Internet providers: We won’t sell your web browsing history

A sign is posted in front of a Comcast service center on July 13, 2015 in San Rafael, California. (Photo by Justin Sullivan/Getty Images)

By Meg Wagner

Internet giants respond to fierce backlash

Three of the nation’s biggest internet service providers vowed to keep customers’ web browsing histories secure, following a controversial congressional vote to kill federal web privacy rules.

Comcast, Verizon, and AT&T announced Friday that they have no plans to profit from sharing their customers’ personal information with advertisers, despite the overturned Federal Communications Commission (FCC) guidelines.

The rules, which had not yet gone into effect, would have required internet service providers to get explicit consent to share certain types of user information — like the contents of their emails or their web histories. Republicans in the Senate and House voted in late March to scrap them, and the regulations-smashing bill is now waiting on President Donald Trump’s signature. The White House has indicated that Trump will sign it.

The votes sparked a wave of outrage from privacy advocates and internet users across the country. Even some Trump supporters took to Reddit to voice their concerns. In response to the fierce outrage, the U.S.’s biggest internet providers insisted that the regulations wouldn’t have changed anything.  

“We do not sell our broadband customers’ individual web browsing history.  We did not do it before the FCC’s rules were adopted, and we have no plans to do so,” Comcast’s chief privacy officer Gerard Lewis said in a Friday statement.

Verizon’s chief privacy officer, Karen Zacharia, wrote something similar: “Verizon does not sell the personal web browsing history of our customers. We don’t do it and that’s the bottom line.”

And AT&T directed concerned customers to its existing privacy policy, which states that the company “will not sell your personal information to anyone, for any purpose. Period.”

Overturning Obama-era regulations  

On March 23, the Republican-controlled Senate voted strictly along party lines in favor of the bill to kill the FCC regulations. Five days later, the House approved the rules-overturning bill 215-205, with just 15 Republicans joining the 190 Democrats who voted against it.

Republicans blasted the FCC guidelines as unnecessary, and the industry said it didn’t need regulations in order to protect users’ privacy.

“Our industry remains committed to offering services that protect the privacy and security of the personal information of our customers. We support this step towards reversing the FCC’s misguided approach,” the Internet & Television Association (NCTA) wrote in a statement following the vote in the House.   

But advocates said the regulations — passed by the FCC in October, under former President Barack Obama’s administration — offered more protections to internet users by making certain privacy measures the default setting, instead of the usual process, which requires users to opt out of some types of sharing.

Under the proposed regulations, if a company wants to share or sell “sensitive” information, it would need explicit consent from its customers. The rules defined eight areas of sensitive information: geolocation, web browsing histories, the contents of emails and other communications, app usage, Social Security numbers, medical information, health information, and information on children.

Providers would have been allowed share and sell non-sensitive information — such as names, IP address and anything else not on the sensitive list —  under the privacy rules, but customers would have been allowed to opt-out.

Currently — and for the foreseeable future, now that Congress has voted down the — customers must explicitly tell their providers to stop the sharing of both sensitive and non-sensitive data. But that can be a difficult process, and many providers don’t readily provide information on how to do so.

Selling schemes not limited to internet providers

Service providers are not the only keepers of some sensitive information — meaning their promise to keep browsing histories secure doesn’t ensure total privacy.

Search engines and social media sites — Google and Facebook, for example — are not regulated by the FCC, so even if the regulations had remained in place, those companies wouldn’t have had to obey the rules.

Instead, those types of sites must follow less-stringent Federal Trade Commission (FTC) regulations, which don’t require companies to get users’ permission before they collect and sell data. That’s why, when on those sites, users frequently see ads for products for which they’ve previously searched, or for local businesses.

But social media and internet search websites don’t have access to nearly as much data as internet service providers. For example, when a Google Chrome user opens a private search, Google doesn’t store (or sell) that data. Service providers keep tabs on all internet activity — even that done in private mode.

Backlash over the overturned FCC regulations hasn’t faded. In one defiant protest, creator of the game Cards Against Humanity Max Temkin promised to buy the browsing histories of every lawmaker who voted to kill the rules and then publish the results online (Industry experts, however, say it would be highly unethical — if not illegal — for internet companies to sell off a specific individual’s information). On Tuesday, Temkin started a fundraiser to defray the cost. As of Monday afternoon, it had raised more than $85,000.

Others who support the FCC rules are trying to appeal to Trump, who has not yet signed the bill into law. On Thursday, 46 Senate Democrats wrote a letter to the president urging him to veto the measure. Most Americans “believe that their private information should be just that — private,” they wrote.

It’s unclear when Trump plans to sign the bill.