What to expect nowthat ISPs can collect, sell data
After Congress on Tuesday handed President Donald Trump legislation that would wipe away landmark privacy protections for internet users, we received a lot of reader questions aboutwhat happens next. The legislation makes it easier for internet providers, such asAT& TandVerizon, to collect and sell information such as your web browsing history and app usage.
Congress voted to keep a set of internet privacy protections approved in October from taking effect later this year. The ruleswould have banned internet providers from collecting, storing, sharing and selling certain types of personal information— such as browsing histories, app usage data, location information and more — without your consent. Trump still must sign the legislation, but he is widely expected todo so.
The short answer is “in theory, but probably not in reality.”
Many internet service providers, or ISPs, have privacy policies that may cover this type of information. If an ISP shares or sells an individual’s personal information in violation of its own privacy policy, a state attorney general could take the company to court, said Travis LeBlanc, a former enforcement bureau chief at the Federal Communications Commission. State attorneys general also could sue ISPs whose data practices could be construed as “unfair” to other businesses. Meanwhile, the chairman of the Federal Communications Commission has said what’s left of his agency’s privacy authority still allows him to bring lawsuits against companies — he just won’t be able to write rules that look similar towhatCongress rejected this week.
That said, if the providers relax their privacy policies or if the FCC chooses not to take action, ISPs could conceivably share detailed information about a person’s web usage that could be used to discover his or her identity.
Based on how companies use and share data today, it’s still relatively unlikely that an ISP would simply hand over data for cash, particularly about an individual, said Chris Calabrese, policy vice president at the Center for Democracy and Technology.
What generally happens is that a marketer will ask a company such as Facebook to advertise with a certain demographic — say, men between the ages of 45 and 55. The two companies will settle on a deal, and the marketer’s ads will be displayed on Facebook to that group, but the marketing company will never see specific information about those people.
“That’s the most likely way you’ll have your web surfing history sold,” said Calabrese.
If you’re looking forways to enhance your privacy, security experts generally recommend several steps.
First, use a virtual private network, or VPN. For a little bit of money, the best VPNs can hide your true location so that it looks like you’re surfing the web as somebody else, and encrypt your internet traffic so that nobody outside of the VPN can tell what you’re looking at. Other tools, such asTor, mask your identity by sending your internet traffic bouncing through awhole bunch of other intermediary servers. These services are not cure- alls: They may cause your browsing speeds to drop, and some websites block VPNs altogether. Finally, they don’t thwart any snooping software that an internet provider may have installed on your own device, logging your activity locally.
Second, make sure that thewebsites you use take advantage of HTTPS. You can think of HTTPS as a more secure version of the normal websites you visit; your overall experience won’t change, and internet providers will still be able to see that you’re on a particular site, but they will see less about what you’re doing there.
The measure doesn’t give the government any more powers to gather information on people than it already had, although with ISPs getting into the data- mining business, LeBlanc said, that’s another place government officials could theoretically go to find information about people of interest.