A former Federal Trade Commission chairman under President Obama is highlighting major concerns with the Federal Communications Commission’s proposed privacy rules for internet providers, backed by the White House, which could have a substantial impact on consumer choice and cybersecurity.
“The FCC’s proposal comes up short of the successful FTC framework that’s protected consumer privacy for decades,” former FTC Chairman Jon Leibowitz told InsideSources.
Leibowitz, who led the FTC during the first half of the Obama administration from 2009 to 2013, has spent recent months going to bat for Internet Service Providers (ISPs) in comments and congressional hearings to make the case for modeling the FCC’s rules after his former agency’s.
“The draft rule proposes a prescriptive set of requirements on ISPs that don’t apply to other services that collect at least as much, and perhaps more, online consumer data that would choke off the ability to innovate and bring benefits to consumers,” Leibowitz said.
Those requirements bar ISPs like Comcast and Verizon from collecting data on subscribers’ internet browsing habits “99.9 percent” of the time unless they opt-in to such collection. That’s opposite from the FTC’s longstanding rules, which require edge providers like Google and Facebook to give users the choice to opt-out of data collection.
Leibowitz oversaw the FTC’s landmark 2012 Privacy Report, which set the standards for data collection and transparency the same year the White House called on the FTC to be the chief regulator of privacy in the U.S.
The report outlined the FTC’s technology neutral approach, meaning the same rules applied to service and edge providers alike, and only require users to opt-in to the collection of sensitive data on health, finances, students and children and deep packet inspection.
“There should be an opt-in for sensitive information, but for other sensitive information that consumers expect and that consumers benefit from, there shouldn’t be,” Leibowitz said. “Because consumers want it. And consumers expect it. And consumers will not be benefitted by not having access to that information, which is kind of routine business information.”
According to Leibowitz the advance requirement would prevent ISPs from offering additional services like cloud storage, music streaming, home security or even discounted service in exchange for data collected simply for research, not resale.
“If you’re a family of four making $40,000 a year or you’re like my 21-year-old daughter who has been online her entire life, but is about to graduate college, you may want that discounted product,” Leibowitz said. “The FCC approach says you can’t do that.”
“Consumers should have the choice. The FCC should not be telling them they can’t do this,” he added.
The FCC rules require ISPs to notify subscribers seven to 10 days after a data breach has been discovered, a window of time that “could interfere with law enforcement efforts to track down a hacker,” Leibowitz said.
In comments filed with the FCC in July the FBI advised the agency to give law enforcement the ability “to delay customer notification if, in the judgment of the federal law enforcement agency, that notification would interfere with a criminal or national security investigation.”
The combination of concerns, many highlighted by the FTC itself in its own unanimously submitted comments to the agency, represent “a steep learning curve at the FCC on privacy,” according to Leibowitz.
“I have a lot of respect for Chairman Wheeler, but this is a new area for the FCC, and it is clear it is taking them a lot of time to get up to speed,” the former FTC chair said. “It is tough to figure this out with a draft rule and a couple rounds of comments, but our hope is that the proposal will improve.”
The FCC claimed jurisdiction over ISPs after reclassifying them as common carriers, the same designation shared by telephone companies, via its net neutrality order upheld in a federal appeals court earlier this summer.
Earlier this year, FTC Chairwoman Edith Ramirez petitioned Congress to remove the exemption in FTC authority that prevents the agency from regulating common carriers.
Leibowitz, like every Republican and Democratic FTC chair before him, said he supports removing the exemption, while also “giving the FTC sole jurisdiction over all privacy issues.”
“You don’t need two different agencies doing this,” he said.
The former chairman suggested the divided support for the rules within the FCC itself should give Wheeler pause.
“This rule seems to be heading to 3-2 status, and lasting and enduring rules are the ones that have unanimity,” Leibowitz said referring to the FCC’s partisan breakdown of commissioners.
“If they improve their rules in the next round and they can do it in a way that will garner not just Democratic support or not just the chairman’s support, but the support of all the commission, that’s what you should do,” he continued. “That will be more enduring, and that will be a great legacy for any chairman.”