Why FCC Title II Telephone Privacy Rules Can’t Work with an Open Internet

Published January 30, 2016

Square peg meet round hole.

The FCC is poised to try and force-fit inherently-irreconcilable, telephone closed-ecosystem privacy rules into a broadband open-system Internet. Good luck with that.

Expect the FCC to have fits trying to successfully craft workable, non-arbitrary, and legally-sustainable Title II broadband privacy rules in the year ahead.

It is a problem of the FCC’s own making.

In arbitrarily applying Title II telecommunications rules to only the ISP half of Internet communications, while politically exempting the entire edge half of Internet communications in its Open Internet order, the FCC has ensured that information that was proprietary and controllable in the closed telephone world becomes public and uncontrollable in the open Internet world.

Horses meet open barn door.

Net neutrality activists wrongly imagined that Title II was all-purpose-regulatory-authority to impose “the strongest possible” Open Internet rules they wanted, like bans on paid prioritization, zero rating or usage based pricing, despite decades of Title II and court precedents that determine many types of economic price discrimination and pricing flexibility to be just and reasonable.

Now they appear to be imagining wrongly again that Title II Section 222 “Confidentiality of Customer Proprietary Network Information” will somehow be strong all-purpose-privacy-authority to impose whatever privacy rules they want, when in reality Section 222 is specific and limited telephone confidentiality authority, that depends entirely on a closed telephone ecosystem for its success, and that is antithetical to the FCC’s Open Internet ecosystem predicate.

There is a reason the term and concept of a “wiretap” exists.

The traditional telephone system was by design a closed and highly secure ecosystem and technology. If the government wanted access to people’s private calling information or the content of a call for law enforcement or national security purposes, they needed a court authorized warrant or order to physically tap a telephone wire. 

There also is good reason the term and concept of “data breach” is so common and widely-known.

The Internet was designed to be open, not closed, private or secure.

The Internet’s co-designer, Vint Cerf, explained in a 2009 interview why. “It’s true that we didn’t focus very heavily on the security side at the time that we were finalizing the current protocols that you’re using. We were much more concerned about whether it worked at all, as opposed to, “does it work securely?”” 

He further explained in a 2008 interview“The idea of a virtual private network was not part of the original design. It was actually an oversight. It didn’t occur to me that it would be useful until afterwards.”    

When asked about Internet security in general, Mr. Cerf candidly explained“It’s every man for himself. In the end, it seems every machine has to defend itself. The internet was designed that way.”

Ironically, the Internet’s co-designer and Google’s Internet Evangelist, Vint Cerf, believes that the primary privacy and security problem by design on the Internet are edge devices/providers — not ISPs. 

Enter net neutrality activists, stage left on cue.

Recently, sixty net neutrality activist organizations urged the FCC in a letter to quickly propose a Title II broadband privacy rulemaking to make the FCC “a brawnier cop on the beat” on privacy matters.

Just like net neutrality activists politically commanded an FCC majority to impose “bright line” net neutrality rules on the broadband sector without Congressional involvement or authority, the same net neutrality activists now seek to command the FCC majority to impose a new broadband-only Internet privacy policy on the broadband sector without Congressional involvement or sufficient authority.   

Expect the most serious privacy advocates to see through this nonsensical, “one-hand clapping” folly and urge the FCC to apply Section 222 more comprehensively, justly and reasonably, to both sides of communications, i.e. ISPs and edge providers.  

The problem is it is way too late for that.

The FCC probably doomed Title II Section 222 rules to failure when it arbitrarily asserted that the open Internet and the Public Switched Telephone Network (PSTN) were one in the same in the Open Internet order, and when they also arbitrarily exempted the edge downstream half of communications from Title II reclassification, apparently at the command of a last minute ex parte filing from Google.  

Consider the untenable prospect of imposing only on broadband providers a duty to keep Customer Proprietary Network Information (CPNI), confidential when under net neutrality rules they are not allowed to block Internet traffic that automatically may transmit “confidential” CPNI to the public via the purveyors of browsers, operating systems and apps, which by the way, have no duty on the other side of the communications to keep the users’ CPNI confidential and not use it for commercial purposes without permission of the customer.

Simply, Internet users’ CPNI is what edge platforms and Big Data companies routinely use by design to track, profile, and monetize user private information to fund free content on the open Internet.

How could FCC broadband privacy rules ultimately be considered “just and reasonable” under Title II if they put an ISP in an impossible compliance situation, where they can’t block or filter traffic to ensure the confidentiality of CPNI under the FCC’s net neutrality bright line bans in the Open Internet order, but they still are subject to privacy enforcement action for not fulfilling their duty to protect the confidentiality of CPNI, when it’s the design of the open Internet and the open expectations of net neutrality that make CPNI confidentiality almost impossible to protect?   

In sum, net neutrality activists have bullied the FCC majority into an untenable situation where they apparently can’t justly and reasonably hold only one side of Internet communications accountable for protecting a user’s privacy on the Internet, when it fosters open Internet policies that exempt the other side of Internet communications by edge providers from any accountability to protect users’ CPNI confidentiality.   

Think of this problem as a proverb; the judge (FCC) can’t justly and reasonably hold a farmer legally culpable for letting a horse escape a barn, if the judge (FCC) previously mandated that the farmer’s barn can’t have walls or tethers to keep the horse inside the barn.

[Originally published at the Precursor Blog]

Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, a research consultancy for Fortune 500 companies, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests.