The Center for Democracy & Technology (CDT) respectfully submits these reply comments in response to the public comments filed as part of the Federal Communications Commission’s Notice of Proposed Rulemaking (NPRM) regarding proposed rules to protect the privacy of customers of broadband and other telecommunications services. CDT is a nonprofit public interest organization dedicated to promoting openness, innovation, and freedom online — a mission that closely tracks with the Commission’s goals for this proceeding.
CDT’s reply focuses on four key legal and technical issues raised in the first-round of comments:
- The Commission’s proposed rules would satisfy First Amendment scrutiny.
- Commenters argued that the Commission’s framework fails to sufficiently protect the First Amendment interests of Broadband Internet Access Service (BIAS) providers. We respectfully disagree. The Commission’s careful consideration of privacy and speech concerns in the proposed rule would satisfy intermediate scrutiny by the courts.
- The Commission should clarify several technical issues that may be ambiguous in the proposed rule.
- Commenters highlighted concerns and confusion concerning security research, aggregation and de-identification, and deep packet inspection. We propose ways to clarify these issues to avoid confusion or ambiguity in a final rule.
- The Commission should act deliberately when proposing data breach notifications.
- Commenters raised concerns regarding the appropriateness of the proposed data breach notification standards. While CDT does not take a position on specific timing for notification following a breach as proposed in the NPRM, we note that data breach remains a highly regulated and hotly debated policy issue. Accordingly, we encourage the Commission to create a notification standard that considers existing laws and feasible reporting timelines.
- The Commission has created appropriate definitions for CPNI, PII, and customer PI.
- Several commenters argued that the Commission’s definitions for these categories are overbroad and not authorized by statute. As discussed in our initial comments, we disagree. The Commission’s interpretation of the Communications Act is appropriate and narrowly scoped.