Image of a open sign on shop window representing how the end of net neutrality and the open internet will impact data privacy and cyber security
Why the End of Net Neutrality and the Demise of the Open Internet Could Have Unintended Consequences for Data Privacy and Cyber Security

Why the End of Net Neutrality and the Demise of the Open Internet Could Have Unintended Consequences for Data Privacy and Cyber Security

The FCC’s historic overturning of the Obama-era Net Neutrality rules could have profound implications for the Open Internet – but not for the reasons that you might think. While analysts and advocates have focused primarily on the potential censorship implications of this move – as well as its likely impact on the price you will pay to use your favorite Internet services – there has been little discussion of its long-term impact on data privacy and cyber security.

The end of Net Neutrality could lead to an erosion of data privacy

The problem, simply stated, is that the biggest Internet service providers – those that spend literally millions of dollars each year lobbying Congress in Washington, D.C. each year – are trying to de-regulate every aspect of providing Internet service. The obvious starting point was striking down Net Neutrality, which consolidated all the long-held assumptions of the Open Internet – such as the belief that all traffic should flow freely and openly and that no content should be directly censored – into law.

But it is obvious that the biggest Internet service providers won’t stop at Net Neutrality – they will move ahead with other measures, such as striking down broadband privacy laws that are bubbling up in state legislatures around the nation. Verizon, for example, has been particularly aggressive about new regulations being floated in California and New York that would impose (from their perspective) onerous regulations on them about how they can use consumer data.

If forced to abide by stringent regulations on consumer data and data privacy – something they will fight at every step – these Internet service providers will likely attempt to pass along any costs to the end consumer. For example, it is easy to imagine a tiered pricing system, in which consumers who pay more are able to guarantee that their data is completely encrypted end-to-end, while consumers who are unable or unwilling to pay for this new “premium” service would be taking the risk that their data was not fully protected from prying eyes.

As Tim Erlin, VP of Product Management and Strategy at Tripwire, points out, “Why wouldn’t an ISP charge businesses and individuals more for supporting encrypted traffic? The loss of Net Neutrality can easily make security a premium service. It may not be the first impact, but losing Net Neutrality opens up the possibility of ISPs mining previously encrypted traffic for valuable data.”

Now that Internet service providers are freed from being regulated as “telecommunications providers” as the result of striking down Net Neutrality, they are no longer bound by the rule that they cannot alter or examine traffic on the Internet. In the “old” Internet, an ISP had to deliver a packet of data from Point A to Point B, no questions asked (much like your local phone company). It couldn’t “slow” the data artificially, and it couldn’t examine the data on its path to the final destination.

But all that changes once the Open Internet disappears and Net Neutrality dissolves into the ether. When Internet Service Providers are classified as “information service providers” (and not as telecommunications providers), it opens up many more possibilities of what they can do with Internet traffic.

For example, they could decrypt and encrypt data at various points along the destination from Point A to Point B. In one scenario, in fact, Internet service providers could choose to decrypt personal data flowing over its networks for their own data-gathering purposes. The point here is clear: in the post-Net Neutrality era, traffic is going to be altered and examined along the way, and it could expose your personal data to scrutiny – not just from hackers, but also from the Internet service providers themselves.

The demise of the Open Internet could spark new cyber security concerns

Taking the analysis one step further, the ability of the biggest Internet service providers to create new pricing tiers and new service fees could lead to an uneven playing field in which it is impossible for content creators and app developers to know which Internet they are actually designing for. In other words, the Internet that you use at the office might be very different than the Internet that you use at home or at the corner coffee shop.

That’s an important point that Tim Erlin of Tripwire emphasizes, “The removal of Net Neutrality is likely to decrease transparency on the Internet, and less transparency will increase cybersecurity threats. As ISPs implement different behaviors for managing, filtering and altering content, we’re going to develop towards a bunch of different internets, instead of one Internet.”

It might be time, in fact, to think re-think our notion of the Internet as one vast “information superhighway.” Using that old analogy, the Internet was envisioned as a super-fast highway, in which all roads were free, open and exactly alike. Information could flow from one destination to another freely, without any fees or obstructions. The free Open Internet was a glorious period.

But now what will happen? We could face a new system in which vast super highways are combined with treacherous back roads, winding streets, and lots of toll booth operators. To get from Point A to Point B, you might need to pay a toll to your Internet service provider. Failure to do so would mean finding an alternative path – such as a longer, winding route that might not even appear on a map.

And it is exactly on those “back roads” of the Internet that you will be most likely to find all the bandits, marauders and black hat hackers. If you’re not willing to pay extra for secure traffic on a toll road, then good luck! Every time you stream a new Netflix movie on an unprotected, unencrypted network, you might be opening up yourself to new cyber risks.

The key point here, suggests Erlin of Tripwire, is that the new Trump-era Internet will be much more vulnerable to attack, “It may not be at the forefront of the Net Neutrality debate, but these changes will ultimately increase the attack surface available to criminals. If ISPs are no longer required to pass traffic unaltered, they can simply stop end-to-end encryption entirely.”

What’s the future of the Open Internet?

At some basic, philosophical level, the biggest Internet service providers are not against an “Open Internet.” They are American companies and they believe in freedom and democracy. Yet, the way they define an “Open Internet” is very different from how a consumer or content provider might define an “Open Internet.”

The biggest government lobbyists are defending the striking down of Net Neutrality as a big win for innovation. Now that they’ve “deregulated” the Internet, they claim, they can go to work creating faster new 5G broadband networks and encouraging content providers to come up with innovative new service offerings. And, of course, they will promise you that your favorite Netflix streaming service won’t be affected, not at all, by this latest attack on the Open Internet.

Final thoughts on the end of Net Neutrality

But can we trust that the FCC has made the right move? By fundamentally reclassifying the Internet as an information service rather than a telecommunication service, they may be unintentionally opening up an entire Pandora’s Box of problems and issues that are just now being considered.

Overturning of the #NetNeutrality rules could have profound data #privacy and #cybersecurity implications.Click to Tweet

Striking down Net Neutrality might seem like an inherently good idea to proponents of deregulation, but the risk is that this momentum will continue, encouraging the biggest Internet service providers to dismiss any and all regulations that impact the Internet – such as anything that would require them to pay more attention to data privacy and cyber security.


Senior Correspondent at CPO Magazine