by Jennifer O'Brien

ISPs could sell your browsing history: Aussie expert weighs in on US proposal

Apr 12, 2017

If the US ‘green lights’ legislative proposals to empower ISPs to freely disseminate a consumer’s personal information- and even sell your web browsing history – it could potentially open doors to new markets and revenue streams, according to the head of the Internet Association of Australia (IAA).

“If all of these changes do occur, the most interesting thing we will see is whether or not ISPs choose to sell that data, and which ISPs choose to do it. And then obviously down the track, what the commercial ramifications are,” IAA president Tom Berryman told CIO Australia.

“My expectation is that if a single ISP chooses to sell this information, I think it it will be very detrimental to their bottom line in the long term, but if they all choose to do it, that’s obviously an additional revenue stream.”

The question then, he said, is whether or not the ISPs pass those savings onto consumers.

“I doubt it, but if they are making money by selling their consumers data, then maybe. The flip side of all of this is, if they do manage to sell browsing information for enough money, it is no different to YouTube hosting free videos and showing ads – if you get free internet just to be shown targeted ads. Is that the worse thing in the world?”

IAA’s Tom Berryman

IAA is a member-based association representing the Internet community, providing services and resources for members and supports the development of the Internet industry in Australia and overseas.

While Berryman acknowledged there are big differences between Australia and the US with respect to how both countries treat people’s private information, he said it is worthwhile to study the legislative proposals overseas and actions of industry counterparts.

“With what’s potentially about to happen, obviously the conjecture is that just because ISPs are no longer required and prevented by law from distributing or selling people’s browsing information, firstly, it doesn’t necessarily mean that they will.

“And if the big ones do, then maybe this gives rise to a whole new market of ISPs that are willing to protect your privacy. And maybe they could make more money that way – maybe customers will pay for that. And that kind of leads to the fact that maybe consumers need to realise keeping your information safe, costs money.”

Berryman also questioned how much information an ISP can actually collect.

“Is it a good thing that providers can disseminate your private information? No. Absolutely not. But having said that, it does raise the question of how much browsing history can an ISP actually collect.

“Most big internet websites – like Facebook, Google, Twitter – they all force you to use HTTP SSL environments on their website so anything you interact with between the website is not really visible to your ISP. The only thing that the ISP can really see is what website it was and how much traffic to it, which is nothing more than the metadata.”

He said while the Internet security industry – notably big companies like Palo Alto, Cisco and Checkpoint – make a lot of money by protecting people’s information – maybe “consumers now need to realise that paying a little bit more for an ISP that is going to protect their information is probably worth it.”

Specifically, he said the proposed legislative changes could significantly alter the commercial dynamic of internet purchasing – raising new questions about consumer expectations of internet prices and desired declines week-on-week and month-on-month.

Privacy erosion

But given the rate of privacy erosion in the US over the last ten years, Berryman said he’s not surprised by the proposed legislation.

“Everyone has come to accept that there’s a decline in privacy and your personal information is no longer secret. Everyone has made sacrifices for their privacy for the sake of national security,” he said, wondering whether other countries will follow suit.

“I wonder if this will be the new state of the internet. But as far as you go, you look at somewhere like China, and nothing you do on the internet is secret. The government watches everything you do. You have no privacy on the internet. And maybe consumers, or maybe we all need to address that, what we do on the internet is no longer secret, it’s public domain. Your browsing history, all your details, are out there for anyone to buy and to see.”

In Australia, he said an ISP has to collect individuals’ metadata and store it for a minimum timeframe, and is also required by law to ensure that it is secure and protected and doesn’t ever get exposed.

“As much as I may disagree with the data retention policy, the government did put up funding to providers to facilitate the retention of data, which again is demonstrating that privacy and security does cost money.”

Moreover, he doesn’t see privacy erosion happening here in Australia. “Given the Australian privacy policy, with regards to digital security, it is quite strong and quite good. I think Australia has a good security policy.”

“I certainly don’t expect to see changes like that. Our government, particularly in procurement, is very strong about privacy and security. And they do enforce their privacy policy so when data breaches do occur, the requirement for disclosure and such is quite strong and it is a well written and well used policy. We have that quite well.”

Berners-Lee weighs in

Meanwhile, Berryman wasn’t the only one discussing the US move to roll back internet privacy laws. Internet founder, Sir Tim Berners-Lee, told The Guardian that politicians’ attitude toward the internet was “really appalling” and that users were in danger.

Tim Berners-Lee

“Privacy, a core American value, is not a partisan thing. Democrats fight for it and Republicans fight for it, too, maybe even more,” he told The Guardian.

“If they take away net neutrality, there will have to be a tremendous amount of public debate as well. You can bet there will be public demonstrations if they do try to take it away.”