It is hard to remember a time before we felt this urgency for online security. Each day seemingly brings more stories detailing data hacks and cybercrimes that impact consumers and their private lives. These crimes have focused public attention on protecting our personal information and we need both the public and private sectors to address the critical issues. But before we get into the technical weeds of adding two-factor authentication and other safety measures, which are important steps to protect our online security, we need for Congress, Federal agencies and online companies to come together to develop public policy to address some of the most crucial online privacy protections.
Last October, the Federal Communications Commission approved a 200-page set of rules governing part (and only part) of what we do online. They ignored one of the most important rules of consumer protection: Make it easy for the general public to understand and make informed decisions. Unfortunately, these rules were complicated and far from comprehensive. As a result, only certain types of online actions would have been governed. For example, the new rules would have applied to Internet Service Providers, but not internet websites like Facebook or Amazon that use among the most sophisticated tracking technologies. These types of inconsistencies actually put consumer privacy and protection in question.
Given public confusion, legal uncertainty and significant costs to implement, Congress overrode these rules last March. That action has given the FCC and the Federal Trade Commission the chance to work with internet companies and consumer advocates to jointly design a more consumer-friendly set of rules to empower internet users. We now have an opportunity for a clear national framework to emerge, with input from both the public and private sectors, that can be both easily understood and apply to all internet actions. For consumers, policy disclosure and our ability to guard our online privacy should become uniform and easier to manage.
We are encouraged that officials at the FCC and FTC are working on technology neutral rules and these cannot come soon enough. Unfortunately, several states have begun considering their own rules, which would be a recipe for even more confusion and inconsistency for consumer protection. Given the interlocking nature of the thousands of networks comprising what we call “the internet,” state-specific approaches to online privacy are doomed to fail. Would, say, a California law also cover mobile broadband signals coming from a wireless cell tower located on the Arizona side of the California-Arizona border? If Arizona then passed its own different privacy law, would separate rules have to apply to that same tower’s signal – which is essentially a technological impossibility?
We can all agree that online users deserve the ability to protect their private information. The key is to make this a reality and that requires a straightforward and nationwide system of consumer notification and approval. The only way forward is for Federal officials, industry leaders and consumer voices to work together on a solution that understands the way consumers use the internet and listens to every stakeholder’s needs.