Not too many years ago, hardly anybody in Washington wanted to regulate the Internet. Suddenly, almost everybody does — or claims to.
For decades, Internet companies were sheltered by a bipartisan consensus: Regulate with a light touch, and see what happens.
The results have been extraordinary. Facebook and Google are now among the world’s biggest companies. However, their actions also have subjected millions of users to the threat of identity theft and loss of privacy, and record fines by the US government for privacy-related violations.
And now members of both parties are in a regulating frame of mind, according to lawmakers and industry-watchers alike. Some lawmakers are calling for more aggressive antitrust enforcement against Big Tech. There’s even talk of reviving the idea of Net neutrality, which requires that Internet service providers treat all data alike.
But the idea that appears to have the best chance of success, these people say, is a law setting national standards for online privacy and data security.
Witness the similarity between a Massachusetts Democrat and a Tennessee Republican.
“I think the American people now realize they deserve a privacy bill of rights,” said US Senator Edward Markey of Massachusetts. “The day of reckoning has arrived for the Internet industry.”
And from Senator Marsha Blackburn of Tennessee:
“I agree with consumers who demand their privacy be protected in an Internet ecosystem where everybody is playing by the same set of rules,” she said in a statement to the Globe.
Another Republican senator, John Kennedy of Louisiana, proposed a privacy bill last year, in tandem with Democratic colleague Amy Klobuchar of Minnesota. Kennedy told the Globe he plans to reintroduce the bill in the current session.
Even the tech industry’s biggest companies — Facebook, Google, Microsoft and Apple — have come out in favor of a federal privacy and data security law. And in mid-January, the Information Technology & Innovation Foundation (ITIF), a think tank funded in part by Big Tech, called for a “grand bargain” that would repeal all existing federal laws covering the privacy and security of various medical and financial data, and replace this patchwork with a single statute that covers personal data in all its forms.
But don’t expect lawmakers to start crowing that they’ve finally brought Big Tech to heel.
Ernesto Falcon, legislative counsel for the Electronic Frontier Foundation, an online civil liberties group, said the tech industry is getting on board because they fear tough privacy laws being enacted by the states, especially California. They prefer a single nationwide privacy standard—and one that’s as toothless as possible.
“The idea would be to have a very weak federal law,” said Falcon. “That’s an absurd proposition, and they’ll have to walk away from that if they actually want legislation.”
‘I agree with consumers who demand their privacy be protected in an Internet ecosystem where everybody is playing by the same set of rules.’
For instance, the proposed “grand bargain” from the ITIF would prohibit individuals from suing for privacy violations or data security breaches. And it doesn’t include data minimization, the principle that companies may collect only the personal data they need to deliver specific services. Data minimization would block apps from tracking your location when you’re not using them. That would eliminate fat revenue streams for app makers that track you constantly and resell the data to marketing companies.
ITIF vice president Daniel Castro said companies use the vast amounts of data they collect to devise new services for consumers; force them to collect less data, and you can expect less innovation.
“There are lots of things you can do that protect consumer privacy but that’s bad for innovation,” Castro said.
Instead, the ITIF wants lawmakers to give companies wide latitude in what data, and how much of it, they can collect, while giving consumers the option to opt out if they choose.
ITIF’s grand bargain would also include “preemption,” a feature that would overrule all state privacy laws. The federal law would become the national standard, making it easier and cheaper for companies to comply. “Then you don’t have the problem of companies having to fight a lot of lawsuits in different states,” Castro said.
But the tech companies could use their clout in Washington to enact a federal law with few meaningful limits on their access to our data.
“My fear is that the companies are going to arrive and try to get the lowest common denominator,” said Markey. “We need a federal privacy law that sets strong mandatory, not voluntary, standards. Then we can talk about preemption.”
Democrat Ro Khanna, a congressman who represents Silicon Valley, has drawn up an “Internet Bill of Rights” full of limitations on Internet companies, such as data minimization, and a mandate that companies get permission before sharing customer data with any other person or organization.
At least there’s general agreement that some kind of privacy and security protections are needed. But on other tech-law issues, consensus is harder to come by.
Net neutrality, for instance — the principle that all network traffic should be treated exactly alike.
The Federal Communications Commission under President Obama adopted Net neutrality rules that in principle would let the agency enforce equality among network traffic as well as the prices charged by Internet carriers, and their quality of service. The Trump administration moved swiftly to undo that approach.
Both Democrats and Republicans have said they would back a Net neutrality law. But Khanna, for example, wants a law based on the broader standard in place under Obama; Republicans such as Blackburn prefer a simpler, stand-alone law that would simply mandate Net neutrality, and do nothing else. Don’t expect much progress here.
Khanna is also calling for a law to mandate “data portability,” requiring Facebook and other social networks to move a user’s data to another host on request, just as a cellphone user can switch his phone number from one carrier to another.
Facebook has no serious competition today, but Khanna believes that with data portability, it would be far easier for smaller players to offer consumers an alternative.
“You make it the law,” said Khanna. “You have to allow people to move their data, just like they can move their phone number.”
But data portability is a hugely complex issue, and raises privacy threats of its own. For example, do you have the right to port information about your Facebook friends to a different network without their permission? Until such questions are answered, data portability seems like a nonstarter.
And there’s the simmering question of whether the federal government should use antitrust law to rein in giants like Facebook and Google, or even break them up, as Standard Oil was dismantled in the early 20th century.
Many economists argue that existing antitrust law doesn’t apply to Google and Facebook because they don’t charge for their products and therefore don’t obviously create direct financial harm to consumers.
Democratic US Representative David Cicilline of Rhode Island plans an antitrust bill specifically targeting Big Tech. It’s might have a fighting chance, as quite a few Republicans have also been making antitrust noises of late. During the recent confirmation hearings for Attorney General-designate William Barr, Senators Josh Hawley of Missouri and Mike Lee of Utah both demanded tougher antitrust enforcement from the Justice Department.
Whatever the fate of these legislative proposals, you can expect them to keep coming. The era of “light touch” Internet regulation is probably over.Hiawatha Bray can be reached at firstname.lastname@example.org. Follow him on Twitter @GlobeTechLab.