhere to stricter rules that were set by the FCC for ISPs.
Not everyone is thrilled with that approach, though. Peter Eckersley, chief computer scientist for the Electronic Frontier Foundation, called it “deeply disingenuous.”
“Congress has failed to give the FTC the authority to set any uniform minimum privacy standards for apps and websites,” Eckersley said in a Wednesday email to Morning Consult. “Having the same ineffectual model for ISPs would lead to predictable consequences: toothless oversight, and giant companies such as AT&T, Comcast and Verizon collecting and selling everyone’s data without any meaningful form of consent or user control.”