Imagine a World Where Privacy Law is Enforced…By You.

‘Obstruction of justice’ is also refusing to enforce privacy law when there is a clear and present danger to the public

 

My 2020 weapon of choice is honesty.  To be blunt, this will be, at least, the second Washington State session I witnessed an open secret. Microsoft, a corporation underneath a 20 year consent decree for privacy violations and unfair practice, sent in Brad Smith and his public policy team to write up the privacy law it can live with for the State of Washington.  Of course, the legislation, faithfully chanelled by Senator Carlyle, is a milquetoast privacy placcard to soothe global regulators in Europe and prevent scare of Chinese/Canadian investors away with any kind of law enforcement.

The chair of the Consumer Protection Committee won’t take up  privacy as a consumer protection matter.  The Chair of the House Public Safety Committee indicates corruption by way of corporatism for lack of law enforcement means with toothsome privacy laws like: HIPPA, COPPA, the Drivers License Protection Act and of course, my pet favorite to reign in federally funded mass surveillance, the Privacy Act of 1974. 

“That’s only applies to federal matters, right?”  

Yes, Representative, that’s right. If the State of Washington accepts federal funding for their police work, mass spectrum wireless/ IOT/smartphone surveillance, biometric capture and analysis systems at U.S. borders and anything else usually rubber stamped for appropriations in a CROmnibus package headed for WA State, including traffic cameras, geolocation devices and ALPR … a  United States Citizen may write their Microsoft Federal first party data controller and tell them to stop collection and schedule destruction of their data. Then Microsoft has to do it. Kind of takes the air out of those Q2 projections based on trade transfer mandates and DOD “research” bids.

In a quantum reality where I actually have a reasonable expectation of privacy, Microsoft, and other serial privacy violators underneath FTC conformance orders, would get chased out of Consumer Protection and appropriations offices by capitol security for fear of guilt associations. Government workers would sit around and talk about how the FBI’s malfeasance division actually busted someone they knew, who went to jail for licensing access to siloed public data to third party political actors. The scandal would have displaced several Senators and key members of the US Congress for accepting bribes, gifts and any other kind of persuasion to obstruct justice or enforcement of privacy laws.

The current lawmaking class behaves as if there were no recollection of life before 2007, FISA or the Bush regime’s suppression of US 4th Amendment rights and freedoms. They act as if privacy law was never enforceable. Formerly, so many businesses were utterly terrified of running afoul of privacy law because it was so strong and punitive, with both stiff civil and criminal penalties. 

Now, of course, all we have is non-law enforcement-enforcement from the FTC, who  will whine after protection orders gavell down that, “It wasn’t strong enough!!”  In the meantime,  Salim, Salabim  the CFO for CRIME CORPORATION whips out a magic checkbook and pays The Man. NEXT!!

No. Clearly, there is a breakdown in law enforcement of privacy law. It’s time for jail. It ain’t consumer protection until the CFAA violators who poached the Children’s Hospital credentials from Estonia or Kabul goes to jail and the obese infosec lead, whose keyboard is covered in Doritos powdered cheese and apathy, also serves some time … for not giving a damn.

Did I get it wrong perhaps? Let’s try another scenario then. In this scenario, the risk-analysis team who greenlit COPPA violations for smartphones would get perp walked on the 7 PM news. TMZ  PM edition sports the mugshots of marketing leads who used to work at AT&T and Disney now in jail for not allowing perfectly enforceable law to be their North Star, opposed to licensing the information of 7 year olds to anyone who would pay.

My law enforcement and white collar crackdown fantasy continues as a massive public-private sting soon demonstrates several K Street fixer firms implicated, along with at least 40% of seated US Congress in publican data price fixing, profiteering, extortion, larceny, menacing and obstruction of justice busts.  The scope goes global as Interpol reaches deep into UK leadership, Italy, Israel and China with extradition orders to stand witness and submit records at the Hague for global privacy violation, human rights violations and kleptocratic enrichment.

Then people howling from all violations fill the streets to celebrate the takedown of the Panopticon’s machines. Ribbons and tickertape fill the streets as people manufacture some new Free People’s festival on the spot. Busking DJs and musicians magically show up. Hackey sack and street food vendors flock to the occasion. Local business regulators fold their arms and say, “Meh. We will get them at tax time.” Police and Fire volunteer for overtime pay and point citizens to Waste Management areas where post-surveillance State scrap merchants fight over the City waste, while others take selfies and pose over the junk heap for the Kiss cam on Instagram.  Old radio production engineers show up with tape recording magnets and drills to charge for erasure, so they can retire.  Amen.

 Who knows?  Maybe it can all happen. 

However, today I will ask the God of Personal Justice to please ban companies, still underneath the FTC for privacy violation, from writing law and to withdraw their legislative proposals for “privacy reforms” and then usher in a law era with such enforceable ferocity in both civil and criminal court, no company will be dumb enough to violate it.

 

Feeding the Beast: Facebook and Its Government Trade Partners should conform transparently to common US consent law

By Sheila Dean

Consumer facing consent UI/UX and transparent third party data inventory could remedy the social network’s global fall from grace.  Far more work is ahead to produce a legitimate privacy enforcement environment.

Facebook’s neglect of third party vendor Cambridge Analytica crossed the line for its users. Unfortunately, social networks with poor third party operations security are everywhere. It was Facebook today, but it could be any number of poorly secured vendors tomorrow. Prior to this event, users and developers alike refused to face the nature of beast they are feeding.

Some form of regulatory intervention is in the offing. The US government is already deep in the core of Facebook’s operations for regulatory enforcement of an FTC consent decree. Facebook, like Palantir and others, also worked for the US government as big data analytics contractors in 2013’s PRISM scandal. Facebook has licensed deep profile information to the US government and any foreign government who would pay, including Russian social media operations. Special counsel Robert Mueller could easily ask FBI staffers embedded at Facebook’s HQ, if this was the collusion they were looking for. If the US government and its regulators are already so involved, regulation may be the lighter hand of justice. Users may need a criminal investigation into US government abuses of power, conflicts of interest, embezzlement or related crimes involving foreign entities. The more likely crime is one of banal disinterest in privacy law enforcement.

Facebook is the beast US corporatism built. The US government, afterall, is still an investor in Facebook. How do we get shareholders, like the CIA, to conform to American privacy law provisions and boundaries? As partial owner, the US government may have access to any of its information assets. What does it mean if a US agency profited from data services rendered to Russia for psychological operations? The potential for abuse is now material fact, if it is not the scene of a crime of opportunity.

Facebook’s policy problem lies in a one-size-fits-all EULA contract allowing complete opacity of its vendors. The blanket consent from one Terms of Service contract hardly covers the third party range where personal data was processed by Cambridge for resale to political operatives. The average consumer does not know who has their data once it goes into a social network. If Facebook showed consumers the edge advertising market for their data as notification, they would be legally required to provide means of express consent to license their personal data.

Facebook, like many online services, needs to get out of partisan and government information business lines or the elections intrigues will continue. It’s time to ask US government agencies, like the DoD and CIA, to surrender their shares in public ISP companies back to the free market. Their co-ownership in private data conflicts with public interest.  Public trade transfer deals featuring government licensed technologies should not be opaque to the US consumer when their personal information is involved in a trade.

Third party risk and liability will still be a problem for society online. Legal enforcement is needed to limit the scope of exchange and sale of personal data based on legitimately sourced and applied US consumer consent. Facebook, and those emulating its brazen business model, should now comply to better defined, transparent data inventory mapping for users to knowingly permit, or more likely deny, unwanted third party exchanges.

We can forgive Facebook as an institution for being led down the wrong path, endorsed and coddled by government insiders. Some later revealed themselves in full view of the public as disgraceful sycophants, soliciting Mark Zuckerberg's permissions and favors, during Congressional disciplinary hearings. Government beneficiaries managed to evade legal consent notice requirements which do, in fact, apply to any information they collect on US Citizens. Board members from the most celebrated privacy non-profits, think tanks, and policy advisors with doctorates from the best universities in the United States have consulted Facebook. Who can help Facebook if their elite battery of advisors endorsed the fantasy they can break US common consent law with no consequences? 

GET LITTLE CAESAR A TOWEL, PLEASE.

It does seem everyone around Facebook is telling them they are so useful and exceptional they don’t have to conform to the law. That line of doctrine misled Facebook to be used as a powerful social tool to connect the world with corruption. They broke laws. Unfortunately, they didn’t do it by themselves. They had lots of enablers and government partners urging them on.

Information security and integrity audits will send any phony fixer lawyers and their marketing apologist firms packing.  One could speculate Facebook's cyber-insurance rates are expected to skyrocket. As we wait on the results of Facebook’s audit, they will confront fines, more civil suits, possible company insolvency and criminal due process for its lack of restraint. Regulatory law enforcement should work to close privacy law enforcement gaps. Their current presence inside Facebook failed to enforce fair, lawful security of private data. 

Even if the government reforms the enforcement conventions for impacted privacy, will fair trade practices emerge from the ashes to cover global data brokerage exchanges? Non-profit interest groups and companies cannot just scuttle away a people's inherent data ownership rights because these rights didn't originate with their nation state or they seem inconvenient to consider. Identity sovereignty is natural and inherent to our humanity. Administrators are talking over each other instead of to each other across the globe and then stony radio silence follows. This conflict is based on differences over the origin of rights in personal data governance. There is very little real debate or statesmanship on this idea.

So here is a working 5 point public policy fix to confront international data exchange stakeholders, as well as US agencies, not playing fair with data owners.

  • Close enforcement gaps and actively enforce existing privacy law concerning notice & consent.
  • Require government partners and non-profits (partisans, research firms) to self-identify to consumers in UX/UI transactions; which legally require notice and consent (like trade transfer deals).
  • Adopt or enact Right To Be Forgotten policy in the US.
  • Recognize the rights of the individual Data Owner in business reporting with monthly exchange statements as an audit requirement as a matter of human rights and fair trade.  If you can’t manage to bring in the data owner as part of your business, consulting them on how much to sell their data for, who to authorize as a  seller and reseller to and how to sell it, you’re in the wrong business.
  • Recognize essential individual data ownership is paramount to rights of government transfer entitlement and/or embargo thereof. For the US, that is conformance to Privacy Act of 1974 provisions to actively procure and heed individual consent preferences in most cases. For other governments, that means they need to get express consent to profit from personal data of a US citizen using public platform services.

Individual data ownership rights are not in conflict with other rights and can stand with other recognized rights. Particularly, that of self-defense, protection from theft of labor and the diverse perils of slavery, human trafficking and unfair trade practices. We are not the middle man to be cut from the exchanges. Data owners are in fact used and spent as the monetary currency itself. Current exchanges brokering personal data are in an adverse power differential contrary to Principle One of Fair Trade Practices. They are more on par with serfdom. Facebook’s serfs are Exhibit A of a raw deal. Now the world needs a fair trade upgrade.