FCC vote could be game-changer for Internet privacy

Nearly all discussion of the federal rules for high-speed Internet service approved last month has focused on net neutrality — the idea that all online content be treated the same.

Largely overlooked has been another part of the regulatory change: privacy.

This could be a game-changer, requiring Internet service providers to seek customers' permission before monitoring or sharing personal information.

"Potentially, this could apply to every Web request you make," said Marc Rotenberg, head of the Electronic Privacy Information Center.

At issue is Section 222 of the Communications Act. It requires that telecom companies protect customers' "proprietary information," such as how you use their services.

It defines such information as relating to "the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service subscribed to by any customer." It also applies to information "that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship."

In the context of telephones, for which the provision was created, Section 222 is relatively benign. In the context of the Internet, however, Section 222 takes on more sweeping significance, covering almost everything you might do online, from the sites you visit and searches you perform to the things you buy.

The Federal Communications Commission voted 3-2 to reclassify broadband Internet service as a telecom service, rather than an information service, under Title II of federal communications laws.

This gives the agency a stronger hand in protecting consumers and ensuring a level playing field for content providers. A fact sheet on the broadband rules published by the FCC this month said the agency would not enforce provisions of the Communications Act that are deemed inappropriate for the Internet. However, the fact sheet was clear that Section 222 would be enforced to protect consumer privacy. No other details were provided.

Mark Wigfield, an FCC spokesman, said the vote gives the agency "the authority to adopt new rules to define how 222 applies to broadband." Details, he said, "will be worked out in the future."

As currently written, the provision essentially would mean that Internet users no longer would be required to opt out of having personal information shared with others. Instead, broadband providers would be required to ask customers to opt in for such data sharing.

Cable and phone companies will fight aggressively to maintain an opt-out standard for customer privacy. But it's possible a new degree of transparency could be introduced to privacy issues.

Take, for instance, what AT&T is doing with its high-speed GigaPower broadband service, currently available in a handful of cities. AT&T allows customers to pay an extra $29 monthly to stop marketers from using browsing data to target advertising.

Personally, I think charging Internet users a privacy premium is repugnant.

Under Section 222, though, AT&T's approach appears to meet the letter of the law. So don't be surprised if, along with net neutrality, we see more privacy premiums in the future.

David Lazarus is a Los Angeles Times columnist.