Shortly before Congress voted to reverse an Federal Communications Commission privacy rule allowing internet service providers to sell customer data without consent, Cards Against Humanity co-creator Max Temkin tweeted, “If this shit passes I will buy the browser history of every congressman and congressional aide and publish it. cc @SpeakerRyan.”
It’s a nice thought and got some approving media attention. If elected officials are OK with Cox, Comcast, Verizon, Time Warner, and AT&T selling users’ browser history, location data, and more, then why shouldn’t Congress get their comeuppance?
The biggest problem: As Temkin admitted on Reddit, they “don’t know if there will be any data to buy, how it will work, or what will be available.”
You can say that again. It’s not entirely clear how the data will be sold or how easy it will be to identify individuals within bulk datasets sold to advertisers or correlate them with other existing datasets. And there’s no clear-cut way to tie specific searches, for example, to specific members of Congress. Recode senior editor Tony Romm, who tweeted that “stupid stunts” like Temkin’s cheapen political discourse also tweeted, in part, that “you cannot call up Comcast and be like, ‘hi can I buy lawmakers’ browsing histories. that’s a no.’ ”
The Telecommunications Act prohibits carriers from disclosing individually identifiable information in most circumstances, so information sold to the highest bidder would come in aggregate form in order to comply with the law. So basically, a whole bunch of people’s individual datasets would be sold together, with a file on each person (minus the name and some other information). This isn’t to say that extracting identifiable information is impossible, which is one reason why privacy advocates are upset about this. Researchers have shown that anonymous data can often be reverse-engineered. But it’s still tricky. And even if you think you can extrapolate which web history belongs to which member of Congress, verifying that information it isn’t exactly a cakewalk.
This hasn’t stopped various GoFundMe campaigns from cropping up. Privacy activist Adam McElhaney from Chattanooga, Tennessee, has already raised $187,925 as of Friday morning, far exceeding his $10,000 goal. (He did offer to donate funds to the Electronic Frontier Foundation if he “can’t buy the data in the end for whatever reason” and said refunds would be possible, too.) Actor Misha Collins had higher aspirations but has only raised $78,710 of his $500 million goal at the time of writing. He, too, offered to donate proceeds to a nonprofit organization (the American Civil Liberties Union) if purchasing data is impossible or if there is a surplus. To Temkin’s credit, he hasn’t used his star power or the virality of his tweet to collect donations, though he did offer to match up to $10,000 of donations to the Electronic Frontier Foundation.
Temkin is urging people to be very skeptical of GoFundMe projects to buy the data, but he also continues to insist that he and Cards Against Humanity will do whatever they can to acquire said data, and publish it, should it become available. On Reddit, he noted that this could take a long time and may require FOIA requests or purchasing browsing data for ZIP codes where congressional office buildings are located. But it’s unclear what exactly Temkin would want to FOIA, since Congress (along with the federal courts and parts of the Executive Office) are not subject to FOIA.
The fact that collecting individual search data isn’t a piece of cake doesn’t make the resolution any less awful. If recent history has taught us anything, it’s that any collected data is vulnerable to hacking. And just because information is distributed in aggregate form doesn’t mean it’s sorted that way. As EFF points out, there are still many creepy things your ISP can do in light of these repealed privacy protections, including tracking and recording HTTP traffic, tracking top-level domain names for HTTPS sites you visit, and injecting invasive ads based on your browsing history.
Fighting the effects of this legislation—whether that’s through state laws, more widespread adoption of HTTPS (which makes your web browsing more secure), individual use of virtual private networks, or donations to nonprofits like EFF—is commendable. But putting full faith in creating a database of search data information on congressional representatives may lead to disappointment, because it’s probably not going to happen.
