Donate
‹ Back
Privacy 26 May 2016

IP Addresses Are Not Telephone Numbers – The Fundamental Flaw with the FCC’s Proposed Privacy Rules

By Mark Buell Regional Bureau Director, North America

Last month the U.S. Federal Communications Commission (FCC) released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telephone companies collect about consumers’ phone calls.

The Commission’s proposed rules would adapt and apply privacy rules to broadband providers that have historically applied to the traditional telephone carriers. It would also regulate how broadband providers use and share that data. The FCC is able to do this since broadband providers are now subject to the existing privacy protections under Title II of the Communications Act as a result of the Open Internet Order.

Providing consumers with the tools they need to protect their privacy is unquestionably a good thing. However, the Internet Society is concerned about whether expanding and applying Title II to the broadband market is the right approach, as such a course of action may have unintended consequences.

Of particular concern to the Internet Society is the following text taken from section 45 of the NPRM:

“45. Internet Protocol (IP) Addresses and Domain Name Information. We propose to consider both source and destination IP addresses as CPNI in the broadband context. An IP address is the routable address for each device on an IP network, and BIAS providers use the end user’s and edge provider’s IP addresses to route data traffic between them. As such, IP addresses are roughly analogous to telephone numbers in the voice telephony context, and the Commission has previously held telephone numbers dialed to be CPNI. Further, our CPNI rules for TRS providers recognize IP addresses as call data information. IP addresses are also frequently used in geo-location. As such, we believe that we should consider IP addresses to be “destination” and “location” information under Section 222(h)(1)(A). Similarly, we propose to consider other information in Internet layer protocol headers to be CPNI in the broadband context, because they may indicate the “type” and “amount of use” of a telecommunication service. We seek comment on this proposed interpretation.”

A blanket association between telephone numbers and IP numbers and domain names is not simply not useful. Here’s the problem – IP numbers and domain names are not telephone numbers. By using this analogy as the starting point for their rationale to consider IP numbers as CPNI, the FCC is beginning from a fundamentally flawed starting point.

The telephone numbering system was born out of an inherently regulatory framework within a multilateral institution, and coordinated at the international level by the International Telecommunication Union (ITU). In contrast, IP addressing was born out of a global, bottom-up multistakeholder approach. This model has been a driver of the innovation and creativity that made the Internet a virtually unparalleled force for social and economic progress in our collective history. Generally speaking, this broad comparison fails to account for the underlying context for each numbering system, and renders the analogy too broad and insufficient to be effective.

There may also be unintended negative outcomes globally from using this analogy. Like it or not, Washington exists in a policy fishbowl – the rest of the world pays attention to what happens here. There are nations that will watch, and may indeed copy, the FCC’s lead.

Applying decades-old telephone system regulations to the Internet puts at risk the principles and norms that contributed to its tremendous growth and success. As Dr. Robert Pepper wrote in Forbes ahead of the ITU’s World Conference on International Telecommunications in 2012, “Changing the regulatory and business model of the Internet now with an outdated legacy telecom model would limit the Internet’s expansion and diminish the potential for further innovation.” Pepper rightly concludes “This would be an enormous mistake.”

Furthermore, the FCC’s use of this analogy is in clear contrast to the deregulatory approach to the Internet that the U.S. Government promotes on the global stage. In a world where the multistakeholder model for Internet governance is so often under threat, do we really want the FCC to normalize a governance framework that does not recognize the crucial role of it played in the growth and success of the Internet?

The Communications Act was developed at a very different time and to regulate a very different system. Putting aside the fact that the Act dates from the 1930s, the last time it was updated was in 1996 – the dawn of the widely available Internet. I believe the distinctive nature of the Internet compels us to take an approach to consumer privacy that is just as unique.

Comments on the NPRM close tomorrow.

‹ Back

Related articles

Privacy is key to reinforcing user trust on the Internet
Privacy is key to reinforcing user trust on the Internet
Privacy31 March 2017

Privacy is key to reinforcing user trust on the Internet

Privacy has been a top-of-mind issue in the United States for the past couple of weeks. Last Tuesday, the House...

Weakening encryption might be an easy fix, but counterproductive in the long-run
Weakening encryption might be an easy fix, but counterproductive in the long-run
Encryption6 July 2017

Weakening encryption might be an easy fix, but counterproductive in the long-run

The debate on encryption in the EU has followed a familiar path in pitting national security against concerns about civil...

FCC: The Countdown to IPv6 is On!
IPv625 May 2012

FCC: The Countdown to IPv6 is On!

"What if I told you that the world was running out of postal addresses or phone numbers, and that, in...

Join the conversation with Internet Society members around the world