After California passed the most sweeping online privacy law in the nation this summer, big tech went back to the state legislature to weaken it. While that effort fizzled before the end of the state’s legislative session, a more insidious strategy emerged this week: going around California and appealing to Congress.
Alastair Mactaggart, who led the California effort, told The Intercept that a Wednesday hearing in Congress left him concerned that Congress might pre-empt the state legislation at the behest of giant tech firms.
“Tech has had zero regulation,” Mactaggart said in an interview. “For them it’s been this Wild West of being able to monetize information any which way. They will pull out all the stops to try to get back to where they were.”
Mactaggart, a Bay Area real estate developer, became an unlikely activist when he bankrolled a ballot measure that, among other things, would require tech companies to reveal what personal information they collected on users, allow users to opt out of the sale of their data to third parties, and impose fines for data breaches. Tech firms fought it vigorously, but were hampered by a series of scandals like Facebook’s release of data to Cambridge Analytica, and widespread popular support for some limits on persistent surveillance.
Tech firms, fearing being locked into a policy they could only change at the ballot, encouraged the state legislature to get involved. The California House and Senate passed a law substantially similar to the initiative, with unanimous support in both chambers. Gov. Jerry Brown signed it in June.
The law doesn’t take effect until January 2020, and big tech’s hope was to water it down before that date. Industry representatives went to Congress this week after failing to get California lawmakers to narrow the definition of “selling” data, which would have rendered some of the protections of the law moot.
The Senate Commerce Committee held a hearing on Wednesday where leaders of six tech and telecom companies — Amazon, Google, Apple, Twitter, AT&T, and Charter Communications — endorsed a federal consumer privacy standard. In their conception, this would pre-empt any state data protection laws.
It’s an eerie echo of the federal pre-emption that Wall Street banks received and used to great effect during the run-up to the housing bubble. In 2002, Georgia passed an anti-predatory lending law, and both the Office of Thrift Supervision and the Office of the Comptroller of the Currency ruled that banks they regulated simply did not have to comply with it. This created a chilling effect, as states declined to crack down on the rampant fraud in the mortgage industry. And the financial crisis was the result.
At the hearing, the companies criticized the California statute, in particular its definition of “personal information,” which they consider overbroad. Amazon vice president Andrew DeVore called the statute “confusing and difficult to comply with,” adding that it “may actually undermine important privacy-protective practices.” Alone among the witnesses, Apple’s Bud Tribble did say that while federal legislation should pre-empt state law, it must also “meet the bar of protecting consumers meaningfully.” However, he did not elaborate on what that protection should entail.
Most who testified opposed mandatory opt-ins to collect data, and all warned that their services could be compromised. “If Facebook was restricted and slowed down, maybe what we’d all have is [China’s] WeChat,” said former LinkedIn founder Reid Hoffman in a bizarre appeal this week to innovation in authoritarian societies.
“They’re never going to say anything good about a law they didn’t write,” said Mactaggart. “If they write it, they will say it’s not great, but they can live with it.”
Senators have expressed bipartisan interest in federal privacy legislation, but have not yet moved ahead on such an effort because they didn’t think it would pass this year. Democrats, whose votes would be needed to break a filibuster, on Wednesday called out the industry’s gambit. Sen. Brian Schatz, D-Hawaii, called pre-emption of state rules “the holy grail,” adding that Democrats would refuse to replace “a progressive California law with a non-progressive federal law.”
However, the industry has a major home-field advantage in Washington. Tech firms have become the most prodigious spenders on lobbying in America. In 2017, Amazon, Facebook, Apple, and Google alone spent $50 million on Capitol Hill, and they’re expected to spend more than that by the end of this year. At the hearing, lawmakers discussed two possible routes to enacting a privacy measure. Either lawmakers, who hear from tech lobbyists constantly, would write new rules directly into statute, or the Federal Trade Commission, whose revolving door perpetually spins, would be given the authority. The tech industry is well represented at the FTC. The agency’s head of the Bureau of Consumer Protection represented Facebook, Uber, and Equifax as a corporate lawyer, and it just hired a deputy director of the Bureau of Competition who was the director of competition law at Uber.
But the California statute has popular support in the state, which could make a difference, Mactaggart said. “One in 8 Americans are protected by this new law,” he said. “Not one person in either party voted against us. It’s hard, if you’re a Democrat or a Republican, to say you’re going to gut what our legislators voted for unanimously.”
In addition, the continuing cascade of stories about big tech’s intrusions into its users’ lives could damage chances to water down privacy rules. Just this week, reports revealed that Facebook gives advertisers the phone numbers users provide for two-factor authentication — a security measure to protect individual privacy — for use in targeting. Facebook announced on Friday that it just identified a security breach affecting 50 million user accounts.
A report released this week warns that big tech cannot be trusted to police itself, because the business model of drawing in eyeballs to maximize data collection is simply at odds with individual privacy. Dipayan Ghosh, a former Facebook executive and one of the report’s co-authors, said “we need to completely re-organize the way that industry works.”
The Trump administration may also pose another barrier to the tech industry, Mactaggart noted. Indeed, the White House has been sharply critical of tech companies for perceived bias of conservatives. Attorney General Jeff Sessions brought together state attorneys general in both parties this week to discuss how to deal with the power and influence of tech companies.
It was always a risk that Washington would get involved to nullify the advances in California, Mactaggart said. However, there’s also a history of California imposing standards that eventually spread nationwide, like its air quality rules for tailpipe emissions.
Mactaggart will testify on the matter before the Senate Commerce Committee in a couple weeks. “I wouldn’t have gotten into this if I wasn’t an optimist,” he said. “But these are the most powerful companies in the world.”
Update: September 28, 2018, 1:47 p.m.
This piece has been updated to include news of a security breach that Facebook reported on Friday.
Update: September 28, 2018: 6:19 p.m.
This piece has been updated to include a comment made by Apple Vice President Bud Tribble at the hearing about any federal legislation that pre-empts the California law also including consumer protections.