Why EFF and CDT May Not Advocate for Individual Private Right of Action

Google is suing to funnel individual user remunerations, awarded by courts, to EFF, CDT. Data owners should speak up for themselves now in small claims court.

 

By Sheila Dean

 

For many years, I wondered why Democratic leaning nonprofits like Center for Democracy and Technology (CDT) and EFF, former coalition colleagues in the privacy field, overlooked and entirely ignored the Privacy Act of 1974 in public education efforts against mass surveillance. It represents an important consumer civil right: the individual right to tell the government to stop processing personal data for non-exempt government uses. They kept mum during the entire Obama administration about this law and only filed a mea culpa amicus brief this Summer based on some recent personal rights violations.

This particular right gets down to hairsplitting among judges, like potential Supreme Court nominee, Brett Kavanaugh. Ars Technica reported statements during Kavanaugh’s confirmation indicating he would side with any corporation’s rights to collect mass data on behalf of the government for their unique purposes.  Unfortunately, unless the normative T-mobile or Verizon informs the customer that they may refuse exchanges of personal data to government agencies (such as the Department of Education, NASA, DARPA, the Geospatial Intelligence Agency) by expressly denying consent to share data with them, Kavanaugh would allow businesses and nonprofits to launder consumer consent tacitly to government transactions. This bypass would treat government actors as a 3rd party data processors.  No warrant necessary. That is why the Privacy Act of 1974 and filing a small claims suit is more important than ever.

According to Media Post, data owners were represented in a class action lawsuit involving Google. Google is suing to send remunerations to nonprofits rather than the data owners or users impacted in the case. We never hear about users who never received an award from their position in the case of privacy, until now. EFF and CDT seem motivated by a win to get Google’s largesse funnel to go to their work. It is likely this is not the first or last time you will see a non-profit, like the ACLU, go in for a civil suit win to collect funding for their non-profit work. You will have to wait until Halloween to hear users vouch toward whether they were actually offered their court award or if feral feudal administrators between these non-profits and Google made decisions for their digital serfs. Google, aware of mass scale of privacy violations, changed its corporate classification in 2017 from an Incorporated public company to a Limited Liability Company incorporation (LLC), because of the mounting volume of lawsuits landing on them due to ongoing willful privacy violations.

That is why I am actively advocating and proclaiming that each data owner impacted by a personal privacy violation file a small claims suit against company or nonprofit data license violators. This means, 501c3’s (like the EFF, CDT or the ‘Church of Google’) or 501c4s (like a political party, partisan political campaign, or a Political Action Committee) also can be taken to small claims courts. You can even take your local government to small claims court for privacy violations. You may even file privacy violations claims against the federal government in your local District Court.

This process is given overview in my current work Privacy Is A Spider; A Guide to Rebalance Private Living, Chapter 2: Droping in From Above, currently available for download at Gumroad.com. Companies with history of serial privacy violations won’t stop violating your rights. You have to stop them and make them pay. Small claims has the power to order anyone who has processed against your consent cease and desist. The courts need to see you self advocate with the legal means you have; which is possibly $15 and a court appearance with your local version of Judge Judy.

Each data owner has a private right of action to make each of these companies or entities pay for their violations of your consent rights and to collect any profits made from involuntary exchange your data, whether it is only $74 or $.74.  If you want to win your privacy case, you will have a higher likelihood in small claims court. The political class won’t reign them in quickly.  You have to do it. There is no real privacy movement if you are not making the legal decisions that matter about your privacy.

 

3 STRONG REASONS WHY YOU SHOULD USE SMALL CLAIMS FOR ANY CORPORATE OR NON-PROFIT PRIVACY VIOLATION

  • Build case law history against violators; which mounts against their lobbying efficacy with agencies like the FTC and the SEC.

  • Win the unique knowledge and access to the transactional trade path of your personal information without the mass invasive process of a Superior Court legal case with your name on it.

  • Be awarded profits from the unapproved licensing of your personal information and private data. (This keeps self-involved lawyers at non-profits from collecting awards made on small bill privacy violations.) 

Feeding the Beast: Facebook and Its Government Trade Partners should conform transparently to common US consent law

By Sheila Dean

Consumer facing consent UI/UX and transparent third party data inventory could remedy the social network’s global fall from grace.  Far more work is ahead to produce a legitimate privacy enforcement environment.

Facebook’s neglect of third party vendor Cambridge Analytica crossed the line for its users. Unfortunately, social networks with poor third party operations security are everywhere. It was Facebook today, but it could be any number of poorly secured vendors tomorrow. Prior to this event, users and developers alike refused to face the nature of beast they are feeding.

Some form of regulatory intervention is in the offing. The US government is already deep in the core of Facebook’s operations for regulatory enforcement of an FTC consent decree. Facebook, like Palantir and others, also worked for the US government as big data analytics contractors in 2013’s PRISM scandal. Facebook has licensed deep profile information to the US government and any foreign government who would pay, including Russian social media operations. Special counsel Robert Mueller could easily ask FBI staffers embedded at Facebook’s HQ, if this was the collusion they were looking for. If the US government and its regulators are already so involved, regulation may be the lighter hand of justice. Users may need a criminal investigation into US government abuses of power, conflicts of interest, embezzlement or related crimes involving foreign entities. The more likely crime is one of banal disinterest in privacy law enforcement.

Facebook is the beast US corporatism built. The US government, afterall, is still an investor in Facebook. How do we get shareholders, like the CIA, to conform to American privacy law provisions and boundaries? As partial owner, the US government may have access to any of its information assets. What does it mean if a US agency profited from data services rendered to Russia for psychological operations? The potential for abuse is now material fact, if it is not the scene of a crime of opportunity.

Facebook’s policy problem lies in a one-size-fits-all EULA contract allowing complete opacity of its vendors. The blanket consent from one Terms of Service contract hardly covers the third party range where personal data was processed by Cambridge for resale to political operatives. The average consumer does not know who has their data once it goes into a social network. If Facebook showed consumers the edge advertising market for their data as notification, they would be legally required to provide means of express consent to license their personal data.

Facebook, like many online services, needs to get out of partisan and government information business lines or the elections intrigues will continue. It’s time to ask US government agencies, like the DoD and CIA, to surrender their shares in public ISP companies back to the free market. Their co-ownership in private data conflicts with public interest.  Public trade transfer deals featuring government licensed technologies should not be opaque to the US consumer when their personal information is involved in a trade.

Third party risk and liability will still be a problem for society online. Legal enforcement is needed to limit the scope of exchange and sale of personal data based on legitimately sourced and applied US consumer consent. Facebook, and those emulating its brazen business model, should now comply to better defined, transparent data inventory mapping for users to knowingly permit, or more likely deny, unwanted third party exchanges.

We can forgive Facebook as an institution for being led down the wrong path, endorsed and coddled by government insiders. Some later revealed themselves in full view of the public as disgraceful sycophants, soliciting Mark Zuckerberg's permissions and favors, during Congressional disciplinary hearings. Government beneficiaries managed to evade legal consent notice requirements which do, in fact, apply to any information they collect on US Citizens. Board members from the most celebrated privacy non-profits, think tanks, and policy advisors with doctorates from the best universities in the United States have consulted Facebook. Who can help Facebook if their elite battery of advisors endorsed the fantasy they can break US common consent law with no consequences? 

GET LITTLE CAESAR A TOWEL, PLEASE.

It does seem everyone around Facebook is telling them they are so useful and exceptional they don’t have to conform to the law. That line of doctrine misled Facebook to be used as a powerful social tool to connect the world with corruption. They broke laws. Unfortunately, they didn’t do it by themselves. They had lots of enablers and government partners urging them on.

Information security and integrity audits will send any phony fixer lawyers and their marketing apologist firms packing.  One could speculate Facebook's cyber-insurance rates are expected to skyrocket. As we wait on the results of Facebook’s audit, they will confront fines, more civil suits, possible company insolvency and criminal due process for its lack of restraint. Regulatory law enforcement should work to close privacy law enforcement gaps. Their current presence inside Facebook failed to enforce fair, lawful security of private data. 

Even if the government reforms the enforcement conventions for impacted privacy, will fair trade practices emerge from the ashes to cover global data brokerage exchanges? Non-profit interest groups and companies cannot just scuttle away a people's inherent data ownership rights because these rights didn't originate with their nation state or they seem inconvenient to consider. Identity sovereignty is natural and inherent to our humanity. Administrators are talking over each other instead of to each other across the globe and then stony radio silence follows. This conflict is based on differences over the origin of rights in personal data governance. There is very little real debate or statesmanship on this idea.

So here is a working 5 point public policy fix to confront international data exchange stakeholders, as well as US agencies, not playing fair with data owners.

  • Close enforcement gaps and actively enforce existing privacy law concerning notice & consent.
  • Require government partners and non-profits (partisans, research firms) to self-identify to consumers in UX/UI transactions; which legally require notice and consent (like trade transfer deals).
  • Adopt or enact Right To Be Forgotten policy in the US.
  • Recognize the rights of the individual Data Owner in business reporting with monthly exchange statements as an audit requirement as a matter of human rights and fair trade.  If you can’t manage to bring in the data owner as part of your business, consulting them on how much to sell their data for, who to authorize as a  seller and reseller to and how to sell it, you’re in the wrong business.
  • Recognize essential individual data ownership is paramount to rights of government transfer entitlement and/or embargo thereof. For the US, that is conformance to Privacy Act of 1974 provisions to actively procure and heed individual consent preferences in most cases. For other governments, that means they need to get express consent to profit from personal data of a US citizen using public platform services.

Individual data ownership rights are not in conflict with other rights and can stand with other recognized rights. Particularly, that of self-defense, protection from theft of labor and the diverse perils of slavery, human trafficking and unfair trade practices. We are not the middle man to be cut from the exchanges. Data owners are in fact used and spent as the monetary currency itself. Current exchanges brokering personal data are in an adverse power differential contrary to Principle One of Fair Trade Practices. They are more on par with serfdom. Facebook’s serfs are Exhibit A of a raw deal. Now the world needs a fair trade upgrade.