• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

Working Paper on Internet Service Providers and Privacy Released

March 1, 2016 By Privacy & Data Security Team

On February 29, The Institute for Information Security and Privacy released a Working Paper titled, “Online Privacy and ISPs: ISP Access to Consumer Data is Limited and Often Less than Access by Others.”  Peter Swire, Senior Counsel at Alston & Bird and Professor at the Georgia Institute of Technology Scheller College of Business authored the paper, along with Alana Kirkland, an associate in Alston’s Technology and Privacy Group and Justin Hemmings, a policy analyst at Alston & Bird and a research associate at the Georgia Institute of Technology Scheller College of Business. Broadband for America contributed financial support for the paper.

The Working Paper addresses a widely-held view that Internet Service Providers (“ISPs”) have comprehensive and unique access to, and knowledge about users’ online activity because they operate the last mile of the network connecting end users to the Internet. Certain consumer advocates have cited this view to suggest that ISPs’ collection and use of their customers’ online data may justify heightened privacy restrictions on ISPs.  Although the Working Paper does not take a position on what rules should apply to ISPs and other players in the Internet ecosystem, the Working Paper addresses two fundamental points that support the conclusion that there is no factual basis for heightened privacy regulation of ISPs.

First, ISP access to user data is not comprehensive as technological developments place substantial limits on ISP’s visibility. Particularly, in the 1990s, a typical user accessed the Internet from a single, stationary home desktop connected by a single ISP. Today, in contrast, the average Internet user has multiple connected devices, many of which are mobile and connect from diverse and changing locations (e.g., WiFi networks) that are served by multiple ISPs. Further, there is increasingly pervasive encryption of online sources, with new data showing that HTTPS usage rose from 13% in April 2014 to 49% by February 2016. Lastly, one integral function of ISPs has been domain name lookup—matching a user’s web address request to the correct domain and specific Internet Protocol address. Today, there is a small, but growing trend of Internet users using proxy services such as Virtual Private Networks and other proxy services offered by leading Internet companies, which prevent ISPs from seeing the domain name that a user is visiting, or the content of the data packets they are sending and receiving.

Second, ISP access to user data is not unique—other companies often have access to more information and a wider range of user information than ISPs. Non-ISPs are increasingly gathering commercially valuable information about online user activity from multiple contexts such as: (1) social networks, (2) search engines, (3) webmail and messaging, (4) operating systems, (5) mobile applications, (6) interest-based advertising, (7) browsers, (8) Internet video, and (9) e-commerce. Traditional ISPs are not market leaders in any of these major areas, and are just starting to compete in some of them. Additionally, non-ISPs tend to dominate in cross-context tracking, which is combining information from the various contexts above, as well as cross-device tracking.

The authors conclude that based on a factual analysis of today’s Internet ecosystem in the United States, ISPs have neither comprehensive nor unique access to information about users’ online activity.

The complete Working Paper is available for download here.

 

Filed Under: Privacy Tagged With: Federal Communications Commission (FCC), Regulatory Enforcement

Reader Interactions

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Countdown to CCPA Effective Date


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


PRIVACY MAILINGS
Click Here to Sign Up

FOLLOW US
on Twitter Click Here


Secondary Sidebar

Categories

Recent Posts

  • Alston & Bird Expands Privacy and Cybersecurity Capabilities with Former FTC Veteran
  • Treasury Announces Sanctions Against Cybercriminal Group Behind ‘Dridex’ Malware, Offering Mitigation Strategies for Businesses
  • Critical Audit Matters Disclosure Implicates Information Technology and Security
  • SHIELD Act Overhauls New York’s Data Breach Notification Framework
  • Alston & Bird Details 21 Potentially Significant Impacts from Draft CCPA Regulations
Copyright © 2019 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy