Royal Caribbean's Allure Of The Seas: Built For Families
James Brown's To-Do List

Comcast And The Wireless Industry Defend 'Pay For Privacy' Schemes

Logo of CTIA, The Wireless Association Some big Internet service providers (ISPs) want consumers to pay for privacy. Earlier this month, both Comcast and the CTIA-The Wireless Association (formerly known as the Cellular Communications Industry Association) submitted comments about the broadband privacy rules proposed by the U.S. Federal Communications Commission (FCC) in April.

Portions of August 18, 2016 comments submitted by the CTIA to the FCC:

"Finally, we briefly noted that allowing consumers a variety of options regarding whether to receive a discount on broadband service in exchange for personalized advertising should be preserved. Hybrid payment models have been in commerce for centuries, including advertising supported magazines, grocery store loyalty programs, and app-based discount programs for retail establishments. Many internet companies rely on use of consumer data as their sole source of income, like search engines and social networks. Such offerings can lead to significant cost savings for all consumers, enable more valuable services for consumers, and mirror much of the economic activity that consumers expect. On this point, we provided a copy of a recent report by the Information Technology & Innovation Foundation, titled “Why Broadband Discounts for Data are Pro-Consumer,” which is attached to this filing."

Let's unpack this. It says that ISPs should be able to charge their customers for privacy, since many ISPs rely upon using (and reselling) their customers' information to make money. This would be an opt-out for customers, since the default is customers' information is used and resold. There are several problems with this approach:

  1. The pay-for-privacy business model is camouflaged in a seemingly harmless term: "hybrid payment models"
  2. The CTIA's argument falsely assumes ISPs are equivalent to search engines or social networking sites. They aren't. When a consumer uses the Internet, he/she has a choice of which search engine or social networking site to use; or none. Not so with ISPs. A consumer must use the Internet to do anything. Plus, there is a lack of ISP competition in key markets, which provides consumers with fewer choices. Is the industry suggesting more competition? Doubtful. In fact, the industry lobbied for and obtained local laws in about 20 states that deny residents the rights and benefits from competition by community-run ISPs; laws which a federal court recently (and mistakenly) upheld. And, proposed legislation to encourage ISP competition to gain lower prices and more choices for consumers has been blocked by the industry, by politicians, by attorneys general in some states.
  3. The CTIA's position is harmful. It essentially says this: the default is no privacy. Customers get privacy only when they pay for it. Huh? I find this at odds with traditional property rights laws. Information about consumers is owned by consumers until and unless they share it.
  4. Most customers already pay a monthly fee for Internet access. So, paying for privacy amounts to a price increase... a premium price, for something that should be baked into the service at the start. Plus, consumers in the United States already pay more for broadband and get slower speeds compared to other countries.
  5. The pay-for-privacy model does not address under- and un-served broadband segments: rural and low-income consumers. One could argue that paying for privacy is a greater burden on low-income consumers, when everyone has property rights and Fourth Amendment rights.
  6. Consumers need simplicity and clarity. For example, should a service offer a pay-for-privacy, it should mention optional components (e.g., web browsing, scan email contents, scan text message content, etc.) with standardized labels and language. Otherwise, consumers have more difficulty comparing services, and privacy policies that are already too long, complicated and difficult to read become even more so.

Comcast logo The CTIA's position seems to have followed Comcast's position. Portions of August 1, 2016 comments submitted by Comcast to the FCC:

"We also urged that the Commission allow business models offering discounts or other
value to consumers in exchange for allowing ISPs to use their data. As Comcast and others have argued, the FCC has no authority to prohibit or limit these types of programs. Moreover, such a prohibition would harm consumers by, among other things, depriving them of lower-priced offerings... A bargained-for exchange of information for service is a perfectly acceptable and widely used model throughout the U.S. economy, including the Internet ecosystem, and is consistent with decades of legal precedent and policy goals related to consumer protection and privacy.

Finally, we discussed how Comcast has partnered with vendors who have helped to
enhance consumer data privacy, and that the Commission should be clear that any rules it adopts do not prevent ISPs from providing CPNI to a vendor based on implied consent, provided the ISP has an agreement with the vendor requiring it to safeguard the CPNI and to use it solely on behalf of and as directed by the ISP..."

The same problems I listed above also apply to Comcast's comments. This is not theory. MotherBoard reported:

"Telecom giant AT&T already offers such a [pay for privacy] plan, called “Internet Preferences,” which tempts consumers with “best pricing” if they are willing to let the company “use your individual web browsing information, like the search terms you enter and the web pages you visit, to tailor ads and offers to your interests.” Users who opt-out of "Internet Preferences," which DSLReports calls a “deep packet inspection program that tracks your browsing behavior around the internet—down to the second,” face a $30 premium on their monthly bill."

Last year, Gigaom reported that price premium by AT&T for privacy is really far more:

"But $29 isn’t actually the price that AT&T charges per month for privacy. As I discussed back in May last year after I tried to sign up for AT&T’s GigaPower service to find out more about the pricing and the disclosures associated with the plan, the actual costs were closer to $44 or even $62 per month. This time around the price differentials are $44 for gigabit internet and $66 for HD TV and HBO Go plus gigabit internet."

Like anything else, the devil is in the details. $44 and $62 monthly both sound excessive. Apparently, the more services a consumer has, the more privacy costs. Regular readers of this blog already know about CPNI notices from AT&T.

The problems I see with both Comcast's and the wireless industry's pay-for-privacy positions are rooted in a lack of trust and transparency. The ISP industry has a long history of abuses, customer service failures, and a lack of transparency. Both the Gigaom and MotherBoard articles mentioned above highlight problems and failures, plus:

Consumers are rightfully wary and skeptical of pay-for-privacy schemes. Plus, consumers have no way to confirm that in a pay-for-privacy scheme their information is not being reused and resold anyway.

A solution based upon transparency that promotes trust would help: regular privacy audits by an independent third-party to ensure that the information of consumers who paid a privacy price premium are getting what they paid for.

Also available in this blog are the CTIA letter to the FCC (Adobe PDF; 247.2K bytes), and Comcast's letter to the FCC (Adobe PDF; 176.3K bytes).

To me, the whole thing smells like another excuse for ISPs to increase prices on services that are already too expensive and too slow. What do you think?


Feed You can follow this conversation by subscribing to the comment feed for this post.

Chansond de Roland

As the U.S. Supreme Court noted in another context, the power to tax is the power to destroy. The broadband ISPs’ (ISPs’) proposed premium pricing is simply a tax, a private party’s tariff, on privacy, which ISPs will use to make privacy so expensive that few will be able to afford it, so all but a few will have to submit to the complete loss of privacy in order to have broadband services, which the FCC, President Obama, and every reasonable and unbiased observer recognizes is a necessary utility in the modern age in modern industrial society. Therefore, the ISPs’ premium pricing would simply be coercion that would force nearly all accede to the complete loss of their privacy on the Internet.

But what makes the ISPs’ proposal for premium pricing for privacy such an outrage and which they don’t mention, when talking of tradition of discount pricing is only appropriate, where the property being priced belongs to the vendor, yet here privacy of our personal information belongs to each customer and not any ISP. The FCC’s privacy proposal is simply the common sense and traditional acknowledgement of the right, which exists in most other legal context and circumstances, that our personal information as to where we go and what we do is private as to strangers and as to third parties, even where and when we have a relationship with those third parties to provide some other service or good. With ISPs, we have only a limited commercial relationship to provide broadband services, which are in fact and now deemed to be a utility. We already pay a subscription, which, as reported in this blog, is extremely high for extremely slow service. Now, the ISPs wish to be granted permission to take even more value from consumers for the same poor to mediocre service by taking their extremely valuable right of privacy in their personal information from them. And thanks to AT&T et al., from it pricing reported on, supra, we have some idea of just how valuable our personal information is, being worth a premium of approximately $500 to $700 per year.

Granting the ISPs authority to use the cudgel of premium pricing for privacy expropriates from us our privacy, when for broadband service we grant only a limited license to ISPs to know, use, and dispose of our personal information but only to the extent necessary to provide us with broadband services, and that license is based on a subscription price for the service offered. However, if the FCC were to grant differential discounting based on privacy, then our privacy will become a matter of an ISP’s discretions, which it will exercise based on what most profitable, without regard to any person’s right in his privacy on the Internet.

What will they charge us for next? Differential pricing for the right to use our names on the Internet? Or perhaps the right to go to certain website? But, oh, that’s right, the net neutrality rules prohibit that. But isn’t this a way, through the backdoor, to charge us for where we go and what we do on the Internet, but this time by charging us for our privacy, as if our privacy were theirs and not ours?

But why stop at privacy? Why not offer differential pricing for whether one is willing to drive a self driving car offered by your ISP? Or differential pricing for those who promise not to ever complain about their broadband services? And so on. The reason that the answer to all of that is no arises from the two principles, one of which we’ve discussed, supra: First, the right of privacy in our personal information of what we do and where we go on the Internet is ours, not the ISP’s; and second, it is text book antitrust law that one may not tie the desired good, which here is broadband service, to an another unwanted good or service, here the sacrifice of privacy. That is tying, which a violation of U.S. antitrust law. So the FCC must say not to this premium pricing on two grounds: First, it effectively deprives the consumer of his right to privacy in his personal information about his doings on the Internet, and Second, it would violate the antitrust principle of tying by requiring that consumers sacrifice their privacy in order to get essential broadband services.

But even more than antitrust law, the right of privacy in one’s personal information that one authors with one’s acts on the Internet is a precious thing not merely in terms of money or property, though the property right is ours, but also in terms of the loss of human dignity. In the instant context, broadband ISPs have only a limited license, as set forth in the FCC's proposed privacy rule, referenced supra, to know, use, and dispose of our personal information as is necessary to provide broadband services. Beyond that, with respect to any broadband ISP, we have a right to absolute and utter privacy regarding our personal information, as if the ISP were an utter stranger, because, beyond the limited license to use our personal information to provide its broadband services, our ISP is an utter stranger. Who has any dignity, when an utter stranger can know everything they do, as if that stranger had a right to know what we do, as if we were children of slaves? It should not and must not be that we must sacrifice our privacy to an ISP, an utter stranger, simply to have affordable broadband.

The comments to this entry are closed.