Sen. Dianne Feinstein gave Mark Zuckerberg a fiery ultimatum. Before a roomful of a few hundred Silicon Valley executives on Monday, the top Democrat on a Senate panel investigating Facebook’s massive privacy breach told the Facebook CEO to correct course or have the government do it for him.
“Fix it before it really breaks,” she said at a “fireside chat” in Sunnyvale with Silicon Valley Leadership Group CEO Carl Guardino.
“If you don’t control your platform, we’re going to have to do something about it,” she added. “I am hopeful that they will.”
As consumers mull the ramifications of Cambridge Analytica’s unauthorized data-harvesting to influence the outcome of democratic elections, to anyone in the know, that kind of exploitation has long been business as usual in the high-tech sector. Yahoo user data was breached in 2013, 2014 and 2016. Equifax got hit with a massive breach last year. And now there’s the Facebook scandal.
But a growing awareness of how Silicon Valley’s ad-supported social networks incentivize pernicious behaviors—online scams, bogus news, privacy breaches, manipulative political messaging—has prompted policymakers to consider how to police what’s arguably become the most powerful industry on the planet.
When Zuckerberg comes before the Judiciary and Commerce committees, Feinstein said she plans to ask him about the safeguards Facebook will put in place to prevent predatory data mining from happening again.
Breach of Trust
Eric Goldman, director of Santa Clara University’s High Tech Law Institute, says people already knew that Facebook collects data to optimize services—that’s how app developers craft new services marketed for specific consumers. Selling access to that data is also how Facebook and the other social platforms can afford to offer their services free. And Goldman says he’s not surprised that app developers misused consumer information and disregarded privacy contracts, considering, as he describes it, Facebook’s laissez-faire approach with data.
In 2011, the Menlo Park-based company settled with the Federal Trade Commission on charges that it duped users with its privacy settings. The current scandal has prompted an inquiry into whether the advertising giant violated the terms of that agreement.
But Goldman finds the stakes time time around to be much higher.
“The fear we have is that because of this particular data leakage,” he says, “it took the election and caused the president who did not get the majority of votes to become the office holder.”
Although not much has changed following past revelations, Goldman says this time may be different—if only because the data collection may affect whether voters will re-elect public officials.
“When it comes to regulating internet companies, legislators don’t have a particularly strong track record,” Goldman says. “There’s going to be a cost and benefit to any regulatory initiative, and we really need to understand the costs and benefits before we think that’s a good solution.”
On the national level, Rep. Ro Khanna (D-Fremont) introduced a bill proposing the Bureau of Economic Analysis to study the broadband internet industry’s influence on the U.S. economy. Zuckerberg is scheduled to speak before federal legislators next week in the wake of criticism, including from California Attorney General Xavier Becerra, about how the company handles personal data.
Whether concrete consumer protections come out of this seemingly unprecedented public scrutiny, however, remains to be seen.
And this won’t be the first time an internet company has testified before a committee related to its role in foreign political influence. Lawyers and execs from Google, Twitter and Facebook appeared in hearings about the propaganda their platforms spread just days before the 2016 election that put Donald Trump in the White House. Yet no real accountability measures resulted from that testimony.
Big tech—despite its influence in daily life, from entertainment to news to driving directions to video tutorials—has so far remained relatively free from antitrust regulation and industry-specific consumer protections. But the Facebook fallout has fueled a citizen ballot initiative to tighten social media privacy rules. San Francisco developer Alastair Mactaggart is the architect of the Consumer Privacy Initiative, which he’s trying to qualify for the November ballot.
Meanwhile, Assemblyman Marc Levine (D-Greenbrae) authored a bill that would impose new restrictions. AB 2182 proposes establishing a California Data Protection Authority, which would standardize online agreements and remove personal info from databases.
In an interview with San Jose Inside, Levine says the government needs to be engaged in creating user protections as personal information is “being monetized by big tech and weaponized against us.”
The bill, he says, would “help promulgate reasonable regulations so that when people provide permissions and approve user agreements, that they understand what it is. It puts limitations on how user data can be used, bought or sold and can perhaps restore credibility to big tech and rein in the abuses.”
Levine sees the European Union’s General Data Protection Regulation as a model. It will go into effect in May and aims to protect consumers from privacy and data breaches. In his view, Silicon Valley’s economic and political sway shouldn’t prevent regulations.
“Perhaps we have a greater responsibility,” he says. “We have the skills, knowledge, and practical applications of these technologies in our state that should make California a leader in regulating big tech.”
Got Your Mail
Others, including consumer and business lawyer Ray E. Gallo, see a model for internet and social media regulations in another industry: utilities. How pollution from disposed chemicals can hurt the environment, he says, is similar to how internet companies can take advantage of consumers and nonusers.
“In some of these cases, some of these companies arguably should be treated more like utilities because their services have become necessary to function in our society,” he says. “More utility-type regulation—good regulation designed to be responsible, not just to stifle competition or make it harder for customers to choose—might be good.”
Gallo, who has in the past two years represented clients in three lawsuits against Google’s interception of non-Gmail correspondence, adds that he prefers to seek recourse in the courts. Existing laws, such as the California Invasion of Privacy Act, would address a lot of the privacy problems posed by big tech if they were adequately enforced, he says. State statutes, unlike federal statutes, require both parties to consent to companies accessing private user information, he explains.
“The bigger problem is forced arbitration-clauses, which have prevented companies from being held accountable for a lot of this,” Gallo explains. “If you can’t bring a class action, in a lot of cases it’s just uneconomical to enforce the existing statutory and other rights that consumers are supposed to have, that the state and federal legislatures have decided are appropriate.”
That’s why Gallo pursued the Matera v. Google class-action settlement approved in February. In it, Google agreed to stop intercepting and processing emails non-Google account holders sent to Gmail users for advertising interests. That practice was how a Yahoo! Mail user could message to a friend mentioning lilies, then receive junk mail from Orchard Supply Hardware about a spring sale despite never shopping there before.
Now, through that settlement, consumers who never consented to Gmail’s terms and conditions are filing $5,000 claims for the company’s alleged violation of the state Invasion of Privacy Act.
Like Google, Facebook also collects data to sell advertisements not just through surveys like Cambridge Analytica’s, but through likes, comments, shares, posts, profile details, messages, check-ins and other features.
“Some people provide tremendous information about who they are and how they live their lives that can be used to profile them,” Gallo says. He adds: “We give away more and more information about who we are, and it’s shocking.”
Users can download an archive of everything they’ve shared on Facebook through their profile settings. The company also announced it will simplify its privacy controls. But Facebook isn’t the only site or app people give their information to. The tradeoff from bulky paper maps to navigation apps came at a price.
Facebook used to be where San Jose resident Bernard Childress shared photos of his kids with his parents in Michigan. As an information technology worker, however, he realized ages ago that the social network kept metadata on users, and so he started avoiding posting personal statuses with keywords marketers could target. His decision undermines the whole premise of the site.
So when users took to Facebook to vent and promote #DeleteFacebook in response to the Cambridge Analytica revelations a few weeks ago, he found it kind of hilarious.
“Unfortunately, Facebook is just a part of life now,” he says. “You can delete it, but they’re not the only ones [collecting data].”
Though Childress knew about the tradeoff for using social media apps like Facebook, recent news about the extent of data harvesting has got him thinking more about how his mobile devices and apps track where he goes and where he spends time.
He’s now considering dumbing down his smartphone.