Well, it happened.  As of April 3rd, 2017 the FCC Internet Privacy Rule intended to protect consumers from their personal information being sold was repealed when President Donald Trump signed off on the repeal that had passed both Senate and Congress.

For a complete list of the 265 state representatives who voted for the repeal, as well as the amount of money they received from telecommunications companies as donations click HERE.

This was met with severe ire and backlash from the American people, because consumers rightfully value their privacy.  Actor Misha Collins began raising funds with the ambitious goal of buying every representative’s browser history for the tune of $500,000,000. Cards Against Humanity designer Mark Temkin stated he would purchase the browsing histories himself with no need to crowdfund the effort.  Both have garnered a lot of attention and thus far 4 crowd funding efforts have raised more than $200,000.  With the President’s ink still drying on the repeal, it will be interesting to see the follow through on this.

It doesn’t take a lot of news these days to become shocked, downhearted, frustrated, angry and/or completely bamboozled.  This is all on top of the March 28^th, 2017 news that the US Congress voted to repeal the Obama Era FCC Internet Privacy Rule. This repeal passed by the Senate on March 23^rd, 2017. Did you catch that with so much going on in the news?

What does the repeal of the FCC Internet Privacy Rule mean?

The repeal would make it legal for internet providers to sell your browsing history without your permission.  This same FCC Internet Privacy Rule the House of Representatives voted to repeal also required internet providers (think Comcast, AT&T, Time Warner and Verizon) to protect your data from hackers and inform you of any breaches.

It’s important to differentiate between internet providers, search engines and websites.  The best metaphor out there is that internet providers are like roadways and search engines and websites are akin to stores along those highways.  You have to take the road to go to the store.  So even though Google is, well Google, they too depend on the roadways of internet service providers.

Let’s back up to the initial FCC Internet Privacy Rule, which was passed just back on October 27, 2016 – not that long ago.  The biggest thing to remember is that this rule NEVER went into effect.  It passed in October of last year, well before the shock of November 8^th, and was set to go into effect early this year, however it never actually did.  Meaning our privacy has always been up for sale.

The new rule would have required internet providers to get your explicit permission before they shared information like your browsing history, location, app usage and even the content of your emails. Social security numbers, financial information, medical information and any information pertaining to children would also be secured by this FCC Privacy Rule.  Any information outside of those categories could still be shared by internet providers unless the consumer actively opts out.

Providers would be required to inform consumers of any information that they are collecting and update them of any changes. None of that had been protected until the privacy act was passed.  That means that internet providers have been able to share and sell of that information all along.

These rules also include the vague requirement that internet providers “take reasonable measures” to secure consumers’ sensitive data.  While reasonable measures remained unspecified, it was specified that if there was a breach, the providers have 30 days to notify the consumer.

The rules were going to be put into place to prevent internet providers from forcing consumers to opt into agreements where they share their information and prevent the providers from withholding service from consumers who refuse to opt in.  However, the rule did seem a bit like they providers could still charge more for their services for a refusal to opt in and didn’t provide any clear governance in the matter.  Sound a little bit like preventing mafia behavior?

The FCC plan of action was to review any instances of what could basically be termed ‘privacy fees’ on a case by case basis.  With a reported 88.5% of Americans, or 286,942,362 people, using the internet in 2016, a case by case basis seems a bit unrealistic.

Even without consumer permission, internet providers under this ruling would have been able to share information ‘anonymously.’  This ruling allowed internet providers to share consumer information without consumer permission so long as the information is made anonymous by the provider “so that it can’t be reasonably linked to a specific individual or device.”  The theory behind this is that your data could still be sold, but not linked to your device.

Another key point of interest is that this all happened due to something called the Congressional  Review Act.  The Congressional Review Act allows congress to strike down any recently passed rules by federal agencies to block FCC action.  A big concern with repealing the act, as opposed to improving it for the sake of the consumer not the corporations, is that it prevents a comparable/improved act from being implemented in the future.  Striking privacy acts out of the realm of possibility in the future. Another lesson in the political science crash course America is cumulatively taking at the school of hard knocks.

To say that the bill left a lot to be desired is an understatement, however what’s more concerning is that none of this was in place at all to begin with and consumers have been going about their online business.  All of which means, at this time it’s up to the American consumer to actively protect their privacy.

Protect your private data

Paul Linebaugh, Head of Digital Infrastructure Systems at eSecureSend.com, a secure, large data transfer firm in Durham, North Carolina gives expert insight on how the American consumer can protect their privacy.

• Browse websites with secured connections.  Use URLs with “https://” at the beginning and look for the lock symbol on your web browser.  If you are typing in a URL by hand, start with the “https://” and bookmark URLs with it also.
• If you use public access (like a coffee shop) then use a Virtual Private Network (VPN) to secure your traffic so other patrons can’t sniff it or redirect it.  You’ll need a VPN server setup to connect to.
• Use a password manager to create/edit/manager your passwords.
• Configure applications to use a secure connection when possible.  Email clients would be one of the most popular that needs to use a secured connection.  For most apps you don’t really have the control to do it, the developers need to do it. This means actively looking at each of your apps to see the privacy settings and security information.
• In addition to using a secured connection with email, you can also use Pretty Good Privacy Encryption Program. That’s seriously what it’s called, but don’t underestimate the value of a PGP, such as GnuPG to sign and encrypt emails to others.  This can be tricky, but not impossible, because the people you send the emails to also need to configure it on their end.
• If you can, use two-factor authentication. That would be good, especially for critical or high-value accounts.  PayPal, banking accounts, and gaming accounts would be some types of accounts that could be high-value to bad people.
• Make your email account(s) as secure as you can.  Use a long password and an encrypted connection for access.  If someone can get into your email account then they can get into a lot of your other accounts by resetting your password on those accounts and intercepting the email.
• Encrypt your hard drives – this isn’t really an online thing, but can be related since your online passwords are probably on your laptop/desktop somewhere.
• If you use an open wireless network or a wireless network with a known passphrase (default usually) then after you are done remove that connection from your list of known networks.  There are tools out there that allow people to pretend to be those wireless networks and reroute your traffic.
• Don’t install anything unless it is from a known source.  Go directly to the website that hosts the program that you want to install and download it.
• For the sites that ask for things like “mothers maiden name”, consider making something up, keep track of it, and if another site asks for the same thing make something else up.  If one site is compromised that has that information then a bad person can use it to get into your account on other sites if they have the same questions with your same answers.

The Takeaway

All of that may seem like a lot to take in on top of the fact 265 people voted to represent the American people just sold us out to corporate donors. The internet is an incredible tool that has completely transformed the way we work and live.  Make it work for you by using the above privacy measures and send an email, via a secure route option of course, to your representative letting them know how you feel and reminding them when the next upcoming election is.