Until today, March 2 marked the date that internet service providers in the US would be required to adopt "reasonable" measures to protect sensitive customer info like browsing histories, location data and Social Security numbers. Thanks to the Federal Communications Commission's new leadership, however, that deadline will now be extended indefinitely, and we have no idea if or when those rules will be enacted.
The security requirement is part of a bigger rule that would require ISPs to get consent before selling customer data to third parties like advertisers. Opponents like FCC chairman Ajit Pai argue these rules are unfair because they treat "edge providers" (that is, websites) differently from ISPs. Sites like Google or Facebook, of course, also collect a lot of data on users. The difference is that ISPs collect all web traffic from an individual, from your Google searches for "weird butt wart" to your Twitter DMs to your visits to Pornhub. And if you don't want Google to track your data, you can use Bing. With ISPs, consumers have very little choice.
On Friday, the FCC announced that Pai will seek a stay on the rule. If the commissioners don't vote on it — which is kind of irrelevant because the commission is stacked 2-1 in favour of the Republicans — the FCC's Wireline Bureau will enact a stay by itself until the full commission decides on a petition to reconsider the rule.
The next FCC meeting is scheduled for March 23, which, you may note, is after March 2.
Pai's reasoning is that the rules aren't "consistent with [Federal Trade Commission] privacy standards," arguing that the privacy regime should apply to broadband providers as well as websites. When Pai voted against the rules last year, he said that "consumers should not have to be network engineers to understand who is collecting their data and they should not have to be lawyers to determine if their information is protected." Apparently, he now doesn't give a shit whether your data is protected at all!
And Pai isn't the only threat to the rule: Earlier this month, Arizona Senator Jeff Flake confirmed he plans on introducing a bill that would use the Congressional Review Act to repeal the entire package of privacy rules, which would mean the FCC isn't allowed to introduce any "substantially similar" rules in the future.
Matt Wood, policy director at Free Press, told Gizmodo that "it's relevant that Pai is staying whatever rules he can as they become effective. It's a clear signal that he intends to reverse everything in due time, if he can." Just yesterday, the FCC voted to roll back enhanced transparency requirements that were enacted as part of the net neutrality rules, which could well be another indication of things to come on that front.
Given the massive leak of Cloudflare data today, Pai probably couldn't have picked a worse time to throw rules about protecting data in the garbage.