Governors are sent by Him to punish the evildoers and praise the virtuous (1 Peter 2:14).

Congressional Record2017/3/28Senate | House | Extensions

2017/3/28 > House > H2489 >     1 | Next Article


[Pages H2489-H2501]
From the Congressional Record Online through GPO


Mrs. BLACKBURN. Mr. Speaker, pursuant to House Resolution 230, I call up the joint resolution (S.J. Res. 34) providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”, and ask for its immediate consideration in the House.

The Clerk read the title of the joint resolution.

The SPEAKER pro tempore. Pursuant to House Resolution 230, the joint resolution is considered read.

The text of the joint resolution is as follows: S.J. Res. 34 Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (81 Fed. Reg. 87274 (December 2, 2016)), and such rule shall have no force or effect.

The SPEAKER pro tempore. The joint resolution shall be debatable for 1 hour equally divided and controlled by the chair and ranking minority member of the Committee on Energy and Commerce.

The gentlewoman from Tennessee (Mrs. Blackburn) and the gentleman from Pennsylvania (Mr. Michael F. Doyle) each will control 30 minutes. General Leave

Mrs. BLACKBURN. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days to revise and extend their remarks and to include extraneous material on S.J. Res. 34.

The SPEAKER pro tempore. Is there objection to the request of the gentlewoman from Tennessee?

There was no objection.

Mrs. BLACKBURN. Mr. Speaker, I yield myself such time as I may consume.

Mr. Speaker, I do rise today in support of S.J. Res. 34, which disapproves of the rule submitted by the Federal Communications Commission relating to protecting the privacy of customers of broadband and other telecommunication services.

I applaud Senator Flake's work on this issue, as S.J. Res. 34 was passed by the Senate last week. I also filed a companion resolution in the House.

The FCC finalized its broadband privacy rules on October 27, 2016. At that time, they assured us that the rules would provide broadband customers meaningful choice, greater transparency, and stronger security protections for their personal information collected by internet service providers, but the reality is much different.

There are three specific problems with which the FCC has gone about these rules. First, the FCC unilaterally swiped jurisdiction from the Federal Trade Commission. The FTC has served as our Nation's sole online privacy regulator for over 20 years.

Second, having two privacy cops on the beat will create confusion within the internet ecosystem and will end up harming consumers.

Third, the FCC already has authority to enforce privacy obligations of broadband service providers on a case-by-case basis. These broadband privacy rules are unnecessary and are just another example of Big Government overreach. The Competitive Enterprise Institute estimates that Federal regulations cost our economy $1.9 trillion in 2015.

Since President Trump took office, Republicans have been working diligently to loosen the regulatory environment that is suffocating hardworking taxpayers.

Here is what multiple House Democrats said in a letter to the FCC last May regarding the FCC's privacy rules: The rulemaking intends to go well beyond the traditional framework that has guarded consumers from data practices of internet service providers and ill-served consumers who seek and expect consistency in how their personal data is protected.

Further, FTC Commissioner Joshua Wright testified before Congress that the FTC has unique experience in enforcing broadband service providers' obligations to protect the privacy and security of consumer data. He added that the rules will actually do less to protect consumers by depriving the FTC of its longstanding jurisdiction in the area. Once again, these rules hurt consumers.

Incredibly, former FCC Chairman Tom Wheeler referred to the internet as the most powerful and pervasive network in the history of the planet before these rules were even created. I found this really odd because it implied that the FTC regulation had indeed been successful and ought to continue, ultimately undermining his own rationale for additional FCC privacy regulation.

Now, there are a couple of myths that are going around that I want to take the time to dispel. Our friends claim there will be a gap for ISPs in the FCC privacy rules when they are overturned. This simply is false, and let me tell you why. The FCC already has the authority to enforce the privacy obligations of broadband service providers on a case-by-case basis.

Pursuant to section 201 of the Communications Act, they can police practices of the ISPs that are unjust or unreasonable. Sections 202 and 222 also protect consumers. It is already in statute. So I encourage my friends to read title II of the Communications Act. Also, the State attorneys general have the ability to go after companies for unfair and deceptive practices.

Third, litigation is another avenue consumers can pursue against ISPs for mishandling personal data. Service providers have privacy policies. If they violate the policy, guess what? They can be sued. I know Democrats will certainly understand that, as they have many trial lawyer friends, and I urge them to speak to the trial bar.

Fourth, the free market is another great equalizer. Can you imagine the embarrassment for an ISP that is caught unlawfully selling data? We have all seen the economic fallout from something such as a data breach. Companies have a financial incentive to handle your personal data properly because to do otherwise would significantly impair their financial standing. [[Page H2490]]

To my Democrat friends across the aisle, the bottom line is this: the only gap that exists is in these arguments that you have made.

Consumer privacy is something we all want to protect, and consumer privacy will continue to be protected and will actually be enhanced by removing the uncertainty and confusion these rules will create, as the Democrats Rush, Schrader, and Green indicated in a letter to the FCC last May.

I also want to speak, for just a moment, on the edge providers because there has been some question about who has visibility into your data. Clinton administration veteran privacy expert Peter Swire offered a report in February 2016 titled “Online Privacy in ISPs.”

ISP's access to consumer data is limited and often less than access to others. Swire found that ISPs have less visibility into consumer behavior online than search, social media, advertising, and big tech companies.

Swire's study found that, as a result of advancing technologies, the rise of encryption, and the various ways and locations individuals access the internet, ISPs now have increasingly limited insight into our activities and information online.

By contrast, however, so-called edge providers, like search engines, social media, advertising, shopping, and other services online, often have greater visibility into personal consumer data.

Mr. Speaker, I reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield myself such time as I may consume.

Mr. Speaker, I rise today in strong opposition to S.J. Res. 34.

Today, colleagues, we are waist deep in the swamp. The American people did not ask for this resolution.

In fact, no company will even put its name behind this effort. Instead, this resolution is the result of an explicit written request from Washington lobbyists. These lobbyists make the bogus claim that having actual protections will confuse consumers and the only way to help clear up this information is to have no rules at all.

No consumer has come forward to support this position. No consumer has said this argument even makes sense.

I challenge every Member of this body at your next townhall meeting to have a show of hands of how many people think it is a good idea to allow your internet service provider to sell their personal information without their permission. {time} 1600

Then after you get that show of hands, ask them how many of them would vote for you if you support allowing corporations to do that.

This resolution is of the swamp and for the swamp and no one else. The rules of this resolution would overturn rules that are simple and make common sense. They don't require much, only three things:

One, internet service providers should ask permission before selling your private internet browsing history, app usage, or other sensitive information;

Two, once they have your information, internet service providers should take reasonable measures to protect it; and

Finally, if the information gets stolen, the company should quickly let you know.

That is it. That is all that is being asked of them.

These modest rules don't stop internet service providers from using data for advertising and profiling or whatever else so long as they ask first.

ISPs have an obligation under these rules not to dive into the personal lives of Americans unless that is what those Americans want. They just need to ask first.

This is particularly true because broadband providers see literally everything you do online, every website you visit, every app, every device, every time. By analyzing your internet usage and browsing history, these companies will know more about you than members of your own family, more than you tell your doctor, more than you know about yourself. Without these rules, these companies don't have to ask before selling all of that information, and they don't have to take reasonable measures to protect that information when they collect it.

Make no mistake about this, colleagues: Anyone who votes for this bill is telling your constituents that they no longer have the freedom to decide how to control their own information. You have given that freedom away to big corporations. More importantly, there aren't rules to fall back on if Congress scraps these.

Critics of the rules argue that the Federal Trade Commission should oversee the privacy protection for broadband providers, but, under current law, they have no authority to do so, and the CRA won't do a thing to fix that. Under a Federal court of appeals case, the FTC has no authority over mobile broadband providers at all.

And to those that say the FCC can evaluate complaints on a case-by- case basis using its statutory authority, the current Chairman--your current Chairman--stated that section 222 cannot be used to protect personal information and that rules are necessary to enforce this statute.

Mr. Speaker, I include for the Record a statement by the FCC Commissioner. Dissenting Statement of Commissioner Ajit Pai Re TerraCom, Inc. and YourTel America, Inc., Apparent Liability for Forfeiture, File No. EB-TCD-13-00009175. A core principle of the American legal system is due process. The government cannot sanction you for violating the law unless it has told you what the law is. In the regulatory context, due process is protected, in part, through the fair warning rule. Specifically, the D.C. Circuit has stated that “[i]n the absence of notice--for example, where the regulation is not sufficiently clear to warn a party about what is expected of it--an agency may not deprive a party of property.” Thus, an agency cannot at once invent and enforce a legal obligation. Yet this is precisely what has happened here. In this case, there is no pre-existing legal obligation to protect personally identifiable information (also known as PII) or notify customers of a PII data breach to enforce. The Commission has never interpreted the Communications Act to impose an enforceable duty on carriers to “employ reasonable data security practices to protect” PII. The Commission has never expounded a duty that carriers notify all consumers of a data breach of PII. The Commission has never adopted rules regarding the misappropriation, breach, or unlawful disclosure of PII. The Commission never identifies in the entire Notice of Apparent Liability a single rule that has been violated. Nevertheless, the Commission asserts that these companies violated novel legal interpretations and never-adopted rules. And it seeks to impose a substantial financial penalty. In so doing, the Commission runs afoul of the fair warning rule. I cannot support such “sentence first, verdict afterward” decision-making. To the extent that the circumstances giving rise to today's item merited the Commission's attention, there was a better (and lawful) path forward. We could have opened a notice-and- comment rulemaking. This process would have given the public an opportunity to speak. And in turn, the agency would have had a chance to formulate clear, well-considered rules--rules we then could have enforced against anyone who violated them. Instead, the Commission proposes a forfeiture today that, if actually imposed, has little chance of surviving judicial review. One more thing. The Commission asserts that the base forfeiture for these violations is nine billion dollars-- that's $9,000,000,000--which is by far the biggest in our history. It strains credulity to think that Congress intended such massive potential liability for “telecommunications carriers” but not retailers or banks or insurance companies or tech companies or cable operators or any of the myriad other businesses that possess consumers' PII. Nor can I understand how such liability can be squared with the Enforcement Bureau's recent consent decrees with these companies. Under those consent decrees, the companies paid the Treasury $440,000 and $160,000 for flouting our actual rules and draining the Universal Service Fund by seeking Lifeline support multiple times for the same customer. Consumer protection is a critical component of the agency's charge to promote the public interest. But any enforcement action we take in that regard must comport with the law. For the reasons stated above, I dissent.

Mr. MICHAEL F. DOYLE of Pennsylvania. Without these protections, there will be no clear rules of the road. At a time when foreign actors like the Russians, the Chinese, and everyone else under the sun are constantly trying to steal our data and compromise our security, it would be irresponsible to roll back the only Federal safeguards we have. I want my colleagues to think long and hard before you give corporations the ability to sell your information without their permission.

Mr. Speaker, I include several articles in the Record by Free Press and the Open Technology Institute opposing the CRA, an op-ed from a current [[Page H2491]] FTC Commissioner opposing this CRA, and a memorandum from engineers at EFF opposing this CRA. [From Free Press, May 10, 2016] Pay-for-Privacy Schemes Put the Most Vulnerable Americans at Risk (By Sandra Fulton) The FCC has opened a proceeding on the rules and policies surrounding privacy rights for broadband service. One industry practice called into question in that proceeding could have a devastating impact on our most vulnerable populations. Internet service providers charge broadband customers a ton for Internet access. ISPs are increasingly finding new revenue streams too, by taking part in the multibillion- dollar market that's evolved out of selling users' personal information to online marketers. As the debate around privacy has heated up, ISPs have tried to placate the public's growing interest in privacy protections while maintaining revenues they can get when they auction off their customers' valuable personal information. One proposed solution that AT&T has largely “pioneered”? Have customers pay to preserve their privacy. The potential harms and discriminatory implications of this practice are obvious. It could mean that only people with the necessary financial means could protect their privacy and prevent their ISPs from sharing their personal information with predatory online marketers. The FCC rulemaking proceeding seeks comments on whether to allow such “financial inducements” for the surrender of private information. If the agency decides not to ban such practices outright, it wants to know how it should regulate them. As our lives have moved online, ISPs have gained access to our most sensitive personal information. Advanced technologies allow companies to track us invisibly, collecting and selling data on nearly every detail of what we do online. But ISPs don't just stop at knowing what we're doing. The location tracking that's needed to provide mobile service to our phones lets the ISPs know when and where we do it too. And they can figure out the people and organizations we associate with by looking at who we talk to and which websites we visit. As ISPs track their customers, they create comprehensive dossiers containing sensitive information on each person's finances, health, age, race, religion and ethnicity. Their reach is so pervasive that information like a visit to a website discussing mental health, a search on how to collect unemployment benefits, or a visit to a church or Planned Parenthood office could be swept up into their databases. How do you feel about your ISP selling such a personal glimpse into your life to online advertisers? Under a pay- for-privacy scheme, you wouldn't need to worry about it so long as you could afford to shell out the hush money. But those who aren't so fortunate would have to relinquish any control over how their personal data is spread across the Web. The FCC raised concerns about this dynamic when it launched its rulemaking proceeding, noting that such pay-for-privacy practices might disadvantage low-income people and members of other vulnerable communities. But it didn't make any specific recommendations or issue any proposals on how to regulate in this space. Long before the FCC launched this inquiry at the end of March 2016, and even before the agency had clarified its authority to protect broadband users in the February 2015 Open Internet Order, AT&T's GigaPower broadband service had become one of the first pay-for-privacy plans on the market. The AT&T deal allows customers to opt out of some information sharing if they pay an extra $29 a month or more. For a struggling family, that could mean choosing between paying for privacy and paying for groceries or the public transportation needed to get to work. And while AT&T might be the first to launch this kind of service, an article in Fortune notes that other companies are eager to roll out similar plans. Under pay-for-privacy models, consumers who are unable to pay the higher broadband cost will likely see their ISPs share their data with shadowy online data brokers who use this information to tailor marketing messages. While unregulated and unaccountable data brokers are a threat to everyone's privacy, they're notorious for targeting low- income communities, people of color and other vulnerable demographics. One particularly damning report from the Senate Commerce Committee offered this glimpse into how these brokers categorize and label these target audiences: The Senate committee's report notes, for example, that the “Hard Times” category includes people who are “Older, down-scale and ethnically diverse singles typically concentrated in inner-city apartments.” It continues: “This is the bottom of the socioeconomic ladder, the poorest lifestyle segment in the nation. Hard Times are older singles in poor city neighborhoods. Nearly three-quarters of the adults are between the ages of 50 and 75; this is an underclass of the working poor and destitute seniors without family support . . .” These classifications can influence not just what kinds of ads people see, but the interest rates they're offered or the insurance premiums they pay. These targeted communities are precisely the ones who can't pay extra to shield their personal information from these dangerous companies. There may be some argument that if big companies are going to profit from our data anyway, it's actually good if their customers get a share of that. The FCC's rulemaking proposal notes that brickand-mortar stores and websites alike offer all sorts of “free” services, discounts and perks in exchange for the data they mine from their customers and users. But the nature of the broadband market--where users have no real options when it comes to choosing their providers, and no way to opt out short of staying offline--makes the tradeoffs here especially worthy of attention. If users could get fair value for their data, and if they got a real discount on broadband and not just a privacy penalty, and if they were providing truly informed consent with full knowledge of all the pernicious uses data brokers have for their information, then maybe we could have a conversation about the fairness of such schemes. But those are some very big ifs. We need better transparency rules for marketers and easy- to-use disclosures and opt-in mechanisms before we get there. We also need strong baseline privacy protections guaranteed for all, including rules that prohibit ISPs from using discriminatory schemes that jeopardize the rights of their most vulnerable customers. We applaud the FCC for taking this crucial first step to protect privacy from broadband ISPs' overreach and abuse. As gatekeepers to the Internet, ISPs hold a wealth of information about their customers, and the Communications Act commands the FCC to establish strong safeguards for that private info. But the FCC also must also remember that our rights are not for sale--and that privacy is not a luxury for the wealthy. ____ ISPs Know All you deserve more privacy from your broadband provider (By Eric Null) As you read this post, your internet service provider is collecting information about you: what you're reading right now on Slate, what URL you go to next, what time of day it is, and whether you're on your home computer or your mobile device, among many other data points. Your ISP has similar data about apps you've used, how much data you consume at any given time of day, and your other daily internet habits and rhythms. Of course, your ISP has other up-to-date personal information as well--things like your name, address, telephone number, credit card number, and likely your Social Security number. In this way, ISPs have access to a uniquely detailed, comprehensive, and accurate view of you and every other subscriber. All of this at a time when consumer concern over privacy is increasing and has actually caused people to refrain from engaging in e-commerce and other activities online. To make matters worse, you are essentially powerless to limit the data your ISP collects about you. While you may, in some instances, defend yourself against tracking by websites and apps by disallowing cookies or turning on “Do Not Track” in your browser settings, in many cases there is no way to protect against ISP tracking except by avoiding the internet altogether. While there are some tools that can help consumers protect themselves, they are not prevalent. For example, ISPs cannot see full website addresses when that site uses encryption-- denoted by a small lock icon in your browser bar. However, the website--not you--decides whether it will use encryption. And while Netflix traffic is encrypted (so your ISP only knows you're watching videos, not specifically which ones you're watching), WebMD traffic is not (so your ISP likely knows every page you've visited on WebMD), even though medical symptoms are clearly much more personal than your favorite TV program. Another example of ways consumers can purportedly protect themselves is through virtual private networks, or VPNs, which route web traffic through another network and therefore effectively “hide” the traffic from the person's ISP. But VPNs are difficult to use and configure. They often cost extra money, slow down your browsing, and simply send your data through some other access provider that may be collecting data about you, too. These options are not practical defenses for most consumers. Currently, there are no rules to prevent your ISP from using these data for almost any purpose, including categorizing you and serving you advertisements based on those categories. Targeted ads may even be based on whether you have (or the ISP has inferred you have) a certain disease or what your income level is. Recently, Cable One was found to be using predictive analytics to determine which of its customers were “hollow” (that is, had low credit scores) and then offering them low-quality customer service. Cable One technicians, the company's CEO stated, aren't going to “spend 15 minutes setting up an iPhone app” for someone with a low credit score. Of course, making decisions based on credit scores is going to disproportionately affect communities of color and other vulnerable populations. Additionally, the data ISPs collect, often compiled into a “profile,” might be sold to third parties (like advertisers or data brokers) and used and reused for purposes for which they were not initially collected--in ways that often annoy people, such as when personal information is used to send a “barrage of unwanted [[Page H2492]] emails.” And as the number of entities who hold your data increases, so too does the chance those data will be compromised by a leak or hack. So you may find yourself between a rock and a hard place: Use the internet and give up your privacy, or forego internet access entirely--something that's not exactly reasonable. But there is good news. The Federal Communications Commission is trying to make sure that you and all other ISP customers don't have to confront this choice. In 2015, as part of decision to uphold net neutrality, the FCC ruled that ISPs are “common carriers.” (The U.S. Court of Appeals for the District of Columbia Circuit recently upheld that ruling.) Since then, the FCC has had a statutory obligation to protect the data ISPs collect about their customers. To accomplish that, the FCC recently proposed a new rule that would require ISPs, in most cases, to seek opt-in consent from customers before using data collected for purposes other than to provide service, such as to deliver certain kinds of ads or to sell to data brokers. That means that if the rule passes, your ISP would have to notify you of any new intended use of the data and give you the opportunity to say “yes, that is OK with me” or “no, that is not OK with me.” Of key importance in this rule is that if you said “no,” your ISP couldn't just refuse to serve you--it would have to respect your wishes and still provide you with service. The FCC's proposal should be enacted, because you should not have to trade your privacy to access the internet. (New America's Open Technology Institute, where I work, has been actively engaged on this issue and has submitted comments in the record. New America is a partner with Slate and Arizona State University in Future Tense.) It should go without saying, but it's important enough that I will say it anyway: Internet access is imperative for personal and professional success in today's digital world. Yet to gain access to the most important tool of the 21st century, you have to allow your ISP access to incredibly rich and private information about what you do online. You should get to control what it does with that data. Consumers deserve real choice when it comes to protecting their data, and the opt-in regime proposed by the FCC is a huge step in the right direction. Yet--perhaps unsurprisingly--ISPs and several House committees have responded to the FCC's proposal as if the sky is falling. They have mounted an all-out assault on the idea that you should have the right to choose how ISPs use your data. Their arguments range from the highly dubious (the proposal exceeds the FCC's authority) to the downright silly (consumers will be confused by having different privacy rules for ISPs as compared with other companies, like search engines and social networks). Chances are your ISP is telling the FCC that you don't need protections against exploitation of your data. (If you're interested, you can see exactly what your ISP is saying--here are the responses from AT&T, Comcast, CenturyLink, T-Mobile, Verizon, and Sprint; unnamed ISPs may be represented by various trade associations like the National Cable and Telecommunications Association and CTIA for wireless.) However, as with the net neutrality debate that led to this proposal, consumers may feel differently. The FCC has proposed a very strong rule that will help protect ISP customers from exploitative uses of their data. This battle for consumer choice will be ongoing for many months, but soon, you may finally be able to choose both having internet access and protecting your privacy. ____ Electronic Frontier Foundation, San Francisco, CA. Five Ways Americans' Cybersecurity Will Suffer If Congress Repeals the FCC Privacy Rules If the House votes to repeal the FCC's recent privacy rules, Americans' cybersecurity will be put at risk. That's because privacy and security are two sides of the same coin: privacy is about controlling who has access to information about you, and security is how you maintain that control. You usually can't break one without breaking the other, and that's especially true in this context. To show how, here are five ways repealing the FCC's privacy rules will weaken Americans' cybersecurity. 1. Internet providers will record our browsing history, and the systems they use to record that information (not to mention the information itself) will become very tempting targets for hackers. (Just imagine what would happen if a foreign hacker thought she could blackmail a politician or a celebrity based on their browsing history.) 2. In order to record encrypted browsing history (i.e. https websites), Internet providers will start deploying systems that remove the encryption so they can inspect the data. Although US-CERT (part of DHS) just put out an alert saying that this is extremely dangerous for Americans' cybersecurity, FCC Chairman Pai just decided not to enforce rules that keep Internet providers from doing this. 3. Internet providers will insert ads into our browsing, but that could break the existing code on webpages. That means security features might be broken, which could expose Americans to a greater risk of attack. 4. Internet providers will insert tracking tags into our browsing--and that means every website will be able to track you, not just your Internet provider, and there's nothing you can do to stop them. 5. Internet providers will pre-install software to record information directly from our mobile phones (after all, it's just one more source of information they can monetize). But if the software that does that recording has bugs or vulnerabilities, hackers could break into that software, and then access everything the Internet provider could see. Do you trust your Internet provider, which can't even keep an appointment to fix your cable, to write completely bug-free software? The net result is simple: repealing the FCC's privacy rules won't just be a disaster for Americans' privacy. It will be a disaster for America's cybersecurity, too.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I reserve the balance of my time.

The SPEAKER pro tempore (Mr. Rogers of Kentucky). The gentleman is reminded to address his remarks to the Chair.

Mrs. BLACKBURN. Mr. Speaker, I will remind my colleagues across the aisle that, again, section 222 of the Communications Act covers the authority that the FCC needs. Traditionally, online privacy has been handled by the FTC. That is an authority that we have designated to them.

Mr. Speaker, I yield 5 minutes to the gentleman from Oregon (Mr. Walden), chairman of the Energy and Commerce Committee.

Mr. WALDEN. Mr. Speaker, I thank my colleagues for their good work on this legislation.

As we increasingly rely on technology in nearly every area of our lives, one of Congress' most important responsibilities is to strike the right balance between protecting consumers' privacy while also allowing for private sector innovation and the new jobs and economic growth that accompany it.

The resolution before us today reverses overreaching, shortsighted, and misguided rules adopted by unelected bureaucrats at the Federal Communications Commission. These rules do little to enhance privacy, but clearly add a new layer of Federal red tape on innovators and job creators. This is exactly the type of government overreach that the Congressional Review Act was meant to stop.

The Federal Communications Commission, frankly, overstepped its bounds on many issues during the Obama administration, including privacy regulations. After stripping the Federal Trade Commission of its authority over the privacy practices of internet service providers, ISPs, the FCC adopted shortsighted rules that only apply to one part of the internet. Despite the FTC's proven case-by-case approach to privacy enforcement that, frankly, has protected consumers, while simultaneously allowing ISPs to innovate, the FCC opted to abandon this model in favor of an approach that assumes the Federal Government knows best what consumers want.

Simply put, the rules that the FCC applied to ISPs are illogical. The regulations would require companies to apply the same privacy protections to consumer data, regardless of its importance or sensitivity. It hardly makes sense to treat a local weather update and personal financial information the same way.

In addition, the FCC's approach only protects consumer data as far as the internet service provider is involved. An entirely separate set of rules applies to providers of edge services. That means the giant search corporations, one of which controls up to 65 percent of your searches on the internet, don't live by the same set of privacy rules as your small town ISP.

What America needs is one standard, across-the-internet ecosystem, and the Federal Trade Commission is the best place for that standard.

The impact of these rigid regulations has the potential to stifle one of the most innovative sectors of our Nation's economy, and it is consumers who will suffer. These rules, which Congress will repeal, only lead to higher costs, less competition, and fewer service offerings. This approach is particularly burdensome for small businesses, which do not have hallways full of lawyers to navigate these tedious and unnecessary rules.

The benefits of the FCC's privacy regulations are questionable, but the harms are certain, which is why I urge my colleagues to support this resolution. And once these rules are reversed, the FCC can turn back to working together with the FTC to ensure that our privacy framework allows the internet [[Page H2493]] to flourish while truly protecting consumers.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I would remind my friends that, under current law, the FTC has no authority to regulate ISPs and that it was your Commissioner, your current FCC Commissioner, that said that they can't do it under section 222 also, which I have submitted for the record.

Mr. Speaker, I yield 4 minutes to the gentlewoman from California (Ms. Eshoo).

Ms. ESHOO. Mr. Speaker, I thank my friend, Mr. Doyle, for both his leadership and for yielding time to me.

America, listen up today. There may not be that many people on the floor of the House, but this is a big one. This is really a big one. Congress is poised today to betray the American people on one of the issues they care the most about: their privacy--their privacy. Every single one of us cares about it, and so do the American people. I often say that every American has it in their DNA: Keep your mitts off my privacy, what I consider to be private.

Now, the consequences of passing this resolution are clear. Broadband providers like AT&T, Comcast, and others will be able to sell your personal information to the highest bidder without your permission, and no one will be able to protect you, not even the Federal Trade Commission that our friends on the other side of the aisle keep talking about. It is like open the door and there is no one there. That is what this thing creates.

The Republicans are blowing a gaping hole in Federal privacy protections by barring the FCC from ever adopting similar protections in the future. So, if it is gone today, it is gone, period.

The FCC rules are simple. They require broadband providers to get the permission of their customers--including all of us--before they can sell their web browsing history, their location information, and other sensitive data to third parties.

The majority claims that we need to repeal these protections because they treat broadband providers differently than other online service providers, edge providers. Broadband providers are in the unique position of seeing everything we do on the internet. This is the reason, and it is reason enough, to put privacy protections in place; but it is also important to keep in mind that consumers, all of us, pay a high monthly fee to broadband providers, and they face serious barriers if they want to switch. If I want to switch, if you want to switch, you have to, many times, pay early termination fees.

This is completely different from other online services that collect consumer data. Consumers don't pay to use search engines or social media applications like Google and Facebook. If they don't like Google's privacy policy, they can switch over to Bing without paying any fees. But consumers can't do this with broadband providers, and therein lies the difference.

Last week, we heard the Republicans bemoan the lack of choice in the healthcare market. They should take a closer look at the state of the broadband market, particularly in rural America, where only 13 percent of consumers have access to more than one high-speed broadband provider.

So the majority is telling Americans today, particularly those in rural areas, that they need to choose between their privacy and their access to the internet. If this resolution passes, people across the country will certainly not have both.

This resolution is--excuse the phrase--repeal without replace. The Republicans have not put forward any privacy proposal at all to replace the FCC's rules, despite knowing that repealing these rules will leave a gap in the Federal protections.

So the message to the American people is clear: Your privacy doesn't matter, and your web browsing history should be available to anyone who will pay the highest price for it.

For all these reasons, I urge my colleagues to stand up for privacy rights and oppose this joint resolution.

Mrs. BLACKBURN. Mr. Speaker, I yield the balance of my time to the gentleman from Texas (Mr. Flores), and I ask unanimous consent that he may control that time.

The SPEAKER pro tempore. Is there objection to the request of the gentlewoman from Tennessee?

There was no objection.

Mr. FLORES. Mr. Speaker, I yield myself such time as I may consume, and I thank the gentlewoman for yielding the balance of her time to me.

Mr. Speaker, as an original cosponsor of the House companion to S.J. Res. 34, I rise to strongly urge my colleagues to support the resolution before us today. Like all of my colleagues in the House, I care deeply about protecting the privacy of our constituents, but I cannot support the Federal Communications Commission's counterproductive rules that will actually harm consumers and stifle innovation.

For 20 years, the Federal Trade Commission--or the FTC, as we call it, frequently--oversaw consumer privacy for the entire internet ecosystem: content providers, advertisers, and internet service providers, or ISPs. The FTC's privacy program focused on preserving sensitive consumer data and took the context of a consumer's relationship with businesses into consideration. The FTC's experience in implementing a wide range of rules and regulations has resulted in over 500 cases protecting consumer information, ensuring their privacy online.

In a flawed political move, absent any finding, complaints, or investigations to determine whether broadband providers have violated consumers' privacy or that the FTC had failed at doing its job, the FCC proceeded with a partisan vote to target ISPs and to expand its regulatory footprint.

After stripping the FTC of its authority over the privacy practices of internet service providers, the FCC subsequently adopted rules that would harm consumers and split the internet, creating an uneven playing field between service providers and content providers. Congress must fix this overreach so the new administration can create a comprehensive, consistent set of privacy protections. {time} 1615

Consumers expect their privacy to be protected the same way no matter what type of entity holds their data. Having two sets of requirements creates confusion for consumers and may jeopardize their confidence in the internet.

Our internet economy has thrived under the privacy regime created by the FTC. Yet the FCC, under its previous Chairman, Tom Wheeler, wanted to undermine that success by bifurcating privacy protections to serve outside political interests, not the American consumer.

By contrast, the FCC's approach did not base its requirements on consumers' preferences about sensitive information and to set opt-in and opt-out defaults. Accordingly, its overall approach was top-down, heavyhanded regulation in stark contrast to the FTC's greater reliance on markets and consumer preferences.

The FCC's rule has a number of problematic issues:

The first is that the opt-in/opt-out regime reduces consumer choice and would be detrimental to the survival of many businesses in this country.

The second is that the FCC would have prohibited unforeseeable future uses of collected data regardless of what consumers actually preferred and businesses may need.

Third, the FCC would also have unjustly applied its heavyhanded approach to broadband providers, treating them more harshly than other players in the internet ecosystem.

In sum, the FCC's broadband privacy protection approach would have rejected free markets and ignored sound economics.

Alternatively, the FTC private enforcement is market oriented and flexible and adaptable to changes in consumer preferences and markets. It also treats companies and players neutrally, fostering an environment of competition and innovation.

This resolution rescinds the FCC's rule, but it does provide the FCC the opportunity to provide oversight more in line with the FTC, which has been successfully regulating online privacy for nearly two decades.

This joint resolution does not lessen or impede privacy and data security standards that have already been established. We are simply restoring a more stable regulatory playing field to ensure that consistent, uniform privacy security standards are maintained to protect consumers and future innovation.

Once Congress rejects these rules, the FCC can turn back to cooperating with [[Page H2494]] the FTC to ensure that both consumer privacy across all aspects of the internet is provided through vigorous enforcement and also that innovation is allowed to flourish.

I urge my colleagues to support this resolution.

Mr. Speaker, I reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I would just remind my colleague, once again, that the FTC has no authority to regulate ISPs once this bill is implemented; and consumers will not be protected, and their current FCC Commissioner has stated that.

Mr. Speaker, I yield 1\1/2\ minutes to the gentlewoman from Colorado (Ms. DeGette).

Ms. DeGETTE. Mr. Speaker, I oppose this resolution because it would remove consumers' right to control their online privacy and put it in the hands of corporations.

Every time people go online, they create trails of data that have tremendous commercial value. This creates incentive for the ISPs to sell web history to a third party, be it an advocacy group, a for- profit company, or even a foreign government.

Late last year, the FCC put Americans in charge of how ISPs use and share their consumer data. The FCC's rule also required that the ISPs engage in reasonable data security practices.

Even if people believe that the FCC's rule went too far and should be modified, it is unclear how the FCC could move forward with such a plan given the constraints of the Congressional Review Act. Furthermore, as several people have mentioned, the FCC, which is charged with protecting consumers' privacy, does not even have the authority to oversee ISP practices.

Given the number of data breaches in recent years at companies such as Yahoo, we should, frankly, be strengthening data retention requirements, not weakening them. At its core, S.J. Res. 34 weakens consumer protections today and makes them harder to implement in the future, which is why I urge my colleagues to oppose it.

Mr. FLORES. Mr. Speaker, I yield 2 minutes to the gentleman from Ohio (Mr. Johnson).

Mr. JOHNSON of Ohio. Mr. Speaker, when the FCC reclassified the internet as a common carrier, utility-style service and adopted their rules regulating the use of consumer data by internet service providers, it represented a monumental shift in the way we view privacy.

Instead of a uniform, technology-neutral standard that balanced data protection with consumer choice, internet users were stuck with a two- sided approach that causes confusion and dampens competition. There is one set of rules for service providers, and one set for the rest of the internet ecosystem. But how often do consumers really recognize the difference between where their data is accessed and where it is stored?

Ultimately, consumers are actually harmed by the artificial sense of protection created by these rules. It is essential that we take steps to restore the time-tested framework embraced by the Federal Trade Commission.

We have talked a lot about protecting consumer privacy and data, but I haven't heard a lot about allowing the consumer to decide how their information is used. Consumers deserve to have the autonomy to control their information and their internet experience.

As Acting Chairman of the FTC Maureen Ohlhausen pointed out: The FTC approach reflects the fact that consumer privacy preferences differ greatly depending on the type of data and its use.

There is widespread agreement that sensitive data, like financial or health information, should be strongly protected and opt-in appropriate. But what about other types of nonsensitive data? Let's not forget the ways that consumers benefit from allowing ISPs access to that kind of information.

Consumers should retain the ability to make the decisions that make sense for them when it comes to how their nonsensitive data is used and obtain the discounts or lower prices that can result. This vote isn't about reducing the level of privacy protection for consumers; it is about an FCC decision that ignored the preferences of consumers in favor of a regulatory power grab.

The SPEAKER pro tempore. The time of the gentleman has expired.

Mr. FLORES. Mr. Speaker, I yield an additional 15 seconds to the gentleman.

Mr. JOHNSON of Ohio. The FCC's privacy rules are an overreaching regulatory mess that create confusion and inconsistency for consumers, harm competition, and upend internet privacy as we know it.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, might I inquire as to how much time remains on both sides?

The SPEAKER pro tempore. The gentleman from Pennsylvania has 19 minutes remaining. The gentleman from Texas has 11\3/4\ minutes remaining.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I would remind my colleagues that, whether it is nonsensitive information or sensitive information, the ISP should ask for your permission to use it.

Mr. Speaker, I yield 5 minutes to the gentleman from New Jersey (Mr. Pallone), the ranking member of the Energy and Commerce Committee.

Mr. PALLONE. Mr. Speaker, nearly every day now, we hear about new ways our enemies are trying to steal Americans' information. Just a couple weeks ago, two Russian hackers were indicted for stealing personal information from millions of us.

American consumers visit billions of internet destinations through a multitude of devices. Broadband providers potentially have access to every bit of data that flows from a consumer. The American people are rightfully concerned about companies selling their personal information, including sensitive information like their location, financial and health information, Social Security numbers, and information about their children.

Late last year, the FCC took steps to protect every American citizen's data and privacy, and the rules were simple: first, broadband providers had to ask their customers before selling any data; second, the companies had to take reasonable measures to protect that data; and third, the companies had to let people know if their data was stolen.

That was a good first step, Mr. Speaker. But Congress also has a role in protecting our data, and we should be working in a bipartisan fashion to discuss ways we can better protect the American people's data. Instead, the Republicans have decided to spend this time wiping out the few privacy safeguards that we already have.

The FCC's cybersecurity rules are, in my opinion, not burdensome. They simply tell the network providers to be reasonable when protecting the data. That is all. The FCC left it to the companies, themselves, to use their best judgment about how to get the job done. They just needed to be reasonable.

It seems being reasonable is still too much for the Republicans-- first in the Senate, and now here in the House. This resolution tells the companies charged with running the country's broadband networks that they no longer have to be reasonable when it comes to their customers' data.

So I say, Mr. Speaker, make no mistake: This resolution is a gift to countries like Russia who want to take our citizens' personal information. And if the House passes this resolution, it will go straight to the President's desk, a President who will be more than happy to sign his name to this gift to the Russians.

This resolution also gives large corporations free rein to take customers' data without anyone's permission. This debate is about whether Americans have the freedom to decide on our privacy.

We hear all kinds of complicated arguments about jurisdiction, implementation dates, and who knows what else, but these arguments just muddy the water.

Republicans will say that the FCC's rules are confusing to consumers, people won't know what to do if they are asked first before broadband companies sell their sensitive information. If that were the case, we would have heard from people who oppose the rules, but we simply have not heard any of those concerns. The facts speak for themselves. Consumers want more privacy protection, not less.

Seventy-four percent of Americans say it is very important that they be in control of information, and 91 percent of people feel they have lost control [[Page H2495]] over their own information. There are real consequences to these feelings. Nearly half of Americans say they limit their online activity because they are worried about their privacy and security. That is why they overwhelmingly support stronger protections.

The FCC listened to the American people and adopted reasonable rules. Despite Republican claims to the contrary, the rules were not hard to follow. The rules still allow broadband companies to offer services based on their customers' data, and they can still customize ads or send reminders.

The FCC's rules simply required companies to ask people first before selling their sensitive information. That is it. In fact, I had hoped the FCC would have gone even further, but the agency chose this more moderate approach.

So as this debate proceeds, we should be asking one simple question: Should the American people have the freedom to choose how their information is used or should the government give that freedom away?

I think the answer is clear. I stand with the American people, and, therefore, I strongly oppose this legislation.

Mr. FLORES. Mr. Speaker, I yield 3 minutes to the gentleman from Ohio (Mr. Latta).

Mr. LATTA. Mr. Speaker, I thank the gentleman for yielding.

Mr. Speaker, I rise today in support of the resolution and want to address an issue created by the Federal Communication Commission's misguided privacy rule in a recent Ninth Circuit case.

For decades, the Federal Trade Commission has been the privacy cop on the beat for most industries, including the technology sector, protecting consumers from unfair or deceptive acts or practices. The Federal Trade Commission has brought over 500 privacy and data security cases to protect consumers. These include cases against internet service providers and some of the largest edge providers.

The Federal Communications Commission is a regulatory body focused on regulating interstate and international communications by radio, television, wire, satellite, and cable.

The Federal Trade Commission's work in privacy and data security has long been held up as a model by both parties, praising the agency for strong enforcement without overly burdensome regulations. During negotiations with the European Union to finalize the U.S.-European privacy shield, the Obama administration held up the Federal Trade Commission as the premier privacy enforcement agency.

Unfortunately, in a midnight action, the Federal Communications Commission jammed through its own privacy rule that is very different from the framework that the Federal Trade Commission has been enforcing for decades.

While we can reverse the poorly constructed FCC rule today, we must still address a recent court ruling. The Ninth Circuit recently ruled that the common carrier exemption in the Federal Trade Commission Act exempts an entity in its entirety from the Federal Trade Commission's jurisdiction if it engages in any common carrier activities, even if the company also engages in non-common carrier activity.

I have introduced legislation to address the court's ruling with the gentleman from Texas (Mr. Olson). It is my hope that our colleagues will join us. S.J. Res. 34 makes clear that the Federal Trade Commission has authority over common carriers when they are acting outside the scope of the common carrier.

The repeal of the Federal Communications Commission's misguided privacy rule in the Ninth Circuit's opinion creates a gap and an irrational approach to privacy for consumers and would leave portions of the internet ecosystem completely outside the Federal Trade Commission's jurisdiction. This bill makes clear that the common carrier exemption is important to ensure that no duplication regulation occurs. At the same time, there are no loopholes left for certain companies to be outside the jurisdiction of the Federal Trade Commission. {time} 1630

We need to be consistent in our approach to privacy and focus on consumer-oriented enforcement. This approach has been the foundation not just of Silicon Valley, but innovators across the country; and the S.J. Res. 34 sets right the decades of innovation that has spurred job growth in the United States and greater online services for consumers.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I remind my friend, since he acknowledges the court decision does not allow FTC jurisdiction and that he wants to introduce a bill, perhaps the Republicans should have done that first, before scrapping the rules that leave ISPs with no rules.

Mr. Speaker, I yield 2 minutes to the gentlewoman from California (Ms. Matsui).

Ms. MATSUI. Mr. Speaker, I rise in strong opposition to S.J. Res. 34. This is just the latest attempt from our Republican colleagues to use the Congressional Review Act to gut critical protections for American consumers.

The internet is increasingly intertwined with our daily lives, and nearly every American family uses the internet to access and share personal and sensitive information. The business we conduct online includes financial information, details about our medical history, and even information on our kids.

If this resolution of disapproval passes today, there will be no rules on the books to stop internet service providers from selling that browsing history without your permission. Because our Republican colleagues are using the Congressional Review Act to overturn these critical consumer protections, the FCC can't go back and write new rules in the future.

Despite what my colleagues on the other side of the aisle have said, the Federal Trade Commission cannot bring cases against broadband providers. That is why the FTC supported these rules when the FCC adopted them last year.

Even if you think the FCC did not get these rules right, this resolution effectively eliminates the FCC from ever acting to protect consumer privacy in the future. We should be working together to address any real shortcomings if these rules need to be fixed. That is not what the resolution before us will do.

Mr. Speaker, I urge my colleagues to vote against this damaging resolution.

Mr. FLORES. Mr. Speaker, I yield 2 minutes to the gentleman from New Jersey (Mr. Lance).

Mr. LANCE. Mr. Speaker, I rise to support S.J. Res. 34, which seeks to halt agency overreach of the Federal Communications Commission concerning the way broadband internet service providers handle their customers' personal information.

The FCC's broadband privacy rule, a midnight regulation adopted by executive order in the waning days of the Obama administration, unnecessarily targets internet service providers and does very little to protect consumer privacy.

The rule adds costly and unnecessary innovation-stifling regulations to the internet and is another example of the Federal Government's picking winners and losers.

When passed, the FCC claimed that the rule would provide broadband customers meaningful choice, greater transparency, and strong security protections for their personal information collected by internet service providers.

In reality, the FCC's rules arbitrarily treat ISPs differently from the rest of the internet, creating a false sense of privacy.

Consumer data privacy is of significant concern to every American. The proper parties should address the issue. In this area, the Federal Trade Commission has historically held authority on the establishment and enforcement of general online privacy rules.

Repealing the FCC's privacy action is a critical step toward restoring a single, uniform set of privacy rules for the internet. This legislation puts all segments of the internet on equal footing and provides American consumers with a consistent set of privacy rules to permit the FCC and the FTC to continue to work to ensure consumer privacy through enforcement.

The FTC, the premier agency in this regard, has the experience to protect the privacy of the American people regarding the internet--at least 20 years of experience. Bifurcation between the FTC and the FCC is not productive. A good question to ask the FTC: Why did it wait until the last minute of the [[Page H2496]] Obama administration to promulgate its regulation?

Mr. Speaker, I believe it is important that we pass S.J. Res. 34, and I rise to ask all of my colleagues to support it.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I have heard about this last-minute dropping and late at night. Just for the other side's information, after a 7-month rulemaking process, this rule was adopted midday on October 26. So let's get the record straight.

Mr. Speaker, I yield 3 minutes to the gentleman from California (Mr. McNerney).

Mr. McNERNEY. Mr. Speaker, first, I thank Mr. Doyle for his opposition to S.J. Res. 34. I rise in opposition as well.

The FCC's broadband privacy rules are commonsense rules. These rules give consumers the ability to choose how their information is used and shared by their internet service providers.

According to the Pew Research Center, a large majority of Americans say it is very important that they control who has access to their information. Despite a loud cry from the American people that they want to be able to choose how their information is used, S.J. Res. 34 strips consumers of the power to choose how their ISPs use and share their information.

This resolution also leaves consumers more vulnerable to attacks because their ISP will no longer be required to make reasonable steps to secure their personal information.

In recent years, we have seen numerous data breach incidents that have jeopardized consumers' personal information. Some examples are Yahoo, Target, Home Depot, LinkedIn, and Anthem. The list goes on.

Given the growing cyber threats that our Nation faces, it is critical that we do more, not less, to secure consumers' data. Strong data security practices are critical for protecting our consumers' confidentiality.

This resolution would make consumers' data more susceptible to being stolen and used for identity theft and other harmful unauthorized purposes.

Consumers want to be heard. They want more privacy. They want their information to be secure. We have an obligation to respond to their requests.

I am appalled that one of the Republicans' first acts in this Congress after trying to take health coverage away from 24 million people is to attack consumer protections and weaken data security. Americans are just now hearing about this legislation, and my phones are ringing off the hook in opposition.

I have to rhetorically ask the other side: Why are you pushing this?

Americans don't want it. Your voters are beginning to pay attention. This is just after your humiliating defeat with the ACA repeal. I ask that you withdraw this bill and start listening to your constituents.

Mr. Speaker, I urge my colleagues to reject S.J. Res. 34.

Mr. FLORES. Mr. Speaker, I yield 2 minutes to the gentleman from Louisiana (Mr. Scalise), the GOP whip.

Mr. SCALISE. Mr. Speaker, I thank the gentleman from Texas for bringing forward this legislation.

The FTC's light touch in case-by-case enforcement had fostered an internet economy that has become the envy of the world, much to the benefit of all American families and consumers across this country.

But rather than following the FTC's proven framework of privacy protection, the FCC came in and overreached and missed the mark with these rules, injecting more regulation into the internet ecosystem. With all due respect, the internet was not broken and did not need the Federal Government to come in and try to fix it.

The bottom line is that families expect and deserve to be protected online with a set of robust and uniform privacy protections. These rules simply do not live up to that standard.

Rather than regulating based on the sensitivity of our data, these rules are applied unevenly, based on what type of company you are or what kind of technology you use.

Consumers should feel assured online that there is a cop on the beat with a track record of success, not an agency with a history of regulatory overreach. These midnight rules are harmful, inconsistent, and should be repealed.

Mr. Speaker, I urge my colleagues to adopt this important resolution.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, may I inquire how much time is remaining on both sides?

The SPEAKER pro tempore. The gentleman from Pennsylvania has 10\3/4\ minutes remaining. The gentleman from Texas has 5 minutes remaining.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I remind the gentleman that these heavy-handed regulations that he speaks of are simply: ask permission, protect people's data, and tell them if it gets stolen.

That doesn't sound too heavy-handed to me.

Mr. Speaker, I yield 2 minutes to the gentleman from New York (Mr. Tonko).

Mr. TONKO. Mr. Speaker, I rise today in opposition to S.J. Res. 34, a bill that would strike most of the internet privacy guarantees protecting the American people today.

I have grave concerns with this effort. Our agenda here should be working on behalf of our constituents to protect their privacy and give them, not their service providers, data security. Instead, this effort would eviscerate any real online privacy protections and would limit data security.

Some of my colleagues have claimed that this commonsense rule has created challenges for consumers. I have found just the opposite. My office has been inundated with calls demanding that Congress protect their privacy and data security by opposing S.J. Res. 34. To everyone who has called, I hear you and I stand with you in opposing this harmful and misguided effort.

Back at home in New York's capital region, I have been hearing from many people who are frightened by the thought that S.J. Res. 34 will become law and the last shred of their online privacy will be lost forever.

They know how much information their internet service provider has mined from their search and browsing history, including financial, medical, and other very personal and sensitive details. They rightly believe that they should have a say in when that information can be bought and when it can be sold.

They understand that gutting these privacy protections would mean that internet service providers could sell their private information without their permission. It means their private internet browsing and search history, the text of their emails, and their mobile app usage can all be sold without their permission.

They have a right to control what they search for, their financial information, their health insurance, and information about their children. They have a right to protect their Social Security numbers and the contents of their emails. These rights are enshrined in our Constitution.

Privacy rules also require providers to use reasonable measures to protect consumers' personal information, a clear and commonsense standard that all who do business online should be required to uphold.

Finally, internet service providers must notify customers if hackers breach the system and may have access to their private data. With hackers from Russia and elsewhere running rampant across the net, this is a critical provision for our American families.

This is not too much to ask. The American people deserve to know that their data will be protected and that they will be notified if their data is compromised.

Mr. FLORES. Mr. Speaker, I yield 1\1/2\ minutes to the gentleman from Texas (Mr. Olson).

Mr. OLSON. Mr. Speaker, I rise today in support of S.J. Res. 34, which will protect consumers and the future of internet innovation.

The internet is changing the way we communicate, shop, learn, and entertain. It is changing how we control our homes, our cars, and many other parts of our lives, including my two teenage kids. These changes give us certain expectations of privacy on the internet.

Until last year, the Federal Trade Commission provided a robust, consistent privacy framework for all companies in the internet services market. Their holistic and consistent approach struck the right balance. Consumers' use of internet services continues to increase and their privacy has been protected.

The resolution we are voting on today puts all segments of the internet on equal footing. It provides consumers with a consistent set of privacy rules. [[Page H2497]]

Mr. Speaker, I urge my colleagues to vote for S.J. Res. 34.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I remind my friends once again that this does not put us on equal footing. The FTC has no power to regulate ISPs under current law.

Mr. Speaker, I yield 3 minutes to the gentleman from Massachusetts (Mr. Capuano). {time} 1645

Mr. CAPUANO. Mr. Speaker, we all know that our cell phones are tracking every move we make and keeping a record of it. Many people don't know, but your automobile is also doing the same thing. They keep a record of where you go. They keep a record of whether you wore your seatbelt. They keep a record of whether you applied the brakes or turned the turn signal on. Okay. That is your automobile. You don't have to drive.

Just recently, in the last couple months, we have learned that our televisions and children's dolls are doing the same thing. Last month, it was revealed that Vizio had spied on 11 million consumers by listening to them while their TV was off because they can do it.

Also, last month, a child's doll called My Friend Cayla for little girls or boys was banned in Germany--banned in Germany--because that doll listens and responds. It goes into the internet, and the doll's owner keeps and sells that information.

This month--this month--a teddy bear manufactured by a company called CloudPets was exposed for collecting more than 2 million voice recordings of children talking to their teddy bear.

Now, maybe we accept that. I know that those are not the items that this resolution would address, but the problem is you are taking an item for ISPs and reducing it down to this level. You say your privacy is protected. I just gave you three examples in the last 2 months where your privacy is not protected. Neither is your children's. Neither is your family's.

In 2012, a giant international company--international ISP company, by the way--filed for a U.S. patent for a cable box that would sit in your house. It would watch you. It would record you. It contained an infrared sensor and even take your body temperature with a thermographic--and that is a quote--thermographic camera. It would do all this without telling you and would work whether the cable box was on or not. If you don't believe me, if you still have the courage to go on the internet, go find patent application number--now, write this one down--2012/0304206. That is the patent application number. It is still online.

I want to read you one small segment from that 25-page patent application. This is a direct quote. I am not making up a single word. The device “may detect . . . that two users are cuddling on a couch during the presentation of the television program and prior to an advertisement break. Based on the detected . . . action . . . the device would select a commercial associated with cuddling.”

The SPEAKER pro tempore. The time of the gentleman has expired.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield an additional 30 seconds to the gentleman from Massachusetts.

Mr. CAPUANO. For example: “a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers . . . et cetera.”

I didn't make up a single word of what I just read, and every one of you is sitting there with your mouth open that this might happen in your world. That is what this resolution will allow, and you can't turn it off. You can't say: Don't watch my children. Don't watch my wife.

This is a terrible resolution. As I asked earlier today, what are you thinking?

Mr. FLORES. Mr. Speaker, we are thinking that the gentleman's comments do not pertain to this resolution, that this resolution in no way is going to allow any of the activities that were described, whether it is cuddling or anything that is going to get in the way of any of that or allowed to be sold.

Mr. Speaker, I yield 2 minutes to the gentleman from New York (Mr. Collins).

Mr. COLLINS of New York. Mr. Speaker, I would like to thank the people who worked to make this legislation a reality. As we become increasingly concerned with cyber threats, online privacy is a critical concern for every American.

Unfortunately, in October of last year, the FCC issued regulations titled, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” also known as broadband privacy rules. These titles do not actually accurately reflect the impact these regulations are having on constituents' electronic privacy.

These broadband privacy rules took internet service providers, ISPs, which you subscribe to for TV and internet access, and edge providers that deliver online applications, services, and website content, and separated them into two different groups. This has caused confusion among businesses trying to adhere to this change.

While writing this regulation, the FCC had the opportunity to employ FTC precedent in drafting the broadband privacy rules, but instead chose to ignore existing precedent and create additional and onerous regulations. The FCC believed that these new rules would give consumers more choice and heightened transparency; however, this has not been the case.

This legislation does not remove privacy protections for consumers, and it does not expose consumer information. Both the FCC and the FTC will retain authority over consumer privacy on a case-by-case basis. ISPs will continue to be subject to the Communications Act of 1934, which protects all consumer proprietary network information. This is in addition to the many other existing Federal and State privacy rules that ISPs must continue to follow.

This proposed system, separating edge providers from ISPs, creates confusion for both consumers and business operations. This legislation works to reduce the confusion that has been created from this unnecessary regulation that has stifled competition and impeded innovation. I am happy to support this legislation which will provide much-needed clarity to the ongoing debate.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, may I inquire how much time remains on both sides?

The SPEAKER pro tempore. The gentleman from Pennsylvania has 5\1/4\ minutes remaining. The gentleman from Texas has 2 minutes remaining.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I just remind my friend, you can say it as many times as you want, but the fact of the matter is that, under current law, the FTC has no authority to regulate the FCC, and the FCC Commissioner has said that you cannot do this without a rule in section 222.

I yield 1 minute to the gentlewoman from California (Ms. Pelosi), our House Democratic leader, the magic minute.

Ms. PELOSI. Mr. Speaker, on behalf of my five children and my nine grandchildren and everyone I know, as a matter of fact, I thank the gentleman for being a champion for privacy for the American people. I thank the gentleman from Pennsylvania (Mr. Michael F. Doyle) for his leadership. I thank the gentleman from New Jersey (Mr. Pallone) for his leadership. The gentlewoman from California (Ms. Eshoo) has been a champion on this issue as well.

Mr. Speaker, Americans turn to the internet for so many things these days: buying books, filing taxes, learning about why they are feeling sick. The Republicans want this information to be sold without your permission: the websites you visit, the apps you use, your search history, the content of your emails, your health and financial data. Overwhelmingly, the American people do not agree with the Republicans that this information should be sold, and it certainly should not be sold without your permission.

Our broadband providers know deeply personal information about us and our families: where we are, what we want, what we are looking for, what information we want to know, every site we visit, and more. Our broadband providers can even track us when we are surfing in private, browsing in a private browsing mode. [[Page H2498]]

Americans' private browser history should not be up for sale. Yet Republicans are bringing S.J. Res. 34 to the floor to allow internet service providers to profit--to profit; this is about profit--from America's most intimate personal information without our knowledge or our consent. Republicans' use of the Congressional Review Act will do permanent damage to the FCC's ability to keep Americans' personal information safe.

As FCC Commissioner Clyburn and FTC Commissioner McSweeny warned: “This legislation will frustrate the FCC's”--the Federal Communications Commission's--“future efforts to protect the privacy of voice and broadband customers.”

It is important for our constituents to know that, if the Republicans had a problem with this particular policy, they might tweak it and say we don't like it this way or that in regular legislation so that we could have a debate on it. It could go back to the Federal Communications Commission. They could revise it and send it back if it were a legitimate presentation of concerns. But it is not about a legitimate presentation of concerns. It is about increasing profits at the expense of the privacy of the American people.

So, as I say, the Republicans' use of the Congressional Review Act does permanent damage and also damages the FCC's ability to keep America's personal information safe. With this measure, Republicans would destroy Americans' right to privacy on the internet--we made that clear--and forbid any effort to keep your personal information safe. Republicans are bending over backwards.

Think of it. Think of the context of all of this.

Since Gerald Ford was President, every candidate for President, every nominee of a major party, every candidate for President of the United States, Democrat and Republican, has released their income tax returns out of respect for the American people--out of respect for the American people. Week in and week out--in fact, sometimes day in and day out--in committee as well as on the floor, the Republicans have kept the President's income tax returns private when the public has a right to know that, that the public has always known that about every President since Gerald Ford--in fact, since Richard Nixon; although, in his case, it wasn't voluntary.

So while they are hiding President Trump's tax returns, some discrete piece of information that the public has a right to know, they are selling your most personal, selling your most personal and sensitive information--again, your browsing history, your children's location, everything--to anyone with the money to buy it.

Incognito tabs or private browsing modes will not protect you from the internet service providers watching and selling, as Mr. Capuano pointed out, watching and selling. Republicans have picked the week after Russian spies were caught hacking into half a billion American email accounts to open the floodgates, overturning the requirement that internet service providers keep their sensitive data secured from cybercriminals.

The American people deserve to be able to insist that intimate details and information about their browser history be kept private and secure.

So how is this?

We have this magnificent technology that science has made available to people to facilitate commerce, to learn about different subjects, to privately pursue, in a way that they may not even want their families to know, what symptoms they have and what illness that might tell them about.

Most Americans have no or limited choices for broadband providers and no recourse against these invasions of their privacy because, with this measure, Republicans turn their back on the overwhelming number of Americans who want more control over their internet privacy.

Americans can choose who represents them in Congress. Americans are paying close attention. They want to know who is taking a stand with them in opposing efforts to sell the private information of the American people.

This is staggering. This is almost a surrender. If the Republicans are allowed to do this, we have surrendered all thoughts of privacy for the American people.

Privacy is a value that the American people treasure. It is about their dignity. It is about their dignity. We cannot allow the Republicans to sell the dignity of the American people. I hope that everyone will vote “no” on this most unfortunate assault on the dignity of the American people. {time} 1700

Mr. FLORES. Mr. Speaker, I reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield 1 minute to the gentlewoman from Illinois (Ms. Schakowsky).

Ms. SCHAKOWSKY. Mr. Speaker, I thank the gentleman for yielding.

Last week, Republicans tried to take away your health care; and, today, they are trying to take away your privacy.

Republicans have said broadband providers and other internet companies should be under the same privacy rules. But oddly enough, when the committee considered an amendment to give the FTC, the Federal Trade Commission, rulemaking authority like the FCC, a change that would allow the agencies to adopt the same privacy protection, every single Republican voted no. In fact, Republicans proposed making it harder for the FTC to pursue privacy and data security cases.

The protections that the FCC adopted last year were very simple: consumers should know what data is being collected, opt in to sharing of sensitive data, have their data reasonably protected, and receive notice when their data is compromised. But this dangerous resolution puts America's privacy and data security at risk.

Mr. Speaker, I urge all of my colleagues to stand up for consumers and vote “no.”

Mr. FLORES. Mr. Speaker, I continue to reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield 1 minute to the gentleman from Rhode Island (Mr. Langevin).

Mr. LANGEVIN. Mr. Speaker, I thank the gentleman for yielding.

Mr. Speaker, I rise in strong opposition to this resolution of disapproval, which would repeal broadband privacy rules being implemented by the FCC.

As co-chair of the Congressional Cybersecurity Caucus, I hope I can offer some additional perspective on this debate. Studying the many threats our country faces in cyberspace, I have become deeply aware of how ingrained the internet is in every aspect of our lives and our economy. And that has also helped me understand the unique role of broadband service providers to grant access to the great potential of the Information Age.

By necessity, ISPs see every bit of traffic that leaves your network for the broader internet. Even when you use encryption, ISPs can still capture data about whom you are talking to or what sites you are visiting. These data are sensitive, and consumers have a right to decide whether or not they can be shared or monetized. Unfortunately, the resolution of disapproval under consideration would strip consumers of that right and presumptively allow sharing and selling without your permission.

Mr. Speaker, the resolution before us today that the Republicans have proposed is downright creepy. It is going to allow potentially unprecedented abuse of personal or private information be shared without your permission. This cannot stand. I urge my colleagues to oppose it.

Mr. FLORES. Mr. Speaker, I continue to reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, may I inquire how much time I have remaining?

The SPEAKER pro tempore. The gentleman from Pennsylvania has 2 minutes remaining. The gentleman from Texas has 2 minutes remaining.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield 1 minute to the gentlewoman from Florida (Mrs. Demings).

Mrs. DEMINGS. Mr. Speaker, please stop me if you have heard this one before and know how it ends. My colleagues on the other side are once again trying to sell the American people a broken alternative to something that is working pretty much as it was intended to.

The FCC privacy rule just says that customers must opt in before internet [[Page H2499]] companies can sell their web browsing history, and that those companies must make reasonable efforts to protect customers' sensitive information. These are not unreasonable requirements.

The internet is our gateway to the world. Whether we connect through our mobile phone or our home computer, we pay companies for access. If those companies want to sell information about what we do on the internet, they should have to get our permission first. It is the right thing to do.

Mr. Speaker, I urge my colleagues on the other side to simply do the right thing.

Mr. FLORES. Mr. Speaker, I continue to reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I include in the Record letters from a coalition of small ISPs, a coalition of civil rights organizations, the Consumers Union, and an article by Terrell McSweeny all opposing this CRA. Electronic Frontier Foundation, San Francisco, CA. Re Oppose S.J. Res 34--Repeal of FCC Privacy Rules. Dear U.S. Representatives: We, the undersigned founders, executives, and employees of ISPs and networking companies, spend our working lives ensuring that Americans have high- quality, fast, reliable, and locally provided choices available when they need to connect to the Internet. One of the cornerstones of our businesses is respecting the privacy of our customers, and it is for that primary reason that we are writing to you today. We urge Congress to preserve the FCC's Broadband Privacy Rules and vote down plans to abolish them. If the rules are repealed, large ISPs across America would resume spying on their customers, selling their data, and denying them a practical and informed choice in the matter. Perhaps if there were a healthy, free, transparent, and competitive market for Internet services in this country, consumers could choose not to use those companies' products. But small ISPs like ours face many structural obstacles, and many Americans have very limited choices: a monopoly or duopoly on the wireline side, and a highly consolidated cellular market dominated by the same wireline firms. Under those circumstances, the FCC's Broadband Privacy Rules are the only way that most Americans will retain the free market choice to browse the Web without being surveilled by the company they pay for an Internet connection. Signed, Sonic, MonkeyBrains, Cruzio Internet, Etheric Networks, Aeneas Communications, Digital Service Consultants Inc., Hoyos Consulting LLC, Om Networks, Motherlode Internet, Goldrush Internet, Credo Mobile, Andrew Buker (Director of Infrastructure Services & Research computing, University of Nebraska at Omaha), Tim Pozar (co-founder, TwoP LLC), Andrew Gallo (Senior Network Architect for a regional research and education network), Jim Deleskie (co-founder, Mimir networks), Randy Carpenter (VP, First Network Group), Kraig Beahn (CTO, Enguity Technology Corp). ____ January 27, 2017. Hon. Paul D. Ryan, Speaker of the House, House of Representatives, Washington, DC. Hon. Mitch McConnell, Senate Majority Leader, U.S. Senate, Washington, DC. Hon. Nancy Pelosi, Minority Leader, House of Representatives, Washington, DC. Hon. Charles Schumer, Minority Leader, U.S. Senate, Washington, DC. Dear Speaker Ryan, Senator McConnell, Representative Pelosi, and Senator Schumer: The undersigned media justice, consumer protection, civil liberties, and privacy groups strongly urge you to oppose the use of the Congressional Review Act (CRA) to adopt a Resolution of Disapproval overturning the FCC's broadband privacy order. That order implements the mandates in Section 222 of the 1996 Telecommunications Act, which an overwhelming, bipartisan majority of Congress enacted to protect telecommunications users' privacy. The cable, telecom, wireless, and advertising lobbies request for CRA intervention is just another industry attempt to overturn rules that empower users and give them a say in how their private information may be used. Not satisfied with trying to appeal the rules of the agency, industry lobbyists have asked Congress to punish internet users by way of restraining the FCC, when all the agency did was implement Congress' own directive in the 1996 Act. This irresponsible, scorched-earth tactic is as harmful as it is hypocritical. If Congress were to take the industry up on its request, a Resolution of Disapproval could exempt intemet service providers (ISPs) from any and all privacy rules at the FCC. As you know, a successful CRA on the privacy rules could preclude the FCC from promulgating any “substantially similar” regulations in the future--in direct conflict with Congress' clear intention in Section 222 that telecommunications carriers protect their customers' privacy. It could also preclude the FCC from addressing any of the other issues in the privacy order like requiring data breach notification and from revisiting these issues as technology continues to evolve in the future. The true consequences of this revoked authority are apparent when considering the ISPs' other efforts to undermine the rules. Without these rules, ISPs could use and disclose customer information at will. The result could be extensive harm caused by breaches or misuse of data. Broadband ISPs, by virtue of their position as gatekeepers to everything on the intemet, have a largely unencumbered view into their customers' online communications. That includes the websites they visit, the videos they watch, and the messages they send. Even when that traffic is encrypted, ISPs can gather vast troves of valuable information on their users' habits; but researchers have shown that much of the most sensitive information remains unencrypted. The FCC's order simply restores people's control over their personal information and lets them choose the terms on which ISPs can use it, share it, or sell it. Americans are increasingly concerned about their privacy, and in some cases have begun to censor their online activity for fear their personal information may be compromised. Consumers have repeatedly expressed their desire for more privacy protections and their belief that the government helps ensure those protections are met. The FCC's rules give broadband customers confidence that their privacy and choices will be honored, but it does not in any way ban ISPs' ability to market to users who opt-in to receive any such targeted offers. The ISPs' overreaction to the FCC's broadband privacy rules has been remarkable. Their supposed concerns about the rule are significantly overblown. Some broadband providers and trade associations inaccurately suggest that this rule is a full ban on data use and disclosure by ISPs, and from there complain that it will hamstring ISPs' ability to compete with other large advertising companies and platforms like Google and Facebook. To the contrary, ISPs can and likely will continue to be able to benefit from use and sharing of their customers' data, so long as those customers consent to such uses. The rules merely require the ISPs to obtain that informed consent. The ISPs and their trade associations already have several petitions for reconsideration of the privacy rules before the FCC. Their petitions argue that the FCC should either adopt a “Federal Trade Commission style” approach to broadband privacy, or that it should retreat from the field and its statutory duty in favor of the Federal Trade Commission itself All of these suggestions are fatally flawed. Not only is the FCC well positioned to continue in its statutorily mandated role as the privacy watchdog for broadband telecom customers, it is the only agency able to do so. As the 9th Circuit recently decided in a case brought by AT&T, common carriers are entirely exempt from FTC jurisdiction, meaning that presently there is no privacy replacement for broadband customers waiting at the FTC if Congress disapproves the FCC's rules here. This lays bare the true intent of these industry groups, who also went to the FCC asking for fine-tuning and reconsideration of the rules before they sent their CRA request. These groups now ask Congress to create a vacuum and to give ISPs carte blanche, with no privacy rules or enforcement in place. Without clear rules of the road under Section 222, broadband users will have no certainty about how their private information can be used and no protection against its abuse. ISPs could and would use and disclose consumer information at will, leading to extensive harm caused by breaches and by misuse of data properly belonging to consumers. Congress told the FCC in 1996 to ensure that telecommunications carriers protect the information they collect about their customers. Industry groups now ask Congress to ignore the mandates in the Communications Act, enacted with strong bipartisan support, and overturn the FCC's attempts to implement Congress's word. The CRA is a blunt instrument and it is inappropriate in this instance, where rules clearly benefit internet users notwithstanding ISPs' disagreement with them. We strongly urge you to oppose any resolution of disapproval that would overturn the FCC's broadband privacy rule. Sincerely, Access Now, American Civil Liberties Union, Broadband Alliance of Mendocino County, Center for Democracy and Technology, Center for Digital Democracy, Center for Media Justice, Color of Change, Consumer Action, Consumer Federation of America, Consumer Federation of California, Consumer Watchdog, Consumer's Union, Free Press Action Fund, May First/People Link, National Hispanic Media Coalition, New America's Open Technology Institute, Online Trust Alliance, Privacy Rights Clearing House, Public Knowledge. ____ ConsumersUnion', Policy & Action From Consumer Reports, March 27, 2017. House of Representatives, Washington, DC. Dear Representative: Consumers Union, the policy and mobilization arm of Consumer [[Page H2500]] Reports, writes regarding House consideration of S.J. Res. 34, approved by a 50-48 party line vote in the Senate last week. This resolution, if passed by the House and signed into law by President, would use the Congressional Review Act (CRA) to nullify the Federal Communication Commission's (FCC) newly- enacted broadband privacy rules that give consumers better control over their data. Many Senators cited “consumer confusion” as a reason to do away with the FCC's privacy rules, but we have seen no evidence proving this assertion and fail to understand how taking away increased privacy protections eliminates confusion. Therefore, we strongly oppose passage of this resolution--it would strip consumers of their privacy rights and, as we explain below, leave them with no protections at all. We urge you to vote no on S.J. Res. 34. The FCC made history last October when it adopted consumer- friendly privacy rules that give consumers more control over how their information is collected by internet service providers (ISPs). Said another way, these rules permit consumers to decide when an ISP can collect a treasure trove of consumer information, whether it is a web browsing history or the apps a consumer may have on a smartphone. We believe the rules are simple, reasonable, and straightforward. ISPs, by virtue of their position as gatekeepers to everything on the internet, enjoy a unique window into consumers' online activities. Data including websites consumers visit, videos viewed, and messages sent is very valuable. Small wonder, then, that ISPs are working so hard to have the FCC's new privacy rules thrown out through use of the Congressional Review Act. But we should make no mistake: abandoning the FCC's new privacy rules is about what benefits big cable companies and not about what is best for consumers. Many argue the FCC should have the same privacy rules as those of the Federal Trade Commission (FTC). FCC Chairman Ajit Pai went so far as to say “jurisdiction over broadband providers' privacy and data security practices should be returned to the FTC, the nation's expert agency with respect to these important subjects,” even though the FTC currently possesses no jurisdiction over the vast majority of ISPs thanks to the common carrier exemption--an exemption made stricter by the Ninth Circuit Court of Appeals in last year's AT&T Mobility case. We have heard this flawed logic time and time again as one of the principal arguments for getting rid of the FCC's strong privacy rules. Unfortunately, this is such a poor solution that it amounts to no solution at all. For the FTC to regain jurisdiction over the privacy practices of ISPs, the FCC would first have to scrap Title II reclassification--not an easy task which would be both time- consuming and subject to judicial review, and jeopardize the legal grounding of the 2015 Open Internet Order. Congress, in turn, would have to pass legislation to remove the common carrier exemption, thus granting the FTC jurisdiction over those ISPs who are common carriers. We are skeptical Congress would take such an action. Finally, the FTC does not enjoy the same robust rulemaking authority that the FCC does. As a result, consumers would have to wait for something bad to happen before the FTC would step in to remedy a violation of privacy rights. Any fondness for the FTC's approach to privacy is merely support for dramatically weaker privacy protections favored by most corporations. There is no question that consumers favor the FCC's current broadband privacy rules. Consumers Union launched an online petition drive last month in support of the Commission's strong rules. To date, close to 50,000 consumers have signed the petition and the number is growing. Last week, more than 24,000 consumers contacted their Senators urging them to oppose the CRA resolution in the 24 hours leading up to the vote. Consumers care about privacy and want the strong privacy protections afforded to the them by the FCC. Any removal or watering down of those rules would represent the destruction of simple privacy protections for consumers. Even worse, if this resolution is passed, using the Congressional Review Act here will prevent the FCC from adopting privacy rules--even weaker ones--to protect consumers in the future. Under the CRA, once a ride is erased, an agency cannot move forward with any “substantially similar” rule unless Congress enacts new legislation specifically authorizing it. Among other impacts, this means a bare majority in the Senate can void a rule, but then restoration of that rule is subject to full legislative process, including a filibuster. The CRA is a blunt instrument--and if used in this context, blatantly anti- consumer. We are more than willing to work with you and your fellow Representatives to craft privacy legislation that affords consumer effective and easy-to-understand protections. The FCC made a step in that direction when it adopted the broadband privacy rules last year, and getting rid of them via the Congressional Review Act is a step back, not forward. Therefore, we encourage you to vote no on S.J. Res. 34. Respectfully, Laura MacCleery, Vice President, Consumer Policy & Mobilization, Consumer Reports. Katie McInnis, Policy Counsel, Consumers Union. Jonathan Schwantes, Senior Policy Counsel, Consumers Union. ____ [From, Mar. 22, 2017] Congress Is About To Give Away Your Online Privacy (By Terrell McSweeney and Chris Hoofnagle) The resolution that could come to a Congressional vote this week aims to tackle differences in how the FCC rule treats ISPs compared with other internet companies. Your broadband provider has to offer you a choice about what information it shares about you, but ecommerce sites and search engines do not. Advocates for repealing the current protections--the resolution is sponsored by Senator Jeff Flake (R-AZ)--argue that Congress should void the FCC's rule using the Congressional Review Act. They contend that in order to properly govern privacy and avoid confusing consumers, the FCC should maintain consistent rules across the internet ecosystem. But inconsistent standards pervade privacy and consumer law. Furthermore, consistent standards militate in favor of increasing protections for privacy, rather than unraveling them as the current proposal would do. An alphabet soup of state and federal laws set the privacy requirements for everything from our financial information to data about our children. That's largely because privacy is both essential to and sometimes in conflict with our most deeply held value, liberty. So, legislators have never been able to craft omnibus privacy protections. Instead, they've developed frameworks informed by prevailing norms, incentives, political economy, and ways the information might be used. As we connect more devices in our home and on our bodies, the array of technologies that raise data privacy and security concerns is expanding. The privacy landscape will likely continue to be shaped as technologies evolve. Different consumer technologies may justify different approaches. For example, the safety issues inherent in cars and medical devices may warrant particularly strong privacy and security protections. In the future, privacy rules could come from the FCC as well as the Department of Commerce, National Highway Traffic Safety Administration, Food and Drug Administration, and other agencies. Consider that your bank can--and probably does--sell your contact and financial information unless you opt out. Yet if you rent a movie, online or off, the rental service can't sell information about your media consumption without your consent, and it must delete your rental history after it's no longer needed. Congress enacted those protections to shield intellectual freedom, so that one can enjoy controversial movies without fear of one's curiosity resulting in extortion or embarrassment. This brings us to our second point: If consistency and reducing consumer confusion is the goal, consumers should demand stronger internet privacy norms. Given the animating purpose of protecting movie rental information, why not require consumers to consent to the sharing any information about their online behavior? After all, our web activity is the ultimate manifestation of our intellectual curiosity, representing second-by-second decisions about consuming news and entertainment. In addition to existing federal laws, legislators could, as professor Helen Nissenbaum has suggested, look to offline contexts, such as the strong privacy norms governing searching for a book in a library, to guide the privacy rules we ought to enjoy when using a search engine. The government also could take a page from the confidentiality standards patients enjoy when conversing with physicians and apply those same norms to medical information websites. Policymakers could look to the last two centuries of privacy in the postal mail to guide rules for commercial scanning of email. Yet in all these contexts, web business models drive design decisions that have turned social and personal behaviors into marketplace transactions. Left standing, the FCC rule offers an opportunity for a meaningful debate about how to better translate our analog privacy norms into the digital world. Broadband ISPs are essentially utilities, like postal mail and the telephone. Subscribers have little or no competitive choice as to which provider to use. ISPs know our identities, and their position gives them the technical capacity to surveil users in ways that others cannot. It makes sense to ensure consumers can choose whether to share data related to their Internet usage. The majority of consumers--91 percent in a recent survey-- feel they've lost control of their personal information. Yet, paradoxically, the late, great privacy researcher and historian Alan Westin consistently found that Americans expect companies to handle personal data in a “confidential” way. In reality, the modern internet is like a one-way mirror, where users are often unaware that they are being silently watched by third parties. The FCC rule exposes this one-way mirror and allows people to decide whether to draw a curtain on it. Maintaining the current rules would make ISP practices more consistent with consumers' expectations of confidentiality. Congress should spend time examining the [[Page H2501]] strengths and weaknesses of our current approach, instead of using consistency arguments to eviscerate the FCC's rule.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I yield 1 minute to the gentlewoman from California (Ms. Lofgren), my colleague from the class of '94.

Ms. LOFGREN. Mr. Speaker, a “yes” vote exempts all broadband service providers from all rules on user privacy and all limitations on how they use your data. They are in a unique position to see every place you go, every website you visit, they can do deep packet inspection and see what is in your emails.

What protects your privacy?

This rule that is about to be repealed.

If you have problems with the privacy policies of your email provider or social network, you have got competition to go to. But most Americans have just one or, at most, just two choices for their broadband provider. And, interestingly enough, all of those providers are supporting the repeal of this privacy rule.


They are going to make money selling your information.

The idea that we could have an FTC solution is an interesting one, but there is no way to do it. In the Ninth Circuit's 2016 ruling of AT&T v. FTC, they ruled that the FTC is barred from imposing data breach rules. So vote “no” and protect your constituents' privacy.

Mr. FLORES. Mr. Speaker, I continue to reserve the balance of my time.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, I ask my colleagues to vote against this horrible resolution, and I yield back the balance of my time.

Mr. FLORES. Mr. Speaker, I yield myself the balance of my time.

We have heard a lot of interesting claims today in the discussion about this fairly simple resolution to roll back overreaching regulation from the FCC that were passed late in the Obama administration's time.

I would remind everybody, Mr. Speaker, that this CRA has nothing to do with the President's tax return, it has nothing to do with Russian hacking, and there have been some gross mischaracterizations of what this resolution does.

Why do we need this resolution?

The three reasons are, as Chairwoman Blackburn opened up at the beginning:

First of all, the FCC swiped jurisdiction from the FTC.

Second, two cops on the beat create confusion among consumers and among the ISP providers.

Third, the FTC already has jurisdiction over this space.

Let me close with this: this resolution of disapproval only rescinds the FCC's rule, but it still provides the FCC the opportunity to provide more oversight more in line with the Federal Trade Commission, which has successfully been regulating online privacy for nearly 2 decades.

This resolution does not lessen or impede the privacy and data security standards that we already have established. We are simply restoring a more stable regulatory playing field to ensure that consistent uniform privacy standards are maintained to protect consumers and future innovation.

Once Congress rejects these rules, the FCC can turn back to cooperating with the FTC to ensure both the consumer privacy across all aspects of the internet is protected through vigorous enforcement and that innovation is allowed to flourish.

I urge all of my colleagues to support this commonsense resolution.

Mr. Speaker, I yield back the balance of my time.

The SPEAKER pro tempore. All time for debate has expired.

Pursuant to the rule, the previous question is ordered on the joint resolution.

The question is on the third reading of the joint resolution.

The joint resolution was ordered to be read a third time, and was read the third time.

The SPEAKER pro tempore. The question is on the passage of the joint resolution.

The question was taken; and the Speaker pro tempore announced that the ayes appeared to have it.

Mr. MICHAEL F. DOYLE of Pennsylvania. Mr. Speaker, on that I demand the yeas and nays.

The yeas and nays were ordered.

The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further proceedings on this question will be postponed. ____________________

Back to Top | Next Article | Source:

Legislative BranchLive Floor Updates, Congressional Record


Members, Committees

Plan: House, Senate; Prayer

Live: House, Senate, Deck

Record: Daily, Weekly

Votes: House, Senate

News, Reporters