I’ve been hesitant to delve into the topic of net neutrality, both because my own understanding of it is not as complete as I’d like and because there are people with a much better understanding who have already done so. But I would like to look at some of the implications net neutrality may have for Internet privacy, and doing so requires a decent understanding of what exactly net neutrality means.
I think the best place to begin is with a broad discussion of the infrastructure of the Internet. Unless you live off the grid (like some of our Senators, apparently), your access to the Internet is through an Internet Service Provider (ISP), like Verizon or Comcast. The term ISP is thrown around quite a bit, and can mean several different things in different contexts, but the most familiar is the access ISP. This is essentially the company that provides local Internet access and is often referred to as the “last mile” infrastructure, or the last physical mile of network wiring. But this actually describes a comparatively small part of the Internet’s infrastructure. That “last mile” ultimately needs to connect with the larger networks, and to do so often requires routing through other ISPs, at differing tiers, all of which is handled through a series of negotiations called interconnect agreements. The details aren’t important, but what I do want to emphasize is that the vast majority of this infrastructure is controlled by a small number of companies, and whoever controls this infrastructure can dictate how information flows on the Internet.
Net neutrality basically refers to the idea that these Internet Service Providers have to treat all Internet traffic equally. Whether you are looking at your friend’s picture on Facebook, streaming HD video from Netflix, or reading an obscure blog on cybersecurity, the individual packets that comprise that request have to be routed equally. Now obviously these requests are not equivalent in overall data usage or the host site’s popularity, and it’s on these points that net neutrality opponents seize. They argue that Internet Content Providers (like Netflix, sometimes called “edge providers”) should be able to pay ISPs (like Comcast) to prioritize their content and provide faster service for their customers. And this isn’t completely unreasonable; HD Video requires a lot of bandwidth, and there’s nothing more infuriating than trying to watch House of Cards with slow Internet.
Net neutrality advocates, by contrast, argue that allowing ISPs to charge extra for a “fast lane” incentivizes them to reduce the quality of service for those in the “normal lane,” stifling innovation by providing a severe barrier to entry for those that cannot afford this special treatment. And empowering ISPs to control web traffic in this way would effectively allow them to control the content that we view online. By determining how quickly a website loads, ISPs could steer traffic away from content they’d prefer we didn’t access. Loading speeds may sound trivial, but Internet users are notoriously fickle, and even slight delays steer people to other websites that load more quickly. (ISPs are believed to do this intentionally in China to steer Chinese users to Chinese owned websites.)
The recent debate over net neutrality arose in the mid-2000s when Comcast began throttling (intentionally slowing) Internet traffic for BitTorrent (a file sharing protocol), presumably because BitTorrent was being used for illegal file-sharing. When the FCC tried to stop Comcast and enforce net neutrality, the Court of Appeals for the D.C. Circuit held that the FCC did not have the authority to regulate Comcast’s network management practices. Pursuant to Title I of the Communications Act of 1934 (yes, 1934), the Court held that the FCC can regulate ISPs generally, but that this power did not extend to imposing net neutrality.
In response to the DC Circuit’s judgement, the FCC wrote new rules to try to regulate around this ruling, which led to yet another lawsuit, and in 2014, the D.C. Circuit held that because the FCC hadn’t classified ISPs as “common carriers” (like telephone companies) they could not impose net neutrality regulations. The D.C. Circuit’s decision led to a period of heated public debate over net neutrality, involving a grassroots uprising and a direct endorsement from President Obama, which culminated in the FCC reclassifying ISPs as “common carriers” in February 2015. This reclassification gave the FCC the authority they previously lacked, (now under Title II of the 1934 Act) and allowed them to propagate the new rules enforcing net neutrality.
So that’s a very brief summary of how we got to where we are now. Net neutrality is the law, but what does that mean? The rhetoric surrounding this debate has not been particularly useful for understanding the issues. Net neutrality opponents rely on anti-Big Government platitudes, decrying over-regulation, whereas the net neutrality proponents rely on similar broad swings against Big Business. And these positions are not unjustified. Title II holds the potential for a huge amount of regulation (the FCC has chosen not to enforce most of them, but will always retain the option), but the alternative would leave control of the Internet largely to a handful of private businesses, most of which are notoriously unpopular.
Personally, I think the FCC’s actions are overwhelmingly positive. Despite the cries of over-regulation, these rules seem light but firm. Rather ironically, the primary goal of net neutrality was to keep control of the Internet out of both public and private hands, and the FCC’s current stance looks poised to do just that. Naturally the potential for increased regulation will always loom, but I suspect that those who complain the loudest are speaking primarily for the interests of ISPs, and not the general public.
But it’s not all good news. Strict net neutrality also prevents ISPs from controlling network traffic that we might like to limit. The Comcast case referenced above is a perfect example: illegal filesharing is an enormous problem for copyright holders, and throttling P2P filesharing would be an easy way to limit the negative impact of BitTorrent without actually making it illegal. The First Amendment prevents the government from outlawing filesharing software generally, but businesses could choose to slow the download speeds to a crawl (without net neutrality). But giving businesses this type of freedom also opens up the potential for a library of horror stories, and while I think the likelihood of these stories is low, the guarantees of net neutrality strike me as the much better choice.
Rather than look in depth at each of the FCC’s provisions, I’d like to focus on one: Section 222, which protects user privacy. As I mentioned above, broadband Internet was previously regulated under Title I, which meant that the privacy protections of Section 222 did not apply. Rather than be regulated by the FCC (specific to communication), ISPs were regulated by the FTC (the catch-all consumer protection agency), which could regulate ISPs for “unfair and deceptive trade practices.” Now that the FCC is relying on Title II, they are empowered to impose the much more comprehensive privacy regulations previously utilized primarily to control phone companies. And indeed the fact sheet released by the FCC mentioned that they would use Section 222 to protect consumer privacy, although it did not provide any other details.
The FCC’s decision to use Section 222 is an interesting and exciting development, especially for those of us who are concerned with Internet privacy. Section 222 provides fairly broad protection for “customer proprietary network information,” which refers to “the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service.” (For those who oppose government surveillance, this change will have little to no impact. Acts like CALEA and FISA empower law enforcement and national security agencies to obtain this information, notwithstanding the privacy protections in Section 222 generally.)
Yet Section 222 is not a magic bullet. As I mentioned above, this law was drafted primarily for telephone communications, and the definition of “customer proprietary network information” does not completely jive with broadband Internet. While it probably applies to all of our online activities, it does not explicitly mention the content of our communications. This makes sense in the context of telephone calls: wiretapping is separately regulated, and typically requires the consent of either one or all members to an oral communication, depending on the state you live in. (This is why companies always say things like “your call may be recorded for blah blah blah,” they are informing you that by continuing, you are consenting to be recorded.) So the Communications Act of 1934 didn’t need to cover the content of your calls, because to record that content would be wiretapping and was separately regulated.
But wiretapping laws don’t apply to email. Luckily, another statute applies: the Stored Communications Act. I won’t go into details, but basically ISPs aren’t allowed to disclose the content of your communications except in a few narrow circumstances. Yet it’s less clear how this regulates the use of that information by the ISPs internally. Can Comcast read the content of your emails, and use that information to market to you? While they cannot disclose the content of your communications, this would seem to put minimal restrictions on what they can do with it internally. Coupled with Section 222’s failure to mention “content,” this could potentially give ISPs a surprising amount of freedom with this information.
Now to non-lawyers, this invariably sounds like semantic quibbling. Surely Congress would have wanted to include “content” in these privacy protections. But let’s not forget, this statute was passed in 1934 (admittedly with amendments in 1996), referring to what Congress intended doesn’t really make sense. And even if Congress would have intended the law to include “content,” courts cannot rewrite unambiguous statutes, and a favorite rule of statutory construction is that specifically mentioning certain things excludes those things not mentioned. (This is somewhat akin to recent Supreme Court challenges to Obamacare; literal readings of statutes don’t always comport with Congressional intent.)
Ultimately, I’m not particularly worried about this detail. I’ve argued in the past that targeted advertising isn’t problematic, and if ISPs internalize advertising practices, I don’t see why they shouldn’t be able to use private information that they already have. Your private information isn’t being seen by anyone new, and as I repeatedly point out, it’s really only “seen” by computers. And remember, previously this statute didn’t apply at all! Now obviously other potentially abusive practices still exist, and there are some nuanced points about targeted advertising to consider, (for instance, targeting advertisements to LBGT individuals who are not “out”), but these can be regulated separately, and even if not, other enforcement mechanisms always exist. While the FTC is no longer the de facto privacy regulator in this area, they can probably still bring enforcement actions against ISPs for unfair and deceptive trade practices.
Part of the difficulty with this area of the law is that there are so many different statutes regulating different technologies, and almost all of them are outdated. You are probably thinking, why can’t there just be a “Privacy Act” to handle these things? And there is! Unfortunately, if the Privacy Act had a motto, it would probably be “doesn’t really protect your privacy.” More comprehensive privacy regulation is a frequent political talking point, but is rarely seriously considered. As can be seen with the debate over net neutrality, there is a lot of resistance to regulation, particularly with regard to the Internet, and there simply isn’t the same degree of financial interest advocating for greater oversight. Yet the public response to net neutrality shows just how powerful grassroots movements can be. While calling Twitter hashtags and trending topics on Facebook “grassroots” may seem odd, the point is that individual voices can still make a difference, and net neutrality ensures that those individual voices can be heard.