The FCC’s historic overturning of the Obama-era Net Neutrality rules could have profound implications for the Open Internet – but not for the reasons that you might think. While analysts and advocates have focused primarily on the potential censorship implications of this move – as well as its likely impact on the price you will pay to use your favorite Internet services – there has been little discussion of its long-term impact on data privacy and cyber security.
The end of Net Neutrality could lead to an erosion of data privacy
The problem, simply stated, is that the biggest Internet service providers – those that spend literally millions of dollars each year lobbying Congress in Washington, D.C. each year – are trying to de-regulate every aspect of providing Internet service. The obvious starting point was striking down Net Neutrality, which consolidated all the long-held assumptions of the Open Internet – such as the belief that all traffic should flow freely and openly and that no content should be directly censored – into law.
But it is obvious that the biggest Internet service providers won’t stop at Net Neutrality – they will move ahead with other measures, such as striking down broadband privacy laws that are bubbling up in state legislatures around the nation. Verizon, for example, has been particularly aggressive about new regulations being floated in California and New York that would impose (from their perspective) onerous regulations on them about how they can use consumer data.
If forced to abide by stringent regulations on consumer data and data privacy – something they will fight at every step – these Internet service providers will likely attempt to pass along any costs to the end consumer. For example, it is easy to imagine a tiered pricing system, in which consumers who pay more are able to guarantee that their data is completely encrypted end-to-end, while consumers who are unable or unwilling to pay for this new “premium” service would be taking the risk that their data was not fully protected from prying eyes.
As Tim Erlin, VP of Product Management and Strategy at Tripwire, points out, “Why wouldn’t an ISP charge businesses and individuals more for supporting encrypted traffic? The loss of Net Neutrality can easily make security a premium service. It may not be the first impact, but losing Net Neutrality opens up the possibility of ISPs mining previously encrypted traffic for valuable data.”
Now that Internet service providers are freed from being regulated as “telecommunications providers” as the result of striking down Net Neutrality, they are no longer bound by the rule that they cannot alter or examine traffic on the Internet. In the “old” Internet, an ISP had to deliver a packet of data from Point A to Point B, no questions asked (much like your local phone company). It couldn’t “slow” the data artificially, and it couldn’t examine the data on its path to the final destination.
But all that changes once the Open Internet disappears and Net Neutrality dissolves into the ether. When Internet Service Providers are classified as “information service providers” (and not as telecommunications providers), it opens up many more possibilities of what they can do with Internet traffic.
For example, they could decrypt and encrypt data at various points along the destination from Point A to Point B. In one scenario, in fact, Internet service providers could choose to decrypt personal data flowing over its networks for their own data-gathering purposes. The point here is clear: in the post-Net Neutrality era, traffic is going to be altered and examined along the way, and it could expose your personal data to scrutiny – not just from hackers, but also from the Internet service providers themselves.