January 31, 2019

As 2018 lies firmly behind us, CDEP Program Director Bastiaan Vanacker takes a look at some of the major digital ethics and policy issues of the past year that will shape the debate in 2019. The first installment of this overview can be found here.

April: The Changing Narrative Surrounding Facebook

In April, a contrite Mark Zuckerberg received a symbolic lashing from senators and congressmen during his testimony in the wake of the Cambridge Analytica scandal.  This was only the beginning of what turned out to be an annus horibilis for the social media giant, during which a steady drumbeat of media exposés called Facebook’s ethics into question.

Zuckerberg’s standard line of defense in these type of PR crises (when denial is no longer a credible option), is to paint the company as a victim of its own innovativeness. To paraphrase:  “When charting new territories and connecting billions of people in a way that has never been accomplished in human history, mistakes are unavoidable, even by a company who aims to do the right thing. Let’s learn from them and then try to do better next time.”

From an ethical point of view, I have always found this a cop-out. Being a trailblazer requires a higher standard of ethical care and does not justify the trial-and-error approach that Silicon Valley seems to embrace at times. Risking exposure to significant harm should not be the price we pay for technological progress. But worse for Zuckerberg is that even this shaky defense seems to have run its course. Media reports have told the tale, not of an earnest company making a ham-fisted mistake from time to time, but of a cynical powerbroker whose main concern is in finding new ways to monetize its users’ data. Changing this narrative will be the main challenge of the company for 2019. Deciding which narrative to believe will be the main challenge for its users for 2019.

May: The GDPR Goes into Effect

Those advocating the need for stricter privacy laws, often positively reference  the European approach to regulating privacy, which has been much more hands-on than in the United States. In 2014, for example, the European Court of Justice ruled that EU data protection laws recognize a right to be forgotten, requiring search engines to grant requests to delist information pertaining to individuals that is no longer relevant. Another privacy mile stone was reached on May 24,

when the General Data Protection Regulation took effect in Europe, providing an update to the Data Protection Directive from 1995.

The law strengthens the provisions of its predecessor by requiring unambiguous consent from data subjects before collecting their data, which can only be used for specific purposes. Secondary uses or selling of data also cannot occur without permission, and European citizens can demand that their information be corrected or deleted. The law also comes with teeth in the form of steep fines that can run up to 20 million euro or 4% of a company’s annual sales, whichever is greater.

What the full effect of the law will be remains to be seen. Critics have pointed out that the high cost of compliance could stifle innovation, particularly in the field of A.I. There’s also some degree of confusion about how the law will be applied and enforced. On the other hand, the experience of recent years on this side of Atlantic has made it amply clear that free market mechanisms fail to provide adequate privacy protections.

In the wake of the many privacy scandals, American lawmakers are pondering federal privacy regulation. If a bill passes, which is by no means certain, silicon valley’s economic concerns are likely to weigh heavier on the draft than in the case of the GDPR, which reflects a strong German pro-privacy stance. How federal and state lawmakers balance the hard-to-ignore calls for tougher data protection laws with the technology sector’s resistance to burdensome regulations will be the defining feature of any new (potential) privacy legislation in this country.                                      

June: Digital Forensics Help Authorities to Identify Leakers

In June, former Air Force linguist and NSA contractor Reality Winner pleaded guilty to leaking a classified document about Russian interference with the election to The Intercept.  Two months later, she would be sentenced to 63 months in prison, the longest sentence ever imposed for such an offense. As the Trump administration continues its war on leakers, this case serves as a reminder for journalists and leakers alike to cover their digital tracks. As I wrote at the time of her arrest, there are numerous indications that the carelessness of Winner and The Intercept all but revealed her identity to investigators.

Last October, Terry James Albury, a former Minneapolis FBI agent was sentenced to a four-year prison sentence for leaking national security information. Again, the recipient of the leaks was The Intercept. While the media outlet was not widely criticized this time around for the role it played in the arrest, investigators were able to zoom in on Albury by comparing the leaked documents posted on the Intercept’s website with the logs of Albury’s accessing these documents on the bureau’s computer system. (For more details, check pages 8-11 of the search warrant affidavit (pp. 14-18 in the document.))

The hunt on leakers was not started by President Trump. It is well-documented that under President Obama more leakers were prosecuted than under all previous administrations combined. This has led many to question why Obama was less tolerant to leakers than other presidents. But that may be the wrong question to ask and we should wonder instead why his administration was so much more successful in identifying leakers to prosecute. Washington lawyer Mark S. Zaid provided a possible explanation in the Washington Post:

The Obama administration was able to prosecute more leakers because technology is a double-edged sword, making it both easier to leak vast amounts of classified information and to trace those leaks directly to their sources. This, combined with often poor tradecraft by leakers or journalists, means it is now much simpler for the government to collect tangible evidence permitting prosecution in ways that were previously unavailable.

As there is little sign of the Department of Justice backing off from prosecuting leakers, President Obama’s record number of leak prosecutions might be broken by the current administration. Moving forward, journalists and sources alike will have (to continue to) use digital technologies to cover their tracks in order to change the tide.

Bastiaan Vanacker's 
work focuses on media ethics and law and international communication. He has been published in the Journal of Mass Media Ethics. He is the author of Global Medium, Local Laws: Regulating Cross-border Cyberhate and the editor of Ethics for a Digital Age.