Privacy and the Internet: What the FCC Doesn’t Get
If you want to get totally confused about the nature of the Internet, you can’t do any better than to listen to and believe FCC Chairman Tom Wheeler’s remarks in last week’s Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing on Internet privacy. Wheeler has a curious view of technology for a regulator: He insists that every new thing is really old.
While you may believe that the Internet is a fabulous advance over all previous forms of communication – common knowledge in the tech community – Wheeler maintains that it’s nothing more than a somewhat improved telephone network. He argued before the committee that Internet Service Providers are offering a service that’s not fundamentally different than the service offered by Public Switched Telephone Network Service (PSTN) providers.
Network Structure and Privacy Regulations
This belief underlies Wheeler’s desire to to impose the Customer Proprietary Network Information (CPNI) rules developed for the PSTN onto ISPs. As Wheeler put it, ISPs can put together packages of information about the sites and pages users visit “which should not be sold by the network. The network is just taking you to get that information. They don’t have the right to turn around and say: “Hey, I’ve got the information on who’s got cancer!” That’s wrong. They can’t do it today with a phone call. They shouldn’t be able to do it on the Internet.”
By way of background, Wheeler believes that ISPs can learn who has prostate cancer by monitoring visits to WebMD, an unencrypted web site that peddles medical information of dubious accuracy. [For some reason no one lobbying for ISP privacy regulations ever uses the example of the Mayo Clinic, an encrypted site that’s much more accurate.]
“Choice” is a Red Herring
Wheeler also invoked the “choice” red herring, arguing that consumers have no choice but to use whichever ISP they use, while they have tremendous choice in terms of search services and web sites. But this is trying to have it both ways: If I can choose to visit Mayo Clinic instead of WebMD, I prevent my ISP from knowing which medical topics I’m interested in. But if choose to visit the dubious WebMD instead, it’s open season for the ISP to harvest away. So my choice of web sites has more significance to the marketing of personal information about my medical curiosities than my choice of ISPs does. But I digress.
I’d like to recommend some reading matter for the Chairman on the differences between the Internet and the PSTN. The Internet Society (ISOC, the organization responsible for Internet standards) published a short paper in 2012 titled The Internet and the Public Switched Telephone Network: Disparities, Differences, and Distinctions that lays them bare.
What Makes the Internet Special
Fundamentally, the PSTN is a voice network that connects people to people through handsets that have no capability for processing information. The telephone handset is simply a microphone and a speaker, and all the processing machinery that’s required to transport conversations is buried inside the PSTN. While the Internet is a distributed system, the PSTN is a monolith.
Consequently, there’s a huge difference between the Internet and the PSTN with respect to the creation and operation of network services. As the ISOC paper puts it:
Supports innovation without requiring permission (by anyone)
Internet: Any person or organization can set up a new service that adheres to open and collaborative standards, and make it available to the rest of the Internet, without requiring special permission. The best example of this is the World Wide Web – which was created by a researcher in Switzerland, who made his software available for others to run, and the rest, as they say, is history.
PSTN: Only telecoms companies can define and deploy new services within their networks.
Consequently, there’s a difference between what Internet carriers know about what we do on the Internet and what PSTN carriers know about what we did on the telephone network for a very basic reason. The PSTN carrier is indistinguishable from the PSTN service provider because only the carrier can create a service. But the Internet allows anyone to create a service because Internet services are distinct from Internet carriage. The Internet takes apart the PSTN and rebuilds it partially on carriers and partially on service providers at the edge.
ISOC explains that the PSTN is a hierarchical, centralized, and highly regulated network while the Internet is decentralized, modular, and lightly unregulated one. This is a question of accessibility. The paper says:
Internet: It’s possible to connect to it, build new parts of it, and study it overall: Anyone can “get on” the Internet – not just to consume services, but also to contribute applications and services, and attach new networks.
PSTN: Limited to licensed telecoms providers, and restricted by technical complexity, as well as through geographic boundaries of regulatory regimes.
So if we believe that the Internet is just another communication network that in essence does what the PSTN did for us (only better), we have to admit that the functions of the old PSTN are no longer limited to the ISP. The Internet’s innovation is the separation of carriage and service. So if we want to apply to the CPNI rules to the Internet, we would need to apply them both to carriage providers – ISPs – and to service providers such as Google, Netflix, and WebMD.
This is because it takes the combination of carriers and services to make a network, and in today’s world some of the functions of the old network are provided by services that anyone can create. But Wheeler doesn’t get this. In his analysis, the ISP provides a service that does everything that PSTN carriers did, and the service providers are no different from people speaking into handsets.
Faulty Analysis Leads to Bad Regulation
So he wants to impose CPNI on the ISPs while giving web services a free pass to do whatever they want. This inconsistency – and its apparent basis in a failure to understand the nature of the Internet – is the basis of the controversy over applying more restrictive privacy rules to carriers than to service providers.
Embracing a faulty theory of what the Internet is and how it stands in history relative to the PSTN leads to faulty analysis of privacy risks. In Wheeler’s view, the entity best positioned to track users around the Internet is the carrier, but this belief is shattered by the increasing use of encrypted communications. ISPs can learn very little from my visits to Mayo Clinic’s site, but advertisers can learn a lot about my web visits to any site that posts their ads. This is because websites provide advertisers with identifiers about who and where I am each time I download their ads.
It’s Good to Be a Browser
But the best place to be in the Internet to track users is in the browser. The browser deals in clear text and can track and record all my activity without even needing to pay for a computer to track me: I give them access to my computer and they use it take me where I want to go, when I want to go there.
The browser knows if I read the pages I visit because it sees me scrolling and tracks my mouse clicks. It knows when I forward links to the pages I read to others. And it knows which paragraphs I re-read. The browser “is just taking you to get that information” and it knows more about what you’re doing than the network operator does.
Does the browser “have the right to turn around and say ‘Hey, I’ve got the information on who’s got cancer!’”? It seems to me that a browser maker whose business model is based on selling this kind of information is in the same boat as a carrier who does it, not that any do.
Conclusion: Wheeler Doesn’t Get the Internet
So the most charitable analysis of Chairman Wheeler’s many inconsistencies is they all betray the same misunderstanding about the nature of the Internet.
And by the way, prostate cancer is no big deal for old men like the chairman and myself. My healthcare provider stops testing men for prostate cancer at age 65 because it doesn’t matter. Any man who lives long enough will develop a slow-growing prostate cancer, but it’s not going to kill us. The fast-growing prostate cancers than younger men get are a whole different story, and they bear swift and immediate medical attention. And no, smoking pot and drinking smoothies won’t make them go away.
So even if the chairman of the FCC insists on distorting the Internet, he needs to come up with better examples of privacy freakouts than old men looking up prostate cancer on WebMD. But he really needs to have an engineer explain the notions of decentralization and modularity to him before he wrecks an important part of the Internet with improper regulation.
Related Posts From High Tech Forum