The American public used to show little interest in the kind of ambitious regulation of computer technology and the internet that an “internet bill of rights” represents. From a business perspective, the concern was that government involvement would stifle innovation. From a public good perspective, there was worry that “government meddling” would do more to harm than help the average person.
Attitudes have shifted drastically in the last couple of years, and you can attribute that to the actions of Russian spies and certain players in the “big data” industry for the most part.
The main argument for an internet bill of rights is that internet-based technology has progressed to the point that it is inextricably intertwined with everyone’s life, but the shepherds of this technology cannot be counted on to adequately self-regulate. The use of social media by Russian intelligence agencies to influence American elections, the rise of “fake news” and the seemingly countless hacks of databases full of sensitive personal information all point to a need for proactive government regulation to protect rights and liberties.
What would this legislation look like? In anticipation of a likely House of Representatives win for the Democrats, minority (and most likely soon-to-be majority) House leader Nancy Pelosi tasked Rep. Ro Khanna of Silicon Valley with creating what is essentially the first draft.
Congressman Khanna’s simple list of ten points (first published in the New York Times) focuses mostly on the handling of data, and you can see many of the cornerstone principles of the EU’s General Data Protection Regulation reflected in it. The bill proposes that Americans have full knowledge of and access to all personal data that companies are collecting, that opt-in systems for all of this data be implemented, that there be a process in place to correct or delete personal data in a timely manner, and that reasonable business practices and accountability be required to protect data privacy. ISPs would also be prevented from collecting data that is not necessary to provide the requested service – e.g. no selling of things like browsing history, search queries and physical location.
However, it takes things a step further by implementing what is effectively the foundational principle of “net neutrality”: ” … to access and use the internet without internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices.” In other words, this would guarantee ISPs cannot speed up or slow down your connection based on your personal use patterns.
The internet as a human right
The demand for government protections such as these seems most acute in the United States right now, but globally this is hardly the first effort of this nature. You can tie this back to the idea that access to the internet should be a basic human right, which has been expressed in a number of ways and in a number of different countries.
Why should internet access be considered a human right? The main argument has been that people cannot otherwise stay adequately informed, but as each year passes there is an even stronger case to be made that one cannot navigate their daily life without it. For example, ridesharing services like Lyft and Uber (which tend to be more affordable than taxis) and home grocery delivery almost always require internet access to make use of. The rise of the “gig economy” also means that many rely on the internet to make their living.
The ideas central to an internet bill of rights have been discussed in various countries since broadband became widely available in the early 2000s, but a potential watershed moment was the 2011 report filed by the United Nations Special Rapporteur that established the internet as a vital tool of “opinion and expression” and something that member states should make “widely available, accessible and affordable” even in times of political unrest. This developed further in 2016 when similar language was established in a non-binding resolution.
Some countries, such as France and Greece, have formally established internet access as a human right in the context of protection from losing it due to intellectual property violations and in terms of transparent pricing. Countries such as Finland and Spain have laid out schemes in which the state subsidizes internet access for all citizens. But it is still relatively rare to see governments tackle this issue in terms of specific laws about collection and handling of personal data by companies.
The most significant effort to create an internet bill of rights has been Brazil’s Civil Rights Framework for the Internet (which became law in 2014), but this has since suffered from issues with both government censorship (the banning of WhatsApp as well as numerous computer games) as well as the sorts of proposals that scare privacy advocates (such as a bill introduced in 2015 that would have required people use their legal names on the internet had it passed). The government of Italy issued a similar Declaration of Internet Rights in 2015, but it was non-binding and served more as a “think piece” than anything else. The EU’s GDPR remains the world’s most direct and broad legislation of collection of personal data, even though it is framed as a set of business regulations rather than as a civil rights matter.
The need for an internet bill of rights
Facebook’s ongoing string of controversies provides as good an example as any of why there is a demand for an internet bill of rights.
Allowing Cambridge Analytica to siphon personal data through a quiz app and taking hundreds of thousands of dollars from Russian intelligence agencies and their assets was just the start of their issues. Their ongoing problems came to a head very recently when they retained a PR firm to sow the same sort of misinformation that they had been so heavily criticized for facilitating.
Facebook also illustrates the issue with attempting to regulate tech companies and social media platforms using existing laws. It’s hard to shoehorn such a new business model into existing regulatory structures, like those for the financial industry or for media companies. An internet bill of rights would cut straight through this to provide the protections that consumers are most concerned about – the ability to obtain, correct or delete the reams of personal data companies have amassed and the knowledge of all collection of this nature.
Aside from malfeasance by poorly regulated data-handling companies, another big reason for regulation is the rise of “smart devices.” Many homes may soon have most (or all) of their vital functions tied to devices that require an internet connection to work properly.
Will it work?
The tech world is certainly acting as if GDPR-style data regulation is inevitable in the United States. The big question is the shape it will take.
Does one all-encompassing internet bill of rights stand the best chance of being passed into law, or would the process work better by dividing it into separate and more focused bills? For example, the bill drafted by Congressman Khanna tackles both data privacy and net neutrality at once. Data privacy regulation faces inevitable pushback from the tech industry, but public support for it tends to be strong and bipartisan. Net neutrality is more contentious, with strong entrenched Republican political opposition as an obstacle.