The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers.

AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

"This bill will create a cumbersome, uncertain, and vague regulation of Internet providers in California," Tuesday's letter to California senators said. "This single-state approach is antithetical to the forward-looking policies that have made California a world leader in the Internet Age."

Despite criticizing the "single-state approach," the ISPs also opposed the now-repealed Federal Communications Commission rule that the California bill is based on and which would have implemented the regulations nationwide.

The letter was also signed by advertiser groups such as the Association of National Advertisers and the Data & Marketing Association, as well as the Internet Association, which represents Internet companies such as Facebook and Google. The bill imposes requirements only on broadband providers, but website operators might be worried that it will be followed by new requirements on other industry members. Websites currently follow a less-strict regime in which they let visitors opt out of personalized advertising based on browsing history but don't have to get consumers' permission before using their browsing histories.

EFF picks apart security claims

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service."

The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer’s personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

The bill would also let ISPs continue to work with other Internet providers to prevent attacks by sharing information, "so long as they de-identify the data first by making sure it’s not linkable to an individual or device," he wrote.

Moreover, the bill could cause Internet providers to collect less information about its customers' Web browsing habits, he wrote. That, in turn, would mean there's less information for hackers to expose if they breach Internet providers' storage systems.

The prediction of "recurring pop-ups" is also false because if anything, the bill would "likely result in fewer pop-ups, not to mention fewer intrusive ads during your everyday browser experience," Gillula wrote. "That’s because A.B. 375 will prevent Internet providers from using your data to sell ads they target to you without your consent—which means they’ll be less likely to insert ads into your Web browsing, like some Internet providers have done in the past.."

The opt-in requirements would only lead to more pop-ups if Internet providers constantly annoy customers with pop-ups in an effort to "wear people down until they give their consent" to have their browsing histories used for advertising, he wrote.

"If that’s really what Comcast and Verizon are implying, then lawmakers should understand the claim for what it really is: a threat to hold consumers hostage in the fight for online privacy," Gillula wrote.

Legislative session about to end

ISPs and their allies also claimed that recent amendments to the bill prove that the legislation is "deficient." But the bill could be voted on Friday, the last day of the California legislature's session. The EFF urged California residents to "call your state Assemblymember and state Senator and tell them to vote AYE for A.B. 375 this Friday."

The California bill, introduced by Assembly member Ed Chau (D-Monterey Park), has the support of former FCC Chairman Tom Wheeler. Wheeler led the FCC vote that implemented the now-repealed federal rule that Chau's legislation is based on.

"It is my hope that the legislature will act decisively and quickly to restore Californians' privacy protections with respect to data gathered by cable companies and telephone companies in the course of providing Internet access service," Wheeler wrote in a letter to Chau on Wednesday. "If California leads on consumer privacy, undoubtedly other states will follow."

Disclosure: The Advance/Newhouse Partnership, which owns about 13 percent of Charter, is part of Advance Publications. Advance Publications owns Condé Nast, which owns Ars Technica.