By Kaitlyn Conway
On March 28, 2017, the Senate passed SJR34, which effectively killed broadband privacy protections. The bill, which is brief, reads as follows:
Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (81 Fed. Reg. 87274 (December 2, 2016)), and such rule shall have no force or effect.
This bill repeals an order signed into effect by former President Obama during the lame-duck period between Trump’s election and his inauguration on January 20th, 2017. Essentially, this bill allows internet service providers to sell their customer’s browsing history and personal information to advertisers without their consent, overruling the Obama proposal which would have effectively outlawed this practice. This comes after years of debate over the importance of “net neutrality.”
In response to the passage of this bill, several fundraising campaigns have emerged with one goal in common: to purchase the browser histories of the congressmen who voted for the resolution, and to release it to the public. These campaigns are headed by well-known public figures such as net-neutrality advocate Adam McElhaney, who has as of now raised $161,000, and Supernatural actress Misha Collins who has raised $64,000. Cards Against Humanity creator Max Temkin has stated that he would be willing to personally purchase Congress’ internet history without donations if it were possible, but in the meantime, he’s currently encouraging people to donate to Electronic Frontier Foundation.
People who donate to these campaigns seem to be driven by this fear that their privacy will be used against them by criminals who happen to have the capital to wreck havoc on people’s lives. Here’s the reality: you can’t buy Congress’ data. In fact, you can’t “buy” anyone’s data. And what the actual “data” is has been misconstrued. When internet service providers (“ISPs”) collect your data for themselves and themselves only. The specifics of the data do not get released. Instead, what they sell to companies is called “targeting.”
This is how targeting works: when an individual goes to a website, that website will cast out to various marketplaces on what ads to show. If you throw information tracking into the mix, it can throw up some demographic and interest data into the marketplace, based on the computerized algorithms utilized by online advertisers. None of the advertisers will have information as specific as your name, your occupation, or any other info. They just bid for your time based on where you browse.
If ISPs did try to sell your specific information, they could find themselves liable under the Wiretap Act of 1968. This act prevents most instances of divulging a person’s electronic communications without consent. This rule goes both ways, meaning that it would also be illegal to purchase the electronic information of members of Congress. This act does not apply to “aggregate” customer information utilized by web advertisers, but more specific information that most people behind these grassroots campaigns appear to be concerned with. That type of information is also protected by the 4th Amendment of the Constitution, which states:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
In summation, unless there is a criminal investigation and proper warrants and affidavits are in place, ISPs cannot legally disseminate this information to anyone, not even the government. What also makes it illegal is Communications Policy Act of 1984, which houses the protection of subscriber privacy provisions. As it pertains to the 4th Amendment after the Patriot Act of 2001, it narrowed the privacy provisions, clarifying that companies who offer cable-based internet or telephone services will be subject to the requirements of the Cable Act to notify subscribers of government surveillance requests only when detailed cable viewing information is being sought. However, as before, those seeking to obtain information will still need reasons justified under the 4th Amendment.
However, if you still remain unsure as to your privacy protections with the passage of this resolution, there are alternative routes you can (and many have chosen to) utilize: the first is Tor search engine, which anonymizes your browser, or utilize VPN which keep your activity encrypted and hidden. Neither are perfect options, as you are still placing your trust in servers to not package your data. However, because these services are renown for being, at the very least, adequate options to maintain online privacy. What’s most important is that people are aware of what SJR34 can do, and most importantly, what it cannot do.
Student Bio: Kaitlyn Conway is a 3L at Suffolk University Law School. She serves as the Web Administrator for the Journal of High Technology Law and also serves on the Indigenous Peoples Rights Clinic as a 3:03 Certified Student Attorney.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.