Communications Litigation Today was a service of Warren Communications News.
Jurisdiction Debate

CRA Vote to Kill FCC Privacy Rules Seen as Opening for Title II Attack

March 24, 2017 by John Hendel and Howard Buskirk|Top News

The Senate's 50-48 approval Thursday of a measure to kill FCC ISP rules spurred discussion of potential next shifts on the jurisdictional state of broadband. The vote is seen as a significant step for the Congressional Review Act resolution of disapproval (see 1703220071), which still needs to be considered on the House floor. If enacted, lawmakers say more steps will need to be taken as part of a strategy to return broadband’s jurisdiction to the FTC, as some say they want.

CRA enactment would leave ISPs subject to FCC enforcement under Communications Act Section 222, without any implementing rules. The FTC should take the reins on privacy, said Senate Commerce Committee Chairman John Thune, R-S.D. The FTC has been prohibited from acting in this area since the FCC's 2015 order that reclassified broadband as a Communications Act Title II common carrier-service. The FTC is exempt from regulating common carriers.

I assume that the FCC at some point is going to address Title II,” Thune said in an interview Thursday, considering how the FTC would resume a role over broadband privacy. Asked if he would support a legislative repeal of the FTC common-carrier exemption, as its commissioners requested for years, Thune again emphasized the FCC’s classification: “I would push for some reforms to Title II, that we’ve talked about,” which would “address a lot” of concerns.

Thune was one of many senators who spoke on the issue Wednesday. He called the FCC the “wrong venue” for broadband privacy, speaking on the floor. Both FCC and FTC chairmen “recognize this, having jointly called for returning jurisdiction over broadband providers’ broadband and data security practices to the FTC,” Thune said then. A CRA resolution would prevent the FCC from developing substantially similar rules as the ones abolished, but industry officials said FCC Chairman Ajit Pai could create different types of rules.

Pai told reporters after the commissioners’ meeting Thursday his agency will have to look closely at how to interpret the CRA “and other legal and regulatory provisions,” but he hasn’t made any decision on next steps the agency might take. The FCC is weighing petitions for reconsideration of October ISP privacy rules after receiving reply comments last week (see 1703170026). Also Thursday, the FCC commissioners’ meeting was the subject of a silent net neutrality protest by about a dozen people (see 1703230060).

The FCC will still have a role in policing privacy even if Congress enacts the CRA disapproval, based on Section 222, Pai said. FCC rules requiring ISPs to protect customer proprietary network information remain on the books, Pai said. “There are federal and state privacy regimes that still continue to apply,” he said. “There continue to be rules that protect consumers.”

FTC, FCC Interplay

A return of broadband jurisdiction to the FTC, even if that eventually were to happen, is complicated due to last year’s 9th U.S. Circuit Court of Appeals' ruling, said some congressional Democrats and public interest groups. The ruling “removes the jurisdiction” of the FTC “over online privacy in the broadband space,” said Senate Communications Subcommittee ranking member Brian Schatz, D-Hawaii, on the floor. Lawmakers should work with industry leaders “to find a comprehensive approach to privacy online,” Schatz said. “We’re actually blowing up the only thing we’ve got.”

If the court ruling is upheld, “adopting a status-based instead of an activity-based interpretation of the FTC’s common carrier exemption, the FTC’s jurisdiction and ability to impose privacy and security obligations would be even further curtailed,” Sen. Richard Blumenthal, D-Conn., said on the floor Thursday. Critics of FCC regulation could have “focused their efforts on ensuring that the FTC has meaningful and regulatory rulemaking authority so that it can implement privacy and data security rules” for websites, he said. Blumenthal has backed giving FTC “authority to adopt its own rules governing the privacy and security of websites,” he said.

House Communications Subcommittee Chairman Marsha Blackburn, R-Tenn., is eyeing returning broadband jurisdiction to the FTC. She's leading the CRA efforts in the House. The FCC rules “harmed” consumer privacy protections “by taking the FTC off the job,” Blackburn said in a statement lauding the Senate vote. “Today’s action takes us one step closer to restoring the FTC’s role as America’s expert agency on privacy.”

Critics of the FCC rules also pointed to a likely change to come in broadband jurisdiction. After enactment of the CRA, “it will be appropriate for Congress to vacate the Ninth Circuit decision applying the Common Carrier loophole to non-common carrier activities,” said Richard Bennett, network architect and free-market blogger. “Following that, Congress and/or the FCC will need to correct the misclassification of Internet service as telephony. When all of these actions are completed, the FTC will resume regulating privacy on the entire Internet as it used to do. In the meantime, it will be very constructive for the ISPs to voluntarily pledge to abide by FTC guidelines.” TechFreedom President Berin Szoka agreed: “The FCC will soon return broadband privacy policing to the [FTC], where it belongs, like all online privacy.”

Senate Republicans rejected arguments that a privacy gap would be created. They weren't ready to say if there would be legislative efforts to clarify agency jurisdiction, whether regarding classification of broadband or common carrier exemption.

We’ll have robust discussions on how to regulate,” said CRA author Senate Judiciary Privacy Subcommittee Chairman Jeff Flake, R-Ariz., in an interview. “But now, at least, it’ll be on a consistent basis. And you don’t have some regulations apply to the broadband folks and not to the edge providers. We’re going to have more consistent regulation now. This notion that people are reporting that we repealed protections that were there -- nothing’s been implemented, so nothing’s been repealed.” He affirmed that Section 222 would still be in place: “These particular regulations that we revoked were stayed. They weren’t in place. We weren’t repealing anything that was in force.” As for possible revocation of Title II application by the FCC or Congress, “we’ll see as we move ahead,” he said.

Democrats React

House Commerce Committee ranking member Frank Pallone, D-N.J. derided the Senate vote as “baffling” and said in a statement that if Republicans cared about privacy, “they would focus on giving the [FTC] more authority to protect our data no matter where we go on the internet.”

This legislation will frustrate the FCC’s future efforts to protect the privacy of voice and broadband customers,” said FCC Commissioner Mignon Clyburn and FTC Commissioner Terrell McSweeny in a statement. “It also creates a massive gap in consumer protection law as broadband and cable companies now have no discernible privacy requirements.” In a piece she co-wrote in Wired, McSweeny said that "Congress should spend time examining the strengths and weaknesses of our current approach, instead of using consistency arguments to eviscerate the FCC’s rule.”

Senate Democrats slammed the measure in dire terms before the vote, both Wednesday and Thursday. Sen. Ed Markey, D-Mass., spoke at length on the floor emotionally. “The ordinary American is going to be made far more vulnerable” due to the CRA’s enactment “than anything any Russian entity is ever going to do to them,” Markey said, referring to hacking. He mocked big ISPs and what he judged the lack of protections people would have. “No privacy for your family!” he said of the result. He slammed monetization that ISPs would be able to apply to people’s data. “This is the privacy vote of all time,” Markey said on the floor Thursday. The CRA “strips consumers of their rights in a truly ill-advised manner,” Sen. Ron Wyden, D-Ore., said on the floor Thursday. Blumenthal called the rules “a direct attack on consumer rights, on privacy,” on the floor Thursday.

The roll-call vote fell entirely along party line. The two senators who didn’t vote were Sens. Johnny Isakson, R-Ga., away from Capitol Hill due to a recent surgery, and Rand Paul, R-Ky., a resolution co-sponsor.

'Scare-Mongering'

Thune, speaking on the floor Wednesday, dismissed “unfounded scaremongering” over the idea of a possible void in oversight. The resolution “would overturn a costly and confusing” FCC rule, Senate Majority Leader Mitch McConnell, R-Ky., said on the floor Thursday.

There were some [senators] who were getting a lot of misinformation sent to their office that we were repealing protections that were already in place,” Flake told us when asked about the GOP whipping effort for the CRA. “They simply needed to be assured that no, what we’re looking for is consistent and uniform regulation instead of treating data based on who has it rather than the nature of the data.”

What we just voted on, that largely lets the FCC head in the direction that Chairman Pai wants to head in,” Sen. Roy Blunt, R-Mo., said in an interview after the vote. “They had done what they could to slow down the implementation of the rule, but as long as the rule is out there, whether you’re applying it or not, is still out there. This just clarifies that and lets the chairman head in what he believes and I think will turn out to be a more fair direction.”

Stakeholders also reacted.

Senate signoff on the CRA removes "the conflicting set of privacy protections set in motion by the FCC rules,” said USTelecom President Jonathan Spalter. “The Senate is right in reversing the FCC's flawed broadband privacy and data security rules,” CTA President Gary Shapiro said, slamming them for having “ignored the framework established by the [FTC] that already provides consumer protection to users' information, while enabling data-driven innovation.” The vote “affirms Congressional recognition that effective privacy protections for broadband users should exist without unnecessary or imbalanced regulatory measures,” NTCA CEO Shirley Bloomfield said.

It's a “step forward in clearing the path" for Pai and acting FTC Chairman Maureen Ohlhausen, who have pledged to work together, to develop a new ‘comprehensive and consistent framework’ for protecting American's online privacy,” said American Cable Association President Matt Polka. CTIA backs “regulatory clarity and uniformity across our digital economy,” President Meredith Baker said. The vote is a “step towards reestablishing a balanced framework that is grounded in the long-standing and successful FTC privacy framework that applies equally to all parties operating online,” NCTA said. Public interest groups including Consumers Union, New America Open Technology Institute, Free Press, the Electronic Frontier Foundation and Public Knowledge slammed the vote. It's "a clear sign that American interests come second to those of broadband providers," said PK Policy Fellow Dallas Harris.