Donate
  • Freedom
  • Innovation
  • Growth

Comments to the FCC Re Protecting the Privacy of Customers of Broadband and Other Telecommunications Services

  PDF   

BEFORE THE
FEDERAL COMMUNICATIONS COMMISSION
Washington DC

 

In the Matter of
Protecting the Privacy of Customers of
Broadband and Other Telecommunications 
                                                                                                                WC Docket No. 16-106


Comments of
Thomas A. Giovanetti
President
Institute for Policy Innovation (IPI)
Supporting the Petitions for Reconsideration 

March 6, 2017
 

On behalf of the Institute for Policy Innovation (IPI), a free-market public policy research organization that closely follows communications and Internet policy, I write to express our support for the several Petitions for Reconsideration of the FCC Order in the Matter of Protecting the Privacy of Consumers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, henceforth referred to as the “Privacy Order.”

Part of the FCC’s agenda under new Chairman Ajit Pai should be to undo the errors and mistakes of the previous regime under former Chairman Tom Wheeler. Under Chairman Wheeler, the FCC made a distinct departure from sound policy analysis, disregarded empirical evidence, showed contempt for input from Congress and from other federal agencies, neglected cost\benefit and other economic analysis, and stubbornly pursued a narrow ideological agenda. While there remains much for the current FCC to undertake in order to encourage market-based innovation in communications, a priority must be removing barriers unwisely erected by the previous FCC. Among those unfortunate and unnecessary barriers is the recent Privacy Order, adopted in haste just ten (10) days before the 2016 presidential election.

The Privacy Order is not only unnecessary and incoherent with existing federal privacy policies, but is actively harmful to continued broadband development.  Arguably, the Privacy Order is even a betrayal of the forbearance commitments Chairman Wheeler made just two years earlier after reclassifying broadband as a Title II service. Therefore, we urge its reconsideration and withdrawal.

We organize our comments around several distinct objections to the FCC Privacy Order. 

  1. The Federal Trade Commission (FTC) is clearly the correct federal agency to enforce privacy protections, since the FTC has an established and successful privacy framework, and possesses the organizational competence to administer a privacy framework. The past twenty years has been an unprecedented era of the rollout of innovative new communications services that have been widely embraced by consumers. During this time, the governing framework has been the FTC’s approach, which has covered all players in the broadband space, including edge providers, search engines, content distribution networks, ISPs, operating systems, social media sites, and apps. No compelling case was made that the FTC’s privacy framework was inadequate.

  2. The FCC ignored the FTC privacy framework, failed to coordinate with the FTC, and in fact stripped the FTC of its privacy enforcement mandate. The FCC’s reckless reclassification of broadband as a Title II service dramatically disrupted the broadband industry and exposed it to the nearly limitless regulatory power of the FCC, which has made it nearly impossible for ISPs to calculate their exposure to regulatory discretion.

    A further disruption was severing ISPs from the dependable and predictable privacy framework of the FTC.

    Rather than continuing with this successful framework, acting as an expert agency and submitting suggestions for improvement to the FTC, or even coordinating its new Privacy Order with the FTC, the FCC bull-headedly went its own way. In this and many other actions under Chairman Wheeler, the FCC demonstrated the need for Congress to act to rein in the FCC and limit its scope of authority.

  3. The FCC Privacy Order irrationally focused exclusively on Internet Service Providers (ISPs), which in most cases have fewer customer interactions intersecting on privacy than do so-called “edge” providers and other broadband participants. The Privacy Order only applies to ISPs, as opposed to being a comprehensive policy applying to all stakeholders. This regulatory schism exposes consumers to divergent privacy policies (more below). Importantly, in these comments we are NOT calling for such a comprehensive privacy policy from the FCC. The point here is that it is at least ironic and almost certainly counterproductive for ISPs to bear the burden of more significant privacy regulation compliance than apps and edge providers, since ISPs have fewer interactions with consumers that involve privacy issues than do edge providers. Going forward, as encryption becomes more widely adopted, ISPs will have even fewer privacy interactions with their customers.

    Edge companies, on the other hand, are often primary repositories of personal information of consumers and often gather more personal data than do ISPs. A Privacy Order that overlooked the companies that gather and store the most information about consumers seems more like part of a campaign against ISPs than a carefully considered regulatory Order.

  4. The FCC did not follow a reasonable policy process in drafting its Privacy Order. There is no evidence that the Commission did anything approaching an economic analysis or a cost\benefit analysis. This, despite the significant resources of the Commission, and the far-reaching impact of the Privacy Order, suggests the Privacy Order was a pre-determined outcome based on the personal agenda of the Chairman and his Special Counsel. Regardless, it is reckless and hubristic of a federal regulatory agency to impose dramatic new regulatory policies upon an industry without careful analysis of the need for such policies, and of the likely consequences. There is no evidence that the FCC did any of this.
  5. The FCC’s Privacy Order is a dramatic, unwarranted and confusing change from previous policy. For years, “opt-out” consent has been basic to the standard and accepted privacy policies governing the Internet. But through the Privacy Order, the FCC chose to mandate a dramatic change to an “opt-in” framework, which again would only apply to ISPs, and therefore would likely lead to marketplace confusion. Consumers should not be expected to master distinctions between types of Internet companies and differing privacy policies applied to them. Consumers are entitled to coherent, consistent policies in their expectations of the companies they patronize through broadband networks. Importantly, consumers enjoyed this very coherent privacy regime prior to the FCC’s actions to reclassify broadband as a Title II service, and certainly prior to the FCC’s Privacy Order.

    The dramatic nature of this change in policy highlights the importance of coming to such a policy through a sound policy process that included careful analysis and a cost\benefit analysis.

  6. The FCC does not have the legal authority to mandate or enforce privacy regulations. While the FTC operates under the clear legal authority of Section 5 of the Federal Trade Commission Act to identify and prosecute privacy harms to consumers, the FCC enjoys no such legal authorization. Many other stakeholders have made persuasive arguments against the FCC’s claim of legal authority regarding the Privacy Order, and we rely on those arguments.[1]

  7. There will be no harm to consumers from reconsideration and withdrawal of the FCC Privacy Order. For one thing, there was little evidence of consumer harm before the FCC’s Privacy Order, since the FTC framework was working so well. And the FCC itself did not seem to believe FCC action on privacy was urgent, since many of the regulations embedded within the Order have not yet taken effect, and do not take effect until December 2018.

    Additionally, too often policymakers fail to understand that, in a market-based system, companies have a market incentive to please their customers and respect their wishes regarding privacy. It is absurd to assume that, without specific regulation from the hands of a beneficent and all-wise regulator, companies will immediately begin abusing their customers. There is every reason to believe that ISPs, which tend to be large and successful companies rather than unknown or unfamiliar startups, will maintain policies consistent with the previous FTC framework in an effort to maintain trust and confidence with their customers. 

Therefore, the Institute for Policy Innovation asks the Commission to reconsider and withdraw the 2016 Privacy Order as an early step in undoing the many mistakes and overreaches of the Commission under its previous Chairman. We would be happy to answer any further questions the Commission might have on this matter, and would pledge to work constructively with the Commission toward a robust broadband communications market that works to the benefit of all stakeholders, both present and future. 

Sincerely,
Tom Giovanetti
President