ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Well done, ISP lobbyists!

[llamalad]

As a direct result of your efforts, I just clicked over to the EFF site to sign up to do recurring monthly donations to them.

I've had a vague intention to do so for a while, but thanks much for pushing me into action.

Popup concern?

[mysidia]

The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing ....

In addition to REQUIRING customers' permission, I suggest they add the following to the law:

• For the purposes of this act; specific permission MUST be obtained from the customer IN WRITING with the customer's official signature EACH time their history information or private details are to be shared, sold, or used for any purpose not directly essential to providing that customer's broadband service or resolving abuse complaints due to customer's activity. Non-written forms such as a verbal direction or acknowledging a "Click-Through Agreement" may not be used to obtain permission.
• Customer's permission to share information SHALL NOT be required as a condition to purchase or renew subscription to any broadband, or internet access services.
• Service providers SHALL NOT interfere with network access or delivery of purchased services in any way order to request or wait for permission.

Re:Popup concern?

[RLaager]

At that point, it is effectively a ban on sharing. I assume that is what you want. It is what I want, and I am a manager at a small ISP (not in California). We should just enact an outright ban.

This sort of thing was not allowed in telephone, as far as I know. I see no reason it should be different for Internet.