Privacy SOS

David versus Goliath on Beacon Hill: Privacy advocates and major internet companies face off at the state house over consumer privacy

Here are some websites you or someone in your family may have visited:

  • pornhub.com
  • addictionandrecovery.org
  • plannedparenthood.org
  • suicidepreventionlifeline.org
  • stdcheck.com
  • lgbtcenters.org
  • preventchildabuse.org
  • domesticviolence.org

Do you think internet service providers (ISPs) like Comcast and AT&T should be able to sell your personal information, including information about what websites you visit, without your consent?

The Obama administration didn’t. And neither do some state lawmakers in Massachusetts, who have introduced legislation that would require ISPs to get your opt-in consent before using or selling your personal records. One of those bills was heard last week before the Joint Committee on Economic Development and Emerging Technologies. The ACLU was there to testify in support of the bill. The ISPs were there to try to kill it.

And it’s not hard to see why the ISPs don’t like this legislation; they want to make more money. They hated it when a similar rule existed at the federal level. They lobbied the Obama administration hard to prevent the privacy rule from ever taking shape. Then once it was formalized, above their objections, the ISPs fought to eliminate it. Having succeeded at that, they’ve now turned their sights to the states.

But in Massachusetts, where we have more tech workers per capita than any state in the nation, we have a chance to stand up for the little person and show the country what real tech leadership looks like.

Here’s some background to bring you up to speed: In October 2016, the Obama-era Federal Communications Commission (FCC) published a final rule to require ISPs to get consumers’ consent before selling their sensitive personal information. Paired with the Obama administration’s net neutrality rule, those FCC regulations put Americans on a solid foundation for the digital future—traveling at light speed on an equitable, safe, and secure internet for all.

But those optimistic days are fast vanishing in our rear view mirror. Just like with the Affordable Care Act, our hard-fought victories on internet privacy and net neutrality are under corporate and government attack. In April, using a Newt Gingrich-era law called the Congressional Review Act, the Trump administration and the GOP Congress killed the FCC privacy rule. Now they’re gunning for net neutrality, too.

But in the wake of the federal government’s attack on your internet privacy, state lawmakers from 29 states across the country have stepped up to the plate and introduced measures that would reinstate the protections we lost when Trump and his band of deregulators took power. I testified in support of one such bill last week at the Masachusetts State House.

Following the model of the now-dead FCC regulations, Senator Creem’s S.2062 would, like its companion bill in the House, Rep. Haddad’s H.3698, require ISPs like Comcast and Verizon to get consumer opt-in consent before selling your personal information. It’s a commonsense proposal to make sure Massachusetts residents and businesses retain control over their own lives and operations. After all, that’s what privacy is really about: control.

The ISPs were also at the hearing, asking the committee to reject the proposal. Their lobbyists made the same misleading arguments they’ve been making across the country. They claim it’s unnecessary to regulate consumer internet privacy at the state level, because they don’t sell customer data and they never would—as if saying “We don’t do this, so please don’t pass a law saying we can’t do this” makes any sense. They additionally claim the federal government has all the power it needs to protect consumers. But that argument also fails.

Incredibly, the ISPs also told legislators they should avoid acting on internet privacy because doing so would create a “patchwork” of state law, and this is an issue better left to the feds. My jaw drops when I hear this argument. After all, there was a federal rule, and the ISPs hated it! They lobbied against it, and once it was established, they lobbied to kill it. Their argument sounds a lot like the kid who kills his parents and then pleads to the judge for mercy: “Go easy on me, please, your honor; I’m an orphan!”

But perhaps most importantly for Massachusetts—a state with an economy uniquely reliant on its technology sector—the ISPs have been warning lawmakers of dire “unintended consequences” if they pass a law to protect consumers’ internet privacy. That sounds awfully scary, but like so much of what the ISPs say in their bid to stop this bill and others like it, it’s just not so.

A number of technology leaders submitted written testimony to the Committee last week saying just that. As local tech leader Boaz Sender, the founder of Boston firm Bocoup wrote,

This bill regulates ISPs, which are utility providers, not technology companies, and does not negatively affect my company or others like it…On the contrary, S.2062 lays the groundwork for regulatory conditions which reinforce the business models of my company and other Massachusetts companies that interact with consumers over the internet.

Our innovation economy needs more ISP regulations in place, including this bill, in order to grow. S.2062 in particular protects the privacy of Massachusetts residents, maintains the integrity of the fundamental utility of the internet, and in so doing builds consumer trust in the internet. My customers need this trust in order to do business on the internet in Massachusetts, and area technology start-ups need this trust as a foundational social framework upon which to start and grow their internet businesses.

Mr. Sender and the other tech leaders who submitted testimony in support of consumer internet privacy are right: privacy is good for business. Sure, it’ll make it more difficult for companies like Comcast to sell your sensitive internet records for profit, but that won’t hurt start-ups or the tech sector in Massachusetts.

In the interest of a safe and secure internet and a healthy tech economy, and to put Massachusetts on the map as a consumer privacy leader, legislators should examine these and other ISP claims with close scrutiny. We are confident they’ll find that all the facts point to passing a bill like S.2062. If you agree, call your state lawmakers and tell them to support it.

© 2017 ACLU of Massachusetts.