What Individuals Should Do Now That Congress Has Obliterated the FCC’s Privacy Protections

Congress has voted to reverse new FCC privacy protections that would have required Internet service providers (ISPs) like Comcast, Verizon, and AT&T to seek your permission before sharing information about your browsing history, location history, contacts, and other personal information. Last Tuesday, President Trump signed the measure.

There are some limited steps we as individuals can still take to protect our data. But the truth is that none of them are adequate when the companies that run wires into our home are determined to spy on our use of their services. The best thing Americans can do is to exercise their rights as citizens in a democratic society through activism, voting, working to support and oppose candidates, etc. Right now, people need to make their displeasure heard, loud and clear. Check to see if your senators and representative voted to protect the interests of Big Telecom, or the interests of individuals who don’t want to be spied upon, profiled, bought and sold, and possibly discriminated against. If they did the former, voice your displeasure. Speak up online, support federal legislation to restore these protections, advocate for your state governments to take action to fill the gap left by Congress—and don’t let your memory of this travesty fade away, as telecom-supporting members of Congress are counting on you to do.

A common but inadequate response in situations like this is that we should “let the market decide.” The reality for most Americans is that the market has failed to provide meaningful choice among network operators. Fully 51 percent of Americans have only one real choice of broadband Internet service provider, and even the lucky Americans with access to two or more providers may not see any meaningful difference between the providers in terms of user privacy. This makes it difficult, if not impossible, to “vote with your wallet.”

What are the limited steps that people can take to restore the privacy that ought to be their right? There is no perfect solution, but we have a few suggestions. 

Contact Your ISP and Opt Out of Data Sharing

Despite the obliteration of the FCC’s privacy protections, most ISPs (for now) offer consumers limited opportunity to “opt out” of data sharing about their Internet use, often referred to by the legal term “Customer Proprietary Network Information,” or CPNI. Although this step has definite limitations, it is something that every customer should take advantage of.

Unfortunately, the telecoms have every incentive  to make it difficult for you to do so, and often do not present discoverable, meaningful options. This is a highly imperfect solution from a policy standpoint — because of the difficulty in opting out, because it throws the burden of protecting privacy onto the customers when the law clearly places it on carriers, and because it attempts to normalize surveillance by making surveillance the default when the default should be privacy. 

To look at what it takes to opt-out, we explored the sites of the top ISPs in the United States. What we found is that their “opt-out” procedures and options are hopelessly inadequate, and that it was very difficult and time-consuming to get accurate information from the companies. When we sought help from Comcast’s customer service chat, for example, it took over 20 minutes to get a link to their privacy policy, and they did not provide any information on how to opt out of information sharing. We also found that the companies’ privacy policies were generally vague and lacking in information about exactly what data is collected by the ISP and what a broadband user can expect in terms of privacy. Furthermore, none of the opt-out options appeared to allow a user to opt out of having information about their personal browsing histories retained and stored, which many people find offensive—some ISPs merely let users opt out of getting ads based on the collection and storage of that data. Other ISPs will still send some marketing materials based on the information they have collected, even if the user has opted out.

Here are links to opt-out pages for the leading ISPs:

AT&T: Instructions on opting out of various uses of data are here, including this CPNI Restriction Request Form

CenturyLink: Instructions for opt-outs on marketing contacts as well as other practices are here.

Charter Spectrum: Privacy preferences can be set here and by calling the company as described in Charter’s privacy policy in the sections entitled “Can I prohibit or limit Charter’s use and disclosure of my personally identifiable information?” and “Charter Residential Customer Proprietary Network Information (CPNI) Policy.” Charter has acquired Time-Warner Cable, but TWC still has a “CPNI Opt Out” form online here.

Cox: Features a “Privacy Settings” page to opt out of marketing based on CPNI as well as other uses of data such as location-based advertising.

Comcast: Information about opting out of various uses of information is contained within Comcast’s xfinity privacy policy.

Verizon: Instructions to opt out of various uses of Internet, cell phone, and television services are here (in the section “How to limit the sharing and use of your information”) and here.

If you use a smaller ISP not listed above, a provider’s privacy policy is generally the place to look for opt-out instructions and links. Nearly all companies include a link to a privacy policy on their main page, though it is often in very small print at the very bottom of the page.

Encryption

Encryption is an effective way of hiding the content of your communications from an ISP’s prying eyes (not to mention those of other parties). Encryption will block your ISP from seeing the content of your communications, but depending on the application it may still permit them to see your metadata (such as who you are communicating with and/or when).

Nevertheless, using encrypted communications and apps as much as possible is a good idea. As we’ve recommended before, for example, everyone should use Signal where possible to replace traditional text messaging or voice calls. Of course, many of your friends may use an end-to-end encrypted messaging app like Signal or Apple’s iMessage, but many may not, and you will be obliged to communicate with those friends over channels that your ISP—and theirs—can snoop on. So encourage your friends to move to better messaging platforms!

You can also use the “HTTPS Everywhere” browser extension, developed by our friends at The Tor Project and the Electronic Frontier Foundation, to force more of your web browsing to HTTPS. When a customer connects to a web site that uses HTTPS (as opposed to plain unencrypted HTTP), the ISP can’t see the exact pages within a site that a customer is reading, or the content of the pages that he or she downloads. The ISP will, however, still see that you’re visiting the site itself (i.e. www.autism.org or www.aids.gov). Another limitation is that while many web sites have shifted to HTTPS, many have not, and the end-user has no control over that.

Despite such limitations, moving to encrypted communications as much as possible is a good idea and is a step that will protect your privacy not only from your ISP, but also potentially from other parties ranging from the IT workers in your office to the NSA.

Virtual Private Networks

In addition to using encrypted communications, you might want to protect more of your metadata (information about where you are going and who you are communicating with on the Internet). One approach is to use a Virtual Private Network (VPN), which creates an encrypted connection between a customer’s computer and the VPN’s network, and routes all of the customer’s traffic through that remote network, leaving the customer’s ISP unable to see either the content or the destination of a customer’s communications. Configured this way, the VPN acts as an encrypted proxy to the rest of the Internet. VPNs can be an effective way of preserving some degree of privacy against some parties, including ISPs.

The use of VPNs has a number of significant limitations you should be aware of.

VPNs cost money, forcing you to pay for privacy that should be your right (and which many Americans cannot afford). Unless expertly configured, a VPN may not cover the growing eco-system of Internet of Things devices that is appearing in many homes, such as personal assistants (like the Amazon Echo), smart or GPS watches, FitBits, appliances, etc. Even with use of a VPN, your ISP can still see the amount of data you are sending and receiving, and at what times. And VPNs can slow down your Internet data speeds, because all your traffic has to be funneled through a remote server. It might introduce delay into video chats or VoIP phone calls, for example.

Finally, use of a VPN just shifts the privacy issues to a new party. When you use a VPN, many details about your Internet usage become invisible to your ISP—but whatever party is operating the VPN service (employer, third-party service, etc.) then gains access to all that information. For this and other reasons, it’s important to do good research and be very careful about whom you select as a VPN provider. Your choice may depend on whom you're trying to protect yourself from: someone who is trying to avoid the local advertising agency might have a different set of choices than someone who is trying to avoid immigration authorities or a vindictive city councilmember. The Electronic Frontier Foundation lists questions that should guide your VPN choice here.

Use the Tor Browser

Another option for protecting privacy is to do your browsing through Tor, which is an encrypted network of servers that bounce your traffic around between you and the site you’re visiting so that it can’t be tracked. The simplest way to use Tor is to download and install the Tor Browser and use it instead of your normal web browser. Installing and using the Tor Browser won’t have any effect on your normal web browser, so you can try it out and still easily switch back, or use Tor for some of your browsing and another web browser the rest of the time.

As with a VPN, your ISP will be able to see the amount and timing of your data transmissions over Tor, but it will all come and go from the Tor “guard node” to which you are connected, and it will all be encrypted. Even more than a VPN, Tor can slow down a user’s Internet speeds. Furthermore, some website operators block traffic that arrives over Tor, which can be frustrating if you need to visit those sites.

Defend Network Neutrality

To avoid losing advertising dollars, ISPs might be tempted to detect customers’ use of Tor Browser or VPNs and deliberately slow down that traffic in order to discourage people from protecting their privacy in that way. Fortunately, the FCC’s network neutrality rules prohibit that kind of interference with customers’ traffic. That’s great—as long as Congress or Trump’s FCC doesn’t undo the network neutrality rules as they have the privacy rules. So privacy-conscious Americans are advised to politically agitate for the preservation of network neutrality in addition to agitating for the restoration of broadband privacy.

Overall, nobody should view any of the above suggestions as a permanent fix for the problem that Congress has created by nuking the FCC’s privacy protections. When something bad happens, it’s natural to want assurance that we still can be in control of our own destiny. Taking advantage of the limited steps that are available can be a good idea, but the best thing Americans can do about this betrayal of their privacy is to exercise their right to support and oppose candidates, to vote, and to engage in vocal speech and vigorous activism.

Add a comment (20)
Read the Terms of Use

Not a Hacker

Users please be careful with TORs. Yes they bounce IPs from place to place, but that also means whatever you are browsing can be and is recorded by TOR "bouncers". Some believe the US government and other actually sponsor TOR routers!

Although your IP has been "hidden" from the destination server, the TOR "provider" absolutely sees where you visited and what you posted. There is no hiding of your IP address, all you can do is change it frequently.

Follow up

Great article. The following is a supplement for people who don't know.

Internet- The connection of server computers throughout the world that accept incoming connections from other computers. Your computer knows how to connect to another computer using an "IP" address.

"WWW"- When you type "www.aclu.com" into your browser it connects to an IP address that "translates" the words into a numerical address for the server.

IP- An Internet Protocol address is a number assigned to the server/computer location. An example might be 234.567.76.7.1 or some other combination of numbers separated by decimals. These are also used by your routers and switches.

DNS- The IP is translated using Domain Sever Names. This is where the "www.whatever.com" is actually translated. This can occur locally on your machine or the host machine.

MAC Addresses- Media Access Control identifies your specific device on the network. Such as your IPad, Chrome book, Smartphone, Surface pro, or any machine connected to that network.

Encryption- the steps taken by your router, browser, or software to encode your data as it is transmitted between your computer or smart device and the host machine.

A small supplement of what all Americans should know. And yes, although I post "anonymously" my IP remains public although I do not fear because I do nothing to harm others.

Michael W Busch

To further clarify:

TOR works by repeatedly encrypting data, with each node in a circuit through the TOR network only being able to remove one layer of encryption.

If TOR is working correctly, each node in a circuit knows only the IP address of the machine it receives data from and the IP address of the machine it sends data to, with the routing through the network being randomized. The entry node to the TOR network knows the IP address of the machine you are accessing TOR from, and the exit node from the network knows the IP address of the machine hosting whatever site you are trying to access - although the data being transferred is still encrypted.

If a government agency or other group is monitoring the traffic going into and out of TOR entry and exit nodes, various techniques of traffic analysis can be applied to figure out who is visiting which websites. TOR doesn't guarantee anonymity, but it does make mass surveillance much more difficult.

Further information is available from the TOR project itself, and also from Wikipedia and its sources: https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 .

Captain Kate

I think it would be best to use TORand a VPN together. This is what i do to secure my privacy; I use Purevpn and TOR together

Anonymous

It is always good to be careful and to think before you act.
If everything works correctly there is not one single TOR "provider". The traffic goes through a chain of TOR relays operated by individuals or individual organisations.
The following links are quite informative and visually appealing:
https://www.eff.org/pages/tor-and-https
https://www.torproject.org/about/overview.html.en

Liz

StartPage.com not only provides a way to search Google results in privacy, it also offers a free proxy with every search result. Your ISP may know you visit StartPage, but it won't know what you search for or what pages you visit through the StartPage proxy.

Anonymous

When a majority of executive branch officials and majority of legislative branch officials refuse to honor their oath of office, which includes the 4th Amendment - isn't the co-equal Judicial Branch dutibound to "check & balance" the political branches?

The top priority should be restoring the integrity of our Independent Judiciary so they start honoring their duty of providing judicial review to the political branches.

Anonymous

It's basically the "Wild West" in the Internet age - if there are any cops on the beat, they don't have the wherewithal or will to protect Americans. There is no law anywhere for anyone using computers. The big question is when will there be a modern day Wyatt Earp to stand up to the unconstitutional hackers?

Anonymous

helpful article. i would like to know if you are truly opted out when you opt out through your ISP or if it's just lip service.

DONNA Haliburton

I m a 55 yr old female. Victim 6 mos to date to Going Dark FBI tactics because I spoke truthfully and publicizedly against lake enforcemsnt in my then misdknt. However I am terrorized all level oh
Kentucky government law e
E
Enfkddnt

Pages

Sign Up for Breaking News