The Electronic Communications Privacy Act of 1986 (ECPA)
The US Patriot Act
The Patriot Act was passed less than two months after the September 11 terrorist attacks, during a time of enormous political upheaval in the United States.
The Patriot Act was enacted to monitor terrorist activity, and thus the law allows for law enforcement agencies, most notably the FBI, to obtain information about our online (and offline) communications. These officials now don’t need a warrant to access information about our connections, such as the email addresses we’ve communicated with, the phone numbers we’ve called, or the websites we’ve visited. Between 2003 and 2006, 192,499 such information requests were made.
The act was updated and extended in 2015 under the US Freedom Act. It was claimed that many of the potential abuses of the Patriot Act had been reigned in, but most observers are skeptical of such claims.
The Recent Internet Privacy Rollback
So let’s get to the recent repeal made by Congress in March. The law that was repealed, which never actually went into effect, was going to set some pretty essential and comprehensive rules for the way ISPs handle our data. The fundamental changes would have been the following:
- ISPs would have to be completely transparent about the way they handle our data
- If consumer data were going to be given or sold to a third party, that consumer would have to opt-in first
- ISPs would have to take specific measures to protect their customers’ privacy and notify their customers if there were to be a massive security breach
- ISPs wouldn’t be allowed to offer different prices for different tiers of internet security
These concerns weren’t an issue until 2015 because until then, ISPs were regulated by the Federal Trade Commission (FTC) and the FTC took great care in preventing such abuses. But in 2015, the Federal Communications Commission (FCC) claimed jurisdiction over ISPs, and since then these regulations haven’t been enforced. The law passed last year was supposed to patch up this legislative grey area.
To be continued
Only time will tell how this story shakes out, but, until then, all the rights listed above are at risk. In the meantime, please note that you can call your ISP to explicitly tell them that you would like to opt out of any and all data collection, and you can also use a Virtual Private Network (VPN) as a means of protecting your data from your ISP.