Innovation Files has moved! For ITIF's quick takes, quips, and commentary on the latest in tech policy, go to itif.org

Privacy Complaint in the Silly Season

electionAhead

As this is a presidential election year, it’s not surprising that the the “silly season” of politics has been extended into the baseball playoffs. A group of political extremists organized by the Competitive Enterprise Institute (CEI) has filed a complaint with the FCC over the privacy disclosures for an old  consumer broadband measurement program. This isn’t the program that the Commission conducts every year with Sam Knows that leads to an annual report comparing actual broadband speeds to advertised ones, but to a program that was developed by the National Broadband Plan some three years ago to provide the team with a snapshot of performance.

The letter has me wondering whether the advocates: (a) Have just come out of a three year coma; and (b) Have any idea at all about how the Internet works. There are also some distortions of law that will slap attorneys in the face. Please read the letter, but sit down first so you don’t hurt yourself rolling on the floor laughing at its circular logic.

Like many government programs that collect information that might be considered personal and sensitive, the FCC’s broadband measurement program fully disclosed that the information it has collected may be shared with law enforcement if it appears to show evidence of a crime. This is boilerplate language that says that information providing an “indication of a violation or potential violation of a statute, regulation, rule, or order” may be shared with law enforcement. An effective broadband measurement program needs to examine traffic rates between pairs of computers over time, such as a given laptop and a given Internet service.

At any given time, this rate is measured from one IP address to another, but a historical plot needs to be made from one street address to another because IP addresses can change at both ends of the connection. Residential ISPs assign IP addresses dynamically, and Internet services such as Google and Netflix employ multiple servers to keep up with changing patterns of load. So the information about IP address and location is vital data, without which the program’s measurements are meaningless.

This program was completely voluntary, and the disclosures go beyond its actual scope. In fact, the FCC has never reported any suspicious activity discerned in the course of measuring broadband speeds to the law, but if they did I’d be perfectly OK with it, as would most citizens. It’s unlikely that a terrorist, a crack dealer, or a child pornographer would have signed up with the FCC to have his or her broadband speed measured, but if they did and some intrepid researcher was able to see criminal activity in the pattern of their IP address-to-IP address connections, I’d certainly want that to be shared with law enforcement.

Unlike the advocates, I don’t insist on judicial oversight before a case has been made and presented to the courts. If I see teenage prostitutes coming in and out of my next door neighbor’s house, I don’t need a court order before calling the police with the information, so why should a researcher who’s looking at data that was voluntarily disclosed to the FCC be under a different standard? The legal system has “judicial oversight” built into to it, so accused criminals have an attorney, a right to confront witnesses and examine evidence, and a day in court before any judgment is made. Isn’t that enough?

The CEI and its friends are generally on the law-and-order side of things, so they’re an odd group to be insisting that evidence of criminal activity needs to be hidden from the law. A number of the signatories are libertarians, not exactly the people who should be complaining about a purely voluntary program that people enter into with full knowledge that the activities they’ve consented to being measured by the government will be, um, fully measured. This is like denying adults the right to waive their Miranda rights if they’re subsequently charged with a crime.

The fact of the matter is that consent to measurement is necessarily an agreement to give up some privacy, just as visiting an advertising-supported web site is a consent to have ads placed in your browser. Sometimes you can have your cake and eat it too, but usually you can’t. You can’t have a voluntary measurement program without giving up some personal information. Just as participants in the Nielsen television rating program agree to share viewing patterns with the Nielsen people, those who allow their broadband speeds to be measured are agreeing to share information with the measurer. That’s the point of the program, after all.

As long as this is a free and voluntary choice that’s fully disclosed, I don’t see the problem. The CEI appears to be complaining that the FCC’s privacy disclosure is too expansive, not that it’s insufficient.

This is one bizarre complaint.

Print Friendly

About the author

Richard Bennett is an ITIF Senior Research Fellow specializing in broadband networking and Internet policy. He has a 30 year background in network engineering and standards. He was vice-chair of the IEEE 802.3 task group that devised the original Ethernet over Twisted Pair standard, and has contributed to Wi-Fi standards for fifteen years. He was active in OSI, the instigator of RFC 1001, and founder, along with Bob Metcalfe, of the Open Token Foundation, the first network industry alliance to operate an interoperability lab. He has worked for leading applied research labs, where portions of his work were underwritten by DARPA. Richard is also the inventor of four networking patents and a member of the BITAG Technical Working Group.