Study: ISPs Aren't All-Seeing Privacy Monitors

According to a just-released working paper, privacy expert and former Clinton White House official Peter Swire, ISPs are not the all-seeing eye on users' online activity, which has been invoked to justify boosting privacy restrictions on ISPs.

The study comes as the FCC is contemplating what customer privacy regime to impose on those ISPs now that Title II reclassification of Internet access gives them jurisdiction over broadband customer CPNI (Customer Proprietary Network Information). The FCC has already had authority over traditional Video CPNI (like information on what PPV programming customers are buying).

Swire makes no recommendations about what rules should be applied to ISPs, or other players in the Internet ecosystem, but said whatever the public policy is, it should be based on accurate information and understanding.

As Swire outlined to B&C/Multichannel News earlier this month, that additional info and understanding should include that: 1) that encryption—the “https” in a URL signals the link is encrypted—is widespread, and Swire says it means ISPs can’t do the sort of data examination of customer information ISPs are accused of being able to do; and that consumers have ways to avoid data collection.

Swire says in the paper that technology has placed substantial limits on the visibility of online activity. In addition to encryption, that includes virtual public networks.

Swire also makes the point that while technology is reducing the "online visibility" of ISPs, non-ISPs (search engines like Google, for example) are increasingly gathering commercially valuable info from "(1) social networks; (2) search engines; (3) webmail and messaging; (4) operating systems; (5) mobile apps; (6) interest-based advertising; (7) browsers; (8) Internet video; and (9) e-commerce."

He says that given all that, ISPs should not be viewed as having comprehensive or unique insight into their subs' Internet activity.

In part because the FCC has shied away from trying to regulate edge providers, it has focused under FCC Chairman Tom Wheeler, on ISPs as the potential snake in the virtuous garden of Internet information flows.

The paper was funded by Broadband for America (BIA) (ISPs, in turn, back that group), the Institute for Information Security and Privacy at Georgia Tech, and the Georgia Tech Scheller College of Business."

Jeff Chester of the Center for Digital Democracyand a longtime privacy advocate suggested that Broadband for America funding constitued a clear conflict of interest, but the working paper assserted that the views were those of the authors.

BIA supporters include AT&T, CenturyLink, Cisco, CTIA - The Wireless Association, Comcast, the National Cable and Telecommunications Association (NCTA), the Telecommunications Industry Association (TIA), Time Warner Cable, USTelecom Association, and Verizon.

"The report fails to capture the realities of today’s ISP cross device marketplace that has made them a serious threat to consumer privacy," said Chester. "By accepting funding from the very ISPs collecting our information—including AT&T, Comcast and Verizon—the Swire study raises questions about its methods and conclusions." 

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.