Internet service providers and other critics of proposed broadband privacy rules have spent a lot of time arguing that the potential regulations will place ISPs at a disadvantage to
companies like Google and Facebook.
The possible regulations would require broadband providers -- but not companies like Google or Facebook -- to seek consumers' explicit consent before
tracking their Web activity for ad purposes. Google, Facebook and other so-called "edge providers" tend to use Web-surfing data about consumers for ad purposes, unless they opt out.
ISPs and
other critics argue that the proposal will confuse consumers, and will make it harder for broadband providers to gain a foothold in online advertising.
This week, privacy expert and legal
scholar Paul Ohm, a former senior advisor to the Federal Trade Commission, will tell lawmakers why ISPs are wrong on both points.
"In narrowly circumscribed contexts, Congress has seen fit to
create heightened privacy obligations," he states in written testimony he has submitted to
Congress in advance of tomorrow's hearing about the possible rules. "HIPAA
protects the privacy of some health information, FERPA does the same for some education records, and the Fair Credit Reporting Act protects some credit reports, to name only three examples."
Ohm adds there are several reasons why online gatekeepers -- meaning Internet service providers -- also should be subject to heightened privacy rules.
Among others, according to Ohm,
Internet service providers have "a unique vantage point" into consumers' behavior, because ISPs are the only player capable of seeing all of a customers' traffic.
"If you are a habitual user
of the Google search engine, Google can watch you while you search, and it can follow you on the first step you take away from the search engine. After that, it loses sight of you, unless you happen
to visit other websites or use apps or services that share information with Google," he writes. "Habitual Facebook users are watched by the company when they visit Facebook or use websites, apps or
services that share information with Facebook, but they are invisible to Facebook at all other times."
He adds that even when sites are encrypted, ISPs still can learn a great deal. "When you
visit a website protected by the most widespread form of encryption in use ... even though your [broadband access] provider cannot tell which individual page you are visiting on the website, it still
can tell the domain name of the website you are communicating with, how often you return, roughly how much data you send and receive, and for how long each visit lasts," he says.
Ohm also says
that ISPs can always compete with companies like Google by developing their own search engines. "A broadband Internet provider that launches a search engine will be able to use the information it
takes from its search engine customers in the relatively unrestricted manner the law currently provides for that industry," he says.
Ohm has long warned that collecting data about Web users
could hurt them. In a widely circulated 2012 blog post for the Harvard Business Review, Ohm urged companies to avoid creating a "Database of Ruin."
He warned that companies are building
"digital dossiers" that potentially will contain tens of thousands of facts about people. "I’ve argued that these databases will grow to connect every individual to at least one closely guarded
secret. This might be a secret about a medical condition, family history, or personal preference," he wrote at the time. "It is a
secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm."
In his testimony supporting the potential privacy rules, he
builds on that theme. "The list of websites an individual visits ... reveals so much more than a member of a prior generation would have revealed in a composite list of every book she had checked out,
every newspaper and magazine she had subscribed to, every theater she had visited, every television channel she had clicked to, and every bulletin, leaflet, and handout she had read," he states. "No
power in the technological history of our nation has been able until now to watch us read individual articles, calculate how long we linger on a given page, and reconstruct the entire intellectual
history of what we read and watch on a minute-by-minute, individual-by-individual basis."
"Providers might respond that they want this information only to reduce us into marketing categories
to sell and resell," he adds. "I derive no comfort from that justification."