As commissioners with the Federal Communications Commission and Federal Trade Commission, respectively, we are disturbed to see our agencies on a collision course that could disrupt the country’s thriving Internet providers and businesses, with little or no added benefit for consumers.
As the Internet brings greater efficiencies and benefits to the U.S. economy, some regulators are seeing their traditional fiefdoms and regulated industries dissolve. This helps explain the FCC’s recent meddling in Internet policy. Emboldened by a deeply questionable interpretation of its authorizing statute, the agency is elbowing into Internet privacy and security, most notably through its so-called Open Internet rules, which went into effect June 12.
Better known as net neutrality, these rules declare that retail broadband Internet access is a “telecommunications service” to be regulated under Title II of the Communications Act of 1934, which governs common-carrier services.
This subjects the practices of broadband providers—including their privacy and security measures—to onerous FCC review and enforcement. The FCC’s Enforcement Bureau has already announced that it will be examining whether the privacy practices of these providers are “reasonable” and “in good faith.”
Moreover, companies that provide services over the Internet, so-called Internet-edge providers like Google, Facebook, YouTube, Pandora, Netflix and LinkedIn, should be nervous about a recent petition from Consumer Watchdog asking the FCC to extend net-neutrality privacy rules to their privacy practices.
The FCC’s ventures may perversely supplant long-established FTC review, at least with respect to broadband providers’ practices. In other words, one cop on the beat is being shoved aside by another that is less savvy and knowledgeable about the current Internet marketplace and related privacy and security issues. As time passes, Internet-related companies will face new uncertainty as the FTC’s body of precedent is replaced with the FCC’s to-be-determined role.
Here’s one example of the FCC’s recent mission creep. In the Telecommunications Act of 1996, Congress assigned the FCC the limited task of ensuring the privacy of telephone call records, known as Customer Proprietary Network Information. Now, based on that limited assignment, the FCC is trying, through various means, to impose mandates on communications providers extending far beyond call records to encompass virtually every type of consumer data they may ever have had in their possession.
Given the FCC’s penchant for conjuring regulation out of thin air, companies should be wary whether the agency’s enforcement activities offer any limiting guidance regarding its future role in privacy or security enforcement.
If Congress had assigned this role to the FCC (it has not), and if there were no other agencies already tasked with protecting online privacy and security (there are), the FCC’s current posture might make some sense. But for nearly two decades, the FTC has exercised its congressional-assigned role to protect the online privacy and security of U.S. consumers.
The FTC has addressed a wide range of Internet issues, including spam and spyware, social networking, behavioral advertising, peer-to-peer file sharing, mobile apps and more. The agency has brought more than 130 spam and spyware cases and 51 general privacy lawsuits, several against well-known Internet edge providers for violating their privacy promises.
In the data security area, the FTC has brought 55 cases since 2002 against companies that unreasonably put consumers’ personal data at risk. These include an international hotel chain, a manufacturer of Internet-connected home-security cameras, a wireless handset manufacturer and many others. And if serious national-security concerns are triggered, like threats to key Internet components or companies from sophisticated nation states or well-financed nonstate actors, the Department of Homeland Security and a host of other federal agencies are charged to act.
What does this all mean for Internet and technology companies, and more important, consumers? In the short term, imposing new obligations that conflict with what other agencies, particularly the FTC, were already doing will cause companies to spend more time and money on compliance, and less on investing in networks and developing the next breakthrough technology. In the longer term, imposing an outdated common-carrier privacy and security regime on providers will diminish consumers’ Internet experiences.
The Internet is far too important to U.S. economic growth and productivity to be saddled with unnecessary regulations from any agency. Accordingly, the FCC should refrain from imposing its Byzantine privacy regime on broadband and Internet providers. If it doesn’t, Congress may need to re-emphasize the roles it has set for agencies regarding privacy and data security issues.
Meanwhile, we two commissioners—one from the FCC and one from the FTC—will continue to execute our individual duties to protect consumers while striving to minimize needless burdens on providers.
Mr. O’Rielly has been on the Federal Communications Commission since 2013. Ms. Ohlhausen has been on the Federal Trade Commission since 2012.