Hacker News new | ask | show | jobs
by Kryptor 3370 days ago
The text of the resolution is very short, it simply says the FCC rule is repealed. You can read the rule here:

https://www.federalregister.gov/documents/2016/12/02/2016-28...

At 73 pages, it's a doozy. I don't know exactly what the effects would have been, but one important thing to note that I did not see mentioned once in any of the reporting about this is that the rule has only been in effect for 84 days. So I wouldn't expect any changes to be too noticeable.

Also worth noting is that whatever restrictions on ISPs are removed by this, it doesn't guarantee that ISPs will start doing that thing immediately, if at all. I also haven't seen reporting on what past behavior ISPs have already engaged in that this rule would have stopped.
2 comments
zu03776 3370 days ago
The first fifth of the linked resolution addresses what is customer personal information (protocols, ports, IP addresses, MAC addresses, contained information, etc.)

Paragraph 106 mandates that the information released should not be able to be de-identified, and third parties must be contractually obligated to not de-identify customers from the data.

Paragraph 117 says the clause must be transferable to third-parties all the way down the list, but a middle-man can hire a company in a different country to do the necessary work, outside the jurisdiction of the FCC.

Paragraph 115 says the ISP can share the IP address, and no other identifying data, and meet the requirements of de-identification. A clause to "revisit this topic later" is present. Damn right you better -- combined with other data sources from social media and search engines, I can trivially combine multiple data sources using the IP address and build a "personal profile" of your entire Internet usage, including those really unique "outlier" destinations.

Paragraph 143 says that no periodic reminder is required, so expect the "privacy notice" to be buried in a sea of required checkboxes at point-of-sale, and never seen again. There are provisions that it be available on a website and via other methods, etc., but "available" versus "easily found" are two different things.

Most of these rules will take effect in 12 months, not immediately. (The rule of preventing ISP services requiring you waive your privacy to provide service is 30 days (paragraph 295, § 64.2011), data security requirements in 90 days (§ 64.2005), and data breach notifications and requirements in 6 months (§ 64.2006).)

link
aanm1988 3370 days ago
> but one important thing to note that I did not see mentioned once in any of the reporting about this is that the rule has only been in effect for 84 days. So I wouldn't expect any changes to be too noticeable.

Isn't that just because the agency responsible changed from the FTC to the FCC?

link