It is not just about ISP's harvesting your data and selling it, much of the speculation is if the privacy laws were to enacted and the ISPs could not collect that data then there would be no data to share with the government or at least it would make it more difficult for the government to obtain it.

That it is more about the ease of which government entities like the NSA have harvesting, storing and disseminating that data than it is is ISP's making money on it.

If your porn profile shows you prefer caucasian women between 18-30, do you really respect the diverse culture we promote here at XYZ Corp?

So would one of you IT geniuses post a list of VPN services that will guarantee that nobody will ever get my browsing data?
Thanks in advance.

All you need to know right here That One Privacy Site

They can't get their shit together to deal with something the people want, but they sure as fuck can get something that fucks the people over and pays off some of their debt to their donors though.

Bunch of fucking disgraces, the whole damn lot of them.  Time to sweep them out again.  If they pass this shit, I'm going to vote D in the next mid-term out of spite.  I'm done voting for fuckwads who can't do what's right, only what gives them more power/money.  Done with them.  I'd rather have a dem than that.  

Not how that works.  They can see all of your packets, unless you are encrypting between the VPN destination and your LAN....they can see everything you do.

Thanks. I will check it out.

My bud says there is NO perfect security.  I am sure that is so.

What authority prevents congress from regulating that?  It's not against the bill of rights and it's not against the constitution.  It's fair game.  

Also, my information belongs to me and by law, always should.  Other entities should not be able to sell data or information regarding a private citizen's activities on the internet.  They shouldn't even be able to store it because it doesn't belong to them.  If I were writing the law, I'd be strengthening the rights of a person to control who has their data, who is allowed to sell it, and extraordinary stiff penalties for selling it illegally.

I cant wait for skeezy companies to buy everyones porn browsing history and "blackmail" everyone by listing it all on a website unless you pay them $100 to remove it. Companies do the exact same thing with mugshots in many states, and leave them up even if you end up not being charged or found innocent $100 to remove it so it doesnt show up in web searches for potential employers, etc.

https://en.wikipedia.org/wiki/Mug_shot_publishing_industry

I love telecom threads. Massive government-backed monopolies reading your correspondence on pain of disconnection from civilization and the economy is good, because free market. Small town citizens building their own infrastructure is bad and needs to be banned, because free market.

Does make me wonder what is actually in the bill vs the propaganda headline.

What is the house bill to be voted on Tuesday?  Or, what do I tell my representative to vote against?

Umm that is exactly what a VPN tunnel does. 

What do you think the vpn services do with your data?

OK.  So put it in the bill that get .gov out of the telecom regulation business.  Same with the DNA collection from health insurance companies.  Put that in the bill that gets the government out of the health insurance business.  Cut the tax breaks for employer provided insurance.  I doubt you support either since most of you guys are crony capitalists.

This.

Don't like it, get an ISP that has a "no sell" clause in it.

Those who sell will have lower rates (due to selling the data) those who don't sell will have higher rates and privacy.

consumer can choose.

Do we want a government entity telling private companies what they can, and can't do?

Just checking here.

If one really believes what they do on the internet is private, they're dillusional.

You think Republicans are all about individual liberty?

I tried to not sign up for an ISP, but the fucking fascist thugs from the FCC SWAT team kicked in my door and said, "Time Warner or your dog gets it"

Whether or not the actual rule is bad, the language of the FCC's rule is infuriating. These motherfucking tyrants intentionally write rules in long form, adding mountains of superfluous information in order to hide the actual rule within.

This is the bill text from the senate , which just proposes to remove the FCC rule:



JOINT RESOLUTION
Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”.

"Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (81 Fed. Reg. 87274 (December 2, 2016)), and such rule shall have no force or effect."

And here is only about 5% of the nightmare rule:


AGENCY:
Federal Communications Commission.

ACTION:
Final rule.

SUMMARY:
In this document, the Federal Communications Commission (Commission) adopts final rules based on public comments applying the privacy requirements of the Communications Act of 1934, as amended, to broadband Internet access service (BIAS) and other telecommunications services. In adopting these rules the Commission implements the statutory requirement that telecommunications carriers protect the confidentiality of customer proprietary information. The privacy framework in these rules focuses on transparency, choice, and data security, and provides heightened protection for sensitive customer information, consistent with customer expectations. The rules require carriers to provide privacy notices that clearly and accurately inform customers; obtain opt-in or opt-out customer approval to use and share sensitive or non-sensitive customer proprietary information, respectively; take reasonable measures to secure customer proprietary information; provide notification to customers, the Commission, and law enforcement in the event of data breaches that could result in harm; not condition provision of service on the surrender of privacy rights; and provide heightened notice and obtain affirmative consent when offering financial incentives in exchange for the right to use a customer's confidential information. The Commission also revises its current telecommunications privacy rules to harmonize today's privacy rules for all telecommunications carriers, and provides a tailored exemption from these rules for enterprise customers of telecommunications services other than BIAS.

DATES:
Effective January 3, 2017, except for §§?64.2003, 64.2004, 64.2006, and 64.2011(b) which contain information collection requirements that have not yet been approved by OMB. The Federal Communications Commission will publish a document in the Federal Register announcing the effective date of these rules upon approval. Section 64.2005 is effective March 2, 2017.

FOR FURTHER INFORMATION CONTACT:
For further information about this proceeding, please contact Sherwin Siy, FCC Wireline Competition Bureau, Competition Policy Division, Room 5-C225, 445 12th St. SW., Washington, DC 20554, (202) 418-2783, [email protected]. For additional information concerning the Paperwork Reduction Act information collection requirements contained in this document, send an email to [email protected] or contact Nicole Ongele at (202) 418-2991.

SUPPLEMENTARY INFORMATION:
This is a summary of the Commission's Report and Order in WC Docket No. 16-106, FCC 16-148, adopted October 27, 2016 and released November 2, 2016. The full text of this document is available for public inspection during regular business hours in the FCC Reference Information Center, Portals II, 445 12th Street SW., Room CY-A257, Washington DC 20554. It is available on the Commission's Web site at https://apps.fcc.gov/?edocs_?public/?attachmatch/?FCC-16-148A1.pdf. The Commission will send a copy of this Report and Order in a report to be sent to Congress and the Government Accountability Office pursuant to the Congressional Review Act, see 5 U.S.C. 801(a)(1)(A).

Synopsis
I. Introduction
1. In this Report and Order (Order), we apply the privacy requirements of the Communications Act of 1934, as amended (the Act) to the most significant communications technology of today—broadband Internet access service (BIAS). Privacy rights are fundamental because they protect important personal interests—freedom from identity theft, financial loss, or other economic harms, as well as concerns that intimate, personal details could become the grist for the mills of public embarrassment or harassment or the basis for opaque, but harmful judgments, including discrimination. In adopting section 222 of the Communications Act, Congress recognized the importance of protecting the privacy of customers using telecommunications networks. Section 222 requires telecommunications carriers to protect the confidentiality of customer proprietary information. By reclassifying BIAS as telecommunications service, we have an obligation to make certain that BIAS providers are protecting their customers' privacy while encouraging the technological and business innovation that help drive the many benefits of our increasingly Internet-based economy.

2. Internet access is a critical tool for consumers—it expands our access to vast amounts of information and countless new services. It allows us to seek jobs and expand our career horizons; find and take advantage of educational opportunities; communicate with our health care providers; engage with our government; create and deepen our ties with family, friends and communities; participate in online commerce; and otherwise receive the benefits of being digital citizens. Broadband providers provide the “on ramp” to the Internet. These providers therefore have access to vast amounts of information about their customers including when we are online, where we are physically located when we are online, how long we stay online, what devices we use to access the Internet, what Web sites we visit, and what applications we use.

3. Without appropriate privacy protections, use or disclosure of information that our broadband providers collect about us would be at odds with our privacy interests. Through this Order, we therefore adopt rules that give broadband customers the tools they need to make informed choices about the use and sharing of their confidential information by their broadband providers, and we adopt clear, flexible, and enforceable data security and data breach notification requirements. We also revise our existing rules to provide harmonized privacy protections for voice and broadband customers—bringing privacy protections for voice telephony and other telecommunications services into the modern framework we adopt today.

4. In response to the Notice of Proposed Rulemaking (NPRM), we received more than 275,000 submissions in the record of this proceeding, including comments, reply comments, and ex parte communications from consumers; broadband and voice providers and their associations; public interest groups; academics; federal, state, and local governmental entities; and others. We have listened and learned from the record. In adopting final rules, we rely on that record and in particular we look to the privacy and data security work done by the Federal Trade Commission (FTC), as well as our own work adopting and revising rules under section 222. We have also taken into account the concepts that animate the Administration's Consumer Privacy Bill of Rights (CPBR), and existing privacy and data security best practices.

5. The privacy framework we adopt today focuses on transparency, choice, Start Printed Page 87275and data security, and provides heightened protection for sensitive customer information, consistent with customer expectations. In adopting these rules we honor customer's privacy rights and implement the statutory requirement that carriers protect the confidentiality of customer proprietary information. These rules do not prohibit broadband providers from using or sharing customer information, but rather are designed to protect consumer choice while giving broadband providers the flexibility they need to continue to innovate. By bolstering customer confidence in broadband providers' treatment of confidential customer information, we also promote the virtuous cycle of innovation in which new uses of the network lead to increased end-user demand for broadband, which drives network improvements, which in turn lead to further innovative network uses, business growth, and innovation.

II. Executive Summary
6. Today we adopt rules protecting the privacy of broadband customers. We also revise our current rules to harmonize our rules for all telecommunications carriers. In this Order, we first offer some background, explaining the need for these rules, and then discuss the scope of the rules we adopt. In discussing the scope of the rules, we define “telecommunications carriers” that are subject to our rules and the “customers” those rules are designed to protect. We also define the information protected under section 222 as customer proprietary information (customer PI). We include within the definition of customer PI three types of information collected by telecommunications carriers through their provision of broadband or other telecommunications services that are not mutually exclusive: (i) Individually identifiable Customer Proprietary Network Information (CPNI) as defined in section 222(h); (ii) personally identifiable information (PII); and (iii) content of communications. We also adopt and explain our multi-part approach to determining whether data has been properly de-identified and is therefore not subject to the customer choice regime we adopt for customer PI.

7. We next adopt rules protecting consumer privacy using the three foundations of privacy—transparency, choice, and security:

8. Transparency. Recognizing the fundamental importance of transparency to enable consumers to make informed purchasing decisions, we require carriers to provide privacy notices that clearly and accurately inform customers about what confidential information the carriers collect, how they use it, under what circumstances they share it, and the categories of entities with which they will share it. We also require that carriers inform their customers about customers' rights to opt in to or opt out (as the case may be) of the use or sharing of their confidential information. We require that carriers present their privacy notice to customers at the point of sale, and that they make their privacy policies persistently available and easily accessible on their Web sites, applications, and the functional equivalents thereof. Finally, consistent with FTC best practices and with the requirements in the CPBR, we require carriers to give their customers advance notice of material changes to their privacy policies.

9. Choice. We find that because broadband providers are able to view vast swathes of customer data, customers must be empowered to decide how broadband providers may use and share their data. In this section, we adopt rules that give customers of BIAS and other telecommunications services the tools they need to make choices about the use and sharing of customer PI, and to easily adjust those choices over the course of time. Section 222 addresses the conditions under which carriers may “use, disclose, or permit access to” customer information. For simplicity throughout this document we sometimes use the terms “disclose” or “share” in place of “disclose or permit access to.” In adopting rules governing customer choice, we look to the best practices framework recommended by the FTC in its 2012 Privacy Report as well as the choice framework in the Administration's CPBR and adopt a framework that provides heightened protections for sensitive customer information. For purposes of the sensitivity-based customer choice framework we adopt today, we find that sensitive customer PI includes financial information, health information, Social Security numbers, precise geo-location information, information pertaining to children, content of communications, web browsing history, application usage history, and the functional equivalents of web browsing history or application usage history. With respect to voice services, we also find that call detail information is sensitive information. We also adopt a tiered approach to choice, by reference to consumer expectations and context that recognizes three categories of approval with respect to use of customer PI obtained by virtue of providing the telecommunications service:

Opt-in Approval. We adopt rules requiring carriers to obtain customers' opt-in approval for use and sharing of sensitive customer PI (and for material retroactive changes to carriers' privacy policies). A familiar example of opt-in practices appears when a mobile application asks for permission to use geo-location information.
Opt-out Approval. Balancing important governmental interests in protecting consumer privacy and the potential benefits that may result from the use of non-sensitive customer PI, we adopt rules requiring carriers to obtain customers' opt-out approval for the use and sharing of non-sensitive customer PI.
Congressionally-Recognized Exceptions to Customer Approval Requirements. Consistent with the statute, we adopt rules that always allow broadband providers to use and share customer data in order to provide broadband services (for example to ensure that a communication destined for a particular person reaches that destination), and for certain other purposes.
10. Data Security and Breach Notification. At its most fundamental, the duty to protect the confidentiality of customer PI requires telecommunications carriers to protect the customer PI they collect and maintain. We encourage all carriers to consider data minimization strategies and to embrace the principle of privacy by design. To the extent carriers collect and maintain customer PI, we require BIAS providers and other telecommunications carriers to take reasonable measures to secure customer PI. To comply with this requirement, a carrier must adopt security practices appropriately calibrated to the nature and scope of its activities, the sensitivity of the underlying data, the size of the provider, and technical feasibility. We decline to mandate specific activities that carriers must undertake in order to meet the reasonable data security requirement. We do, however, offer guidance on the types of data security practices we recommend providers strongly consider as they seek to comply with our data security requirement, while recognizing that what constitutes “reasonable” data security evolves over time.

11. We also adopt data breach notification requirements. In order to ensure that affected customers and the appropriate federal agencies receive notice of data breaches that could result in harm, we adopt rules requiring BIAS Start Printed Page 87276providers and other telecommunications carriers to notify affected customers, the Commission, and the FBI and Secret Service unless the carrier is able to reasonably determine that a data breach poses no reasonable risk of harm to the affected customers. In the interest of expedient law enforcement response, such notice must be provided to the Commission, the FBI, and Secret Service within seven business days of when a carrier reasonably determines that a breach has occurred if the breach impacts 5,000 or more customers; and must be provided to the applicable federal agencies at least three days before notice to customers. For breaches affecting fewer than 5,000 customers, carriers must notify the Commission without unreasonable delay and no later than thirty (30) calendar days following the carrier's reasonable determination that a breach has occurred. In order to allow carriers more time to determine the specifics of a data breach, carriers must provide notice to affected customers without unreasonable delay, but within no more than 30 days.

The government already uses regulatory powers to coerce huge firms (like telecom) to do things that support government (like signals intelligence.)

This is how big gov pays them back.

Then get rid of that, too.  Unlike the "airwaves" cable and fiber were privately funded for the most part.  People are free to install more I think.

The less government tells people what they must, and must not, do, the better.

I haven't read the treatise, but does it force ISPs to sell their data?

Nope. But they will. Like everything else, non support of gov programs will see the tightening of screws in every facet of a companies issues.

From "approving" ATT Bells interstate infrastructure to spinning up a monopoly suit against Microsoft, large firms can't survive without buying into the Feds.

It's why Banks were shitcanning accounts of legal gun businesses, it's why Wall Street spends 50/50 every single campaign cycle.

so here is a law that allows firm to do what they want.

Lets see a major ISP provider put a legal part in their contract where they refuse to sell data.  I bet they would do well.

Sounds like a continuation of Net neutrality.  ISPs are utilities.

I doubt it.

I bet they would have tax problems, permitting problems, licensing problems, financing problems, investigations into their business practices, would be excluded from future industry support legislation, have any foreign interests squeezed/restricted, etc.

No major ISP will refuse to sell data, if any of them do.

If you don't like the terms of our naturally occuring monopoly, you're free to walk away from your job and give up access to 99% of the market, indexed knowledge, or social circles.

Think you can build out your own fiber and treat it like a utility? Think again, we sponsored bans for that.

Mullvad is probably the best as far as privacy goes.

Do not use hidemyass under any circumstances. They are fucking rats.

Considering what the two parties spend on opposition research (50mil+) I have a feeling we're gonna get to see a lot more porn preference outing of conservative politicians.

Not all government regulations are bad. This was an example of a good one. The 4th amendment should apply to my digital "papers" as well as my physical papers in the same way the 1st Amendment applies to the internet.

Maybe I am missing it.

I think for my area I have Time Warner, Sprint, AT&T and Google Fiber.  

I ain't an expert on this shit, but at least I have the facade of choice.  What am I not seeing?

I won't argue they don't all suck equally.  But they could offer no sale and higher prices, right?

Interesting discussion.

Should Verizon be able to sell my phone calls including content?

Should Google be able to sell my gmail?

If all data is stored what is to stop an ISP from changing it's policy in the future and selling past data?

Should the FBI be able to purchase phone calls and internet history?

Should China be able to purchase US data including business emails?

I would suspect browsing history might tell more about a person than communications.

How much do you pay google for gmail?

The point is it's not facsism. That's? the Only point

Nothing.

Should Google be able to sell the content of my gmail to the FBI?

Should G be able to sell the content of documents stored in G drives in the cloud?

Should an ISP be able to sell J Laws booby pics stored in the cloud?

Lol except we don't have a true free market

ISPs have a monopoly through government regulation. They rub the government's back, the government rubs theirs.

How easy would it be for me to go start my own ISP right now? How many .gov loopholes would I have to jump through and how many politicians would I have to pay off?

None of those firms will individually offer no sale. They will either all sell or all not.

They will probably sell.

Down side is there will be an "impact" as people see ads even more closely tailored to their surfing activity and hear about this.

Some will VPN it, others will sort out ways to circumvent it in different ways. Eventually the ISP logging all those keystrokes will have issues with corrupted and inaccurate data nobody wants to pay for.

I could see folks buying a program which constantly downloads completely inane or even opposing political content which skews their profile and deceives what they look at.

Wonder what some grey market providers will do to disguise their content? Because their customer base does not always want what they do on the net to be revealed. John Podesta is gonna want to sign up for his own VPN to cover his surfing, what better thing to do but have pedochild.prv.korea offer it free?

We could see it as another benefit of membership at some forums. I would definitely pay for it wrapped into it here. What they are doing it taking things a step too far - and what we will do is react, dive deeper, and find ways to circumvent it.

They were better off leaving well enough alone. It's no different than the MSM, newspapers are dying and the 6:00 news is considered corrupt. We moved to Drudge et al and now we take another step to get the data we want without their control. Every step they take is another response by us. Ban switchblades, we get holes and studs, assisted openers, and voila, switchblades are about nothing at all now. Ban AR's and we get bullet buttons, then fixed mags ans stripper clip feeding into the ejection port.

Make a stupid law we come up with ingenious solutions. We will get around it no matter what they do. Did Prohibition stop sales of alcohol, did Hitler wipe out the Jews? Not.

Sell the ISP data and even more will react to hide their habits and that data will become less valuable than ever. Guaranteed.

If you allow them to.  If you don't want Gmail to do that shit, don't use them.

You are talking to a guy whose TS application is currently in the possession of the chinese government and anyone willing to pay a few hundred dollars for it.  

If you are online, you are compromised.  Everything you have, do, and see is open to whoever wants it.

Don't like it?  Don't be online.

But now you are advocating for the government to restrict what private companies can do in a completely voluntary exchange between private citizens, because freedom.

ARFCOM wants to sell my posts?  OK.  Probably wouldn't post as much

You are correct. The only way to win that game is to not play.

That the government is involved at all should alert everyone to this being not so good.

The OPM hack is really a good point.

Combine that with the browsing history of Millitary personnel and any one has pretty close to a mind reading machine of those in positions of influence in the Military.

If I can buy the browsing history of my competitor in business I have a window into the soul of that business.

Better even to force my competitors off line.

What could possibly go wrong?

I still have a land line, should my phone provider be able to sell a wiretap of my landline?

Business that elects to go offline is at huge disadvantage in today real world and might be worse off than allowing the Chinese to purchase their IT.

Exactly.  Put the right party branding on it and suddenly its a good thing.  Forget about substance.  Its almost like we have to pass the bill so we can understand it.
But according to our party brand manual, Republican's stand for personal freedom, limited gov oversight and less gov.   Right, sure.

Just got my "I'm awesome keep voting for me" email from Ted today.  Ya know, I did a reply on this topic.  And asked how this is in the constituents best interest?  That it makes him look like he's bought, more than anything.

Eagerly standing by for my thoughtful reply.

Makes sense, but isn't the VPN provider a ISP also and could do the same monitoring?

This.

But it will soon be under fire too, if not already.  Obviously hiding something if you don't want them nosing about. At least that is their opinion.