IP Addresses Are Not Telephone Numbers – The Fundamental Flaw with the FCC’s Proposed Privacy Rules Thumbnail
Privacy 26 May 2016

IP Addresses Are Not Telephone Numbers – The Fundamental Flaw with the FCC’s Proposed Privacy Rules

By Mark BuellFormer Regional Vice President - North America

Last month the U.S. Federal Communications Commission (FCC) released a Notice of Proposed Rulemaking (NPRM) on Customer Proprietary Network Information (CPNI), the information telephone companies collect about consumers’ phone calls.

The Commission’s proposed rules would adapt and apply privacy rules to broadband providers that have historically applied to the traditional telephone carriers. It would also regulate how broadband providers use and share that data. The FCC is able to do this since broadband providers are now subject to the existing privacy protections under Title II of the Communications Act as a result of the Open Internet Order.

Providing consumers with the tools they need to protect their privacy is unquestionably a good thing. However, the Internet Society is concerned about whether expanding and applying Title II to the broadband market is the right approach, as such a course of action may have unintended consequences.

Of particular concern to the Internet Society is the following text taken from section 45 of the NPRM:

“45. Internet Protocol (IP) Addresses and Domain Name Information. We propose to consider both source and destination IP addresses as CPNI in the broadband context. An IP address is the routable address for each device on an IP network, and BIAS providers use the end user’s and edge provider’s IP addresses to route data traffic between them. As such, IP addresses are roughly analogous to telephone numbers in the voice telephony context, and the Commission has previously held telephone numbers dialed to be CPNI. Further, our CPNI rules for TRS providers recognize IP addresses as call data information. IP addresses are also frequently used in geo-location. As such, we believe that we should consider IP addresses to be “destination” and “location” information under Section 222(h)(1)(A). Similarly, we propose to consider other information in Internet layer protocol headers to be CPNI in the broadband context, because they may indicate the “type” and “amount of use” of a telecommunication service. We seek comment on this proposed interpretation.”

A blanket association between telephone numbers and IP numbers and domain names is not simply not useful. Here’s the problem – IP numbers and domain names are not telephone numbers. By using this analogy as the starting point for their rationale to consider IP numbers as CPNI, the FCC is beginning from a fundamentally flawed starting point.

The telephone numbering system was born out of an inherently regulatory framework within a multilateral institution, and coordinated at the international level by the International Telecommunication Union (ITU). In contrast, IP addressing was born out of a global, bottom-up multistakeholder approach. This model has been a driver of the innovation and creativity that made the Internet a virtually unparalleled force for social and economic progress in our collective history. Generally speaking, this broad comparison fails to account for the underlying context for each numbering system, and renders the analogy too broad and insufficient to be effective.

There may also be unintended negative outcomes globally from using this analogy. Like it or not, Washington exists in a policy fishbowl – the rest of the world pays attention to what happens here. There are nations that will watch, and may indeed copy, the FCC’s lead.

Applying decades-old telephone system regulations to the Internet puts at risk the principles and norms that contributed to its tremendous growth and success. As Dr. Robert Pepper wrote in Forbes ahead of the ITU’s World Conference on International Telecommunications in 2012, “Changing the regulatory and business model of the Internet now with an outdated legacy telecom model would limit the Internet’s expansion and diminish the potential for further innovation.” Pepper rightly concludes “This would be an enormous mistake.”

Furthermore, the FCC’s use of this analogy is in clear contrast to the deregulatory approach to the Internet that the U.S. Government promotes on the global stage. In a world where the multistakeholder model for Internet governance is so often under threat, do we really want the FCC to normalize a governance framework that does not recognize the crucial role of it played in the growth and success of the Internet?

The Communications Act was developed at a very different time and to regulate a very different system. Putting aside the fact that the Act dates from the 1930s, the last time it was updated was in 1996 – the dawn of the widely available Internet. I believe the distinctive nature of the Internet compels us to take an approach to consumer privacy that is just as unique.

Comments on the NPRM close tomorrow.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

10 March 2021

Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections

Mozilla, the Electronic Frontier Foundation, and the Internet Society call on AT&T, T-Mobile, and Verizon to commit to limiting...

Strengthening the Internet 22 February 2021

The Best and the Brightest Security and Privacy Experts Are Gathering Virtually at NDSS 2021

NDSS 2021 will be one of the biggest NDSS symposia yet, featuring two keynotes, 90 peer-reviewed academic papers, six...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...