Published by The Lawfare Institute
in Cooperation With
One issue that arose during the recent Hoover panel on protecting privacy with big data related to a frequently posed question: Why do we, as a society, appear to object more strenuously to the government obtaining our private information than to companies accessing the same data?
The very question reflects an historical anomaly: The current American anti-regulatory approach to commercial data collection betrays the country’s long tradition of suspicion of corporate, as well as government, power. But more fundamentally, the dichotomy between government collection and corporate collection is a false one. The reason, as I’ll explain, is that once a company has collected the data, it is available to government. The seam between corporate collection and government collection is highly porous.
First off, the premise of the question is problematic. As a country, we have always objected to the concentration of power, regardless its source. In 1829 James Madison warned, “The essence of Government is power, and power, lodged as it must be in human hands, will ever be liable to abuse.” He was a senior statesman when he addressed the Virginia State Constitutional Convention. His words reflected the Founders’ deep understanding of the risks inherent in government.
Control of and authority over people can easily become a tool of tyranny. So the Framers divided it: within Congress; among the three branches of government; between the national government and the states; and between the government and governed. By demarcating different types of authority, and creating overlap, hydraulic pressure would help to limit expansion. Retaining a democratic check provided further assurance against abuse.
Political power, however, was only one of the Founders’ concerns.
Corporations also could influence workers, citizens, and, potentially, the political process, even as close relationships between businesses and their political patrons could create a dominant class. Companies were neither government nor citizen but sui generis, challenging the democratic design.
It was in part due to concern about monopolistic power that Madison’s proposal in 1787 to include in the U.S. Constitution a clause “[t]o grant charters of incorporation in cases where the Public good may require them, and the authority of a single State may be incompetent,” ultimately failed. Although he tried to cabin the power to what was in the public’s best interests, even this proved a bridge too far.
In his article on Corporations, the Original Understanding, and the Problem of Power, Ian Speir documents how the Founders tried to restrain private power. They made corporate entities subservient to the political process, with charters granted or denied by elected state—not federal—representatives. Under the Framers’ formula, fewer corporate entities would exist. For those that did, since state structures were more representative of the People, a stronger restraint would follow.
The controversy over the Second Bank of the United States, ostensibly settled in McCullough v. Maryland as a constitutional exercise of the Necessary and Proper Clause, did not end the debate over the best way to limit corporate and, relatedly, national power. While we think of that case as establishing the reach of Article I(8)(18), the historical record also tells a story that rejected the alignment of corporate and political interests.
In 1832 President Andrew Jackson vetoed the bill to renew the bank’s charter, leading to a massive struggle between the executive branch and the Senate. When his first Treasury Secretary refused to withdraw the federal government’s deposits from the bank (and thus destroy it), Jackson fired him. The Senate passed a resolution censuring Jackson, but he took his fight to the American public and emerged victorious in the mid-term election of 1834. It was not until Woodrow Wilson obtained approval for the Federal Reserve Board, some seventy years later, that anything even approaching the bank came into being at a federal level.
In the interim, as Speir details, state legislative debates over bills to incorporate entities became a flashpoint for the airing of liberty interests. Legislatures limited the duration of charters and reserved the authority to amend them. Unlike their European counterparts, where directors and stockholders were protected from liability, American companies risked dissolution for failing to live up to their legal obligations.
As the strength of industry grew, Congress repeatedly restrained private power. The 1890 Sherman Antitrust Act, premised on Congress’s Article I(8)(3) inter-state commerce authority, cleared the House of Representatives 242-0 and the Senate 51-1. The government used it to open railroads, oil, tobacco, and other markets to competition. In the early 20th century, President Theodore Roosevelt warned that it was not just the right, but the duty of government to control corporations. In 1907, the Tillman Act went on to prohibit nationally chartered corporations and banks from making political contributions. The risk has not abated.
So the first part of my response is to question the premise. Americans have, for centuries and with good reason, distrusted the concentration of power, be it political or corporate in nature.
Yet, even as we have been suspicious of the accumulation of power, the country has consistently embraced innovation and economic growth.
Following the Civil War, the U.S. entered what historian Thomas Hughes describes as a “golden age.” “No other nation,” writes Hughes, “has displayed such inventive power and produced such brilliant innovators as the United States during the half-century that began around 1870.”
Hughes’s 1990 book spoke perhaps too soon. The mid- to late-20th century high tech revolution eclipsed the previous era.
Silicon Valley exemplifies American innovation. The story is legendary: in 1938 Bill Hewlett and Dave Packard began working in a Palo Alto garage on an audio oscillator. Hewlett-Packard was born. Steve Jobs, Steve Wozniak, and Ronald Wayne in 1976 launched Apple Computer. In early 1994, Jerry Yang and David Filo turned their attention to compiling a directory of the web, giving birth to Yahoo! Later that decade Sergey Brin and Larry Page developed an algorithm that morphed into Google.
As the high tech industry exploded, the government facilitated its growth. President Bill Clinton and Vice President Al Gore visited the Bay Area so frequently that local papers joked that they might have to begin paying California taxes.
The government should encourage innovation. But in adopting a hands-off approach across the board, it failed to address the risks inherent in the commercial application of digital technologies.
As a result, U.S. privacy law remains stuck in a Precambrian era. On the consumer side, there is no overarching law to protect private data. HIPAA, a law passed twenty years ago, protects health data tied to particular individuals, and Gramm-Leach-Bliley protects some financial data. But retailers have a relatively free reign, with the Federal Trade Commission able to intervene only when practice departs from corporate policy or otherwise constitutes an unfair trade practice.
The absence of effective controls on the commodification of consumer privacy is becoming a cause for alarm. A recent Pew poll finds that 91 percent of American adults “agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.”
Constitutional law does little to alleviate concern. Fourth Amendment doctrine would have us believe that we have no privacy interest in any information entrusted to a third party. Ditto for actions taken in public—despite the fact that our data reveal where we go, what we do, and who we are with when we do so.
The contrast with our European partners is stark. Article 8(1) of the Charter of Fundamental Rights of the European Union, and Article 16(1) of the Treaty on the Functioning of the European Union, state, “Everyone has the right to the protection of personal data concerning him or her.”
Consistent with these provisions, the European Union Parliament recently approved the General Data Protection Regulation, expanding the scope of data protection law to all foreign companies operating in the European Union. It requires clear and affirmative consent before private data can be processed. It empowers consumers to transfer their digital data to different service providers. It demands that companies provide customers with notice of data breaches, and it provides for penalties to be imposed on corporate entities for noncompliance.
The European initiatives reflect an understanding of the risks of the digital age. The growing pervasiveness of technology has altered the world. From computing power and the establishment of the Internet, to the growth of online transactions, discourse, and social media, the advance of big data and algorithmic analyses, and the Internet of Things, the minutest aspects of our lives are now online.
As FBI Director James Comey demands that Apple do its bidding, as Secretary of Defense Ashton Carter flies out to Silicon Valley to persuade high tech companies to partner with the military, and as President Barak Obama issues Executive Orders demanding public-private partnerships, the U.S. government is not just failing to provide a check on corporate power.
It is using corporate America to consolidate its own power.
When a company works for a customer for a specific purpose, the arrow goes the right way. But when corporate interests become numerous and broad, and when they are paired with political power, and intimate information about us is then made available to the government, in secret, without public scrutiny? Then, no. It is not a lesser risk that we face. The consolidation of power, in any hands, threatens liberty.