The U.S. Congress has passed the repeal of the broadband carrier privacy rules that required ISPs to seek consumer consent before selling Web browsing and app usage data to advertisers. The law was approved by the Obama administration and scheduled to take effect by the end of this year. It means that ISPs are legally entitled to sell their users’ browsing history to the highest bidder by default and without requiring permission.

Of course, free services like Google and Facebook have been doing this for years but people pay for a broadband connection. That makes it quite a bit different. While ISPs should provide an opt out, the measure erodes any vestige of privacy for surfing. People who are not reasonably tech-savvy may be totally unaware of the new playing field and fall victim by default.

So What Can You Do?

The usual precautionary measures such as clearing browser history and deleting cookies, setting browser to incognito or private mode, or installing software designed to prevent tracking by advertisers are rendered ineffective since your browsing sessions take place via servers and network of the ISPs. Instead, here’s a list of viable solutions to prevent an ISP from selling your Web data:

1. Apply to opt out

ISPs should provide this option. If not, users should contact them. It’s not exactly ironclad because many ISPs are vague about exactly how they track the online activity of their subscribers. The FCC fined Verizon $1.35 million last year because it neglected to tell smartphone users that it was using “supercookie” technology to track their browsing habits, regardless of privacy settings, and did not initially provide an opt-out.

 

2. Switch to a different ISP

Not all ISPs will implement this legal data sharing opportunity. Some smaller ISPs actually protested against the repeal. Changing ISPs may be easier said than done for users in rural locations where choice is limited or non-existent. However, expect some ISPs to develop a non-sharing policy as a marketing strategy. Watch this space.

 

3. Invest in a VPN

A Virtual Private Network is like an encrypted tunnel between a computer or phone and the Internet. In theory it guarantees privacy but not all VPNs are equal. Buyers should perform due diligence by way of researching expert reviews. That One Privacy Site is an excellent review and monitoring service run by a knowledgeable enthusiast for the tech and privacy savvy individuals. It’s probably best to avoid the free services because, who knows, maybe they might as well sell the browsing history of their subscribers. After all, they must generate revenue somehow. A VPN will slow down surfing and users may not be able to view high quality video streams on Netflix, for example.

 

4. Use Tor

Tor supplies a browser and service that hides your location and conceals your surfing activity so that it cannot be tracked. There are many thousand computers, called relays, in the Tor network, all provided on a voluntary basis by fans of the service. The service bounces the web traffic of its users between several of these relays on a random basis. Like a VPN, it slows surfing speeds. Also, it is for the technically minded only – or perhaps configured by a technically minded friend.

The privacy law repeal only impacts ISPs in the U.S., but the implications are applicable to Internet consumers across the world. Many countries have not enforced strict privacy laws to prevent ISPs and internet companies from freely selling consumer Web data. In this case, consumers are at their own discretion to adopt Internet privacy best practices.

Senior members of the Trump administration have resorted to encrypted communication apps amid email hacking concerns that disrupted Hilary Clinton’s presidential election campaign and exposed sensitive conversations of Democratic National Committee (DNC) members to WikiLeaks.

The use of encrypted and disappearing messaging apps at the White House may violate the Presidential Records Act, which necessitates archival and retention of work related communication for transparency and litigation requirements. Trump aides are reportedly using the messaging app Signal that offers end-to-end encryption for personal communication. Maintaining a complete record of email communication at the White House is already a tough endeavor, and adding encrypted communication to the mix will only make it difficult to enforce the public disclosure laws.

At the same time, the Trump administration also fears White House staffers are using the technology to expose the government’s darkest corners without leaving a digital trail. The messaging app Confide with its SnapChat-like features of disappearing messages is allegedly being used specifically for this purpose by some U.S. government officials.

How Encrypted Messaging Works

Encryption is the process of converting information into a random and apparently meaningless data (cyphertext). Various mathematical functions or algorithms may be used to convert original data into encrypted cyphertext. The process of converting cyphertext back into its original form is called Decryption.

Modern cryptographic protocols utilize numeric codes known as Encryption Keys encrypt and decrypt the data. The Keys are available only to the sender and recipient of encrypted information. Third parties including hackers, government agencies, Internet Service Providers and even the encrypted messaging service providers such as Signal and Confide cannot legally access Encryption Keys. Private communication between end-users therefore remains elusive and untraceable by legitimate means.

Privacy or Transparency?

The concept of secure encrypted messaging is widely popular and appreciated for personal use, even in the White House. Regulations that necessitate data retention apply only to work-related communication that involves senior government officials to ensure transparency. To enforce public disclosure laws for communication that takes place via end-to-end encrypted messaging apps, the government will also need decryption keys to make sense of the encrypted data archived by the sender and recipient. To make matters more complex, apps such as Confide go a step ahead with disappearing messaging features that prevent users from archiving or even taking screenshots of the communication.

Third-party encrypted communication apps are skewed toward privacy, to a point where end-users cannot be held accountable for their communication, since the paper trail is entirely inaccessible and eliminated. In a public office or collaborative workplace, excessive privacy compromises transparency. The concerned authorities should therefore remain on top of the communication technologies used by employees and may need to regulate the use of end-to-end encrypted communication apps for work purposes. The tradeoff between privacy and transparency will emerge as a pressing need of the corporate world in response to rapid adoption of encrypted communication technologies by security-aware end-users.