Many Questions Overhang Expected FCC NPRM on ISP Privacy Rules, Bennett Says

last year’s net neutrality order, which reclassified broadband as a common carrier service, the FCC controls privacy for ISPs and the FTC for advertisers and websites, he said. “Consequently, the advertisers are now pressing the FCC to impose severe restrictions on ISP use of personal information while arguing before the FTC that industry self-regulation is the way to go.” While ISPs are the “first and last to carry bits between consumers and Internet services” their actual gatekeeper role is limited, Bennett said. “There are many gates and many gatekeepers on the Internet,” he wrote. “Many transactions begin with a Google search, many gaming sessions take place over Facebook, and many purchases are mediated by Amazon, eBay, or PayPal. Payment services have the most luscious information of all, what we purchase, where we purchased it, and how much we paid for it. That’s not exactly small potatoes, and it makes more sense to use PayPal with its top-notch security than some tiny web site of uncertain reputation to handle your credit card information.” With many websites using HTTPS, ISPs have little real information when subscribers do domain name searches, he said. “If I search for ‘cats’ on Google, the URL looks like something like this: https://www.google.com/search?q=cats&rlz=1C5CHFA_enUS563US566&oq=cats&aqs=chrome.0.69i59j0l5.2170j0j9&sourceid=chrome&es_sm=91&ie=UTF-8,” he wrote. “This causes the browser to do a DNS query for www.google.com and to send the rest of the query in encrypted format to the IP address returned by DNS.” The only information the ISP gets is the destination IP address and its equivalent domain name, Bennett said.