FCC’s New Do Not Track List Authority

Published April 29, 2015

Will the FCC create an Internet “Do Not Track” list like the FTC created the “Do Not Call” list enjoyed by three quarters of Americans?

In ruling the Internet to be subject to common carrier consumer protection law, the Obama FCC’s recently passed Open Internet Order applied common carrier privacy law (Section 222) to Internet telecommunications as part of the FCC’s unilateral efforts to modernize communications law for the 21st century.

The Obama FCC’s Open Internet Order also ruled that the Internet now encompasses the Public Switched Telephone Network (PSTN) and that an IP address is the functional equivalent of a telephone number.

Thus, logically it could follow that information that’s considered legally private in the telephone world now could be considered legally private in the Internet world.

This central consumer protection question should come up this week as the FCC hosts a Section 222 public workshop to explore the FCC’s “role in protecting the privacy of consumers who use” the Internet.

What is Section 222?

It is a common carrier provision of the Communications Act entitled “Privacy of Customer Information.”

It creates a legal duty for those using telecommunications to protect the confidentiality of a customer’s proprietary network information or “CPNI,” and to not use CPNI for its “own marketing efforts,” without the “approval of the customer.”

Practically, CPNI is a customer’s most sensitive private communications information, i.e. with whom they communicate, when, how much, and from where they communicate.

America originally had a monopoly vertically-integrated communications provider, AT&T, so Section 222 originally protected consumers’ privacy throughout the whole communications ecosystem.

In 1984, when a court-ordered break-up created AT&T Long Distance and seven local phone Baby Bells, they all continued to be subject to section 222’s protection of customer private information.

However, since prior FCCs classified the Internet as an unregulated information service, and not common carrier telecommunications, Section 222 no longer legally applied on the Internet.

That begs the big question: what does it mean for consumer privacy now that the FCC has reclassified Internet telecommunications as a common carrier service subject to Section 222?

The FCC’s action means that customers may now own their Internet CPNI again and that all those entities which want to collect and monetize consumers’ Internet CPNI going forward may legally have to ask a consumer for express consent to use their private CPNI.

What’s the case for an FCC Do Not Track List?

First, the FTC’s Do Not Call List has proven very popular with consumers, because it provides a simple and convenient mechanism for consumers to opt out of receiving unsolicited telemarketing calls.

Roughly three quarters of Americans have chosen to guard their privacy by putting their phone numbers in the FTC’s National Do Not Call Registry.

If the FCC made available a similarly simple and convenient mechanism for Americans to choose to opt out of unsolicited tracking of where they go on the Internet, it is likely over half of Americans would sign up for a national FCC Do Not Track list.

That’s because a 2010 Zogby national poll of two thousand Americans commissioned by my research firm Precursor found strong bipartisan support (79%) for a Do Not Track list modeled after the successful FTC Do Not Call List.

In addition, the FCC justified its assertion of common carrier regulatory authority over the Internet in part to protect consumers and their privacy using section 222.

An FCC Do Not Track List arguably could turn out to be the single most popular part of the FCC’s otherwise unpopular Open Internet Order.

Second, an FCC National Do Not Track List could offer consumers equal protection under the law.

Why should Internet privacy communications protections apply to only some parties’ communications, but not others that use Internet calling, messaging, chat, texting, video conferencing, browsing, or location services, given that, the FCC has ensured consumers enjoy the protections of 911 emergency services over Internet communications no matter what technology is used?

If the FCC considered net neutrality to be sufficiently important to be applied universally to all technologies, why would the FCC not consider consumer privacy protection to be sufficiently important to apply universally to cover all communications?

A national Do Not Track List could create equal treatment for functionally equivalent communications.

It would also create a competitive level playing field by equally applying the same universal communications privacy standard of securing express advance consent for anyone that seeks to use and monetize a consumer’s private CPNI.

In addition, applying Section 222 selectively – ruling that only one kind of Internet company that has telecommunications access to consumers’ proprietary CPNI, ISPs, has to protect CPNI, could be found arbitrary and capricious in court.

Surely the FCC would have to justify in court why only ISPs present a CPNI privacy risk, by showing that no other Internet company offering communications services presents a similar privacy risk to ISPs.

Applying Section 222 selectively would be obviously nonsensical, like building a house for consumers’ privacy protection, but building no walls, only installing blinds where windows might be.

Lastly, why should Internet companies enjoy the protection of common carrier law, but not have any of the consumer protection responsibilities or legal obligations of common carrier law?

For over twenty years Internet companies have enjoyed the blanket liability protection of Section 230, a common carrier provision of the Communications Act.

Internet companies routinely profess that they could not operate as a business without the Section 230 common carrier provision that immunizes Internet companies from liability for what their users may do on their communications platforms, products or services.

If Internet companies believe their businesses are due common carrier protections, how can they reasonably object to their customers also being due statutory common carrier privacy protections?

In short, the FCC should create a National Do Not Track List to protect consumers’ privacy.

That is if the FCC believes in consumer privacy protection, consumer choice, and that their assertion of Title II common carrier authority over the Internet will withstand court challenge.

How the FCC implements Section 222 will speak volumes about the FCC’s priorities.

Will the FCC choose to protect consumers’ privacy, or to protect edge companies, who use and monetize consumers’ most private location information without their express consent?

[Originally published at Precursor Blog]