The Tech Policy Greenhouse is an online symposium where experts tackle the most difficult policy challenges facing innovation and technology today. These are problems that don't have easy solutions, where every decision involves tradeoffs and unintended consequences, so we've gathered a wide variety of voices to help dissect existing policy proposals and better inform new ones.

'Big Tech' Blinders Let Other Privacy Violators Off The Hook

from the look-around dept

After over a decade of largely uncritical admiration from journalists, policymakers, and the public, the United States' biggest tech companies have experienced a swift fall from grace.

Facebook, Google, and Amazon are the subject of long overdue scrutiny, investigations, and legal proceedings in jurisdictions around the world for their widespread and repeated violations of people's privacy, while their executives no longer enjoy the glowing reputations they once did. After Cambridge Analytica, YouTube’s record-breaking COPPA fine for illegally tracking children, and a nearly endless list of other privacy transgressions, the Silicon Valley companies deserve all the scrutiny they're getting and then some.

But Silicon Valley tech companies aren't the only ones violating our privacy with impunity, and focusing on them as the sole villains allows a whole host of co-conspirators to get off scot-free. These other companies aren't doing less objectionable things with your data, and they haven't demonstrated that they're more worthy of consumer trust, or less likely to be breaking the law.

Policymakers and tech journalists need to take off their "big tech" blinders and focus more energy on the lesser-known privacy violators benefiting from Facebook and Google's absorption of the critical oxygen. When we're talking about powerful companies surreptitiously creating information about you and using it to make important decisions about your life, threaten your safety, or violate your privacy, Facebook and Google shouldn't be the only companies we're talking about—because they're far from being the only source of the problem.

Take the telecom industry, for example. All of the biggest telecommunications companies have been caught violating their customers' privacy, often at the same scale and to the same degree of flagrancy as their Silicon Valley peers.

In 2016, Verizon was fined $1.35 million by the FCC for tracking the browsing history of users on its mobile network without their knowledge and consent. Two years later, a Verizon-owned ad tech company paid the then-highest COPPA fine to the New York state Attorney General for illegally tracking children. AT&T was fined $25 million by the FCC for failing to protect consumer data after AT&T employees stole the names and full or partial Social Security numbers of around 280,000 customers, then sold them to third parties.

More recently, an investigation by the Norwegian Consumer Protection Council found that an AT&T-owned ad tech company was among those receiving granular location information and information on users’ sexual orientation from dating apps like Grindr and Tinder. All the biggest carriers—Verizon, AT&T, T-Mobile and Sprint—were found to be illegally selling customers’ real-time location data to anyone who wanted to buy it.

Not only do the telecoms violate the privacy protections we have, they tirelessly lobby to make them weaker and worse. They fought the FCC's broadband privacy rules in 2016, then (successfully) convinced Congress to negate them in 2017, lied about the privacy implications of encrypting DNS queries, and are trying to pass a Trojan horse privacy law that would calcify an exploitative status quo. Criticisms of "big tech's" exploitation of people's privacy that ignore big telecom miss the forest for the ISPs.

Then there's the ad tech industry. Behavioral advertising, which targets people with ads based on information about their browsing history or offline behavior rather than their current online activity, is in many ways the internet’s original privacy sin. The profit motive it supplies for companies to track our every move and keep us scrolling and clicking for as long as possible is responsible for much of the toxicity, disinformation, and privacy violations that we've become inured to.

Behavioral advertisers have done everything they can to link the viability of innovative web services to highly profitable surveillance of users, while claiming that any attempts to weaken or sever that link will break the internet. Their business model is what makes so many online services inherently and unavoidably privacy-invasive when they don’t have to be.

Given their reversal of fortunes, one could say that Facebook, Google, and the other Silicon Valley giants have taken the whipping boy role in privacy policy discussions that data brokers used to occupy. Data brokers were a heavy focus of consumer protection-minded policymakers at the FTC and the White House for a number of years, and while the attention previously paid to them has shifted, the venality of their business model hasn’t. The core business of these companies is to collect and infer sensitive information about as many people as possible, and to share and sell those assessments to any company that wants to buy them, like advertisers, health insurance companies, educational institutions, hedge funds, and others.

These companies traffic in lists of sexual assault survivors, which students are undocumented or are using birth control, and which of us is most likely to be a vulnerable target for predatory loans, all while remaining staunchly contemptuous of the prerogative of legislators to reign them in. Nothing about data brokers’ exploitation of our data is less objectionable or malignant than what Facebook and Google are doing with it, but #DeleteLiveramp won’t get anyone’s attention.

This list of companies that rake in enormous profits for violating your privacy and deserve more notoriety for it isn’t short. There’s the app developers, location aggregators, the credit reporting agencies, and insurance companies. There’s also the brick-and-mortar companies that are falling all over themselves to build exactly the same kinds of tracking and analytic capabilities that Facebook and Google have weaponized, or contract out for them when they can’t. All of these companies actively, eagerly take part in the kinds of privacy violations that the Silicon Valley companies have grown notorious for, and a focus on the Silicon Valley companies alone minimizes the threat, and distorts the real problem.

There are some ways in which Facebook, Google, and Amazon present uniquely severe concerns by virtue of their size and ubiquity: it’s not as though their widespread notoriety wasn’t repeatedly earned. Moreover, examples cited here of transgressions by non-Silicon-Valley companies only exist because tech journalists or policymakers decided to focus on that not-Facebook and not-Google issue.

Nor does expanding the focus of tech critics to lesser-known privacy violators mean that regulators should exclusively focus on small companies at the expense of big ones, as the FTC has correctly been criticized for. Neither policymakers nor journalists should ignore the 400 pound gorillas in the room or the havoc they wreak. But there are other actors in the data collection ecosystem that deserve to be just as notorious as the Silicon Valley giants, and whose conduct deserves just as much attention.

For all the investigation and criticism that Amazon’s Rekognition deserves, policymakers and journalists shouldn’t ignore lesser-known facial recognition technology vendors like NEC or Idemia. As Clearview AI has demonstrated in dramatic fashion, a hitherto-unknown company can turn out to be engaged in practices as bleakly dystopian as you can imagine, as soon as it receives the kind of scrutiny that the biggest tech companies have been experiencing for years.

Don't let Mark or Sundar shrink into the shadows—just make Hans (Vestberg, Verizon), Brian (Cassin, Experian), and Scott (Howe, LiveRamp) household names alongside them. Conversations about privacy policy, investigations into violators, and blame for the exploitative wretchedness of the current ecosystem shouldn’t solely focus on Mountain View and Menlo Park at the expense of ignoring Dallas, Atlanta, and Bentonville.

At the end of the day, "big tech" means nothing if it excuses the identical privacy transgressions of big telecom, big ad tech, big data broker, and big, well, everything else.

Lindsey Barrett is a staff attorney and teaching fellow at the Communications and Technology Law Clinic at Georgetown Law.

Filed Under: big tech, greenhouse, privacy, tech, telcos


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 28 May 2020 @ 12:14pm

    Brick, mortar, and Governments as well

    As I mentioned here we shouldn't leave out grocery stores with their 'rewards' programs, DMV's selling legally required very private information, doctors and the many others who collect an sell information.

    reply to this | link to this | view in chronology ]

  • identicon
    bobob, 28 May 2020 @ 1:54pm

    We have to start somewhere.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 28 May 2020 @ 2:06pm

    we have to start everywhere, but the problem is Who does what??

    LETS say something there..devil in the details.
    Cops and police Love to be nosy..for reasons.
    How to catch a crook? if you have all the indfo on everyone in an area, you can shorten a list 1000 times.
    The more data you have the LESS you will need to find the person you are looking for.
    You Kid isnt home..where is he/she.

    With all of the above and much more, why arent they going after certain people already? Including the corps? Even out Gov. has a private system. And its already shown(after being hacked) that the Military has a backdoor into a Private system to monitor Many of the different countries, Unencoded.(wonder who set that up??)

    What to do about all of it?

    reply to this | link to this | view in chronology ]

  • icon
    Jef Pearlman (profile), 28 May 2020 @ 2:08pm

    Whataboutism

    It's also now a regular tactic to just point at big tech's bad behavior when your own is under scrutiny. You may recall the CRA rollback of ISP privacy rules, when the cry was "but Google and Facebook have user data too and the FCC isn't stopping them!"

    reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 29 May 2020 @ 1:41am

      Re: Whataboutism

      "It's also now a regular tactic to just point at big tech's bad behavior when your own is under scrutiny...."

      And at least when it comes to Google and Facebook it's always a case of the individual actively choosing to use their services. Although it's a bit tough you can forgo googling and select alternatives to Facebook if you're into social media.

      Your ISP or worse, your government? No such luck. They'll cheerfully grab the information you didn't choose to give them as well, and there's little redress possible with the FCC eagerly kowtowing to the telcos.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 2:19pm

    Had to have a little chuckle at the FCC fining Verizon. I wonder what a suitable fine would be for the FCC considering it does everything possible for the companies it's supposed to protect the public from but does the exact opposite!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 May 2020 @ 2:43pm

    The way it has been described to me is that people are more concerned about the encroaching nature of "big tech" into places that continue to never actually welcome it.

    The "there are no safe spaces" campaign has again proven that the unwelcome network is still encroaching forward and backwards into the supposed "civilization" that started it. Even though that "civilization" has been declared to be a non-civilization by it's own government and people for starting the "big tech" business model to begin with.

    reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 29 May 2020 @ 11:47am

    I remember when spam email was a huge problem. Sometimes people would get 100's of XXX email solicitations a day. There is still spam, but much less, and now just about all the spam I get (which is not much) has a link to "unsubscribe." The links generally work. I am sure there are those here who know more about this than I, but I believe the difference may have been a federal law (the CAN-SPAM Act of 2003, maybe?) against most types of spam, and a few well-publicized criminal and civil cases. I wonder if a similar law against "violating privacy as a business plan" would have any effect? Of course, since the government enjoys the benefits of so much information about everyone being so readily available, we have <0 chance of getting such a law.

    reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 29 May 2020 @ 12:34pm

      Re:

      No, the major difference was the implementation of Bayesian filters to recognize spam, blacklists to keep track of suspicious sources, and return address lookups to make it harder for spammers to pretend to be somebody else.

      The thing about laws is they only restrict people and organizations who are law-abiding. The CAN-SPAM Act probably reduced the amount of spam people were getting from reputable businesses (insofar as any business that sends spam can be described as "reputable"), but it's not gonna stop dodgy people using spambots to mass-mail you about "C|@lis".

      And I'd still say spam is a pretty big problem. There are e-mail addresses I've stopped using because the spam messages significantly outnumbered the legit ones. I'm careful not to use my primary e-mail address to sign up for things, and I never post any of my e-mail address to the web where spiders can scrape them unless I absolutely have to -- and then, I use a one-off address that I don't use for anything else. (For example, most of the domain names I own use identity protection, but I have a .us domain where that isn't allowed. So I set up a couple of e-mail addresses just for that site's contact information. And gave my ISP's physical address and phone number, not my own.)

      reply to this | link to this | view in chronology ]

      • icon
        Upstream (profile), 29 May 2020 @ 1:10pm

        Re: Re:

        Thanks, Thad. I knew about filters, but I did not recognize the name Bayesian. Now I know. And I, also, take some of the precautions you mentioned, like separate email addresses for darn near everything, so it is easier to ditch one if it becomes contaminated. It makes it a bit of a nuisance to sign up for anything, since I have to create new username, new password, new email address, new . . . . But you have raised another question: With the filters, blacklists, and return address look-ups, how are the spammers still polluting some of your accounts to the point of un-usability? I mean, I remember getting tons of junk like you mentioned, re Vi@gr@, etc etc, but that was many years ago, and I just don't see that stuff anymore, on any of my email addresses (thank goodness). Are some of your accounts with providers that just don't do a good job of filtering?

        reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 29 May 2020 @ 12:11pm

    Whats amazing(IMO)

    You really want to have fun.
    RELEASE ALL DATA.. ALL of it.
    Let it fill the internet, and Bog down most corps that are not ready for it.
    Can you see what the Credit card corps would do?? RUN like hell.
    Insurance corps would gather all of it up so they could have 1 Large data base of Who is going to die..
    Medical could gather it all up and Have tons of information to deal with and Advance Science.
    Military would BURP and Gasp and Puke...They couldnt gather it, or do much about it. But if they released all of their data, we could scan it, nad SHOW them how to make things cheaper. FIX their tech, update their HARDWARE..
    IRS would go insane, but would have a full list of All people in the USA, to edit. Then we could update them also.
    Everyone would get SPAM And Snail mail out the Wing-Wang. But then we could locate the spammers. And we could CANCEL the mail we dont want.

    Lets REALLY piss off the corps and Dump all our info, so that they Dont need to sell it. Make money off of us. So they Dont need to crack open any servers.. It would be so easy.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt

The Tech Policy Greenhouse
is a special project by Techdirt,
with support from:

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.