On Tuesday, Congress narrowly passed legislation allowing internet service providers to sell their customers’ browsing history and personal information to advertisers without their consent, overruling an Obama Administration proposal that would’ve outlawed the practice. Some internet-privacy advocates have decided to respond by mounting fundraising campaigns in hopes of buying and publishing the data trails left by members of Congress.
Net-neutrality advocate Adam McElhaney has already amassed more than $161,000, saying he’ll use the money to purchase the Web history of every representative who voted to overturn the rule. He’s not the only one with this idea. Max Temkin, creator of the game Cards Against Humanity, says he’s also planning to buy Congress’s online habits. Misha Collins, an actor on the television series Supernatural, has raised more than $64,000 for the cause.
“I plan on purchasing the Internet histories…everything from their medical, pornographic, to their financial and infidelity. Anything they have looked at, searched for, or visited on the Internet will now be available for everyone to comb through,” McElhaney writes. “Let’s turn the tables. Let’s buy THEIR history and make it availble [sic].”
But all these efforts overlook an important detail: As odious as it will be for Comcast, Verizon, and other ISPs to sell their subscribers’ browsing data to advertising clients that want to zero in on customers, the law still prevents them from selling data that can be pegged to specific individuals. The Telecommunications Act of 1996 largely prohibits the sharing of “individually identifiable” information and, while the Wiretap Act, passed in 1968, prevents most instances of divulging a person’s electronic communications without consent–meaning it’s illegal to buy a congressperson’s search history. Regulations are much more permissive when it comes to selling “aggregate” customer info. When consumer-tracking firms couple their information with identifying details gleaned from personalized sites such as Facebook, it becomes possible to match the person with their browser data.
Internet service providers have long tracked their customers’ data, including search-engine queries and email content, but have never had to directly tell them about it. Many companies already buy user information from ISPs to tailor and target their advertising. Former President Barack Obama‘s proposed regulations had not yet gone into effect, but would have prevented ISPs from collecting and selling this data—particularly sensitive things like email addresses and information about children—without explicit permission from users.
Many savvier internet users also route their traffic virtual private networks, or VPNs, which function as secure pipelines that encrypt all data being sent and received. Theoretically, a digital-privacy activist could still try to purchase data created by from personal or field office computers–so long as those computers use ISPs that sell their customers’ internet histories and aren’t using a trustworthy VPN. There’s a key problem: determining which accounts belong to the officials who voted to roll back privacy protections.
This is not to say there isn’t plenty to be upset about with Congress’s rolling back the privacy rule. It is almost certain to lead to sneakier and more aggressive data collection on the part of ISPs, which may also impose frustrating barriers on customers who want to opt out. Still, your outrage money is better spent on a good VPN instead of these crowd-funding campaigns that’s almost sure to fail to churn up House Speaker Paul Ryan‘s (presumed) history of Crossfit videos and Papa Roach songs.