Why Today’s Privacy-Invading Online Ecosystem May Not Last

In recent years we have seen the growth of an enormous infrastructure for routine commercial surveillance on the internet. This infrastructure includes not only “free” advertising-based services like Google and Facebook, but also a largely invisible system of ad networks that track people across the different sites they visit. While most people are not familiar with the extent of tracking and/or are uncomfortable with it, the advertising industry would like to normalize this surveillance and have us believe that humanity has reached some new phase where privacy is not as important as it once was.

I have seen this firsthand in the current battle over whether the FCC should extend longstanding privacy protections from old communications networks like the telephone, to the newest communications network, broadband internet service.

As I have discussed before, when an American picks up the phone to call a suicide hotline, an outreach service for gay teens, or a cancer doctor, he or she doesn’t have to worry that the phone company will sell that information to others, thanks to a privacy law (section 222 of the Communications Act) that prohibits such privacy invasions. There is no reason why that same privacy protection should not apply to the internet, which has superseded the telephone system as the most important communications network in Americans’ lives. Chairman Tom Wheeler of the FCC is moving to do just this — apply the traditional privacy protections of the Communications Act to broadband internet access service — and on Friday the ACLU filed comments with the FCC supporting that agency’s proposal.

The influence and example set by the advertising-based services that use the internet have loomed large in the efforts of industry to convince the FCC not to apply the law as clearly written. And some of the people I’ve discussed broadband privacy with have just shrugged their shoulders at the issue, as if privacy has already been so compromised online that one more set of rules won’t really make a difference.

The broadband providers are trying to milk that attitude for all it’s worth. They’re asking the FCC not to enforce the law precisely because they want to get in the game — grab short-term profits by monitoring communications as they provide internet service, just like many of the companies that use the internet do. They are pointing to the Googles and Facebooks of the world and saying, “why should we be subject to stricter rules than they are?”

It’s a big mistake to view things that way. There is a fundamental difference between the destinations at the edges of the network that people choose to use online, and can abandon for a competitor virtually at the click of a mouse, and the internet infrastructure itself. Broadband providers have the potential to monitor not just one area of a customer’s internet use, but all of them. We pay for broadband, it is not a free, ad-supported service. And the state of competition among broadband carriers (oligopolistic at best) is such that they have significant market power, and even where equivalent competitive options are available, the switching costs can be considerable. Most importantly, perhaps, the broadband providers are clearly covered by those privacy protections in the Communications Act, and the edge providers are not.

But there’s one more big reason that we should not consider the online advertising system to be a normalized part of life: it is far from clear that it is here to stay. As we stressed to the FCC in our comments, the online ecosystem is a fluid, rapidly changing environment, where consumers can stampede from one web service to another at a whim, where empires rise and fall seemingly overnight (for example Myspace, Friendster, Netscape, RealNetworks, Orkut, and Digg), or across a decade (for example AOL or Yahoo). The ad-based regime of today may look completely different in a few years.

There’s reason to think it will. While some communications infrastructures have been regularly spied upon from time to time throughout history, in the end people need, and always demand, privacy. As historian David Kahn put it, invasions of privacy contradict

a long evolution toward the secrecy of communications. Centuries ago, people in England, France and the German states fought for the right to send letters without their being opened by the ‘black chambers’ of absolutist monarchs.

Across Europe, Kahn writes,

the public knew about the letter-opening and hated it. The pre-revolutionary French assembly, the Estates-General, received complaints from all regions of France and from all classes of society about this invasion of their thoughts. A month after the fall of the Bastille, Article 11 of the Declaration of the Rights of Man held that citizens may write with freedom — in effect nullifying the right of the government to read letters. In the United States, the 1792 law establishing the Post Office forbade its agents from illegally opening the mail entrusted to it.

In 1794 Prussia enacted a law punishing letter-opening, Kahn writes, and “other states of Germany and elsewhere in Europe followed.” In 1844 the British Parliament “exploded” when an Italian visitor learned his letters had been opened, and the resulting “uproar” ended the practice.

More recently, the revelations about wholesale spying by the NSA have created a new firestorm of controversy—and a worldwide movement toward increasing the protection of privacy through both political and technological means.

In the end, people demand privacy. Confidentiality and control over the information about oneself that one disseminates are an inherent part of human life, and privacy is a core human need. When communications media are not regarded as trustworthy and private, people seek out other means of communicating — or demand change in the media they do use.

Often there is a lag, sometimes substantial, between when people first lose their privacy and when they begin to understand and resent that loss, and demand its correction. It is just this lag that the advertising industry is currently depending upon in today’s online edge-provider ecosystem. But this ecosystem, in which millions of people appear to have traded their privacy for free online services, evokes profound discomfort in many people, according to numerous polls.

In short, while many industry players would like to proclaim the advent of a “new era” in which privacy matters less, nothing could be further from the truth. The current prevalence of privacy invasions among certain edge providers does not enjoy wide legitimacy and should not be used to justify a betrayal of legally clear, culturally deep, and historically longstanding protection for privacy in our essential communications infrastructure. We must not let the essentially corrupt practices that happen to dominate our online ecosystem at the current moment in time be imported into the essential communications infrastructure on which that ecosystem lives. As one commentator put it, “we are only in the Middle Ages of digitization. The Renaissance has yet to come.”