The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

'Big Tech' Blinders Let Other Privacy Violators Off The Hook

from the look-around dept

After over a decade of largely uncritical admiration from journalists, policymakers, and the public, the United States’ biggest tech companies have experienced a swift fall from grace.

Facebook, Google, and Amazon are the subject of long overdue scrutiny, investigations, and legal proceedings in jurisdictions around the world for their widespread and repeated violations of people’s privacy, while their executives no longer enjoy the glowing reputations they once did. After Cambridge Analytica, YouTube’s record-breaking COPPA fine for illegally tracking children, and a nearly endless list of other privacy transgressions, the Silicon Valley companies deserve all the scrutiny they’re getting and then some.

But Silicon Valley tech companies aren’t the only ones violating our privacy with impunity, and focusing on them as the sole villains allows a whole host of co-conspirators to get off scot-free. These other companies aren’t doing less objectionable things with your data, and they haven’t demonstrated that they’re more worthy of consumer trust, or less likely to be breaking the law.

Policymakers and tech journalists need to take off their “big tech” blinders and focus more energy on the lesser-known privacy violators benefiting from Facebook and Google’s absorption of the critical oxygen. When we’re talking about powerful companies surreptitiously creating information about you and using it to make important decisions about your life, threaten your safety, or violate your privacy, Facebook and Google shouldn’t be the only companies we’re talking about—because they’re far from being the only source of the problem.

Take the telecom industry, for example. All of the biggest telecommunications companies have been caught violating their customers’ privacy, often at the same scale and to the same degree of flagrancy as their Silicon Valley peers.

In 2016, Verizon was fined $1.35 million by the FCC for tracking the browsing history of users on its mobile network without their knowledge and consent. Two years later, a Verizon-owned ad tech company paid the then-highest COPPA fine to the New York state Attorney General for illegally tracking children. AT&T was fined $25 million by the FCC for failing to protect consumer data after AT&T employees stole the names and full or partial Social Security numbers of around 280,000 customers, then sold them to third parties.

More recently, an investigation by the Norwegian Consumer Protection Council found that an AT&T-owned ad tech company was among those receiving granular location information and information on users’ sexual orientation from dating apps like Grindr and Tinder. All the biggest carriers?Verizon, AT&T, T-Mobile and Sprint?were found to be illegally selling customers’ real-time location data to anyone who wanted to buy it.

Not only do the telecoms violate the privacy protections we have, they tirelessly lobby to make them weaker and worse. They fought the FCC’s broadband privacy rules in 2016, then (successfully) convinced Congress to negate them in 2017, lied about the privacy implications of encrypting DNS queries, and are trying to pass a Trojan horse privacy law that would calcify an exploitative status quo. Criticisms of “big tech’s” exploitation of people’s privacy that ignore big telecom miss the forest for the ISPs.

Then there’s the ad tech industry. Behavioral advertising, which targets people with ads based on information about their browsing history or offline behavior rather than their current online activity, is in many ways the internet’s original privacy sin. The profit motive it supplies for companies to track our every move and keep us scrolling and clicking for as long as possible is responsible for much of the toxicity, disinformation, and privacy violations that we’ve become inured to.

Behavioral advertisers have done everything they can to link the viability of innovative web services to highly profitable surveillance of users, while claiming that any attempts to weaken or sever that link will break the internet. Their business model is what makes so many online services inherently and unavoidably privacy-invasive when they don’t have to be.

Given their reversal of fortunes, one could say that Facebook, Google, and the other Silicon Valley giants have taken the whipping boy role in privacy policy discussions that data brokers used to occupy. Data brokers were a heavy focus of consumer protection-minded policymakers at the FTC and the White House for a number of years, and while the attention previously paid to them has shifted, the venality of their business model hasn’t. The core business of these companies is to collect and infer sensitive information about as many people as possible, and to share and sell those assessments to any company that wants to buy them, like advertisers, health insurance companies, educational institutions, hedge funds, and others.

These companies traffic in lists of sexual assault survivors, which students are undocumented or are using birth control, and which of us is most likely to be a vulnerable target for predatory loans, all while remaining staunchly contemptuous of the prerogative of legislators to reign them in. Nothing about data brokers’ exploitation of our data is less objectionable or malignant than what Facebook and Google are doing with it, but #DeleteLiveramp won’t get anyone’s attention.

This list of companies that rake in enormous profits for violating your privacy and deserve more notoriety for it isn’t short. There’s the app developers, location aggregators, the credit reporting agencies, and insurance companies. There’s also the brick-and-mortar companies that are falling all over themselves to build exactly the same kinds of tracking and analytic capabilities that Facebook and Google have weaponized, or contract out for them when they can’t. All of these companies actively, eagerly take part in the kinds of privacy violations that the Silicon Valley companies have grown notorious for, and a focus on the Silicon Valley companies alone minimizes the threat, and distorts the real problem.

There are some ways in which Facebook, Google, and Amazon present uniquely severe concerns by virtue of their size and ubiquity: it’s not as though their widespread notoriety wasn’t repeatedly earned. Moreover, examples cited here of transgressions by non-Silicon-Valley companies only exist because tech journalists or policymakers decided to focus on that not-Facebook and not-Google issue.

Nor does expanding the focus of tech critics to lesser-known privacy violators mean that regulators should exclusively focus on small companies at the expense of big ones, as the FTC has correctly been criticized for. Neither policymakers nor journalists should ignore the 400 pound gorillas in the room or the havoc they wreak. But there are other actors in the data collection ecosystem that deserve to be just as notorious as the Silicon Valley giants, and whose conduct deserves just as much attention.

For all the investigation and criticism that Amazon’s Rekognition deserves, policymakers and journalists shouldn’t ignore lesser-known facial recognition technology vendors like NEC or Idemia. As Clearview AI has demonstrated in dramatic fashion, a hitherto-unknown company can turn out to be engaged in practices as bleakly dystopian as you can imagine, as soon as it receives the kind of scrutiny that the biggest tech companies have been experiencing for years.

Don’t let Mark or Sundar shrink into the shadows—just make Hans (Vestberg, Verizon), Brian (Cassin, Experian), and Scott (Howe, LiveRamp) household names alongside them. Conversations about privacy policy, investigations into violators, and blame for the exploitative wretchedness of the current ecosystem shouldn’t solely focus on Mountain View and Menlo Park at the expense of ignoring Dallas, Atlanta, and Bentonville.

At the end of the day, “big tech” means nothing if it excuses the identical privacy transgressions of big telecom, big ad tech, big data broker, and big, well, everything else.

Lindsey Barrett is a staff attorney and teaching fellow at the Communications and Technology Law Clinic at Georgetown Law.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “'Big Tech' Blinders Let Other Privacy Violators Off The Hook”

Subscribe: RSS Leave a comment
ECA (profile) says:

we have to start everywhere, but the problem is Who does what??

LETS say something there..devil in the details.
Cops and police Love to be nosy..for reasons.
How to catch a crook? if you have all the indfo on everyone in an area, you can shorten a list 1000 times.
The more data you have the LESS you will need to find the person you are looking for.
You Kid isnt home..where is he/she.

With all of the above and much more, why arent they going after certain people already? Including the corps? Even out Gov. has a private system. And its already shown(after being hacked) that the Military has a backdoor into a Private system to monitor Many of the different countries, Unencoded.(wonder who set that up??)

What to do about all of it?

Scary Devil Monastery (profile) says:

Re: Whataboutism

"It’s also now a regular tactic to just point at big tech’s bad behavior when your own is under scrutiny…."

And at least when it comes to Google and Facebook it’s always a case of the individual actively choosing to use their services. Although it’s a bit tough you can forgo googling and select alternatives to Facebook if you’re into social media.

Your ISP or worse, your government? No such luck. They’ll cheerfully grab the information you didn’t choose to give them as well, and there’s little redress possible with the FCC eagerly kowtowing to the telcos.

Anonymous Coward says:

The way it has been described to me is that people are more concerned about the encroaching nature of "big tech" into places that continue to never actually welcome it.

The "there are no safe spaces" campaign has again proven that the unwelcome network is still encroaching forward and backwards into the supposed "civilization" that started it. Even though that "civilization" has been declared to be a non-civilization by it’s own government and people for starting the "big tech" business model to begin with.

Upstream (profile) says:

I remember when spam email was a huge problem. Sometimes people would get 100’s of XXX email solicitations a day. There is still spam, but much less, and now just about all the spam I get (which is not much) has a link to "unsubscribe." The links generally work. I am sure there are those here who know more about this than I, but I believe the difference may have been a federal law (the CAN-SPAM Act of 2003, maybe?) against most types of spam, and a few well-publicized criminal and civil cases. I wonder if a similar law against "violating privacy as a business plan" would have any effect? Of course, since the government enjoys the benefits of so much information about everyone being so readily available, we have <0 chance of getting such a law.

Thad (profile) says:

Re: Re:

No, the major difference was the implementation of Bayesian filters to recognize spam, blacklists to keep track of suspicious sources, and return address lookups to make it harder for spammers to pretend to be somebody else.

The thing about laws is they only restrict people and organizations who are law-abiding. The CAN-SPAM Act probably reduced the amount of spam people were getting from reputable businesses (insofar as any business that sends spam can be described as "reputable"), but it’s not gonna stop dodgy people using spambots to mass-mail you about "C|@lis".

And I’d still say spam is a pretty big problem. There are e-mail addresses I’ve stopped using because the spam messages significantly outnumbered the legit ones. I’m careful not to use my primary e-mail address to sign up for things, and I never post any of my e-mail address to the web where spiders can scrape them unless I absolutely have to — and then, I use a one-off address that I don’t use for anything else. (For example, most of the domain names I own use identity protection, but I have a .us domain where that isn’t allowed. So I set up a couple of e-mail addresses just for that site’s contact information. And gave my ISP’s physical address and phone number, not my own.)

Upstream (profile) says:

Re: Re: Re:

Thanks, Thad. I knew about filters, but I did not recognize the name Bayesian. Now I know. And I, also, take some of the precautions you mentioned, like separate email addresses for darn near everything, so it is easier to ditch one if it becomes contaminated. It makes it a bit of a nuisance to sign up for anything, since I have to create new username, new password, new email address, new . . . . But you have raised another question: With the filters, blacklists, and return address look-ups, how are the spammers still polluting some of your accounts to the point of un-usability? I mean, I remember getting tons of junk like you mentioned, re Vi@gr@, etc etc, but that was many years ago, and I just don’t see that stuff anymore, on any of my email addresses (thank goodness). Are some of your accounts with providers that just don’t do a good job of filtering?

ECA (profile) says:

Whats amazing(IMO)

You really want to have fun.
Let it fill the internet, and Bog down most corps that are not ready for it.
Can you see what the Credit card corps would do?? RUN like hell.
Insurance corps would gather all of it up so they could have 1 Large data base of Who is going to die..
Medical could gather it all up and Have tons of information to deal with and Advance Science.
Military would BURP and Gasp and Puke…They couldnt gather it, or do much about it. But if they released all of their data, we could scan it, nad SHOW them how to make things cheaper. FIX their tech, update their HARDWARE..
IRS would go insane, but would have a full list of All people in the USA, to edit. Then we could update them also.
Everyone would get SPAM And Snail mail out the Wing-Wang. But then we could locate the spammers. And we could CANCEL the mail we dont want.

Lets REALLY piss off the corps and Dump all our info, so that they Dont need to sell it. Make money off of us. So they Dont need to crack open any servers.. It would be so easy.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
12:04 SOPA Didn't Die. It's Just Lying In Wait. (5)
09:30 Demanding Progress: From Aaron Swartz To SOPA And Beyond (3)
12:00 How The SOPA Blackout Happened (3)
09:30 Remembering The Fight Against SOPA 10 Years Later... And What It Means For Today (16)
12:00 Winding Down Our Latest Greenhouse Panel: Content Moderation At The Infrastructure Layer (4)
12:00 Does An Internet Infrastructure Taxonomy Help Or Hurt? (15)
14:33 OnlyFans Isn't The First Site To Face Moderation Pressure From Financial Intermediaries, And It Won't Be The Last (12)
10:54 A New Hope For Moderation And Its Discontents? (7)
12:00 Infrastructure And Content Moderation: Challenges And Opportunities (7)
12:20 Against 'Content Moderation' And The Concentration Of Power (32)
13:36 Social Media Regulation In African Countries Will Require More Than International Human Rights Law (7)
12:00 The Vital Role Intermediary Protections Play for Infrastructure Providers (7)
12:00 Should Information Flows Be Controlled By The Internet Plumbers? (10)
12:11 Bankers As Content Moderators (6)
12:09 The Inexorable Push For Infrastructure Moderation (6)
13:35 Content Moderation Beyond Platforms: A Rubric (5)
12:00 Welcome To The New Techdirt Greenhouse Panel: Content Moderation At The Infrastructure Level (8)
12:00 That's A Wrap: Techdirt Greenhouse, Broadband In The Covid Era (17)
12:05 Could The Digital Divide Unite Us? (29)
12:00 How Smart Software And AI Helped Networks Thrive For Consumers During The Pandemic (41)
12:00 With Terrible Federal Broadband Data, States Are Taking Matters Into Their Own Hands (18)
12:00 A National Solution To The Digital Divide Starts With States (19)
12:00 The Cost Of Broadband Is Too Damned High (12)
12:00 Can Broadband Policy Help Create A More Equitable And inclusive Economy And Society Instead Of The Reverse? (11)
12:03 The FCC, 2.5 GHz Spectrum, And The Tribal Priority Window: Something Positive Amid The COVID-19 Pandemic (6)
12:00 Colorado's Broadband Internet Doesn't Have to Be Rocky (9)
12:00 The Trump FCC Has Failed To Protect Low-Income Americans During A Health Crisis (26)
12:10 Perpetually Missing from Tech Policy: ISPs And The IoT (10)
12:10 10 Years Of U.S. Broadband Policy Has Been A Colossal Failure (7)
12:18 Digital Redlining: ISPs Widening The Digital Divide (17)
More arrow