[conspire] Internet Privacy: today's vote and measures to take

[Rick Moen]

Quoting Paul Zander (paulz at ieee.org):

> The US Senate had passed a bill that removes many of the existing Internet privacy restrictions.  The House is expected to do the same.
> 
> https://www.eff.org/deeplinks/2017/03/we-have-24-hours-save-online-privacy-rules

(Comments below are a little unpolished because they're assembled while
trying to research the facts.  Deal.  ;->  )


The House of Representatives has now passed the same bill, 215 to 205.
President Trump is expected to sign the bill into law.
http://thehill.com/policy/technology/326145-house-votes-to-send-bill-undoing-obama-internet-privacy-rule-to-trumps-desk
http://gizmodo.com/congress-just-gave-internet-providers-the-green-light-t-1793698939
https://arstechnica.com/tech-policy/2017/03/for-sale-your-private-browsing-history/

(Last week's Senate vote was 50-to-48 vote 'along party' lines.)  Advocacy
group 'Fight for the Future' has a list of the Senators who voted yes:
https://www.fightforthefuture.org/news/2017-03-27-fight-for-the-future-to-unleash-billboards-to/
But obviously if you know a Senator's party affiliation, you know the
person's vote.


The bill is pursuant to the Congressional Review Act (CRA,
https://en.wikipedia.org/wiki/Congressional_Review_Act), which provides
a Congressional mechanism to undo recent regulatory law and prohibit
re-enactment of such regulation.  The regulation now being overturned
was an FCC rulemaking in October 2016 that would have created a category
of 'sensitive data' (personal customer Internet-activity data) that ISPs
would have been prohibited from selling, e.g., 'browsing history, app
usage and financial and medical information', without opt-in permission
from the customer, according to the above-cited article.  The rule would
have gone into effect later this year.

Another article
(https://arstechnica.com/tech-policy/2017/03/isps-say-your-web-browsing-and-app-usage-history-isnt-sensitive/)
says 'The FCC defined Web browsing history and app usage history as
sensitive information, along with other categories such as geo-location
data, financial and health information, and the content of
communications.'


Here's an article about the October 2016 rulemaking, passed 3-2 by FCC's
Board of Comissioners:
https://www.washingtonpost.com/news/the-switch/wp/2016/10/27/the-fcc-just-passed-sweeping-new-rules-to-protect-your-online-privacy/


Something I notice:  The news coverage includes a lot of talking-heads 
opinions, but _not_ the unique identifiers of the FCC rulemaking or of
the Senate or House bills -- let alone links to the text of either of
those.  Online information about lawmaking is miles better than it used
to be, but improvements are still needed.  It's troubling that reporters
and editors don't think we might want to read and know the 'upstream'
information.

After a lot of digging, I found the identifier of last week's Senate
bill:  'S.J.  Resolution 34' (Senate Joint Resolution 34'.
https://cdt.org/press/senate-votes-to-strip-privacy-protections-from-broadband-users/

It bore that same designation for passage today in the House:
https://rules.house.gov/bill/115/sj-res-34
(That's the record of the bill's deliberation by the House Rules Committee 
prior to today's full House vote.)
However, the internal name for it in the house was H.Res. 230.
https://www.congress.gov/bill/115th-congress/house-resolution/230


Via the above-cited group Center for Democracy & Technology (cdt.org), I
found the October 2016 rulemaking's original text:
http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db1103/FCC-16-148A1.pdf
https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1_Rcd.pdf
It would have taken effect on December 4, 2017.  The rulemaking's title
was 'Protecting the Privacy of Customers of Broadband and Other
Telecommunications Services'.



The other obvious question would be 'Who voted for, why voted against?'
For the Senate, the answer is that it was a party-line vote.  For the
House, it seems difficult to determine (to this commenter, at least).
Congress's Web site says
(https://www.congress.gov/bill/115th-congress/senate-joint-resolution/34/all-actions?overview=closed&q=%7B%22roll-call-vote%22%3A%22all%22%7D)
that the Senate held a roll-call vote.  Perhaps the House didn't.

In a deliberative assembly, often no official record is kept of who 
voted which way.  Exceptions are called 'roll-call votes'.
https://en.wikipedia.org/wiki/Voting_methods_in_deliberative_assemblies#Recorded_vote

Techcrunch says
(https://techcrunch.com/2017/03/28/house-vote-sj-34-isp-regulations-fcc/)
'15 Republicans broke rank to join the 190 Democrats who voted against
the repeal.'   But names are not (yet?) provided.

Aha, here it is!
http://clerk.house.gov/evs/2017/roll202.xml

My congresscritter, Anna Eschoo (D-CA 18th district) voted against.



In the wake of this action from Congress, and Pres. Trump's signature
(highly likely), there are two obvious measures available to alert ISP
customers who wish to either permit or disallow sale of their Web
browsing history, app usage history, geo-location data, financial and
health information, and the content of communications, etc.

If you wish to permit it, do nothing.  (Hey, I'm impartial in my
information pro bono publico.)

If you wish to disallow it:

1.  Opt out via your ISP.  This is a different problem with each ISP.
Mine is Mike Durkin's Raw Bandwith Communications, Inc., and Mike is
such a standout (exceptionally good and ethical) provider I don't think
I even need check into this with _my_ ISP.  Mike has been a major force
for keeping sleazy outfits like AT&T honest, as for example with this
FCC filing Mike made in 2011:  https://ecfsapi.fcc.gov/file/7021705950.pdf

2.  Push for regulation at the state level.

3.  Stop giving your ISP so much personal data.  The biggest measure
you can take in this area -- and I keep saying it and you guys mostly
ignore it -- is to stop using ISP recursive nameservers.  Good local
recursive nameservers like Unbound improve your network performance and
security, while requiring _no_ administration.  
http://linuxmafia.com/faq/Network_Other/dns-servers.html#unbound
(The truly paranoid will also consider using VPN services.)