By Sheila Dean
Consumer facing consent UI/UX and transparent third party data inventory could remedy the social network’s global fall from grace. Far more work is ahead to produce a legitimate privacy enforcement environment.
Facebook’s neglect of third party vendor Cambridge Analytica crossed the line for its users. Unfortunately, social networks with poor third party operations security are everywhere. It was Facebook today, but it could be any number of poorly secured vendors tomorrow. Prior to this event, users and developers alike refused to face the nature of beast they are feeding.
Some form of regulatory intervention is in the offing. The US government is already deep in the core of Facebook’s operations for regulatory enforcement of an FTC consent decree. Facebook, like Palantir and others, also worked for the US government as big data analytics contractors in 2013’s PRISM scandal. Facebook has licensed deep profile information to the US government and any foreign government who would pay, including Russian social media operations. Special counsel Robert Mueller could easily ask FBI staffers embedded at Facebook’s HQ, if this was the collusion they were looking for. If the US government and its regulators are already so involved, regulation may be the lighter hand of justice. Users may need a criminal investigation into US government abuses of power, conflicts of interest, embezzlement or related crimes involving foreign entities. The more likely crime is one of banal disinterest in privacy law enforcement.
Facebook is the beast US corporatism built. The US government, afterall, is still an investor in Facebook. How do we get shareholders, like the CIA, to conform to American privacy law provisions and boundaries? As partial owner, the US government may have access to any of its information assets. What does it mean if a US agency profited from data services rendered to Russia for psychological operations? The potential for abuse is now material fact, if it is not the scene of a crime of opportunity.
Facebook’s policy problem lies in a one-size-fits-all EULA contract allowing complete opacity of its vendors. The blanket consent from one Terms of Service contract hardly covers the third party range where personal data was processed by Cambridge for resale to political operatives. The average consumer does not know who has their data once it goes into a social network. If Facebook showed consumers the edge advertising market for their data as notification, they would be legally required to provide means of express consent to license their personal data.
Facebook, like many online services, needs to get out of partisan and government information business lines or the elections intrigues will continue. It’s time to ask US government agencies, like the DoD and CIA, to surrender their shares in public ISP companies back to the free market. Their co-ownership in private data conflicts with public interest. Public trade transfer deals featuring government licensed technologies should not be opaque to the US consumer when their personal information is involved in a trade.
Third party risk and liability will still be a problem for society online. Legal enforcement is needed to limit the scope of exchange and sale of personal data based on legitimately sourced and applied US consumer consent. Facebook, and those emulating its brazen business model, should now comply to better defined, transparent data inventory mapping for users to knowingly permit, or more likely deny, unwanted third party exchanges.
We can forgive Facebook as an institution for being led down the wrong path, endorsed and coddled by government insiders. Some later revealed themselves in full view of the public as disgraceful sycophants, soliciting Mark Zuckerberg's permissions and favors, during Congressional disciplinary hearings. Government beneficiaries managed to evade legal consent notice requirements which do, in fact, apply to any information they collect on US Citizens. Board members from the most celebrated privacy non-profits, think tanks, and policy advisors with doctorates from the best universities in the United States have consulted Facebook. Who can help Facebook if their elite battery of advisors endorsed the fantasy they can break US common consent law with no consequences?
GET LITTLE CAESAR A TOWEL, PLEASE.
It does seem everyone around Facebook is telling them they are so useful and exceptional they don’t have to conform to the law. That line of doctrine misled Facebook to be used as a powerful social tool to connect the world with corruption. They broke laws. Unfortunately, they didn’t do it by themselves. They had lots of enablers and government partners urging them on.
Information security and integrity audits will send any phony fixer lawyers and their marketing apologist firms packing. One could speculate Facebook's cyber-insurance rates are expected to skyrocket. As we wait on the results of Facebook’s audit, they will confront fines, more civil suits, possible company insolvency and criminal due process for its lack of restraint. Regulatory law enforcement should work to close privacy law enforcement gaps. Their current presence inside Facebook failed to enforce fair, lawful security of private data.
Even if the government reforms the enforcement conventions for impacted privacy, will fair trade practices emerge from the ashes to cover global data brokerage exchanges? Non-profit interest groups and companies cannot just scuttle away a people's inherent data ownership rights because these rights didn't originate with their nation state or they seem inconvenient to consider. Identity sovereignty is natural and inherent to our humanity. Administrators are talking over each other instead of to each other across the globe and then stony radio silence follows. This conflict is based on differences over the origin of rights in personal data governance. There is very little real debate or statesmanship on this idea.
So here is a working 5 point public policy fix to confront international data exchange stakeholders, as well as US agencies, not playing fair with data owners.
- Close enforcement gaps and actively enforce existing privacy law concerning notice & consent.
- Require government partners and non-profits (partisans, research firms) to self-identify to consumers in UX/UI transactions; which legally require notice and consent (like trade transfer deals).
- Adopt or enact Right To Be Forgotten policy in the US.
- Recognize the rights of the individual Data Owner in business reporting with monthly exchange statements as an audit requirement as a matter of human rights and fair trade. If you can’t manage to bring in the data owner as part of your business, consulting them on how much to sell their data for, who to authorize as a seller and reseller to and how to sell it, you’re in the wrong business.
- Recognize essential individual data ownership is paramount to rights of government transfer entitlement and/or embargo thereof. For the US, that is conformance to Privacy Act of 1974 provisions to actively procure and heed individual consent preferences in most cases. For other governments, that means they need to get express consent to profit from personal data of a US citizen using public platform services.
Individual data ownership rights are not in conflict with other rights and can stand with other recognized rights. Particularly, that of self-defense, protection from theft of labor and the diverse perils of slavery, human trafficking and unfair trade practices. We are not the middle man to be cut from the exchanges. Data owners are in fact used and spent as the monetary currency itself. Current exchanges brokering personal data are in an adverse power differential contrary to Principle One of Fair Trade Practices. They are more on par with serfdom. Facebook’s serfs are Exhibit A of a raw deal. Now the world needs a fair trade upgrade.