Don’t be fooled by Silicon Valley’s privacy shell game

Here is the text of Shane’s Op-Ed, which appeared in today’s Washington Examiner.

Congress confronted privacy and personal data rights in a pair of hearings last week. This week, Mark Zuckerberg announced a “privacy pivot” at Facebook, yet failed to propose a single tangible reform of its core business.

Zuckerberg’s privacy manifesto illustrates the core problem. Big tech companies such as Facebook have no real interest in changing their practices. Their entire business model is based on owning and exploiting personal data to manipulate people and sell advertising. They’ll defend that at all costs.

AP – Shane Green on Facebook’s “lip service” to privacy

The ongoing series of privacy scandals and last year’s high profile hearings led the Silicon Valley giants, including Facebook, to hire a small army of lobbyists. Although there has been no new legislation yet, data privacy reform is in the air, and the jockeying behind the scenes is telling.

Facebook’s position and the overall surveillance-based business model has become impossible to defend. With few straightforward options, the lobbyists for the social network and other tech behemoths are now trying to manufacture a partisan crack in what is clearly a bipartisan issue with the hope that they can co-opt the regulatory process as a result.

Even more troubling than watered-down privacy legislation that creates an appearance of accountability and enforcement is the possibility that regulations will create significant new compliance costs. This would allow these data oligopolies to further entrench their dominance against startups and new entrants to the market. Facebook can simply absorb the new costs, while smaller companies and startups, many of whom are starting to emerge with innovative tools to empower people with their data, would be boxed out.

The other focal point of their strategy is to deny state-level activism and innovation. This strategy started last September, when the U.S. Chamber of Commerce and the Internet Association released ten new “privacy principles.” The very first of these principles, which has been echoed nonstop since, was to call for “a single federal privacy law.” While it’s reasonable to demand a unified national approach to privacy, it is far too early to defang state-based privacy laws such as the one in California, which the industry fought before losing handily in a public referendum.

California has, in fact, been a national leader on privacy issues, and their popular law goes a long way toward returning control to consumers. It takes the practices of big companies out of the shadows, which is the first step toward empowerment. It isn’t perfect, but it marked an important and awakened many to the abuses and dangers of the current “click here so we can own your data” model.

Under the newly elected Democratic Gov. Gavin Newsom, California appears poised to continue to lead on this issue. I don’t think anyone has fully processed the significance of Newsom’s calls for a “digital dividend” in his State of the State address earlier this month. This was one of the first real acknowledgments from a major public figure that trillions of dollars in wealth is being created by companies from users’ personal data, and that those same users have a right to a piece of that pie and to ensure that their data is being used for and not against them.

Of course companies that are making trillions of dollars off of private data are going to resist efforts to let others wrangle their cash cows. But the next time Zuckerberg or another Silicon Valley executive is hauled before Congress to defend data practices, which will likely happen in the coming months, we need to make sure we don’t fall for their shell game.

It’s long past time for power over data to be put back in the hands of the users to whom it belongs. I hope that Congress uses that principle as their starting point and their end goal. We need real action, not empty Facebook posts.

Shane Green is CEO of the private data sharing company digi.me and co-founder of UBDI, a consumer-controlled market research and data monetization community. He blogs at shanegreen.org and you can follow him on Twitter @shanegreen.

California Governor calls for a “Digital Dividend”

I spoke to AdWeek about Gov. Newsom’s call for a Digital Dividend. You can read it here.

California Governor Gavin Newsom called for a “Digital Dividend” in his State of the State address this past week. He didn’t offer specifics, saying only that he is instructing his staff to study the idea. But the point was as clear as the Silicon Valley sky – he wants California citizens to participate in the trillions of dollars of wealth being created by companies from their personal data.

I was caught by surprise by the proposal and Newsom’s use of the term Digital Dividend, but not by the idea itself. I’ve been working on this concept for a decade, and have been recently calling it Universal Basic Data Income – the part of UBI derived from one’s own data. I’m currently working on a startup called UBDI that is trying to prove that people can ethically and sustainably earn hundreds and then thousands of dollars a year from their data (built on the digi.me Private Sharing platform).

I love the concept of a Digital Dividend, and the precedents it evokes such as the oil dividend in Alaska. Gov. Newsom’s proposal is a critical development in this movement. No US political leader of his magnitude, much less the leader of the state with the most wealth creation from personal data, has made such a bold declaration.

I spoke to AdWeek about his proposal this week and why this is different from all the other calls for better privacy laws. The idea was so unexpected that the usual industry advocates like the US Chamber of Commerce and the Internet Association haven’t even responded. I’m not sure they know what to make of the idea. Maybe that’s a good thing. I’d hate to have to explain why people should keep being cut out of their fair share of the mega profits derived from the data they produce.

Marc Benioff, Tim Cook and Roger McNamee change the data and privacy game. Plus, a challenge to Acxiom – give users their data!

This week’s Time magazine cover feature on privacy, data and Facebook marks another milestone on the path to a new, fairer more transparent model. Marc Benioff, founder of Salesforce and new owner of Time, wasted no time in shining a light on this critical subject.

The column by Tim Cook is the biggest line drawn in the sand yet by Cook and Apple, who are declaring war on the surveillance economy that online advertising requires. It also strikes at the heart of two of their biggest competitors – Facebook and Google.

In addition to supporting a call for new privacy laws, Cook writes:

“But laws alone aren’t enough to ensure that individuals can make use of their privacy rights. We also need to give people tools that they can use to take action.”

Roger McNamee, an early investor in Facebook and mentor to Mark Zuckerberg, writes an even more damning piece about his difficult decision to call out Facebook executives and ask for them to be held accountable. The article (and his book Zucked) reads like a Silicon Valley version of Frankenstein.

“When I sent that email to Zuck and Sheryl, I assumed that Facebook was a victim. What I learned in the months that followed–about the 2016 election, about the spread of Brexit lies, about data on users being sold to other groups–shocked and disappointed me. It took me a very long time to accept that success had blinded Zuck and Sheryl to the consequences of their actions.”

In a bizarre and frankly concerning response to the Time articles, Acxiom announced yesterday that they were ready to embrace GDPR-like rules in the United States. They all but invented the data broker industry Time magazine focuses on, and were featured as a “privacy deathstar” by the the Financial Times.

If Acxiom getting religion on privacy sounds unlikely to you, you aren’t alone. In fact, I’m deeply concerned about companies like them trying to co-opt potential privacy legislation in the United States to both protect themselves and to block innovative privacy models like ours at digi.me, as I discussed with AdWeek just yesterday.

I have personally asked Acxiom many times, including directly to their board of directors, to make a downloadable copy of their digital profile data available to consumers. GDPR in Europe now requires it, and it’s called data portability. The answer has always been no.

If Acxiom wants to prove they are on the digital road to Damascus, they should make their data available to consumers. Every consumer could download a complete, reusable copy of the data Acxiom has about them – thousands of detailed data points.

At digi.me, we have the proven tools to let consumers download exactly this kind of data securely and privately – and to use however they choose (we don’t touch, hold or see data). We’ll do all the work, and won’t even charge for it.

Acxiom, it’s never been easier to prove that you’ve changed.

Revisiting a crowdsourced Digital Bill of Rights “by the people, for the people” from SXSW 2012

The following Digital Bill of Rights was crowdsourced at SXSW in Austin, TX on March 11, 2012 at a session I led with Anne Bezancon (then CEO of Placecast, now part of Ericsson) called “We the People: Creating a Consumer’s Bill of Rights.” It seems like a timely reminder that many of the current issues we are struggling with in terms of privacy, transparency and control of data are far from new, and that the issues they touch in our lives are as fundamental and transcendent as those covered in the original Bill of Rights.

The packed session at SXSW included participants ranging from privacy experts to advertising and internet executives. Despite the different viewpoints, we concluded that we could not rely on companies or governments to determine these right for us any more than the Founding Fathers relied on King George or the British East India Company to do so on their behalf. The attempt to make them go viral online fell short…at least to date.

The group also believed the rights to be so interconnected that they needed to be considered together – each reinforcing and providing context for the other. The rights do not cover each and every right or code of conduct that we believed should exist, but were designed to be a minimum set of rights that would create a the basis for a safer, fairer and more innovative digital world. 

Finally, like all rights, we anticipated that there would be occasions and contexts where such rights might be limited or waived. But we asked ourselves in selecting each of them if we wanted a world where such rights did not exist and were not the default: Where there was no right to transparency, no right to privacy, no right to choice and control, etc.? Our answer was unequivocally no.

Digital Bill of Rights

March 11, 2012 – Austin, TX

Preamble

This Digital Bill of Rights applies to the sanctity of the digital self 

The digital self should be afforded equal standing as the physical self before the law and society

Rights

1. Right to transparency

  • I have the right to know who collects, uses, shares, or monetizes my data and how they do so
  • I have the right to know how my data is protected and secured
  • I have the right to know the value of my data

2. Right to privacy

  • I have the right to privacy by default

3. Right to choice and control

  • I have the right to give and withdraw permission to collect, use, share or monetize my data
  • I have the right to view, access, correct, edit, verify, export and delete my data
  • I have the right to own and/or use freely the “golden copy” of my data
  • I have the right to buy the product or app and not “be the product”

4. Right to safety

  • I have the right to expect my data to be stored and transported securely

5. Right to identity

  • I have the right to have different personas in context
  • I have the right to anonymity

6. Right to minimal use

  • I have the right to have my data collected, used, shared or monetized only for the specified purpose and context
  • I have the right to be forgotten after my data has served its purpose

It’s business as usual for privacy at the US Chamber of Commerce and Internet Association

With the exception of a call for greater transparency around how companies collect and use data — a growing bi-partisan, public-private sector bright spot in the American debate on privacy — the US Chamber of Commerce’s ten new privacy principles and the Internet Association’s almost identical principlesreleased today reflect long-standing industry hostility towards effective government regulation and privacy more broadly. The principles are mostly an extension of the “trust us to do the right thing” argument they’ve been making for years, which have failed miserably.

The Chamber’s very first principle to prohibit state laws altogether on the subject is a not-so-subtle swipe at the popular new law on privacy in California, which industry fought tooth and nail. While imperfect, the law marked an important watershed in popular awakening to the abuses and dangers of the current “click here so we can own your data” model. The Chamber goes on to say in this first principle that “the United States already has a history of robust privacy protection,” which, in addition to being downright cynical and wrong, signals a new round of opposition to meaningful government oversight or intervention.

Their principle on harm-focused enforcement is another clearly outdated and limited approach, as is the call to prohibit individuals from being able to bring an action based on an infringement of their privacy. Together, they completely marginalize us as citizens and consumers, and ask us to trust the system to work on our behalf.

Meanwhile, the Internet Association has loopholes and doublespeak galore. Almost all references to data rights are bounded by phrases like “personal information they have provided,” which often amounts to less than 1% of data collected or purchased by companies. The coup de grace: “individuals should have meaningful controls over how personal information they provide to companies is collected, used, and shared, except where that information is necessary for the basic operation of the business…” When the entire business is predicated on advertising or personalized content and services, I’m not sure what is left really.

As a skeptic myself toward most prescriptive government regulations — I’d rather see innovative new tools and business models solve market and societal failures wherever possible — I spent years watching how utterly incapable industry is of reforming itself when it comes to data and privacy. There is simply too much money and power tied to them while all of the negative externalities fall on us as users — a textbook market failure.

That led me, in addition to my startup efforts on privacy, to work on a number of initiatives that helped create the principles and specifics for the new EU regulations known as GDPR (General Data Protection Regulation). These laws, also imperfect, not only aim to curb current abuses, they mandate far greater transparency and provide a roadmap for a fairer and more sustainable data and privacy model built around the rights of individuals about how their data is used.

Criticized for stifling innovation, GDPR is actually doing the opposite — it is catalyzing the private sector to start building new services that empower people directly with their data, competing both over how much value they can create for users if given access to their data while also showing what good stewards they can be of that data. It’s turning the “race to the bottom” we’ve seen around data and privacy into a much more enlightened and compelling “race to the top.”

Not surprisingly, the Chamber and most US companies have not been fans of GDPR. The lip service given in the principles to “privacy innovation” is a far cry from the vision and efforts underway in Europe, and nowhere do they reference our rights as citizens or consumers. In fact, as mentioned earlier, they only seek to limit those rights.

The most concerning potential development is the use of regulation shaped by these industry lobbying groups to further entrench their power and disadvantage startups and newcomers. The Electronic Frontier Foundation and others have been sounding the alarm on that possibility, and my read on the recent Congressional hearings by Facebook and Twitter is that this is their new strategy. In fact, the degree to which these privacy principles mimic the principles of GDPR while undermining them at every turn is nothing short of dastardly.

To conclude on a positive note, transparency is the single most important key to addressing the worst abuses around privacy and to unlocking a private sector competition to do right by users and their data. Despite 20 years with the curtains drawn tight around data collection and exploitation by industry, it’s simply un-American to stand against greater transparency — which is why both Republicans and Democrats are in favor of it.

Embracing the Chamber’s and the Internet Association’s call for transparency is the perfect jujitsu opportunity for those of us who want to see a more pro-user, pro-privacy model emerge. The real battle will be over just how far it goes, over how much we truly get to see and understand how our data is collected and for what purpose. Once that genie is out of the bottle, we can expect the private sector to get back to what it does best — creating even more incredible data-driven services that truly meet our needs and interests.

Digi.me going prime time

I had the chance yesterday to speak with Paula Newton on CNN’s Quest Means Business. I thought she was going to focus on the Congressional hearings earlier in the day with Sheryl Sandberg of Facebook and Jack Dorsey of Twitter, but she really wanted to understand how digi.me works. She’s done quite a lot of stories on how our data and privacy is being abused by the big platforms, so it was refreshing to see her interest in solutions like ours.

We discussed our new app ecosystem, why it’s so interesting for developers, and how we empower people with their data if the data is already “out there” (a question I get all the time). You’ll have to watch the interview to learn more.

It was fun to visit the studio here in Washington. I was in the makeup room with Wolf Blitzer as the news of the mystery New York Times op-ed was breaking. Of course, the first tweet on my interview asked why CNN was talking about privacy and data given the other news. At least I didn’t get bumped!

IMG_5154

 

Trump’s right on this — it’s time to rip open the black box at Google, Facebook and Twitter

 

Image result for facebook google twitter logos

It’s not often that I find myself siding with President Trump and FCC Chairman Ajit Pai on technology policy. As we watch today’s congressional hearings with Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey — and the “empty seat” for Google who refused to send a senior executive — they are dead right in their call for greater transparency. The stakes are just too high to continue to allow these mammoth platforms to decide behind closed doors how to collect data about us, filter the content we see and manipulate our decision making. Regulators must act, as they have done in Europe. So too must we as citizens.

I find it unlikely that these companies purposefully bias their search results and content feeds against Trump and Republicans. In fact, most evidence so far of the weaponization of Facebook by outside actors like the Russians and Cambridge Analytica shows that they have more often exploited the platforms to support Trump and his view of the world. But their algorithms certainly contain all kinds of biases that we need to understand, and the lack of transparency raises unanswerable questions that not only make such concerns possible, they prevent government and us as individuals from responding effectively.

And, make no mistake, these platforms were designed from the start to influence our thinking and behavior. Click by click, terabyte of data by terabyte of data, they track our every move, building sophisticated profiles of each of us to make it easier for content and advertising to reach us. In fact, the first big Facebook breach of trust was an internal Facebook project to see if they could affect a user’s emotions by elevating posts with happy or sad content. They were so proud they published their findings for other data scientists to review. Rather than see the project as a psychological study with human subjects requiring clear consent of the participants, Facebook saw it, as one executive told me at the time, “as what we do every day with A/B testing in advertising.”

It’s no accident that Mark Zuckerberg’s called the challenge of confronting Facebook in his op-ed in today’s Washington Post an “arms race.” Only the largest of organizations have the resources to even participate in such a vast and expensive exercise, structurally limiting the ability of new companies and ideas to emerge. Sheryl Sandberg’s testimony is a laundry list of initiatives Facebook has undertaken recently to address these threats, most of which should have been undertaken years ago when they were warned about these problems but chose to ignore them because it was bad for business. (I, like many others, met privately with Facebook in 2016 to express my concerns while also encouraging them to act publicly.)

The Electronic Frontier Foundation (EFF) and others have rightfully warned that the massive efforts by the big platforms to shape privacy and data policy is designed to ensure their long-term domination, especially around ownership and control of our data. I share this concern, and saw it first hand in Europe five years ago while leading a data initiative at the World Economic Forum. Thankfully European regulators, backed by citizens voicing their deep concerns, managed to hash together a forward-looking set of laws that came into effect this past May (GDPR) predicated on transparency and users getting access to their data to use however they choose — and with absolutely clear consent.

The Congress and the Administration must insist on the same here in the United States. There simply isn’t any way we can continue on the current path, no matter how much Facebook, Twitter and Google say they can save us. Because “saving us” involves saving their business model, which created the problem in the first place. It’s time for new ideas and new solutions.