DISSENTING STATEMENT OF COMMISSIONER AJIT PAI Re: Protecting the Privacy of Customers of Broadband and other Telecommunications Services, WC Docket No. 16-106. For many years, the United States embraced a technology-neutral framework for online privacy. The Federal Trade Commission applied a unified approach to all online actors. That framework allowed the FTC to carry out “more than 150 privacy and data security enforcement actions, including actions against ISPs and against some of the biggest companies in the Internet ecosystem.” 1 And that’s the same framework that the United States government has told the European Union is sufficiently robust to protect online consumers against predatory privacy practices. 2 The FCC tore apart that unified framework 13 months ago when it reclassified broadband as a public utility. 3 So I agree with my colleagues that we do need to act, to refill the deep hole in privacy protections dug by the Commission. What’s the best way to refill it? I can’t put it any better than Chairman Wheeler did, testifying before the House Energy and Commerce Committee’s Subcommittee on Communications and Technology in November 2015: Because consumers deserve “a uniform expectation of privacy,” the FCC “will not be regulating the edge providers differently” from Internet service providers (ISPs). 4 When it comes to privacy, the principle of parity makes sense. As the FTC concluded years before being evicted from this space, “any privacy framework should be technology neutral” because “ISPs are just one type of large platform provider” and “operating systems and browsers may be in a position to track all, or virtually all, of a consumer’s online activity to create highly detailed profiles.” 5 Yet today, the Commission digs yet another hole in trying to fill the first one. Instead of respecting both common sense and last fall’s public commitment to Congress, the FCC tilts the regulatory playing field by proposing to impose more burdensome regulation on Internet service providers, or ISPs, than the FTC imposes on so-called “edge providers.” 6 But consumers don’t necessarily know which particular online entities can access their personal information, let alone the regulatory classification of those entities. They do care that their personal information is protected by everyone who has access to it. And more broadly, it makes little sense to give some companies greater leeway under the law than others when all may have access to the very same personal data. This disparate approach does not benefit consumers or the public interest. It simply favors one set of corporate interests over another. Slanted regulation is bad enough. Illogically slanted regulation is worse. Here’s the reality: There is no good reason to single out ISPs—new entrants in the online advertising space—for disparate treatment. As one recent study by President Clinton’s chief counsel for privacy and President Obama’s 1 Remarks of Maureen K. Ohlhausen, Commissioner, U.S. Federal Trade Commission, at the Free State Foundation Eighth Annual Telecom Policy Conference, “Privacy Regulation in the Internet Ecosystem,” at 3 (Mar. 23, 2016), available at http://go.usa.gov/csDS4. 2 See Letter from Penny Pritzker, U.S. Secretary of Commerce, to Vera Jourova, Commissioner for Justice, Consumers and Gender Equality, European Commission (Feb. 23, 2016), available at http://go.usa.gov/csWxP. 3 Protecting and Promoting the Open Internet, GN Docket No. 14-28, Report and Order on Remand, Declaratory Ruling, and Order, 30 FCC Rcd 5601 (2015) (Title II Order). 4 Hearing before the U.S. House of Representatives Subcommittee on Communications and Technology, “Oversight of the Federal Communications Commission,” Preliminary Transcript at 141 (Nov. 17, 2015). 5 Federal Trade Commission, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers at 56 (Mar. 26, 2012), available at http://go.usa.gov/csYRz. 6 Order at para. 4. 2special assistant for economic policy explained, “The 10 leading ad-selling companies earn over 70 percent of online advertising dollars, and none of them has gained this position based on its role as an ISP.” 7 That’s because “ISPs have neither comprehensive nor unique access to information about users’ online activity. Rather, the most commercially valuable information about online users . . . is coming from other contexts.” 8 Or as former Democratic Representative Rick Boucher wrote just this week, “by the end of this year, 70 percent of Internet traffic will be encrypted and beyond the surveillance of ISPs.” 9 Just think about how we experience the Internet in our digital lives. Search engines log every query you enter. Social networks track every person you’ve met. Online video distributors know every show you’ve ever streamed. Online shopping sites record every book, every piece of furniture, and every medical device you browse, let alone purchase. To quote the Chairman’s press release, “[e]very day, consumers hand over very personal information simply by using the . . . broadband services they’ve paid for.” 10 To paraphrase the Notice, online operators “have the commercial motivation to use and share extensive and personal information about their customers.” 11 Any review of recent headlines makes this obvious. “Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped.” 12 “Hidden iPhone feature tracks your every move.” 13 “Facebook’s ad platform now guesses at your race based on your behavior.” 14 “Google is spying on K–12 students, privacy advocates warn.” 15 “Your Samsung TV is eavesdropping on your private conversations.” 16 “Why is Netflix cracking down on essential privacy tools?” 17 “Yahoo escalates the war on ad-blockers – by keeping people out of their own e-mail.” 18 It’s clear that online companies now have greater access to consumer data than ever before—and 7 Peter Swire, Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others at 8 (Feb. 29, 2016), available at http://b.gatech.edu/1RIWXUa. 8 Id. at 7. 9 Rick Boucher, Level the Privacy Playing Field to Protect Consumers, The Bureau of National Affairs, Inc. (Mar. 28, 2016), available at http://www.bna.com/level-privacy-playing-n57982069099/. 10 Chairman Wheeler’s Proposal to Give Broadband Consumers Increased Choice, Transparency & Security With Respect to Their Data at 1 (Mar. 10, 2016), available at http://go.usa.gov/csYN5. 11 Order at para. 3. 12 Gordon Kelly, Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped, Forbes (Nov. 2, 2015), available at http://onforb.es/1ZJgaeG. 13 Hidden iPhone feature tracks your every move, CBS News (Dec. 9, 2015), available at http://cbsn.ws/1IFkZlc. 14 Annalee Newitz, Facebook’s ad platform now guesses at your race based on your behavior, Ars Technica (Mar. 18, 2016), available at http://bit.ly/1VlxZQI. 15 Amy Kraft, Google is spying on K-12 students, privacy advocates warn, CBS News (Dec. 29, 2015), available at http://cbsn.ws/1OwMCj2. 16 David Goldman, Your Samsung TV is eavesdropping on your private conversations, CNN Money (Feb. 10, 2015), available at http://cnnmon.ie/1DvzR08; see also Andrea Peterson, This smart TV takes tracking to a new level, The Washington Post (Nov. 10, 2015), available at http://wapo.st/1L8FYau. 17 Meghan Sali, Why is Netflix cracking down on essential privacy tools?, Rabble.ca (Feb. 2, 2016), available at http://bit.ly/1MzsVXc. 18 Hayley Tsukayama, Yahoo escalates the war on ad-blockers – by keeping people out of their own e-mail, The Washington Post (Nov. 23, 2015), available at http://wapo.st/1Tb9jre. 3that the success of their business models depends on their ability to use it. 19 Ironically, selectively burdening ISPs, their nascent competitors in online advertising, confers a windfall to those who are already winning. 20 Despite this digital reality, the FCC targets ISPs and only ISPs for regulation. Legal constraints can’t be the reason. In The National Broadband Plan of 2010 and in broadband deployment reports issued since, the FCC has concluded that “privacy concerns can serve as a barrier to the adoption and utilization of broadband.” 21 And under the expansive reading of the Telecommunications Act and “virtuous cycle” theory of legal authority ascribed to by those voting for today’s Notice—a reading I do not support, to be clear—the FCC can take practically any action necessary to break down those barriers. 22 Remember, too, that this agency hasn’t been shy about pushing legal boundaries; its deliberate indifference to the law in other contexts has been repeatedly rebuked by the courts and sharply rejected by members of both parties in Congress during the last month alone. So creating a disparate privacy regime is not the product of legal restraints. It is simply a political choice. Perhaps all of this is why the Electronic Privacy Information Center has cried foul, writing that the FCC’s maniacal focus on ISPs “is inconsistent with the reality of the online communications ecosystem, incorrectly frames the scope of communications privacy issues facing Americans today, and is counterproductive to consumer privacy.” 23 Recent events confirm the wisdom of EPIC’s perspective. Reclassification’s chief corporate backer, Netflix, admitted just last week that it had selectively throttled its own customers’ traffic without their knowledge or their consent. 24 This is precisely the type of conduct that the FCC hypothesized last year when it claimed that companies “have the economic incentives and technical ability to engage in practices that pose a threat to Internet openness by harming . . . network providers, edge providers, and end users.” 25 Except that the FCC stated—without any evidence—that every one of the country’s 4,462 ISPs was a threat to Internet openness and that tech giants were not. To borrow from President Nixon’s press secretary, “That statement is no longer operative.” 19 Or, as security expert Bruce Schneier observed in 2014: “Surveillance is the business model of the Internet. We build systems that spy on people in exchange for services.” Fahmida Y. Rashid, Surveillance is the Business Model of the Internet: Bruce Schneier, Security Week (Apr. 4, 2014), available at http://bit.ly/1SuNLWL. 20 The Order even (reluctantly) acknowledges as much. See Order at para. 132 (“We recognize that edge providers . . . are not subject to the same regulatory framework, and this this regulatory disparity could have competitive ripple effects.”). 21 See, e.g., Omnibus Broadband Initiative, FCC, Connecting America: The National Broadband Plan at 53 (2010); Inquiry Concerning the Deployment of Advanced Telecommunications Capability to All Americans in a Reasonable and Timely Fashion, and Possible Steps to Accelerate Such Deployment Pursuant to Section 706 of the Telecommunications Act of 1996, as Amended by the Broadband Data Improvement Act, GN Docket No. 15-191, 2016 Broadband Progress Report, 31 FCC Rcd 699, 751–52, para. 126 (2016); Inquiry Concerning the Deployment of Advanced Telecommunications Capability to All Americans in a Reasonable and Timely Fashion, and Possible Steps to Accelerate Such Deployment Pursuant to Section 706 of the Telecommunications Act of 1996, as Amended by the Broadband Data Improvement Act, GN Docket No. 14-126, Tenth Broadband Progress Notice of Inquiry, 29 FCC Rcd 9747, 9770, para. 50 (2014). 22 See Telecommunications Act § 706; Order at para. 309. 23 Memorandum from Claire Gartland, Khaliah Barnes, and Marc Rotenberg, Electronic Privacy Information Center (EPIC), at 1–2 (Mar. 18, 2016). 24 Ryan Knutson & Shalini Ramachandran, Netflix Throttles Its Videos on AT&T, Verizon Networks, The Wall Street Journal (Mar. 24, 2016). 25 Title II Order, 30 FCC Rcd at 5628, para. 78. 4My position on this issue is pretty simple. Online consumers should and do have a uniform expectation of privacy. That expectation should be reflected in uniform regulation of all companies in the Internet ecosystem. That’s the model we had during a decade of FTC regulatory oversight; that’s the model that gave us an Internet economy that’s the envy of the world. Because the FCC rejects restoring this approach in favor of corporate favoritism, I dissent.