Comments Off

FCC overlooks the word proprietary

The Federal Communications Commission refers to customer data as “proprietary” in its privacy order set for vote this coming Thursday. Webster’s New World Dictionary defines proprietary as something belonging to an owner like a patent, trademark, or copyright. By placing the qualifier “proprietary” on customer data, the Commission gives the impression that the data is compiled by the consumer for possible placement into the stream of commerce and by transferring this data can receive something in return. Is the consumer doing this; getting something in return for putting her data out there?

The relationship between a consumer and her broadband internet access service is one where she provides certain personal information along with a network access fee to her broadband provider and in exchange receives access to the internet. An informed consumer is aware that sharing some personal data is part of her total cost for receiving access to the internet via her broadband provider. The best way to ensure privacy of her data is to not buy access service to begin with but public and social policy currently promotes universal deployment of and access to broadband so discouraging her purchase is not a policy option.

In my view, the consumer has created a negative externality by providing property, in this case her personal information, for free. The rate the consumer pays for broadband access overcompensates the service provider given the value the broadband service provider receives. What the Commission should encourage is a pricing regime where consumers can charge for the use of their proprietary information. This way, the prices paid for access provide a better reflection of what is actually being exchanged.

The Commission may find that with this market solution concerns of privacy will be abated as the consumer exercises more control over her market relationship with the broadband service provider. Allowing for consumers compensation for providing data may create a ripple effect in the internet eco-system. Go onto Facebook and you see consumers sharing a lot of personal information for free. Advocates for consumer empowerment should like this approach but these so called advocates would lose too much control of the consumer protection debate if consumers were to enjoy this type of market freedom over compensation for their data.

Bottom line, if the Commission is truly concerned about protecting proprietary consumer information, it should give the consumer the front line tools to protect her data and in a market system, that front line tool is the ability to be compensated for one’s property.

Comments Off

On March 31st, the FCC will immerse itself further into information markets

Posted March 28th, 2016 in Broadband, edge providers, Federal Communications Commission, privacy and tagged , , by Alton Drew

The Federal Communications Commission will issue a notice of proposed rulemaking on 31 March 2016 providing requirements that internet service providers should follow in order to protect personal information of consumers. Commission chairman, Tom Wheeler, describes the proposed rules as an initiative that gives consumers the “tools they need to make informed choices about how and whether their data is used and shared by broadband providers. Mr. Wheeler has constructed his rules within a framework of three principles: 1. Consumer choice, where consumers exercise meaningful choice over what data an ISP can use and how it can be shared; 2. Transparency, where consumers are made aware of what types of information an ISP is collecting and how that information is being used; and 3. Security, where ISPs have an obligation to protect information where ever it is carried over a network and stored. While consumers can “opt-out” from having their personal information used by ISPs in order to market additional services to the consumer, the consumer must opt-in to the use of their information for any other purposes. Anyone following the Commission since Mr. Wheeler’s ascent to the chairmanship acknowledges that this is a partisan commission and leading the opposition on this notice of proposed ruling is Commissioner Mike O’Rielly. Mr. O’Rielly refers to the proposed rules as “troubling and conflicting” given that these rules may not apply to other internet companies like Google and Facebook.  Mr. O’Rielly also takes issue with the Commission flirting with issues such as data security and data breach, issues, he argues, that are not covered by the Communications Act. And Mr. O’Rielly is correct. Data breach and security are not covered by the Communications Act. Nor does the Communications Act describe broadband access providers as telecommunications companies. In addition, ISP access to consumer proprietary information is limited, according to research conducted by Peter Swire, Justin Hemmings, and Alana Kirkland. Also, other companies have access to more information and a wider use of personal information than ISPs. Mr. Wheeler is playing with judicial uncertainty betting that the U.S. Court of Appeals-District of Columbia will uphold the Commission’s reclassification of broadband services as telecommunications services thus extending the 20th century protections of Section 222 of the Act for telephone customer personal information to consumers subscribing to 21st century broadband access services as well. Will Mr. Wheeler’s rules lead to an increase in deployment of broadband facilities? I don’t see it. Ironically, Mr. Wheeler’s rules may cause a conflict between sections 1302 and 222 of the Communications Act.  Why would ISPs, pursuant to the Commission’s directive under section 1302 of the Act, want to increase deployment of broadband access platforms if their ability to gather, package, and sell consumer information is going to be heavily regulated by rules, supported by section 202 of the Act, that don’t apply to social media networks that are increasingly gathering more consumer data than ISPs?

Comments Off

Will the information and delivery services industry like data minimization?

Posted January 27th, 2015 in knowledge economy, knowledge market, privacy and tagged , by Alton Drew

Today the Federal Trade Commission released a report on the Internet of Things and the best practices companies could put in place to protect consumer privacy.  The scope of the report was limited to IoT devices that consumers use to access other devices via the internet.  In addition, one of the best practices for securing consumer privacy mentioned in the report was the concept of data minimization.

How would data minimization impact firms within the information and delivery services industry who rely on large amounts of data in order to analyze consumption behavior?  The FTC defines data minimization as limiting the collection of consumer data, and retaining that information only for a set period of time and not indefinitely.  By minimizing collected data, tyhe FTC believes that larger data storers may make themselves less attractive to thieves and that the risk that data will be used in a way departing from consumer expectations will be reduced.

What the report overlooks are firms that consumers may not have face-to-face exposure to.  Take for example Broadridge Financial Solutions.  Broadridge processes and transfers sensitive personal information provided to them by their clients.  These clients include financial institutions, public companies, and mutual funds.  Under certain circumstances Broadridge’s own vendors may have access to the personal information Broadridge receives.  According to the company, they maintain systems and procedures to protect consumer data including encryption, authentication technology, data loss technology, and the transmission of data over private networks.

Even with their own protections in place, would information and delivery services firms like Broadridge see a decrease in volume if their clients are forced via additonal best practices to collect a limited field of data?  I’ve read nothing in the financials of a number of companies that tell me that they are concerned about additional regulations from the FTC indirectly impacting them.  Bear in mind that the clients for these information firms are other business firms, but since the information they analyze is collected by firms with direct exposure to consumers, information and delivery services firms and their investors should be aware of these developments in the regulation of the internet of things.

Comments Off

Broadband: Why would an edge provider let FCC see its business model

Technocrat’s Anne L. Kim blogged on comments Consumer Electronics Association CEO and president Gary Shapiro made at a recent Brookings Institution event.  Here is an excerpt from her post:

On net neutrality, Shapiro wants more of a hands-off approach from the government. He wants to see government allow industry and nongovernmental organizations establish principals. “And if the principals are violated, then act,” he said.

“I personally am fearful of all of a sudden sending those companies into a new area of regulation like utilities,” referring to the FCC considering using Title II of the 1996 Communications Act to rewrite net neutrality rules.

He said he likes things the “way they are” and that he’s rather not see them changed, adding that “good intentions scare me.”

Take a look at Title II, something more edge providers need to do, and you can appreciate some of Mr. Shapiro’s fear.  For example, section 211 of the Communications Act requires that common carriers (a classification that net neutrality advocates want applied to broadband providers) file copies of all contracts that they have with other common carriers.  So, if Google, a broadband wannabe, has peering or transit contracts with Comcast, Google will have to file its contracts with the Federal Communications Commission, and probably with state public utility commissions as well.  If these contracts contain information regarding traffic from certain edge providers a la Netflix, Netflix wouldn’t be happy that some aspect of its business model may be on public display with the FCC.

This type of transparency may bring joy to net neutrality proponents but not to the edge providers they purportedly are so concerned about.  In my opinion, letting the government have a copy of a contract entered into autonomously is the same as the government regulating your free speech.  Unless there is a dispute to be resolved between two parties to a contract, I see no reason to let the government have access to its contents.  If edge providers want to see a slippery slope created that takes regulation right to their doorsteps, Title II will lay the bricks for that driveway.

My walk down the Yellow Brick Road of regulation gets scarier when I take a look at section 215.  Section 215 allows the FCC to examine transactions involving the furnishing of services, supplies, equipment, personnel, etc., to a carrier.  Also, the FCC, pursuant to this section, may examine transactions that impact charges a common carrier assesses for provision of wire or wireless services.  Section 215 also allows the FCC to determine how reasonable these charges are.  Also, the FCC may report its recommendations to Congress as to whether charges are invalid and should be modified and prohibited.

Now, not to knock on Google, but since they are the Internet flavor of the week given the disclosure of their perceived wretched diversity in hiring practices, disclosing matters regarding personnel much less on their services should make the company and its investors think twice about supporting net neutrality brought to you via Title II classification.

All of Title II should be scary to venture capitalists, private equity, and their investor clients, but section 218 should bring great pause. This section allows the FCC to inquire into the management of all common carriers.  The FCC may obtain management information not just from the carriers, but from entities that directly or indirectly control them.  That, in my mind, includes private equity firms or venture capitalists that may have a controlling interest in some little regional or rural broadband provider.  With the SEC stepping up its scrutiny of private equity via the Dodd Frank Act, does private equity want another alphabet soup agency knocking on its door?

Here is one more, especially for the app developers.  Section 231 speaks to app developers, or more definitively access software providers.  This section prohibits the use of the World Wide Web to transmit material harmful to minors.  I wonder how many apps fall under this category.

When you look behind the curtain of good open network intentions, you can find some scary stuff.

Comments Off

Suppose Stephen King and Rob Zombie were developing this idea online?

Posted February 26th, 2013 in Broadband, crime, free speech, indecency, privacy and tagged , , , , , by Alton Drew

The New York Times posted a story about a police office who participated in online chats about raping and cannibalizing women, including his wife. The story is horrific because it reminds you what depraved thoughts we as humans may have toward one another and that these thoughts are being expressed online everyday.

Fortunately the women discussed in these chat rooms were not harmed so the prosecution may have a hard time showing that thinking and talking about it was a crime. There was plenty of malice but no bodily injury or harm.

My question is, what would be the difference between a horror movie writer like Stephen King or Rob Zombie sitting in on an online chat discussing different more macabre ways to scare their audiences? Would the notion that the discussion is being held merely for artistic purposes be enough to distinguish the two conversations?

If not, then this police officer might get off. If so, then the Internet might be subjected to a different level of scrutiny.