What do they do when they can’t win the vote? Try to Stop a Vote.
Right now, politicians in Sacramento are holding up a bill that would restore your broadband privacy rights and directly reject Congress and the Trump Administration’s decision to side with Comcast, AT&T, and Verizon.
It is in fact the first bill ready to be enacted into California law that would be a direct response the latest string of efforts in Washington DC to curb consumer protections in broadband access. A.B. 375 (Chau) would ensure your broadband provider must secure your permission first before selling your personal information to third parties.
However, it has been stalled in the Senate Rules Committee – likely due to opposition from major cable and telephone companies. If they are successful at keeping the bill stalled until July 18th, then the bill is dead for the rest of this year.
In California, bills must make it past certain policy committees by specific deadlines, or they are dead for the year. But before a bill can be heard in any policy committee, it must be referred out by the Rules Committee in a fairly routine matter of deciding which committees should review and vote on the bill before presentation to the full Assembly and Senate.
Two weeks ago, AB375 became eligible to be referred out of the Senate Rules Committee. Assuming normal procedures, advocates expected to testify in support of the bill at a July 3rd hearing. However, the legislation has been mysteriously absent from consideration on the Rules Committee agenda. Two weeks have passed, the Senate Rules Committee has mettwice, yet A.B. 375 has not been placed on the agenda, debated, or referred out to any policy committee.
This raises significant questions.
Unless Senate President Pro Tempore Kevin de Leon, who leads the Senate - and chairs the Rule Committee - decides to ignore the pleas of Comcast, AT&T, and Verizon and, instead, follows normal procedural rules and moves the bill forward so it can receive a vote, the telecom lobby will win in arguably the worst way possible - by simply denying your elected representatives from even voting at all.
The Momentum is With Us
California is the 20th state to engage in restoring our broadband privacy rights, but it could be the first state to officially make it law by this year. A vast majority of conservative, liberal, and independent voters opposed Congress repealing our broadband privacy rights and naturally they demanded action. Severalprintpublications in California have written positive reviews about AB 375. And the legislation itself has been thoroughly vetted and is ready for enactment.
We have until July 18th to push AB 375 to the finish line. Pick up the phone ASAP and make your voice heard!
Back in 2014, we considered many possible ways of protecting net neutrality that would not rely on the FCC, including antitrust law. Unfortunately, U.S. antitrust law is not up to the challenge.
Antitrust law is an economic doctrine that gives little if any weight to freedom of expression and other noneconomic values secured by net neutrality. Antitrust law defines harm in terms of higher prices and diminished product quality. If antitrust law deems that a practice is not harmful to competition, it does not matter how much it represses speech, distorts access to knowledge, or intrudes on privacy. Antitrust law has no concept of the "gatekeeper" problem posed by an ISP's control over your conduit to information.
There are other reasons why antitrust isn't an effective tool for net neutrality problems. Antitrust law is fundamentally about protecting competition, but the market for broadband is very different than the theoretical ideal contemplated by antitrust law.
First, there is very little broadband competition to protect. More than 9 out of 10 Americans live in monopoly or duopoly markets for broadband according to the FCC. Even lower-speed wireless service is available from only a handful of carriers in most places, all of which oppose net neutrality and have pushed the boundaries of the existing Open Internet Order with throttling or pay-to-play zero-rating schemes.
Second, broadband service naturally tends towards monopoly. A large incumbent provider that can amass government permissions to use rights-of-way under public streets, on poles and antenna sites, and on the radio spectrum will always be able to offer cheaper service than a new entrant who has to pay to build the infrastructure and obtain new rights-of-way. Combine that with customers' notoriously unreliable access to information about service quality and broadband speeds and the high costs of switching providers, and you have a market that will not be competitive without intervention.
We got a competitive market for dial-up Internet in the 1990s because phone companies were required to allow other service providers to operate using their infrastructure. We could have that kind of competition again if broadband providers were required to grant similar access. But unless that happens, we will not see meaningful competition of the type that antitrust law is designed to protect.
Further, antitrust law has been eviscerated over the past century. Under the new "single entity doctrine," a company can't be accused of illegal collusion with its subsidiary or parent companies, so for example Comcast could make an arrangement to favor NBC-Universal content it owns out much fear from antitrust law. And a pair of Supreme Court decisions in 2004 and 2007 made it much harder to bring antitrust cases against companies in regulated industries, even if the regulations themselves are minimal. The dismal state of competition in broadband should make it obvious that current antitrust law isn't adequate even to protect competition, let alone protecting customers against data discrimination.
There are a few types of non-neutral practices that could also rise to the level of antitrust violations, such as an ISP's accepting payments to block competing websites, (but accepting payments from businesses to block websites that criticize them would likely get a pass).
Title II, the current legal basis for net neutrality protections, is the legal tool that is specifically and narrowly tailored to prevent discrimination by carriers of information. In the past, the FCC has tried to stretch its other authorities to impose net neutrality rules—which alarmed us, since stretching those authorities to achieve something they weren't meant to do would be bad government and accrue too much power to the FCC. Those approaches were defeated in court, while Title II has been upheld. Now, opponents of net neutrality urge a return to those dangerous and ineffective approaches, or to antitrust—another legal doctrine designed to do something entirely different from protecting against data discrimination. It's not the right tool for the job. That tool is Title II, and those who care about net neutrality need to defend it.
This week, the political heads of the intelligence services of Canada, New Zealand, Australia, the United Kingdom, and the United States (the "Five Eyes" alliance) met in Ottawa. The Australian delegation entered the meeting saying publicly that they intended to "thwart the encryption of terrorist messaging." The final communiqué states more diplomatically that "Ministers and Attorneys General [...] noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions."
What might their plan be? Is this yet another attempt to ban encryption? A combined effort to compel ISPs and Internet companies to weaken their secure products? At least one leader of a Five Eyes nation has been talking recently about increasing international engagement with technology companies — with a list of laws in her back pocket that are already capable of subverting encryption, and the entire basis of user trust in the Internet.
Exporting Britain's Surveillance Regime
Before she was elevated to the role of Prime Minister by the fallout from Brexit, Theresa May was the author of the UK's Investigatory Powers bill, which spelled out the UK's plans for mass surveillance in a post-Snowden world.
At the unveiling of the bill in 2015, May's officials performed the traditional dance: they stated that they would be looking at controls on encryption, and then stating definitively that their new proposals included "no backdoors".
Sure enough, the word "encryption" does not appear in the Investigatory Powers Act (IPA). That's because it is written so broadly it doesn't need to.
We've covered the IPA before at EFF, but it's worth re-emphasizing some of the powers it grants the British government.
Any "communications service provider" can be served with a secret warrant, signed by the Home Secretary. Communications service provider is interpreted extremely broadly to include ISPs, social media platforms, mail services and other messaging services.
That warrant can describe a set of people or organizations that the government wants to spy upon.
It can require tech companies to insert malware onto their users' computers, re-engineer their own technology, or use their networks to interfere with any other system.
The warrant explicitly allows those companies to violate any other laws in complying with the warrant.
Beyond particular warrants, private tech companies operating in the United Kingdom also have to respond to "technical capability notices" which will require them to "To provide and maintain the capability to disclose, where practicable, the content of communications or secondary data in an intelligible form," as well as permit targeted and mass surveillance and government hacking.
Tech companies also have to the provide the UK government with new product designs in advance, so that the government can have time to require new "technical capabilities" before they are available to customers.
These capabilities alone already go far beyond the Nineties' dreams of a blanket ban on crypto. Under the IPA, the UK claims the theoretical ability to order a company like Apple or Facebook to remove secure communication features from their products—while being simultaneously prohibited from telling the public about it.
Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products. Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a "communications service provider.")
Wouldn't companies push back against such demands? Possibly: but it's a much harder fight to win if it's not just the UK making the demand, but an international coalition of governments putting pressure on them to obey the same powers. This, it seems is what May's government wants next.
The Lowest Common Privacy Denominator
Since the IPA passed, May has repeatedly declared her intent to create a an international agreement on "regulating cyberspace". The difficulty of enforcing many of the theoretical powers of the IPA makes this particularly pressing.
The IPA includes language that makes it clear that the UK expects foreign companies to comply with its secret warrants. Realistically, it's far harder for UK law enforcement to get non-UK technology companies to act as their personal hacking teams. That's one reason why May's government has talked up the IPA as a "global gold standard" for surveillance, and one that they hope other countries will adopt.
In venues like the Five Eyes meeting, we can expect Britain to advocate for others to adopt IPA-like powers. In that, they will be certainly be joined by Australia, whose Prime Minister Malcolm Turnbull recently complained in the Australian Parliament that so many tech companies "are based in the United States where a strong libertarian tradition resists Government access to private communications, as the FBI found when Apple would not help unlock the iPhone of the dead San Bernardino terrorist." Turnbull, it seems, would be happy to adopt the compulsory compliance model of the United Kingdom (as would, he implied at the time of the Apple case, would President Trump).
In the meantime, the British authorities can encourage an intermediary step: other governments may be more likely to offer support for a IPA regime if Britain offers to share the results of its new powers with them.
Such information-sharing agreements are the raison d'être of the Five Eyes alliance, which began as a program to co-ordinate intelligence operations between the Anglo-American countries. That the debate over encryption is now taking place in a forum originally dedicated to intelligence matters is an indicator that the states still see extracting private communications as an intelligence matter.
But hacking and the subversion of tech companies isn't just for spies anymore. The British Act explicitly granted these abilities to conduct "equipment interference" to more than just GCHQ and Britain's other intelligence agencies. Hacking and secret warrants can now be used by, among others, the civilian police force, inland revenue and border controls. The secrecy and dirty tricks that used to be reserved for fighting agents of foreign powers is now available for use against a wide range of potential suspects.
With the Investigatory Powers Bill, the United Kingdom is now a country empowered with a blunt tools of surveillance that have no comparison in U.S. or any other countries' law. But, along with its Five Eyes partners, it is also seen as a moderate, liberal democracy, able to be trusted with access and sharing of confidential data. Similarly, Australia is one of the few countries in the world (and the only one of the Five) to legally compel ISPs to log data on their users. Canada conducts the same meta-data surveillance projects as the United States; New Zealand contributes its mass surveillance data to the shared XKEYSCORE project.
While such data-sharing may be business as usual for the Cold War spies, the risk of such unchecked co-operation have been barely considered by the judicial and legislative branches.
In the world of law enforcement, the UK has for the last year conducted a sustained lobbying campaign in the United States Congress to grant its police forces fast-track access to American tech companies' communications data. The UK would be permitted to seize the contents of Google, Facebook and other companies' customers' inboxes without a U.S. court warrant. In return, the U.S. would gain a reciprocal capability over data held in the U.K.
The danger is that, by forging broad agreements between these five countries, all will end up taking advantage of the lowest privacy standards of each. The United Kingdom will become the source of data obtained through the Investigatory Powers Bill; the United States will launder data taken from UPSTREAM and other programs through the United Kingdom's legal system, and so on.
Secret "Five Eyes" is not the venue for deciding on the future of global surveillance. Intelligence agencies and their secret alliances are no model for oversight and control of the much broader surveillance now being conducted on billions of innocent users of the public Internet. The Investigatory Powers Bill is no "gold standard.” Britain's radical new powers shouldn't be exported via the Five Eyes, either through law, or through data-sharing agreements conducted without judicial or legislative oversight.
Update 5:00pm: Zillow has released a statement saying the company has "decided against moving forward with legal action." EFF is pleased that Zillow has withdrawn its threat and won't be seeking to take down any of the posts on McMansion Hell. We hope that other companies seeking to shut down humor, criticism, and parody online see this as a cautionary tale and avoid sending threats in the first place.
Earlier this week, Zillow sent an aggressive cease and desist letter [PDF] to Kate Wagner, the creator of the McMansion Hell website. Zillow demanded that Wagner remove any image originally sourced from Zillow’s site. Today EFF sent a response to Zillow on Wagner’s behalf. Our letter [PDF] explains why none of Zillow’s contentions have any merit. Zillow should abandon its demand and respect online freedom of expression.
McMansion Hell is an architecture blog focused on contemporary residential housing. Using humor and parody, Wagner tries to illustrate the architectural horror of modern McMansions. Her posts usually include annotated photographs of houses to illustrate her commentary. In addition to posts critiquing individual homes, Wagner publishes essays about urbanism, architecture, sociology, and interior design. After receiving Zillow’s threat, Wagner temporarily disabled access to her blog via McMansionHell.com. She is relaunching the blog in full today.
Zillow’s demand letter made a number of highly dubious legal claims. For example, Zillow argued that Wagner does not make fair use of the photographs she annotates. Importantly, Zillow does not own, and cannot assert, the copyright in these photos. But even if it could, McMansion Hell’s annotation of photographs for the purpose of criticism and commentary is a classic example of fair use.
Zillow also suggested, without any explanation, that Wagner may have violated the Computer Fraud and Abuse Act (CFAA). EFF has long fought against overbroad applications of the CFAA, which is the federal anti-hacking statute intended to criminalize unauthorized intrusions into computer networks. There is no basis for a CFAA claim against Wagner. To the extent Zillow was suggesting that she might have violated the CFAA by violating Zillow’s terms of service, courts have repeatedly rejected such claims.
Zillow’s letter unleashed a wave of negativepublicity for the company. In response, Zillow has insisted that it did not intend to shut down Wagner’s blog. However, it does appear to be standing by its demand that she remove all images sourced from Zillow’s website. Zillow has no basis for such a demand and our client will not be removing any previous posts. She has informed Zillow, however, that she is not interested in using its site for her blog in the future. We hope Zillow does the right thing and renounces its attempt to censor McMansion Hell.
The U.S. Copyright Office just released a long-awaited report about Section 1201, the law that bans circumventing digital restrictions on copyrighted works. Despite years of evidence that the social costs of the law far outweigh any benefits, the Copyright Office is mostly happy with the law as it is. The Office does recommend that Congress enact some narrow reforms aimed at protecting security research, repair activities, and access for people with disabilities.
We’re sorry the Office didn’t take a stronger stance. Section 1201, part of the Digital Millennium Copyright Act, makes it illegal to circumvent any “technological protection measure” (often called DRM) that controls access to copyrighted works. It also bans the manufacture and sale of tools to circumvent those digital locks. Although it was pitched as a new legal protection for copyright holders to prevent infringement, the law has given major entertainment companies and other copyright owners lots of control over non-infringing uses of technology, allowing them to lock out competition in repair and re-sale businesses, and to threaten and silence security researchers. The law has some exceptions, but they are far too narrow and complicated.
Those flaws are one reason EFF is challenging Section 1201 in court on behalf of researcher Matthew Green and technologist Andrew “bunnie” Huang. In the lawsuit, filed last year, we explain why Section 1201 is an unlawful restraint on speech and ask the court to strike the law down. Congress has also considered several fixes to the law over the last few years, ranging from comprehensive fixes to smaller corrections.
Meanwhile, after the last rulemaking, the Copyright Office asked for public comments and held hearings about Section 1201, leading to the report released on Thursday. In the report, the Copyright Office announces its belief that “the statute’s overall structure and scope . . . remains sound.” The Office also believes that bypassing access controls can violate Section 1201 even when the purpose of the circumvention has nothing to do with copyright infringement. Federal appeals courts are sharply divided on this question, and the Copyright Office seems to be putting its thumb on the scales in favor of rightsholder control and against freedom of expression and innovation.
If a Section 1201 violation can happen without any connection to copyright infringement, then Section 1201 gives copyright holders (and DRM vendors) vast control over technology users, beyond what copyright law already gave them. According to the Copyright Office’s interpretation, Section 1201 gives copyright holders “control over the terms of access to their works online.” That means that by wrapping software, music, games, video, or text in a layer of DRM, copyright holders gain the ability to dictate when, where, and how we can use those things, and the technology we can use to interact with them. And it means that copyright holders can nullify the public’s fair use rights. The Copyright Office’s approach here is the wrong approach, and it deepens the law’s constitutional problems.
The report is also notable for what it doesn’t contain: any evidence that we need a ban on circumventing digital locks in the first place. The report points out that “explosive growth in legitimate digital content delivery services” happened “after the enactment of Section 1201,” but it doesn’t attempt to show that the law was what caused that growth. It also mentions a statement by a Senate committee in 1998, that “copyright owners will hesitate to make their works readily available on the Internet without reasonable assurance that they will be protected against massive piracy.” Today, of course, the Internet contains many lifetimes worth of amazing creative work of all kinds, made available by creatives without any DRM, so that prediction did not come true.
The report doesn’t cite any studies or data showing that Section 1201 has been beneficial to creativity or the digital economy. And the only experts it cites to are entertainment companies with an interest in keeping the control that 1201 provides them, and the same members of Congress who requested the report in the first place—hardly a convincing case.
The report does make some recommendations for fixing the law, including new and expanded exceptions to the ban on circumvention. The Copyright Office recommends that Congress expand the permanent exemptions for security testing and encryption research, by removing or mitigating restrictions in those exemptions that have made those exemptions too uncertain for many in the computer security community to rely on.
The report also recommends a new permanent exemption for assistive technologies for people with disabilities. That change is overdue, as advocates for print-disabled people have had to request exemptions for screen-reading and other assistive technologies every three years for nearly two decades.
In the last rulemaking cycle, EFF and other organizations requested exemptions covering maintenance, repair, and modification of software. One of the unfortunate effects of Section 1201 in recent years has been to cast a cloud of legal uncertainty over repair businesses ranging from cars to smartphones, and to block the re-use of devices like phone handsets and printer cartridges. The Copyright Office report recommends a new permanent exemption covering “diagnosis, maintenance, repair, and obsolescence” activities, not limited to any specific technologies. That would be a positive step. But the report rejects an exemption for modifying software for other reasons, such as to improve or customize the software. That’s a problem, because those activities are largely legal and beneficial, aside from the legal risk created by Section 1201.
Finally, the report offers some fixes to the rulemaking process for temporary exemptions that happens every three years. Notably, the Copyright Office will offer a way to renew exemptions from previous cycles with what they claim will be minimal time and expense. We’re expecting the Copyright Office to begin a new rulemaking cycle soon, so we’ll get to see how well this works in practice and whether they are able to make the process less expensive. In several places in the report, the Copyright Office offers to try to make temporary exemptions broader and more useful to the populations they affect. We’ll be holding them to that.
However, the Copyright Office still insists that it should be unlawful for anyone to distribute tools to allow beneficiaries of rulemaking exemptions to take advantage of the exemption, because “it would be impossible to control” subsequent uses of such tools. The real, proven need for circumvention has to take a back seat to the hypothetical scenario where the beneficiary then decides to infringe.
It’s too bad the Copyright Office won’t address the fundamental flaws of Section 1201, especially given the multitude of problems that the report acknowledges. A simple, comprehensive fix like the Unlocking Technology Act introduced by Rep. Zoe Lofgren would solve many of the problems that Section 1201 causes for security professionals, tinkerers, people with disabilities, repair and resale businesses, teachers, students, libraries, and many others. A piecemeal approach will solve just a few of the current problems, at the cost of ever more complexity and a continuing demand for massive public interest resources to make the exemption process work. Congress, or the courts, should do more.
This evening, the Let's Encrypt certificate authority issued its hundred millionth digital certificate. This is a remarkable milestone in just a year and a half of public operation; Let's Encrypt is likely now either the largest or second-largest public CA by volume of certificates issued.
Free certificates from Let's Encrypt allow web sites to offer secure HTTPS connections to their users, protecting the privacy and security of those connections against many network-based threats. EFF continues to help develop the Boulder software that Let's Encrypt uses internally, as well as Certbot, Let's Encrypt's recommended software for obtaining and installing certificates on web servers.
For various reasons, the hundred-million mark does not mean that a hundred million different sites use Let's Encrypt certificates1. The number of web sites protected by Let's Encrypt is probably between 17 million and 46 million, depending on what definition of a "web site" we use2. It's hard to say with certainty whether Let's Encrypt has issued the largest number of certificates because CAs are not currently required to disclose the certificates they issue, but Let's Encrypt does so voluntarily. And the number of sites protected by Let's Encrypt will continue to grow rapidly as more and more hosting providers and server software offer convenient Let's Encrypt support to help bring HTTPS to sites that didn't have it before.
We're extremely proud of the contribution that we've made and continue to make in making the web safer for its users.
We'd also like to acknowledge Let's Encrypt's awesome operations team, which has kept a popular high-security service working and growing to meet demand, including at times when over a million certificates were issued in a single day.
1. Let's Encrypt certificates expire and must be replaced after 90 days; multiple certificates may be issued for the same web site during the same time period; certificates can protect Internet services other than web sites; and not all certificates that have been issued actually get used or remain in use for the lifetime of the certificate.
2. For example, do we count https://www.google.com/, https://google.com/, and https://images.google.com/, as one, two, or three web sites?
A country has the right to prevent the world’s Internet users from accessing information, Canada’s highest court ruled on Wednesday.
In a decision that has troubling implications for free expression online, the Supreme Court of Canada upheld a company’s effort to force Google to de-list entire domains and websites from its search index, effectively making them invisible to everyone using Google’s search engine
The case, Google v. Equustek, began when British Columbia-based Equustek Solutions accused Morgan Jack and others, known as the Datalink defendants, of selling counterfeit Equustek routers online. It claimed California-based Google facilitated access to the defendants’ sites. The defendants never appeared in court to challenge the claim, allowing default judgment against them, which meant Equustek effectively won without the court ever considering whether the claim was valid.
Although Google was not named in the lawsuit, it voluntarily took down specific URLs that directed users to the defendants’ products and ads under the local (Canadian) Google.ca domains. But Equustek wanted more, and the British Columbia Supreme Court ruled that Google had to delete the entire domain from its search results, including from all other domains such Google.com and Google.go.uk. The British Columbia Court of Appeal upheld the decision, and the Supreme Court of Canada decision followed the analysis of those courts.
EFF intervened in the case, explaining [.pdf] that such an injunction ran directly contrary to both the U.S. Constitution and statutory speech protections. Issuing an order that would cut off access to information for U.S. users would set a dangerous precedent for online speech. In essence, it would expand the power of any court in the world to edit the entire Internet, whether or not the targeted material or site is lawful in another country. That, we warned, is likely to result in a race to the bottom, as well-resourced individuals engage in international forum-shopping to impose the one country’s restrictive laws regarding free expression on the rest of the world.
The Supreme Court of Canada ignored those concerns. It ruled that because Google was subject to the jurisdiction of Canadian courts by virtue of its operations in Canada, courts in Canada had the authority to order Google to delete search results worldwide. The court further held that there was no inconvenience to Google in removing search results, and Google had not shown the injunction would offend any rights abroad.
Perhaps even worse, the court ruled that before Google can modify the order, it has to prove that the injunction violates the laws of another nation thus shifting the burden of proof from the plaintiff to a non-party. An innocent third party to a lawsuit shouldn’t have to shoulder the burden or proving whether an injunction violates the laws of another country. Although companies like Google may be able to afford such costs, many others will not, meaning many overbroad and unlawful orders may go unchallenged. Instead, once the issue has been raised at all, it should be the job of the party seeking the benefit of an order, such as Equustek, to establish that there is no such conflict. Moreover, numerous intervenors, including EFF, provided ample evidence of that conflicts in this case.
Beyond the flaws of the ruling itself, the court’s decision will likely embolden other countries to try to enforce their own speech-restricting laws on the Internet, to the detriment of all users. As others have pointed out, it’s not difficult to see repressive regimes such as China or Iran use the ruling to order Google to de-index sites they object to, creating a worldwide heckler’s veto.
The ruling largely sidesteps the question of whether such a global order would violate foreign law or intrude on Internet users’ free speech rights. Instead, the court focused on whether or not Google, as a private actor, could legally choose to take down speech and whether that would violate foreign law. This framing results in Google being ordered to remove speech under Canadian law even if no court in the United States could issue a similar order.
The Equustek decision is part of a troubling trend around the world of courts and other governmental bodies ordering that content be removed from the entirety of the Internet, not just in that country's locale. On the same day the Supreme Court of Canada’s decision issued, a court in Europe heard arguments as to whether to expand the right-to-be-forgotten worldwide.
EFF was represented at the Supreme Court of Canada and the British Columbia Court of Appeal by David Wotherspoon of MacPherson Leslie & Tyerman and Daniel Byma of Fasken Martineau DuMoulin.
The 2015 Order famously outlined clear net neutrality rules. But those rules only passed muster because the Order also explicitly classified broadband service as a "common carrier" service, regulated by Title II of the Communications Act, rather than an "information service" regulated by Title I of the same Act. And that classification has several corollary effects, because Title II isn't just about net neutrality. It is also meant to curtail the anti-competitive conduct from incumbent monopolists like Comcast, AT&T, and Verizon. In essence, as common carriers, they are not able to use their power to control the Internet experience, and they are not able to directly harm their competitors in the broadband market.
That's why these small ISPs are worried. Chairman Pai wants to reverse the 2015 decision to reclassify broadband as a "common carrier" service, thereby eliminating the protections Title II offers. If he succeeds, not only are Section 201 and Section 202 -- the core provisions that support network neutrality -- on the chopping block, but also a whole host of other active provisions that protect competition in the broadband market. Small wonder the big cable and telephone lobbies are happy to pay lip service to net neutrality -- so long as the actual rules aren't based on Title II.
To start, Section 251 of the Communications Act requires broadband providers to "interconnect" with other broadband providers and related market players in order to prevent the possibility of a large player (back in the day that was AT&T) from denying access to the network by simply denying physical connectivity. While more clarity is needed from the FCC on how it intends to manage interconnection disputes, it was clear that the FCC had to play a role as problems began to arise. We saw this play out most notably with Netflix traffic, whether it is Comcast disputing the delivery of Comcast customer requested traffic to their homes, to the direct dispute between Comcast and Netflix before the 2015 FCC Order. Under the current rules, the FCC can intervene to prevent a major ISP with a vast network from leveraging its massive network size in an anti-competitive way to harm other networks. That oversight vanishes if Chairman Pai reclassifies broadband as an "information service," which undoubtedly Comcast would appreciate.
Another example of how Title II of the Communications Act promotes competition in broadband access is the relatively unknown issue of pole attachment rights under Section 224 of the Communications Act. Today, that section ensures that every broadband provider has the legal right to gain access to many of the poles that run along our roads. These poles, and other rights of way infrastructure, are the route that any broadband company must travel in order to get to your home or business. Google Fiber's deployment ran into snags in Austin, Texas when those poles were owned by AT&T, because the surest way to prevent competition is to just physically prevent their entry into your market. If a company the size of Google could be stifled without the law supporting them, what hope does a smaller ISP have in entering into a market where the incumbent broadband provider owns the poles that are a necessary component to deploying the network? The FCC Chairman's plan fundamentally ignores this problem and offers no clear solution to competitors. An incumbent broadband provider that owns a lot of the poles is going to have no federal legal obligation to share that access at fair market rates if broadband is no longer a common carrier service.
Lastly, Section 222 ensures that broadband users have a legal right to privacy when we use broadband communications. It has already taken a beating, thanks to Congress' misguided decision to repeal the FCC's rules that had been based on Section 222, but the section itself is still the law today. The problem now is that ISPs do not know their legal obligations with consumer data and how they are supposed to operate without more FCC guidance. Undoubtedly, the large cable and telephone companies that spent millions to lobby Congress to repeal the rules intend to profit from the vast treasure trove of personal data that runs over their networks. But ISPs opposed to Chairman Pai's plan are not looking to make more money off of their customers by selling their personal data without permission. Almost all of them were stronglyopposed to Congress repealing the privacy rules. None of them got into the business of providing access to the Internet so they could snoop on the activities of their customers. However, Chairman Pai's plan would outright remove the Section 222 privacy obligations for all broadband companies and as a result there would be absolutely no way to have broadband privacy rules absent a new law. In essence, Chairman Pai's plan would be the nail in the coffin for broadband privacy that Congress started with its privacy repeal earlier this year.
What is the FCC Plan for Smaller Competitors In the Broadband Market?
There is no plan. We have no alternative body of law beyond the Communications Act and the provisions of Title II to address the competition issues listed above. Antitrust is generally not a viable option as well. That is why Pai's plan is not about improving the investment opportunities for all broadband providers (a claim that has been thoroughly debunkedtwice now and now outright refuted by more than 40 ISPs themselves). Instead, it is a plan to radically enhance the market power of Comcast, AT&T, and Verizon in a way that no previous FCC Chair (both Republican and Democrat) ever entertained.