How Ro Khanna Plans to Prevent the Next Cambridge Analytica Scandal
For more than a decade, the giants of Silicon Valley have been pumping out products and services that millions of people and companies now use every day: social networks, search engines, two-day shipping on toilet paper. Only recently, however, have Americans become aware of just how much of their privacy they surrendered—sometimes knowingly, sometimes not—by joining this ecosystem of app-centric convenience.
In 2017, for example, Yahoo disclosed that four years earlier, hackers gained access to every single one of its three billion accounts. A 2018 Facebook breach left the data of 50 million users unprotected; in 2019, records of more than 500 million Facebook accounts appeared on a public-facing Amazon cloud server. During the 2016 election cycle, the political consulting firm Cambridge Analytica quietly harvested personal information from millions of Facebook profiles and used it to target unsuspecting users with political ads. At this point, Americans are so fearful of tech companies mismanaging their data—and so used to them giving it away—that a viral Instagram hoax promising to keep your photos out of the company's clutches is convincing enough to fool the U.S. Secretary of Energy.
The dearth of regulatory oversight stems, at least in part, from the speed with which the industry has evolved. But, argues California congressman Ro Khanna, a “technological illiteracy” in Washington plays a role, too. Khanna, a Democrat who represents the district home to a large chunk of Silicon Valley, recalls a recent hearing in which Iowa Republican Steve King asked Google CEO Sundar Pichai to explain how notifications could pop on an iPhone while King’s granddaughter was playing games on it. “And Pichai has to patiently explain that Google doesn't make the iPhone, and that Apple makes the iPhone,” Khanna says. “Why is it acceptable for a sitting member of Congress not to know that?”
Other recent headlines have further thrown into sharp relief the need for more robust regulatory intervention in the tech world. Online communities are radicalizing mass shooters, including the Texas man who targeted Hispanic shoppers when he killed 22 people at an El Paso Wal-Mart earlier this month. Hackers are holding municipal networks hostage for millions of dollars, forcing small-town governments to either pay up or rebuild their systems from scratch. Russian interference in the 2016 election likely helped swing that contest to Donald Trump. The disinformation campaigns of 2020 might be even worse.
Last fall, in an effort to build a framework for a better-regulated Internet, Khanna unveiled what he calls the Internet Bill of Rights—ten legal protections to modernize individual rights for the digital age. Despite what the name might indicate, these rights would apply to any company whose business involves the collection of consumer data, and not only against tech giants like Facebook, Google, and Twitter. The proposal includes the right to know about “all collection and uses of personal data by companies,” and to be notified “in a timely manner when a security breach or unauthorized access of personal data is discovered.” Other items on his list would strengthen people's ability to correct or delete personal data in a company's control, and require companies to obtain consumer consent before collecting or sharing data with third parties.
I recently spoke with Khanna about the Internet Bill of Rights, the cultural impact of social media, and the future of laws and regulations designed to keep private data private. An edited and condensed transcript of our conversation follows