Ron Wyden is ready for a fight. Last year, the Oregon Senator exposed cell phone carriers for selling real-time location-tracking data to third parties, without checking that these customers had legal authority to track cell phone users. They promised to stop, but didn’t keep that promise.
Faced with such blatant invasions of privacy, Senator Wyden ramped up the legal threats. He published a draft bill late last year which includes 20-year prison sentences for senior executives of companies that violate customers’ privacy, and plans to formally introduce the bill to the Senate in the coming weeks. Earlier this year, he introduced the Algorithm Accountability Act, which demands that companies assess their algorithms for bias, alongside Senator Booker and Senator Clark.
In an interview with Quartz, Senator Wyden laid out his ongoing plans to take on data harvesting, including a soon-to-be-introduced new bill that will allow consumers to review what personal information companies hold on them, and to challenge any inaccuracies. Senator Wyden could be heard banging on the table during the phone interview as he railed against the widespread invasion of privacy. The conversation below has been edited lightly for clarity and length.
Quartz: Why does the US need to introduce privacy legislation?
Senator Wyden: Last year I blew the lid off the sale of Americans’ location data by the wireless carriers and really sleazy gross middle men business partners. By law, the wireless carriers can only share Americans’ location data with the consent of their customers. But carriers basically would get what we call “pinky promises” [that they had legal authority to access location data] from used car sellers, bail bondsman, payday loan sharks, all these characters who had every financial incentive in the world to, as my 11-year-old William Wyden would say, tell a big old whopper. After I exposed these seedy characters, the wireless carriers promised they were going to clean things up. But months later, there was somebody who basically got a few hundred bucks and found out that they still hadn’t cut off the data brokers. More than a year later, the Federal Communications Commission was still Mr. [Ajit] Pai, who used to work for Verizon, and who still hadn’t done anything.
Your bill states that CEOs could face jail for privacy abuses. Why is that necessary?
My draft bill ensures transparency over the consumer’s data. [The bill demands transparency over what data is collected and how it is stored and shared.] It ensures that the consumer is in the driver’s seat, they have control over how their data is shared. And there would be repercussions for the companies and executives who abuse and basically lie to the federal government. No more slaps on the wrist. The executive faces big personal exposure in terms of fines, and then we create the option for them to be in jail. The day when you got a slap on the wrist for ripping people’s privacy off would be over.
We haven’t seen many repercussions for businesses that violate privacy. Even Europe’s GDPR, hasn’t been strongly enforced. Is your worry that fines aren’t enough of a deterrent?
You’re right, there has been very little accountability. In our country, the Federal Trade Commission, which is the country’s primary cyber security regulator and privacy regulator, doesn’t have either the power (which my bill does) or the resources to be an effective cop on the beat. The companies know this, and that’s why when I caught them the first time they said they’d clean up their act, but then they still haven’t cleaned up their act. One of the reasons they can get away with this is because the Federal Trade Commission doesn’t have the legal authority to stop these rip offs.
Is your fear that these companies are too powerful for the US government to properly stand up to them?
Part of the problem of course is that Mr Pai, the Federal Communications Chairman, used to work for Verizon, and he’s been in the pocket of the wireless industry. He’s more interested in protecting his corporate friends than in protecting Americans from stalkers and cyber criminals. The phone companies, for years now, have been more interested in cozying up to the government than protecting their users’ private information. They willingly participated in the illegal surveillance programs, sharing huge troves of people’s personal data with the NSA and the DEA. The phone companies, apropos of this whole question of the shadowy information ecosystem, operate under the assumption that they’ve earned a lot of brownie points from surveillance-supporting members of both parties. It’s why they’re staffing up their lobbying operation that they believe will protect them from the consequences of their commercial abuse of Americans’ privacy.
What stage is your bill at and what’s your hope for when it might pass?
As far as I’m concerned, it should have passed yesterday. I think as more and more examples of this—as you know, there were just stories a couple of days ago about Facebook’s concern about various emails from Mark Zuckerberg that suggests that he has not been altogether candid about their privacy policies. I think momentum is building.
Do the calls to break up big tech fit in with what you want to do?
I think that vendors are going to have a choice here. This discussion about breaking companies up, it’s certainly a debatable proposition. I think much more important and much more immediate is to pass a federal privacy law along the lines of what we’re talking about. In other words, when you get into this anti-trust area, you are into a lawyers’ full employment program. There is going to be vast amounts of back and forth.
There’s a lot of worry about AI facial recognition. What other sectors are you concerned about?
I think the Algorithm Accountability Act [introduced by Senator Booker, Senator Clark, and Senator Wyden, which would demand companies explain how their algorithms work and evaluate how algorithms may affect privacy] is an enormously important part of this, because algorithms have not been subject to any real oversight and scrutiny and they really drive automated decision making. But I’m going to be introducing another bill soon, which will give consumers a way to review what personal information a company has about them, learn with whom it’s been shared or sold, and challenge inaccuracies in it.
When will you introduce it?
In the next few weeks.
Realistically, when do you think we will start to see these bills in action?
What I’m trying to do is build a grassroots juggernaut for changing privacy rules. Change doesn’t start in Washington DC and trickle down. It’s bottom up. And certainly Mitch Mcconnell has not been a big supporter of these kinds of reforms. So I’m focused on building that grassroots juggernaut.