Congressional Republicans Sell Data Privacy to the Highest Bidders

data privacy

The bill to roll back regulations that require internet providers and companies, such as Facebook and Google, to ensure data privacy for internet users has just passed in the House of Representatives. Once signed President Trump, it will become effective legislation—and it’s expected that he will sign.

With the Obama administration’s internet privacy laws repealed, internet companies and service providers will no longer have to get consumer consent before selling or sharing internet usage, geolocation, or other internet browsing data to the advertisers and marketers that typically want this data.

House Democrats voted against the repeal. The data privacy issue is split along political party lines. Republicans traditionally have been for little regulation and on the side of service providers, such as Verizon and AT&T. Democrats have been more in favor of consumer rights, in this matter.

Digital rights groups and privacy advocates are in an uproar. One group, Fight for the Future, is raising funds in an online campaign to erect billboards with the names of every member of Congress that voted in favor of the rollback.

“Congress should know by now that, when you come for the internet, the internet comes for you,” said Evan Greer, campaign director of Fight for the Future, in a press release.

“These billboards are just the beginning. People from across the political spectrum are outraged, and every lawmaker who votes to take away our privacy will regret it come election day.”

According to Greer and his group, without the consumer protections, internet service providers and telecoms can:

  1. “Monitor and sell customer’s location data, search history, app usage, and browsing habits to advertisers without permission.
  2. Hijack customer’s search results, redirecting their traffic to paying third-parties.
  3. Insert ads into webpages that would otherwise not have them.”

Even the Federal Communications Commission (FCC) is divided on the issue. Trump-appointed FCC Chairman Ajit Pai said in a released statement, “Last year, the Federal Communications Commission pushed through, on a party-line vote, privacy regulations designed to benefit one group of favored companies over another group of disfavored companies. Appropriately, Congress has passed a resolution to reject this approach of picking winners and losers before it takes effect.”

“It is worth remembering that the FCC’s own overreach created the problem we are facing today.”

Commissioner Mignon Clyburn, the first African American women to serve as an FCC Commissioner, was appointed to the position by President Obama in 2009. She is opposed to the repeal and tweeted:

 

 

 

 

 

Senate Republicans Kill Internet Privacy Requirements

Internet Privacy

Senate Republicans just passed the Broadband Privacy CRA (Congressional Review Act) bill. This repeals data privacy requirements put in place by the FCC during the Obama administration.

According to Reuters, if the bill goes on to pass in the House of Representatives, internet providers including companies such as Google and Facebook no longer have to “obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and internal marketing.”

The issue is highly contested and split down party lines. Republicans and conservatives at the FCC including Chairman Pai, have been critical of regulations over the broadband and internet provider industries.

Democrats and more progressive members of the FCC, as well as consumer advocates, are traditionally for regulations that protect consumers.

FCC Commissioner Mignon Clyburn (Image: FCC)

 

In the Reuters story, Senate Republican Majority Leader Mitch McConnell said that the privacy regulation “”makes the internet an uneven playing field, increases complexity, discourages competition, innovation, and infrastructure investment.”

FCC Commissioner Mignon Clyburn and FTC Commissioner Terrell McSweeny released statements criticizing the Senate’s passage of Broadband Privacy CRA:

“Today the Senate voted along party lines to dismantle the FCC’s broadband privacy rules. If signed by the President, this law would repeal the FCC’s widely-supported broadband privacy framework, and eliminate the requirement that cable and broadband providers offer customers a choice before selling their sensitive, personal information,” said Commissioners Clyburn and McSweeny.

Clyburn and McSweeny, continued: “This legislation will frustrate the FCC’s future efforts to protect the privacy of voice and broadband customers.  It also creates a massive gap in consumer protection law as broadband and cable companies now have no discernible privacy requirements.  This is the antithesis of putting #ConsumersFirst. The House must still consider this legislation. We hope they recognize the importance of consumer privacy and not undermine the ability of Americans to exercise control over their sensitive data.”

Three Essential Cybersecurity Questions

cybersecurity

Amid all of the hullabaloo over the presidential election this year, one topic has quietly grabbed nearly just as many headlines—cybersecurity.

Cybersecurity, or “the cyber” as our president-elect has referred to it, is the effort to protect electronic devices and the infrastructure that supports them, from a host of physical and computerized threats.

With the continued growth of global e-commerce and electronically available consumer data, many businesses have become targets for cybersecurity attacks. Consider, for example, just a few of the companies who’ve acknowledged data breaches this year:

LinkedIn

Snapchat

Yahoo!

Oracle

Wendy’s

So, what does all of this mean for businesses? Well, for one thing, more government regulation likely awaits. In September, for instance, the New York State Department of Financial Services proposed sweeping new cybersecurity rules.

And yet, regulations alone won’t protect businesses or their customers from cyberattacks. Therefore, as cyberattacks become more widespread, businesses should take action to protect themselves and their customers by considering three questions:

 

  1. What are your assets?

Every business has assets. For many, it’s their brand. For some, it’s the “secret sauce” for the product or service they sell. For others, it’s their customer data. For certain businesses, it’s all three of these things.

Either way, as a starting point, all businesses should itemize their most prized possessions. What are the crown jewels of the company? What does the business value the most? Take some time to consider these questions. Then, as a next step, determine the level of protections that you want to manage. For instance, if your business has $50,000 in assets, you may not want to spend $500,000 to protect them. Figure out a right-size approach that works best for your company’s needs and budget.

 

  1. What are your threats?

As with assets, all businesses face threats. And the threats, not surprisingly, vary depending on the business.

Most businesses face the threat of competitors. But some, like banks or retailers, also face threats from cyber criminals who want to steal their money. Others, such as tech companies, face threats from competitors that seek to steal their intellectual property.

The bullets below summarize the multiple threat categories that exist.

  • Nation-states (e.g., China, Russia, and other countries that facilitate cyberattacks to procure data)
  • Cyber criminals (e.g., organized crime syndicates that use cyber theft to make money)
  • Hacktivists (e.g., people with a bone to pick that use hacking to make a statement)
  • Casual Hackers/Lone wolves (e.g., people who hack out of curiosity, but sometimes help cyber criminals)
  • Inside threats (e.g., disgruntled employees seeking to steal money and/or make a statement)

Given the different threat categories, it can be difficult to figure out which threats might apply to your business. So businesses of all sizes should consider contacting cybersecurity vendors for help with threat identification. Additionally, businesses may use the NIST cyber threat self-assessment guide.

 

  1. What are your weaknesses?

After identifying threats, the next step is to identify vulnerabilities. In other words, think of how the threats could attack your business. For example, if you have customers’ credit card data stored electronically, could cyber criminals hack into your system to steal it? Or, could a competitor use your company website to access confidential information Considering these types of questions will help identify vulnerabilities. However, most businesses should still probably consult cybersecurity vendors to assess weaknesses and identify solutions.

Lastly, not all cybersecurity weaknesses are “cyber” in nature. Certain physical controls, such as security gates in buildings and employee ID badges, can provide equally important defense against cyber threats. So businesses should ask cybersecurity consultants to recommend logical (i.e., computerized) as well as physical defense solutions.

 

 

 


Stephen BallStephen L. Ball is Government Affairs Counsel for CSAA Insurance Group. A proud Wolverine, Stephen has a B.A. in Political Science and a Master of Public Policy degree from the University of Michigan. He also has a J.D. from Harvard Law School. For more information about Stephen, see his LinkedIn page.