Data Digest № 024
Welcome to the 24th edition of the Data Digest, where I summarize the most important events in the data industry. This week: the Internet Association lobby for federal privacy laws, Sen. Wyden proposes a data privacy bill, Snowden argues that without encryption we all lose privacy, Foursquare CEO calls for regulations, 8.7 million customers are affected in a Russian data breach, and more. Enjoy!
The Internet Association Lobby For State Privacy Laws
In an opinion piece for the NYT, Michael Beckerman, president and chief executive of the Internet Association, which represents the world’s leading tech companies, declared that “Americans will pay a price for state privacy laws”. While the patchwork of state privacy laws are indeed increasingly complicated and convoluted, it seems rather ironic that the person responsible for protecting the interests of leading tech conglomerates would be genuinely concerned with the price Americans are paying for privacy. Especially if one of Beckerman’s primary critiques is that it provides Americans a “false sense of security.” Further arguments, such that a company may be forced to collect more data about a person in order to know which state data privacy regulation to apply to a consumer, appear like fearmongering. How about opting for the more conservative of the different data privacy regulations at hand if there is pressing uncertainty? Or how about allowing the consumer to disclose this information him/herself, since consumers can safely provide more data when issuing data requests since the company receiving this additional data may not utilize it for any purpose other than servicing said access request?
Beckerman, however, does make some valid points, especially pertaining to the difficulty this patchwork of privacy laws in the U.S. poses to companies. “Fourteen states have considered legislation on internet service providers. Twenty-five states and Puerto Rico have considered legislation focused on various aspects of consumer data. All 50 states, the District of Columbia, Guam, Puerto Rico, the Virgin Islands and even some municipalities have their own laws about how to respond to data breaches. All of those laws are subject to change.” A federal data privacy regulation is certainly the right solution. The big question is whether institutions such as Internet Association are the right bodies to lead this conversation. With members such as Facebook and Google at the center of the organization, it is clear on whose behalf Beckerman is lobbying. The message put forward by Beckerman is very easy to get behind, and that’s exactly wherein the danger lies. The slightest change in wording in any bill will have tremendous impacts on competitiveness, and that is especially the case in a federal data privacy regulation, where one single sentence can end the reign of an entire industry whilst tremendously benefiting others. Good examples hereof are changes to data privacy regulation such as Amendment 549 to Nevada’s SB220, that changed the definition of sale to solely being limited to a situation where a company sells data to another company that then in turn sells it. Which, of course limits any opt-out abilities of consumers to opt out of sales to data brokers, but not to companies like Google and Facebook. How convenient. And I may be amiss if I forgot to mention that the Internet Association’s “privacy principles” for a federal data privacy regulation of course don’t propose any fines for wrongdoing. Big Tech beating the drum on the benefits of federal data privacy regulation should make us weary, since it likely means that we can expect a privacy bill that smooth-talks us into a comforting daze, while giving us the finger behind our backs. Much like Mr. Beckerman’s Op Ed.
Opinion | Americans Will Pay a Price for State Privacy Laws (Published 2019)
Senator Wyden Proposes A Data Privacy Bill With Harsher Punishments
Senator Ron Wyden said on Thursday that if his bill was written into law during the Facebook privacy scandals, Mark Zuckerburg would face jail time. In a statement Wyden said “Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences… A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government.” Wyden proposed a Consumer Data Protection Act last November and the Mind Your Business Act is his latest update to the original proposal, following a year of listening to privacy experts. The bill proposes to bring harsher consequences to those who violate data privacy, and brings stricter enforcements such as privacy watchdogs who can sue companies on behalf of the people affected by data violations. Furthermore, it brings tax penalties based on the executive’s salary to companies when their CEOs lie about privacy practices. Wyden’s legislation certainly has the harshest penalties so far, including 10 to 20 years in prison for executives that lie about their privacy standards. “It is based on three basic ideas: Consumers must be able to control their own private information, companies must provide vastly more transparency about how they use and share our data; and corporate executives need to be held personally responsible when they lie about protecting our personal information,” Wyden said. The legislation also includes extremely hefty fines of up to 4% of the company’s annual revenue. To put that into context, the FTC’s fine against Youtube would have been a fine of $4.64 billion, rather than $170 million. Other stipulations include the requirement of companies to rid their algorithms of bias or discrimination and incorporate nationwide security and privacy standards. Furthermore, Wyden wants to introduce a “Do Not Track” system whereby people can opt out of targeted ads plus having data sold and shared by tech companies. There would also be transparency from companies about the data they collect and who they share it with. Wyden’s idea may seem harsh, but it’s a solid one. Adding personal accountability to enforce that data privacy regulations are accurately enforced is similar to the idea introduced as part of the Sarbanes Oxley Act, where directors and officers are personally liable for the accuracy of financial statements.
Senator proposes data privacy bill with serious punishments
Snowden Argues That Without Encryption, We Will Lose All Privacy
E2EE, or end-to-end encryption, is an important security and privacy measure that fortifies our communication systems by ensuring that messages are only able to be read by the sender and intended recipients, even when the messages are stored by a third party. In Edward Snowden’s words with E2EE, “corporations become less of an all-seeing eye than a blindfolded courier.” Snowden argues that while the US government justifies its opposition to encryption by invoking a “spectre of the web’s darkest forces”, the true explanation behind the “five eyes” wanting to get rid of end-to-end encryption is about power. While E2EE provides privacy and control to the individuals and their devices, it would require a new method of governmental surveillance that is much more targeted, and therefore much more difficult.
Snowden claims that E2EE jeopardizes “nations’ ability to spy on populations at mass scale”, and doesn’t pose a risk to investigating criminals online who “prefer not to plan their crimes on public platforms”. There have, however, been significant reports by tech companies that would suggest otherwise. Facebook Messenger, Microsoft’s Bing search engine and the storage service Dropbox have all reported a large increase in online predators, and there is a real possibility that it would be harder to identify online criminals without governmental access. There is something to say, however, about the ubiquitous level of power that governmental surveillance can hold over citizens. While the battleground for encryption continues, we all remain subject to a semi-total surveillance.
Without encryption we will lose all privacy. This is our new battleground | Edward Snowden
Foursquare CEO Calls For Regulations For The Location Data Industry
Amid recurring location data misuse, Foursquare’s chief executive Jeff Glueck is calling for change in the way location data is regulated, stating that “the industry needs to earn consumer trust and speak to what makes consumers anxious.” Glueck cited the Vice report of bounty hunters who were able to buy the location of cell phones for $300 for context. He then established his idea of a federal regulation that incorporated three core principles. Firstly, that apps should not be able to ask for location data unless they have a clear service to offer the user which depends on that use case. Second, a requirement for greater transparency about what consumers are signing up for and how it will be used. And third, the duty on those collecting location data to “do no harm” by applying privacy measures to all data usage. While “reasonable regulation” would encourage future innovation and “weed out the bad companies,’’ who are too often dishonest about their requirements for location data, Glueck’s realisation sounds inherently similar to the CCPA. For a business that relies on location data this may seem like a pretty bold move, but also a self-serving one since, of course, Foursquare would rid itself of competition in the selling of location data.
Opinion | How to Stop the Abuse of Location Data (Published 2019)
8.7 Million Customers Affected In Russian Data Breach
Service provider Beeline, a Russian telecommunications company with clients in Russia, Asia, and Australia, was found to have breached the data of 8.7 million customers. The personal information contained full names, addresses and mobile and home phone numbers. The Russian news agency Kommersant was the first to report that the data was being sold and shared online, including on Telegram channels. However, the ISP have uncovered that the breach occurred in 2017, though they never made the hack public.The majority of the leaked data was reportedly from customers who signed up for home broadband connections before November 2016. This is the second major data breach this month reported by the Kommersant, where personal and financial data of more than 60 million customers were exposed.
Data breach at Russian ISP impacts 8.7 million customers | ZDNet
What I'm Reading:
Apple under scrutiny for sending Safari browsing data to China's Tencent (Updated)
Google Defines Its Commitment To Ad Targeting And Data Transparency
SerafinData Digest Consumer PrivacyRegulatory Updates Data Breaches CCPA Data Misuse