Stuck in Neutral

WHY THIS MATTERS: As the EU works aggressively on internet privacy and net neutrality regulations, U.S. officials are grinding their gears and risk getting left behind.

Should the United States follow in the European Union’s footsteps to regulate big media companies?

In a few weeks, the internet in the U.S. will no longer be subject to a complex set of rules known as “net neutrality,” intended to prevent internet service providers from forcibly slowing competitors’ traffic or charging for “fast lanes,” among other things.

In Europe, consumers are preparing for sweeping new changes in media regulation, too — but lawmakers there are charging in the opposite direction of U.S. regulators.

It is not clear whether Europe’s approach is the right one, but regulators are at least aggressively tackling the problem, while the U.S. players continue to fight with the referees and Congress has refused to take the field in a meaningful way.

Despite howls of protest over many months by consumer groups, and a quixotic effort by the Senate last Wednesday to kill the repeal of net neutrality rules, the new set of light-touch rules, passed by a Republican-led FCC in December, go into effect on June 11.

A day earlier, the White House eliminated the position of cybersecurity coordinator on the National Security Council, a position charged with responding to increasingly sophisticated cyberattacks on personal, corporate and government targets in the U.S.

That same day, Facebook, the largest social-media platform in the world, admitted it had disabled 583 million fake accounts in the first quarter of this year alone. This, after Facebook’s role in the U.S. election-hacking scandal revealed that 87 million user identities were harvested and manipulated by Cambridge Analytica. Privacy advocates in the U.S. are stumping for ample legislation to fix the avalanche of incidents of digital theft of data and identities.

Having already passed strong net neutrality rules in 2016, on May 25 the European Union is pressing the button on sweeping new privacy regulation known colloquially as GDPR, for “General Data Protection Regulation.”

But with all the benefits that come with the EU’s progressive regulation, it’s not clear the U.S. should follow down the same path. What is clear is that, after exhaustive study and years of debate, administration policy shifts and legal fights, the U.S. is in dire need of updated internet laws, not quick fixes using ancient rules. And Congress needs to step in, fast, before the Internet of Things races past it at the speed of 5G.

Putting the EU in Neutrality

At their core, the new EU privacy protections offer the right to access, inspect, even “erase” your own personal data, and require companies to explain options and permissions simply.

The new rules are designed to give internet users more control over how their personal data is collected and used. And not a moment too soon, given the revelations in recent weeks about the colossal personal-data mining machines inside Silicon Valley behemoths, led loosely by the group known unaffectionately as FAANG: Facebook, Amazon, Apple, Netflix and Google.

U.S. consumers will, surprisingly, be more protected by European laws than anything passed recently in Washington, D.C. That’s because the new GDPR rules apply not just to European companies, but to any business outside the EU serving its residents. The rules have already prodded voluntary changes here in the U.S. by hundreds of companies, including the FAANG gang. That isn’t surprising, given that the financial penalties are hefty — up to 4% of global revenue — and painful for companies that violate the new rules.

How is privacy protected in the U.S.? “The Federal Trade Commission merely requires internet companies to have a privacy policy available for consumers to see,” Obama-era FCC chairman Tom Wheeler wrote last month in The New York Times. “A company can change that policy whenever it wants as long as it says it is doing so. As a result, internet companies have been taking our personal property — our private information — while hiding this fact behind lengthy and coercive legalese and cumbersome ‘opt-out’ processes.”

“The United States government has a lot of explaining to do,” concluded Wheeler, who is now a visiting fellow at the Brookings Institution and a fellow at the Harvard Kennedy School.

Getting Congress to agree on much of anything, much less on how data and privacy should be protected, remains a study in frustration, even among those who traditionally favor a light regulatory touch. Following the grandstanding testimony of Facebook CEO Mark Zuckerberg and the awkwardly ignorant questions from lawmakers, if the event horizon for strong new privacy laws in the U.S. seems long, net neutrality reform appears even more distant. Congress needs to bring both into the foreground and sharp focus through bipartisan action.

While most consumers can understand what privacy regulations do, far more complicated are the arguments over the ambiguous term “net neutrality,” whose definition has been hijacked by both sides of the debate to serve their own purposes.

For starters, the internet has never been, nor will it be, “unregulated,” and it always has been under the purview of antitrust laws and the FTC’s authority over anticompetitive practices.

Net neutrality — a term poorly understood even by some who swear by it — is the principle that ISPs do not discriminate or charge differently based on content, platform or user. Cheered by consumer groups and adopted in 2015 by then-FCC chairman Wheeler, the rules classify broadband access as a telecommunications service, subjecting it to many — but not all — “common carrier” provisions under Title II of the Communications Act of 1934. This was done to ensure good behavior on the part of ISPs.

The current FCC chairman, Ajit Pai, disagrees with that assessment, and said the regulator made a mistake passing net neutrality rules in 2015 and reclassifying ISPs as public utilities. “The FCC decided to apply last-century, utility-style regulation to today’s broadband networks,” Pai said. Oversight of complaints about unfair behavior now sit with the FTC, and supporters of the new “light-touch” rules say the mere threat of regulation, not to mention being “outed” by consumers in a viral media age, are sufficient to suppress bad behhavior.

Consumer groups and First Amendment advocates protested at the repeal. The American Civil Liberties Union called the action an “evisceration” of protections once enshrined in law. Public Knowledge praised the Senate’s effort last week to kill the repeal of the Open Internet Order, called the current rules “out of touch” and declared that now ISPs would “finally have the freedom to discriminate online.”

One big concern for consumer advocates is “zero-rating plans,” wherein companies offer content services for free without it counting against a user’s data caps. While it seems as if unlimited plans have made zero-rating less relevant, there are some exceptions, notably AT&T’s zero-rating for their wireless customers that subscribe to DirecTV Now.

Customers love the deals, but by offering those services for free and not others, giants such as AT&T give a huge advantage to those companies they favor, notably their own. This flies in the face of net neutrality — or does it? Depending on how the deals are structured, they could violate net neutrality rules. Conversely, they may also subsidize broadband access, as chairman Pai suggests, and be a way to differentiate among competitors, depending on how competitive the market is, another issue of hot debate.

The Body of European Regulators for Electronic Communications (BEREC) created guidelines on zero-rating programs, but not all plans are created equally in terms of net neutrality legality.

It’s not clear that either of the current choices offered in the U.S. — outdated rules treating internet companies like old-fashioned utilities or a “light-touch,” complaint-driven approach favored by this particular administration — will give U.S. consumers a lasting solution.

With each new administration — having no comprehensive law in place — big media companies will continue to be whipsawed by the uncertainty.

Roslyn Layton, a visiting scholar at the American Enterprise Institute, in a study published last year found “significant statistical support” for “soft” voluntary net neutrality rules that allowed government intervention, but not for punitive, “hard” net neutrality.

“The results suggest that ‘hard’ net neutrality policy, such as the FCC’s Open Internet Order with Title II, may not be as necessary and effective as purported,” she wrote.

Layton looked at Denmark and the Netherlands, two similar socioeconomic countries with advanced mobile networks, over five years. “During this period, Denmark, which employed voluntary self-regulation, experienced an increase in the number, rank and performance of locally made mobile applications, whereas the Netherlands, which legislated the world’s toughest rules, experienced a decline for the same indicators. Results were statistically significant.”

While the stated goal of the EU legislation is to “protect end users and promote innovation,” Layton wrote, she found “no evidence that new internet innovation has resulted from the EU rules.”

A U.S. Approach

So should the U.S. follow the EU on privacy and net neutrality rules? Not everyone is so sure.

When the FCC under Wheeler passed rules moving regulation of broadband to Title II of the Telecommunications Act, it “failed to address” the problems of discrimination and privacy he so eloquently describes, wrote Rick Boucher (D-Va.), a former member of the U.S. House of Representatives for 28 years who chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet.

Moreover, Boucher argued, the FCC flubbed its chance to properly regulate the internet by focusing obsessively on ISPs (distributors) while leaving so-called edge providers (apps and services such as FAANG) free to harvest data and dupe consumers, a point acknowledged by many in Congress on both sides of the aisle.

Wheeler’s rules “targeted only one group of companies (internet service providers), which collect far less customer data than internet edge providers that have an advertising business model grounded on the preference profiles they assemble from data collected about their users,” Boucher wrote.

Boucher also took aim at Wheeler’s embrace of GDPR, calling it a “highly intrusive regulatory regime” that could “harm the advertising business model of internet edge providers” which enables “the bulk of internet content to be free or priced at a very low cost.” Many businesses in Europe, to no one’s surprise, complain that even the new GDPR restrictions have been onerous, restrictive and expensive.

Boucher concluded, “That’s why there is no need to follow Europe in the path of highly intrusive regulation, but instead to enact comprehensive legislation here.”

Such a law could include both privacy protections and open internet principles.

For all the outrage from politicians and protesters, no big pile of gross violations by big ISPs is expected. Indeed, more than 30 states are passing legislation to maintain the federal net neutrality laws in spite of the repeal, though the FCC’s Restoring Internet Freedom order pre-empts such state attempts, likely meaning more litigation and uncertainty.

Moreover, the nation’s largest cable operators, including Comcast and Charter Communications (which absorbed the former Time Warner Cable and Bright House Networks systems), already operate under net neutrality principles because of conditions placed on recent mergers.

Market mayhem surely awaits if critical — and complicated — internet issues facing American consumers today, privacy and regulation chief among them, are allowed to fester into problems without reckoning with them through laws in Congress.

The FCC can’t do it alone: In the last decade, two of three attempts to impose internet rules were struck down by the courts. As Layton pointed out, the most recent attempt by Wheeler drew nine lawsuits and was upheld in federal court, though a Supreme Court challenge is underway.

Advocates on both sides violently agree that only Congress can resolve the issues. Last week’s effort by the Senate, by all accounts, will likely die in the House of Representatives for lack of votes. And it should: It’s a Band-Aid on a hemorrhaging head wound.

Even the intended targets of the original, now-repealed net neutrality rules are pleading for a new law that would consider all the relevant issues, draw up comprehensive rules and give certainty to the financial markets.

“The importance of formulating sound internet policy demands that legislators of both parties sit down and work in earnest to craft enduring legislation,” NCTA–The Internet & Television Association, representing cable operators, said in a statement. “Today, senators on a bipartisan basis delivered passionate speeches about the importance of the internet and ensuring that consumers continue to enjoy an open and unfettered online experience. We couldn’t agree more which is why for years we have called on members of Congress to craft bipartisan legislation that would finally and permanently enshrine net neutrality protections into law.”

Republicans and Democrats remain divided over an existential issue both agree should transcend political differences. Bridging that digital divide is a must.

John Eggerton contributed to this report.