There’s a commonly referenced idea that ISPs collect all kinds of juicy, private data on their users, and because of that, regulators need to amp up privacy restrictions on them in a big way. This makes for some fascinating theories in the blogosphere and the comment sections, not to mention it offers a wellspring for movie and TV scriptwriters.
But how much is all based on cool, solid facts? Obviously, it depends on the person you’re asking, and which security expert they believe. Falling on the side that the theory is overblown is a privacy specialist who released information this week in which he posits that ISPs don’t necessarily have as much access to unique information as some consumers think.
Peter Swire, who served on Obama’s Review Group on Intelligence and Communications Technology and was chief counselor for privacy under Clinton, released some details yesterday on a working paper that he says offers “a detailed, factual description of today’s online ecosystem for the United States, with attention to user privacy and the data collected about individual users.”
Swire, who currently is professor of law and ethics at the Georgia Institute of Technology, addresses what he calls “a widely held, but mistaken view” about ISPs and privacy. “That view asserts that ISPs have comprehensive and unique access to, and knowledge about, users’ online activity because ISPs operate the last mile of the network connecting end users to the Internet,” Swire writes. “Some have cited this view to suggest that ISPs’ collection and use of their customers’ online data may justify heightened privacy restrictions on ISPs.”
The paper doesn’t take a position on what rules should apply to ISPs and other players in the Internet ecosystem going forward, Swire says, but he does add that he thinks public policy should be consistent and based on the latest, accurate facts.
Two main talking points are addressed in the report. “First, ISP access to user data is not comprehensive – technological developments place substantial limits on ISPs’ visibility,” Swire says. “Second, ISP access to user data is not unique – other companies often have access to more information and a wider range of user information than ISPs. Policy decisions about possible privacy regulation of ISPs should be made based on an accurate understanding of these facts.”
Filed Under: Industry regulations