To recap: The federal government has now ripped away rules protecting net neutrality, broadband privacy, and network security. On top of that, the Federal Communications Commission (FCC) is also proposing to gut the Lifeline program, designed to reduce the cost of communications services that get low-income Americans online. With the federal government abdicating its role of protecting consumers, Americans are now vulnerable to the whims of their internet service providers (ISPs).
Some cities, however, have already taken up the mantle of empowering their citizens. San Francisco, in particular, is one of the early leaders of returning basic protections to its citizens—and ensuring that all San Franciscans can get online.
How does it intend to do this? By building its own municipal network. The city has planned to build the network, which would be fiber-based and is intended to reach all homes in the city, since late 2016. Once the infrastructure is in place, the city intends to open it to any ISP to operate, as long as that provider runs its service in an open and secure manner.
In June 2017, the city announced a Blue Ribbon Panel on Municipal Fiber to inform its approach to building the network. The panel has released three reports. You can see the first two reports here and here; they conclude that a fiber network, regulated as a utility, is the best approach for San Francisco. The third report investigates the policies and practices ISPs ought to adopt when they provide service over San Francisco’s network. (Full disclosure: The Open Technology Institute played an integral role in this third report, put out by the Subcommittee on Privacy and Governance.)
But how can these city-generated protections work in practice? In the report, the panel proposes that San Francisco require ISPs to protect consumers in several key ways. First, ISPs should abide by strong net neutrality rules, which would prevent blocking, throttling, and engaging in paid prioritization with respect to any lawful traffic, content, or applications. ISPs, in other words, wouldn’t be able to discriminate based on traffic, for instance by slowing down or speeding up their own traffic (think of Comcast’s over-the-top video service or DirecTV, now owned by AT&T) or any ISP-affiliated content. The proposal is modeled after the FCC’s net neutrality rules adopted in 2015.
Second, ISPs ought to protect network security against outside attackers. One way to do this is via the C-I-A approach: confidentiality, integrity, availability. This means that network assets—such as the infrastructure itself, software, and data associated with the network—shouldn’t be available to unauthorized individuals. Neither should they be deleted or modified except as authorized. These assets should, however, be available to authorized parties when needed. To achieve these goals, the city and the ISPs operating over its network ought to adopt, promote, and make available to customers security measures such as encryption technology, firewalls, malware protection, and Intrusion Detection Systems. But it’s not only about empowering consumers; it’s also about checking other authorities. ISPs operating on the network must protect against overreaching law enforcement requests for data. Refusing to disclose information when it’s not legally required to do so is one way to achieve this goal.
Third, ISPs ought to adopt strong consumer privacy protections—ones similar to the California broadband privacy bill that was amended in June of last year (which, for additional disclosure, closely tracked model language OTI and others developed). That bill required ISPs to get opt-in consent from customers when they use data for non-service-related activities. More than that, it also prevented ISPs from engaging in “pay-for-privacy” regimes, which allow ISPs to charge customers extra money for protecting their privacy.
Fourth, it’s important that ISPs engage in regular transparency reporting around law enforcement requests for data. Modeled after a 2017 OTI report, this suggestion advocates for ISPs to disclose aggregate data about law enforcement requests for data, with the aim of helping ISPs “showcase their values and commitments to protecting user rights.”
And, last, the panel recommends developing structures and processes for ongoing engagement between the mayor’s office, the board of supervisors, and the San Francisco community. Here, the goal is to ensure that the burgeoning network continues to reflect local values.
The San Francisco network is a significant step toward bolstering access to broadband and continuing the protections of net neutrality that Americans are about to lose. In addition to so much else, making sure that the network reaches all homes in the city would ensure that all citizens—including low-income citizens—have access to high-speed, affordable broadband. It would ensure, too, that all San Franciscans can access a network that was built for them, with local values taking center stage in the effort.
The question now is: Will more cities take San Francisco’s lead?