April1st, US has voted to allow everyones internet browsing data,freely for sale

[MK14]

Obvious April 1st Joke...
Or is it ?

https://www.congress.gov/bill/115th-congress/house-joint-resolution/86

http://www.theregister.co.uk/2017/03/28/congress_approves_sale_of_internet_histories/

Summary:
In the US your internet service provider (who already knows your name and address etc). Can sell (without your knowledge or permission etc), your entire internet browsing history.
Hence your medical conditions, interests (Transistors with their bare leads showing  ), political affiliations etc etc.

I'd be really, really annoyed. It is MY/OUR private information and outside of crime/terrorism and tax avoidance. Absolutely is none of the governments business to mess around with and agree for it to be sold.

I'm rather furious/upset about it and I don't even live in the US.

I'm annoyed enough about the UK, allowing the browsing history to be available for the secret service, Police and other government bodies. But allowing ISPs to sell it to businesses, is just so so wrong, on so many levels.

Polite Notice:
Please try and avoid talking about politics, as you may get this thread closed.
I think that this thread is technically related, because internet services should be reasonably private.
But if we can't keep it technical/privacy related, it may get closed.

[Rick Law]

As I understand it, the bill is intended to stop FCC power-grab.  This move merely puts the responsibility back under one roof.

FCC (Federal Communications Commission) was setup by congress to manage radio waves (HAM, AM/FM, so forth).  While congress has not given FCC the charge to manage internet, it has seen upon itself as master of the internet.  Of the big internet players, only ISP companies comes under FCC.

Privacy (in the view of congress) is the purview of FTC (Federal Trade Commission).  Matter regarding privacy is handed back to FTC.  Google, Facebook, type players are generally regulated by FTC and thus are not affected by FCC rules had it been kept in place.

My read between the lines is either way, our data is being sold.  FCC rules doesn't control companies that isn't a communication company.  This is not an issue of keeping privacy.  This is a war between who gets to sell your privacy.


"... [the overturned rules] required telecommunications firms such as Comcast Corp. and Verizon Communications Inc. to get customers' permission to market their app and web-browsing history to third parties. It was opposed by broadband providers, who said it could unfairly tilt the playing field in favor of internet rivals, such as Alphabet Inc.'s Google unit and Facebook Inc., which generally are regulated by another agency, the Federal Trade Commission..."
_{Quoted from: http://www.foxbusiness.com/politics/2017/03/28/house-approves-bill-to-overturn-fcc-privacy-rule.html}

[MK14]

As I understand it, the bill is intended to stop FCC power-grab.  This move merely puts the responsibility back under one roof.

FCC (Federal Communications Commission) was setup by congress to manage radio waves (HAM, AM/FM, so forth).  While congress has not given FCC the charge to manage internet, it has seen upon itself as master of the internet.  Of the big internet players, only ISP companies comes under FCC.

Privacy (in the view of congress) is the purview of FTC (Federal Trade Commission).  Matter regarding privacy is handed back to FTC.  Google, Facebook, type players are generally regulated by FTC and thus are not affected by FCC rules had it been kept in place.

My read between the lines is either way, our data is being sold.  FCC rules doesn't control companies that isn't a communication company.  This is not an issue of keeping privacy.  This is a war between who gets to sell your privacy.


"... [the overturned rules] required telecommunications firms such as Comcast Corp. and Verizon Communications Inc. to get customers' permission to market their app and web-browsing history to third parties. It was opposed by broadband providers, who said it could unfairly tilt the playing field in favor of internet rivals, such as Alphabet Inc.'s Google unit and Facebook Inc., which generally are regulated by another agency, the Federal Trade Commission..."
_{Quoted from: http://www.foxbusiness.com/politics/2017/03/28/house-approves-bill-to-overturn-fcc-privacy-rule.html}

Thanks!
I somewhat understand what you are saying (it is not your fault I don't fully understand, it is because I am not to familiar with the US agencies and how they work).

Although Google/Facebook etc, have similar information. They don't necessarily tie in the websites visited (especially google) with your real life name/address/telephone number etc.

But if these changes mean that the web browsing history and your personal details, are COMBINED. Then businesses could do all sorts of unpleasant things.

E.g. All US residents who access EEVBLOG forums or watch electronics related videos on youtube, could be phoned up and written to about every new scope, meter and other stuff. Regardless of if you want to be bombarded with such information or not.
But I guess this already happens to an extent, as they have other ways of knowing.

[boffin]

And what's next for the people that thought Alleged Billionaire Trump was a good idea ?


The US Post Office to sell your mailing history ?
The phone companies able to sell your calling history ?

[Rick Law]

And what's next for the people that thought Alleged Billionaire Trump was a good idea ?


The US Post Office to sell your mailing history ?
The phone companies able to sell your calling history ?

This is not a disagreement about whether a regulation should be there or not.  This is a dispute about which department should originate the regulation.

FTC (Federal Trade Commission) is the official federal office for consumer protection, whereas FCC (Federal Communications Commission) was official set up to regulate radio waves.

The bill therefore official leave no doubt that only the official office with the charter has the authority to regulate.  For example, this would be no different than overturning a "Car Pollution Standard" issued by the DoED (Department of Education) and turn the issue back to the EPA (Environmental Protection Agency) as pollution is under the purview of EPA.

Your question "what's next?" is now we the consumers getting FTC to do something - writing, calling, complaining, whatever.  What FTC does will apply to all companies instead of just some companies.

This isn't even a Trump thing but instead a US Congress thing.  So, whether you are pro-Trump or anti-Trump, this is not really related to the matter.  That said, Google and Facebook (etc. etc) lobbied pretty hard for this regulation and donates heavily to the Democrats.  So, there could be (speculations) some "pay back" in play here as well.  I certainly would not rule that out.

[PlainName]

This is what happens when you treat privacy as a non-issue - it just ratchets up until it gets so bad even the most uninterested notice that it's a problem, and by then it is  HUGE problem which is pretty much unfixable. We've made our bed and now have to lay in it.

In essence, what this bill means is that you have a wiretap on your data line, and whoever can access that can sell whatever they can grab from it to whomever they like. Your details are worth $30-$60 a month, and it's not you that's going to benefit but whatever  bottom dwelling leeches have the biggest pockets. The likes of Google would die for the output from this wiretap since it gives far more data than even they can suck up, and you can't turn it off like you can with cookies.

[metrologist]

The article I read said that financial data and social security numbers can be sold.It is not clear to me what data we are talking about.

Does this affect raw data like what is transferred while filing tax returns, the content of emails and attachments. Any data transmitted over non-ssl lines, or does ssl even matter any more? Can they capture and decrypt that data and then sell it?

I'm not sure why any current law does not apply. For example, what stopped phone companies from recording your calls and selling lists of numbers you've called back in the 80's? For a long time, my internet connection was a phone call. Was the wire tapping law written such that it only applies to twisted pair so once we move to fiber and other modulation schemes, suddenly wire tapping laws don't apply?

[yuzuha]

That will last until someone posts all the porn sites the congressmen visit.   

[PlainName]

Does this affect raw data like what is transferred while filing tax returns, the content of emails and attachments.

Don't know, but Google accesses your email contents so I don't see why this should be different. There is probably a distinction between using the contents to derive interests (then selling that deduction on), and selling the contents verbatim. If nothing else, copyright law should still be applicable. But...

Any data transmitted over non-ssl lines, or does ssl even matter any more?

As countless security people and services have disclosed many times, the metadata is just as useful, sometimes more so, than the content. For instance, an email saying "Party at mine tomorrow" is OK, but knowing who it was sent to is far more valuable. So long as SSL doesn't impact the metadata too much, it's not that important. (Of course, the ISP is ideally position to do MITM attacks, so all of a sudden SSL certificates that can be vouched for might be far more important than the self-signed 'encrypted but don't really know who it is' ones.)

[Avacee]

I take it selling their customers data isn't limited to individuals but also includes business customers.
If so some Industrial Sabotage just got a bit easier.

Either way is it fair to guess that the happiest people will be lawyers who must be over the moon at the lawsuit potential?

[metrologist]

Dang it! The brits will know about every frenchie i've contacted, and then there will soon be associations with the aussies. point is the impact of this is global.

[chicken]

My read between the lines is either way, our data is being sold.  FCC rules doesn't control companies that isn't a communication company.

So "telecommunications firms such as Comcast Corp. and Verizon Communications Inc." are not communication companies. 

[Rick Law]

My read between the lines is either way, our data is being sold.  FCC rules doesn't control companies that isn't a communication company.

So "telecommunications firms such as Comcast Corp. and Verizon Communications Inc." are not communication companies. 

re: So "telecommunications firms such as Comcast Corp. and Verizon Communications Inc." are not communication companies

Of course they are.  But as I said, "FCC rules doesn't control companies that isn't a communication company."  Google and Facebook are not.  FCC rules will therefore apply to only ISP's but not Google, Facebook, Tweeter, etc., etc.

Congress made no statement regarding whether the rule is good or bad, needed or not needed.  [ EDIT: So there is no need to argue about that. ] Discussion of privacy is a good discussion, but no point in discussing if congress overturn a good rule since Congress made no statement about the goodness of the rule.  [ end EDIT ]

What Congress did was it merely say FCC overreached and FTC is the designated official department regarding consumer protection.  Congress has the ultimate say on what authority they delegate to which department.

Can you imagine the confusion if the Department of Education issues regulation about Car pollution?  Next thing you know, the Food and Drug Admin will be issuing regulation about work place safety, and the Labor Department will be regulating what trans-fat content can be in your french fries.

These "privacy rules" are rules that Google, Facebook, etc. influenced and lobbied the FCC really hard for passage.  Imagine, if we believe in and rely on Google and Facebook to defend our privacy, we are in real bad shape then.  I trust Google/Facebook as far as I can throw a house.

EDIT: see strike-out line above.

[chicken]

I don't think your comparison is valid. This is about privacy of communication, so it is very related. Like the department of education may come up with extra saftey requirements for school buses.

This is more about the Republican party being obsessed with undoing any rule that was enacted/proposed in the Obama era.

EDIT: I very much agree that Google and Facebook and the data brocker industry in general are in dire need of privacy rules as well.

[Bassman59]

Don't know, but Google accesses your email contents so I don't see why this should be different.

The difference? Google (and Facebook, and EEVblog, and thousands of other services) are free to the users. Of course they are not free, because if you aren't paying, you're the product. These services are free (as in beer) because Google's and Facebook's primary business is advertising. They are selling your personal data to other businesses for the purpose of enabling those businesses to more effectively advertise their products to you. You have a choice, of course, to simply not use these services.

ISPs, on the other hand, charge you for access to their networks. And the cost isn't trivial. I pay about $70 per month to the local monopoly Internet provider, and another $120 a month for two smartphones. For the former, I have no choice in my provider, as there is exactly one in my area, so my choice devolves into "do I want Internet access at home or not?" As for the latter, my choice is "which of these highly-similar services do I want to provide mobile access, or do I want that access at all?"

That these companies can sell your Internet traffic (and now with the elimination of Net Neutrality rules route that traffic as they see fit) for which you pay is the difference.

[Rick Law]

I don't think your comparison is valid. This is about privacy of communication, so it is very related. Like the department of education may come up with extra saftey requirements for school buses.

This is more about the Republican party being obsessed with undoing any rule that was enacted/proposed in the Obama era.

Food and Drug Admin (FDA) in fact is a perfect example.  It can issue regulation about manufacturing facilities making food or drug.  Imagine for a moment these two made-up regulations were to be issued today:

1 "any rodents discovery must be reported within X days"
This would be a perfectly valid regulation as rodents would affect your food.

2. "95% of the parking must be Handicap accessible"
This would be an overreach.  Handicap parking is a matter for regulation by Congressional act (Americans with Disabilities Act (ADA) in 2010).  Authority was designated to 5 agencies (ODEP, EEOC, DOT, FCC, and the DOJ).  If FDA wants a Handicap parking rule, it should refer the matter to one of those five.  DOT (Department of Transportation) is likely the one that should deal with parking. 

I am sure with some imagination, you can make up a rule that the DoED can issue (pollution affects student performance) which will step on the toes of EPA.

* * *

So, Congress' action yesterday shows FCC can issue regulations about communication.  Consumer protection (Privacy) is already designated to be under FTC.  FCC Should forward the matter to FTC.  And they made their intentions very clear in some interviews by news agencies.

Trump did made some statement about stream-lining the Federal Government and overlapping regulations.  He made the statement in regard to EPA issuing regulations governed by other agencies.  So contrary to my earlier statement, this may indeed be more than just Congress.

Whether it is pro or anti Trump.  It make sense that if the authority is already designated to agency-A, agency-B should refer the matter to agency-A.

[PlainName]

You have a choice, of course, to simply not use these services

Practically, you don't. Facebook tracks you across websites whether you are logged in or not, whether you even have an account or not. Appear in any photo a Facebook user posts? You're probably named and shamed. Have an acquaintance with a Google email address? Your emails are already absorbed. Etc.

[Rick Law]

You have a choice, of course, to simply not use these services

Practically, you don't. Facebook tracks you across websites whether you are logged in or not, whether you even have an account or not. Appear in any photo a Facebook user posts? You're probably named and shamed. Have an acquaintance with a Google email address? Your emails are already absorbed. Etc.

I personally think privacy protection against Facebook and Google is as important and perhaps more important as privacy protection against ISP's.  And, I probably engaged in "guilt by association" - any privacy rules pushed by Facebook and Google is by such association can't be good.  Thus, I was happy to see the regulation they wanted being overturned.

I also agree with Congress that FTC is a better play to deal with them.  Consumer Protection Agency.  A Google Chrome user may not be a Google customer since they don't pay, but as users, they certain are consumers of Google services/products.

Besides privacy regulations, I would like to see their respective monopolies broken up.  Sherman Antitrust Act covers monopolies earned by merit or naturally arose.  I think they are getting too powerful.  Too powerful may not be adequate for breaking them up.  Like old-AT&T, if they are broken up to 5 baby-googles, may be that will do technology and us the consumers a lot of good.

[raspberrypi]

the best way to protect your info is to make fake info and bury the real info since you can't hide it. If you have a unique first or last name you lost of your privacy. Type your name into google and see how much these companies know about you, its scary. The FTC's job is to protect the share holders not individual people. You don't own shares? They don't give a shit.

Did you know that cable companies don't have to censor their content (that annoying beeping sound) but they do anyways? The FCC's job changed ALOT in the 2000's. 

[Rick Law]

... The FTC's job is to protect the share holders not individual people. You don't own shares? They don't give a shit.
...
Did you know that cable companies don't have to censor their content (that annoying beeping sound) but they do anyways? The FCC's job changed ALOT in the 2000's.
...

It changed again yesterday - when Congress voted.  FCC/FTC leaders better take a close look at what the Congressman/Congresswoman said because their job is whatever Congress say it is.

[Red Squirrel]

That is such a ridiculous thing to pass.  The simple idea that your ISP can be allowed to do this,  or possibly even modify your  traffic to inject ads (which I imagine is the goal here) is completely infuriating.  I guess this is going to be good for the VPN industry...  until they make those illegal.  Can't win. 

[technix]

@EEVblog Dave, please set up mandatory TLS on this website. This keeps at least *some* prying eyes out of us.

I think that there are free or low cost SSL certificate providers out there. I am using a free one from Let's Encrypt on my personal blog (https://en.maxchan.info)

You should also set up automatic redirection from unsecured HTTP to secured HTTPS. This can be implemented on your server easily.

You should also turn on HTTP Strict Transport Security so browsers won't even bother checking the unsecured version after the first visit.

Also use only strong cryprography with TLS 1.3 and maybe TLS 1.2. Switch off older, vulnerable cryptoprotocol and cipher suites.

[Monkeh]

@EEVblog Dave, please set up mandatory TLS on this website. This keeps at least *some* prying eyes out of us.

I think that there are free or low cost SSL certificate providers out there. I am using a free one from Let's Encrypt on my personal blog (https://en.maxchan.info)

You should also set up automatic redirection from unsecured HTTP to secured HTTPS. This can be implemented on your server easily.

You should also turn on HTTP Strict Transport Security so browsers won't even bother checking the unsecured version after the first visit.

Also use only strong cryprography with TLS 1.3 and maybe TLS 1.2. Switch off older, vulnerable cryptoprotocol and cipher suites.

All of which is complicated and substantially nullified by having Cloudflare sat in the middle.

[Red Squirrel]

Yeah HTTPS is a good idea, I need to revive my forum (been saying this for years and keep getting side tracked) and when I do it will be HTTPS.  No cloud flare.  I feel that just adds an extra layer of complexity.  I think the concept is neat but personally I rather be in full control of how my website gets served.

[technix]

That is such a ridiculous thing to pass.  The simple idea that your ISP can be allowed to do this,  or possibly even modify your  traffic to inject ads (which I imagine is the goal here) is completely infuriating.  I guess this is going to be good for the VPN industry...  until they make those illegal.  Can't win.

China Telecom began injecting ads to EVERY unencrypted HTTP session back in 2014 (?) and I immediately moved my home network (mostly) onto an IKEv2 tunnel.