Professors Paul Ohm and Peter Swire Provide Testimony at Congressional Hearings Examining the FCC’s Internet Privacy Proposal

By TAP Staff Blogger

Posted on July 15, 2016


Share

Earlier this week, a Senate hearing examined the Federal Communications Commission’s (FCC) proposal on Internet service provider customer privacy. This was the third Congressional hearing in as many months on the FCC’s proposed rules.

 

In May, the Senate Judiciary Subcommittee on Privacy, Technology and the Law brought two FCC Commissioners and two Federal Trade Commissioners together to examine the proposed FCC privacy rules.

 

Last month, the House Energy and Commerce Subcommittee on Communications and Technology held a hearing to discuss "FCC Overreach: Examining the Proposed Privacy Rules." Georgetown University Law Center Professor Paul Ohm was a witness.

 

The Congressional hearing held earlier this week looked at “How Will the FCC’s Proposed Privacy Regulations Affect Consumers and Competition?” Professor Ohm was also called as a witness to this panel. Additionally, Georgia Tech privacy scholar Peter Swire appeared as a witness.

 

A Brief Overview of the FCC’s Proposal

The FCC’s Notice of Proposed Rulemaking (NPRM), titled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Service,” seeks to govern the privacy practices of broadband internet access service providers (BIAS providers). Among other things, the NPRM outlines the FCC’s proposed rules for broadband privacy policies, the level of customer approval required to use and share customer proprietary information, data security requirements, and data breach notification requirements.

 

Below are excerpts from the professors’ testimonies.

 

Professor Paul Ohm

“The FCC has acted appropriately and wisely. The application of section 222 to BIAS providers represents not only a straightforward implementation of the law but also a laudable exercise of privacy theory and policy.”

 

Testimony for the U.S. House Energy and Commerce Subcommittee on Communications and Technology, "FCC Overreach: Examining the Proposed Privacy Rules” on June 14, 2016.
- and -
Testimony for the U.S. Senate Committee on Commerce, Science, & Transportation, "How Will the FCC’s Proposed Privacy Regulations Affect Consumers and Competition?" on July 12, 2016.

 
In 1996, Congress enacted section 222 of the Telecommunications Act of 1996, delegating to the FCC the power and obligation to promulgate rules to protect the information held by telephone companies and other telecommunications providers covered by Title II of the Act. Under this clear statutory authority, the FCC has proposed new rules requiring BIAS [broadband Internet access service] providers to respect and protect the privacy of their customers, in the wake of the agency’s decision to reclassify these providers into Title II.
 

The FCC has acted appropriately and wisely. Rather than dissect the proposed rules, I will focus on how the application of section 222 to these providers represents not only a straightforward application of the law but also a laudable exercise of privacy theory and policy. I support these conclusions not only through my work and the work of other scholars, but also by leveraging the experience I have gained as a former Senior Policy Advisor to the Federal Trade Commission (FTC) on privacy issues, Department of Justice computer crimes prosecutor, and professional network systems administrator.

 

In this testimony, I make four points:

  • Section 1: The Telecommunications Act of 1996 obligates BIAS providers to serve as important gatekeepers of privacy, a sensible choice then and now, one that continues to protect important values in today’s online environment.
  • Section 2: When Congress recognizes the need for sectoral privacy rules, as it has with this law, it is well-advised to create rules that draw bright and easily administrable lines rather than utilize murky balancing tests, in order to protect consumer expectations and engender consumer trust.
  • Section 3: The proposed FCC rules create and preserve an important level playing field for information. Importantly, BIAS providers retain the ability to compete directly with search engines and other providers of edge services subject to precisely the same privacy law framework as any other company.
  • Section 4: There is great need to strengthen privacy rules for online actors other than BIAS providers. To this end, the FTC does not have all of the authority or resources required to solve all online privacy problems.
 

Paul Ohm is a Professor of Law at the Georgetown University Law Center. He specializes in information privacy, computer crime law, intellectual property, and criminal procedure. He serves as a faculty director for the Center on Privacy and Technology at Georgetown. From 2012 to 2013, Professor Ohm served as Senior Policy Advisor to the Federal Trade Commission.

 

Professor Peter Swire

“In conclusion about whether ISPs have “comprehensive” visibility into user Internet activity, the prevalence of encryption and the shift to mobile computing put important limits today on ISPs’ visibility.”

 

Testimony for the U.S. Senate Committee on Commerce, Science, & Transportation hearing, "How Will the FCC’s Proposed Privacy Regulations Affect Consumers and Competition?" on July 12, 2016.

 

In February of this year, my co-authors and I issued the 125-page Working Paper called “Online Privacy and ISPs: ISP Access to Information is Limited and Often Less Than That of Others.” My testimony today, based on reply comments filed this week with the FCC, focuses on two principle factual findings arising from that research project:

 

1) ISP visibility into consumer online information is far from comprehensive, and will likely continue to decline; and

2) ISPs appear to lack unique insights into users’ Internet activity.

 

These two conclusions, in my experience, are surprising to many people on first encounter. For understandable reasons based in history, many observers have believed that ISPs do have comprehensive and unique insights into users’ Internet activity. Our research has sought to provide an accurate factual basis for consideration by the FCC and other policymakers about these topics.

 

As a related point, I note the role that our research has played both for those concerned the FCC’s proposed privacy rule is too strict as well as those who support the FCC’s proposed rule. For those concerned that the FCC’s proposed rule is too strict, I believe our research has served a distinctly useful role – the public debate had often assumed that ISPs have comprehensive insights into user online activity, but in fact that is not so. The research, most clearly concerning the rising use of encryption, thus has corrected important mis-perceptions, prompting policymakers to decide based on current facts rather than false impressions. For those who support the FCC’s proposed rule, I submit that our research has also served a distinctly useful role. Prior to our Working Paper, a substantial part of the advocacy for the rule had been based on factual claims that have not stood up to scrutiny, especially the claim that ISPs, due to their place in the Internet ecosystem, see “everything” about a user’s Internet activity. In the absence of our Working Paper, proponents of the rule faced a risk that the rule would be based on inaccurate facts, thus exposing the rule to the risk of reversal during the process of judicial review.

 

Peter Swire is the Nancy J. and Lawrence P. Huang Professor in the Law and Ethics Program at the Scheller College of Business at the Georgia Institute of Technology, with courtesy appointments in the School of Public Policy and the College of Computing. Professor Swire has been a leading privacy and cyberlaw scholar, government leader, and practitioner since the rise of the Internet in the 1990’s. Professor Swire has served several times in the White House as a policy official. In 2013, he served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology. Prior to that, in 2012, he was co-chair of the global Do Not Track process for the World Wide Web Consortium. Under President Clinton he was the Chief Counselor for Privacy, in the Office of Management and Budget. He is the only person to date to have U.S. government-wide responsibility for privacy policy. In that role, his activities included being White House coordinator for the proposed and final HIPAA medical privacy rules, chairing a White House task force on how to update wiretap laws for the Internet age, and helping negotiate the U.S.-E.U. Safe Harbor agreement for trans-border data flows.

 

For more information about this week’s Congressional hearing and Professor Swire’s research paper, “Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others,” read the TAP post: Peter Swire Discusses Internet Service Provider Access to Consumer Data at Senate Hearing.

 


Share