Senate Votes To Let ISPs Sell Your Data Without Consent
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Senate Votes To Let ISPs Sell Your Data Without Consent

Lettings ISPs Sell Your Data, Seriously Weakens Existing Consumer Protections.

Yesterday, the US Senate voted to undo privacy protections passed during Obama’s administration. The target was an FCC privacy policy that would have required a request for customer permission before letting ISPs sell your data.

With the newly passed Senate resolution, that protection is gone, leaving ISPs free to share and sell “data, including online browsing activity, mobile app data, and emails and online chats” to third-party companies. The vote was 50-48 in favor, exclusively supported by Republican senators.

This will likely kill the FCC privacy policy before it ever truly existed – while it was approved last year it had not even come into effect yet (that wouldn’t have happened until December of this year) – reflecting our new Congress’ eagerness to hurt digital privacy. The House of Representatives (which is also majority Republican) or President could still act to ensure the privacy policy goes into effect, but that is unlikely to happen barring a massive public outcry.

Now you know who to thank when your Social Security Number is spread all over the place (that may seem dramatic, but SSID is one of the pieces of information that your ISP can now share without permission).

This is an absolutely atrocious invasion of privacy – one that provides no benefits to consumers and only gives ISP more means for making a profit off a service they already charge users for. During the resolution’s debate, Senator Ed Markey (D) said “the acronym ‘ISP’ now stands for ‘information sold for profit,’ and ‘invading subscriber privacy,’ rather than ‘Internet service providers.’”

This outcome demonstrates the importance of sensible policies on digital privacy – something that the US government has a bad track record with. While we often like to champion the capabilities of technology, that alone cannot solve all of our problems.

For instance, even with these new regulations, SSL/TLS can still provide some privacy from your ISP’s prying eyes.  When using HTTPS, a network observer cannot see the specific page you have visited on a website, but they can still see the hostname.

This means that HTTPS prevents your ISP from seeing what you have searched for on Google. But they will be able to see that you navigated from Google to, and then to This demonstrates the trivial ease with which a network-level observer with aggregate data can identify what you are doing, even with some protections. (By the way, this is another good reason for you to adopt HTTPS for your site. Give your users the ability to value and prioritize their privacy instead of taking that decision away from them by only offering HTTP).

Users could go further and bolster their protections by also using a VPN – which would encrypt all traffic from their local computer and effectively blind their ISP. But in the digital realm, privacy and safety are usually unrelated. So unless your VPN provider isn’t rubbish – which is a big assumption to make – you may be sacrificing one protection for another.

By using a VPN you are really just shifting your exposure instead of limiting it. After all, instead of your ISP seeing everything you’re doing, now your VPN provider will. Given that there is less oversight over VPN providers, they may not provide any privacy improvement at all.

So that is another technology solution which fails to really work…

This does not even get into the topic of usability or the fact that keeping a shred of privacy online will take money, know-how, and the inevitable troubleshooting and inconveniences of such a complicated method just to do some simple web browsing.

So, what’s more reasonable – to play a cat and mouse game with various protocols, services, and software to keep your basic privacy rights intact? Or would it be better for our government to start taking our digital rights seriously, and start passing sensible legislation?