Tech Lobbyists Killed California Broadband Privacy Bill Using Terrorism Scare

Lobbying efforts from telecommunications firms and tech companies convinced California legislators to ditch a bill that would have passed broadband privacy rules for the state, documents obtained by the Electronic Frontier Foundation revealed.

The non-profit digital rights group published a number of documents that were allegedly produced and distributed by lobbying groups to lawmakers in a successful attempt to prevent a the passage of statewide protections that would have mirrored federal rules killed by the United States Congress earlier this year.

The California bill, which was shelved last month thanks to lobbying efforts, was introduced by Democratic assemblymember Ed Chau and was modeled after the Federal Communications Commission’s rules that would have required internet service providers to ask for the permission of customers before collecting sensitive data.

The federal level rules, which were set to go into effect later this year, would have made data related to a user’s finances, health, information from children, precise geolocation data, web browsing history and app usage history off limits to ISPs without opt-in from an individual. It also prohibited ISPs from extracting any content from unencrypted messages.

After the Obama-era FCC rules were killed by the House and Senate, a number of states took up the cause and attempted to pass localized versions of the Broadband Privacy Rules that would require ISPs operating within their borders to get user permission before collecting sensitive information.

That effort in California was met with harsh rebuke from lobbying organizations representing telecommunications firms and tech companies. The groups launched a bevy of attacks against the legislation in order to discourage lawmakers from supporting it.

Among the arguments was a claim that the bill would interfere with law enforcement efforts to prevent terrorism.

"The bill would bar ISPs from sharing potentially identifiable information with law enforcement in many circumstances. For example, a threat to conduct a terror attack could not be shared (unless it was to protect the ISP, its users, or other ISPs from fraudulent, abusive, or unlawful use of the ISP's service),” one of the documents read.

Another document given to lawmakers made a similar claim, stating such a law would prevent ISPs from sharing information law enforcement about a “violent threat to the public at large.” The document pointed to the possibility of a right-wing extremist having their activity inadvertently collected and suggested an ISP could only act on such information if the customer consented.

EFF Legislative Counsel Ernesto Falcon disagreed with the lobbying groups’ interpretation of the bill. He said there was “absolutely nothing true” about the claims that ISPs could not act to inform law enforcement of a potential threat.

“[The privacy bill] specifically said that an ISP can disclose information without customer approval for any ‘fraudulent, abusive, or unlawful use of the service.’ More importantly, it also included what is often referred to as a ‘catchall provision’ by allowing ISPs to disclose information "as otherwise required or authorized by law," Falcon said.

Lobbyists also made the claim that requiring consent from consumers would result in internet users being inundated with pop-ups that would eventually result in the user getting tired of dealing with the message and simply opting in to stop receiving them—the implication being that ISPs would simply continually hound a person until they agreed to surrender their sensitive data.

“New requests for consent would be required for any use not specifically included in the initial request for consent. This would likely annoy consumers," the lobbying groups claimed in the document.

Such an action wouldn’t have been allowed under the bill, which explicitly prevented ISPs from asking a person over and over again if they would consent to providing their information. If an ISP changed the terms of their service, the user would again be asked for permission. Otherwise, the choice to opt in or opt out sticks.

The lobbying tactics in California echo some of the same efforts launched against the federal Broadband Privacy Rules, which received pushback from lobbying groups representing the telecom and advertising industries.