Source Code: Your daily look at what matters in tech.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
yesIssie LapowskyNone
April 16, 2020
A chief critic of the tech industry's attempts to track coronavirus patients went to work and held meetings with employees after his doctor directed him to take a test for COVID-19 that subsequently came back positive.
Marc Rotenberg, the president and executive director of the Electronic Privacy Information Center in Washington, D.C., acknowledged in a memo to his staff and his board that he should have quarantined and alerted his staff that he was taking a coronavirus test on March 9, instead of continuing to work alongside them for two days.
But Rotenberg's apology hasn't quelled the anger of some EPIC employees, who say he not only put their safety at risk, but also undermined their organization's resistance to invasive coronavirus surveillance.
"He's out there saying privacy trumps surveillance," said one former employee who worked there at the time. "Every time he opens his mouth, what runs through my head is: We need more surveillance."
Internal documents and interviews with several current and former employees reveal that this incident has sparked an uprising within EPIC's small team of about a dozen people, with several employees resigning — including Rotenberg's deputy, Mary Stone Ross — following Rotenberg's dual revelation that he had COVID-19 and that EPIC was facing funding difficulties. Others have written to EPIC's board, asking for substantive changes to the organization's management structure.
Rotenberg meanwhile has continued to warn Congress and the public against embracing technological tools that use location data to enable widespread coronavirus surveillance without considering the privacy implications. "Sometimes people have an almost sacrificial sense about their privacy," Rotenberg told BuzzFeed News in an article published 19 days after Rotenberg received his results. "They say things like, 'Well, if it'll help save lives for me to disclose my data, of course, I should do that.' But that's actually not the right way to solve a problem."
Rotenberg has apologized to EPIC's staff, writing in a letter reviewed by Protocol, "I am genuinely sorry for the disruption, concern and worry I may have caused to you and your family. Please know that was never my intent. I tried my best to make good decisions, given the information I had. In retrospect, there is more I should have done."
Asked to comment, Rotenberg responded by accusing a former staff member of leaking the story to Protocol. Asked again to comment, he said: "I think I said what needed to be said."
It was direct contact tracing that first alerted employees that they had been exposed to the virus. On March 11, an EPIC employee emailed the rest of the team to say he'd received a call from the Washington, D.C., department of public health. A health official told him he may have come into contact with someone who tested positive for coronavirus. In the email, the employee let his colleagues know he'd be working from home and monitoring for symptoms in order to protect the rest of the EPIC team.
But then shortly after, another staffer followed up saying they'd gotten the same call. Then another. Then another. By the end of the day, all of the advocacy group's Washington, D.C.-based employees confirmed they'd received the same warning.
Rotenberg hadn't responded to the thread, but earlier in the day, he had emailed the staff, encouraging them to work from home. "Also, social distancing is a good practice," he wrote, according to an email reviewed by Protocol. He did not mention that his COVID-19 test had come back positive that very morning.
The staffers swapped stories, wondering who might have brought the virus into the office. Some theorized it was a mail carrier. Some wondered if it had been a journalist who recently visited. Others speculated that Rotenberg, who returned from a trip to Milan in late February, might have been the source.
The next day, on March 12, Rotenberg called the entire team to a Zoom meeting and confirmed that he had, in fact, tested positive for coronavirus. He also laid out a rough timeline of his recent medical history, according to interviews with people on the call. He told them he'd returned from Milan on Feb. 22, and registered a temperature of 99.5 on March 1. At the time, that was still below what the Centers for Disease Control considered to be a symptom. But on March 5, he contacted his physician about his temperature and his recent travel to Italy, after receiving guidance from Georgetown University, where he teaches. According to the account Rotenberg gave in his apology letter, his doctor initially didn't think he needed to be tested but changed course the following day. At that point, it was Friday, and Rotenberg later told the staff he was already on a plane about to depart for Miami for the weekend. So he scheduled a test for when he returned to D.C. on Monday, March 9.
Rotenberg went to the office that Monday, Tuesday and Wednesday, and left as soon as he received the call about his results Wednesday morning. But he didn't mention any of this to his staff until the Zoom meeting that Thursday.
"We were all a little shocked," said one former employee who was on the call. "There was no sense of apology, no humility, not even, 'I thought I was responsible at the time, but looking back I would have done things differently.'"
Then Rotenberg dropped another bomb, telling the staff that EPIC only had enough money to pay people's salaries for another six months.
"It was, 'I exposed my team to a pandemic, and you might not have a job' in the same meeting," the former employee said. "Pretty rough."
"That really did it for everybody," said one current employee. "Everybody was like, 'What is going on?"
As privacy advocates, the EPIC staff understood more than most the importance of protecting employees' private health information. The nonprofit's lawyers are constant fixtures on Capitol Hill, forever butting heads with tech giants like Facebook and Google over the ways they collect and share personal data. But those employees also believed their boss had a responsibility to protect them, too. "The idea [of anonymity] is for workplace retaliation. I think that rationale is pretty strained when it's the executive director," said one of the former employees.
Even after testing positive and alerting staff, internal emails show, Rotenberg told employees he was going to the office to collect the mail, though it's unclear if he ever did. This prompted multiple employees to contact D.C.'s department of public health.
More than two weeks after the meeting, after EPIC employees wrote to members of the board with their concerns, Rotenberg sent the board and the staff a five-page letter both apologizing and defending his actions.
"I know some people are surprised and concerned that I was in the office on March 9, and I can imagine a scenario where someone else in the same situation could have stayed home to wait for a determination. In retrospect, that was obviously the better choice," Rotenberg wrote on March 30. "But at the time, and even today, that is not the CDC protocol. People are routinely tested then continue to practice social-distancing rather than self-quarantine."
For EPIC's employees — at least one of whom says they've experienced some symptoms consistent with the virus — this is hardly enough. Beyond the concerns for their own safety, the employees Protocol spoke with say Rotenberg's behavior gives those who might like to expand surveillance of coronavirus patients — and the rest of the population — the very excuse they need. "It rubs us all the wrong way when we see him quoted in the press talking about contact-tracing privacy issues when he's violating the guidelines," a former employee said.
Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.
In his letter to the staff and the board, Rotenberg said he followed all CDC protocols as they stood at the time. His letter didn't address whether he went to the office to check the mail after being diagnosed.
Of course, there's also Rotenberg's privacy to consider. EPIC's employees say they thought a lot about that before sharing this information publicly. But they argue that, in this situation, the risks to him maintaining his privacy outweighed the benefits.
"Privacy is something that's constantly weighed against other things," one current employee said. "It doesn't make sense for it to be absolute."
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
People
Making the economy work for Black entrepreneurs
Funding for Black-owned startups needs to grow. That's just the start.
"There is no quick fix to close the racial wealth and opportunity gaps, but there are many ways companies can help," said Mastercard's Michael Froman.
Photo: DigitalVision/Getty Images
February 26, 2021
Michael Froman serves as vice chairman and president, Strategic Growth for Mastercard. He and his team drive inclusive growth efforts and partner across public and private sectors to address major societal and economic issues. From 2013 to 2017, Mike served as the U.S. trade representative, President Barack Obama’s principal adviser and negotiator on international trade and investment issues. He is a distinguished fellow of the Council on Foreign Relations and a member of the board of directors of The Walt Disney Company.
February 26, 2021
Michael Froman is the vice chairman and president of Strategic Growth for Mastercard.
When Tanya Van Court's daughter shared her 9th birthday wish list — a bike and an investment account — Tanya had a moment of inspiration. She wondered whether helping more kids get excited about saving for goals and learning simple financial principles could help them build a pathway to financial security. With a goal of reaching every kid in America, she founded Goalsetter, a savings and financial literacy app for kids. Last month, Tanya brought in backers including NBA stars Kevin Durant and Chris Paul, raising $3.9 million in seed funding.
<p>
Reaching this milestone is a testament to Tanya's perseverance and resilience as she, like many other Black women founders, struggle to find institutional investors. Our financial system is simply not set up to help Black entrepreneurs launch a business. Most new businesses are initially funded from savings and home equity, but the persistent racial wealth gap in our country places Black would-be entrepreneurs at a dramatic disadvantage since many don't have those assets available. On top of that, of the approximately $625 billion in venture capital invested since 2015, only around $15 billion went to Black and Latinx founders; that's just 2.4% of funding. For Black women founders specifically, the numbers plunge to 0.27% of funding over the past <a href="https://www.projectdiane.com/" rel="noopener noreferrer" target="_blank">two years</a>.
</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>
This is not an issue that will resolve itself; we need to be deliberate about opening doors and bringing down barriers, not just to solve for one Black or minority-owned business at a time, but to rebuild a system that gives everyone a chance. Capitalism has lifted millions of people out of poverty and improved their quality of life, but it has also left many behind. As we now rebuild our national economy, we need to ensure future growth is inclusive, and that small businesses — the backbone of our economy — recover in a way that lifts up promising Black-owned startups at every point in their journey.
</p><p>
There is no quick fix to close the racial wealth and opportunity gaps, but there are many ways companies can help. Here are four insights we've learned from years of working with startups and community organizations.
</p><p>
<strong>Invest in the network.</strong> Startups like Oakland-based <a href="https://www.mycnote.com/" rel="noopener noreferrer" target="_blank">CNote</a> are working to channel capital to underserved micro and small businesses through a vast network of Black-owned banks, minority credit unions and community development financial institutions that have direct access to many local communities. However, these market innovators are hampered by complex governance requirements that Fortune 200 companies have to put in place before they will do business. We need to make it easier for new players like CNote to pass procurement hurdles and get into the pipeline so they can grow. By helping them on the back end, it opens them up to partnering with large corporates from all across the country.
</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>
<strong>Open up access to markets.</strong> For those Black-owned businesses that do secure a first round of funding, their growth trajectory often slows when it comes to entering new markets. A startup's ability to scale increases exponentially when larger companies with trusted relationships not only make introductions to its partners but also offer the startup's services as part of a proposed solution to customers. This is an approach that has helped <a href="https://mocafi.com/about/" rel="noopener noreferrer" target="_blank">MoCaFi</a>, a New York-based, Black-owned startup that offers banking services to lower- and moderate-income communities, to start working with local city leaders in new markets. This work can be mutually beneficial for corporations: The ability to deliver effective support to underserved communities increases when the right partners with the right solutions are brought to the table.
</p><p>
<strong>Digitizing access to capital.</strong> Black entrepreneurs are being denied or given smaller bank loans nearly <a href="https://www.federalreserve.gov/publications/2017-september-availability-of-credit-to-small-businesses.htm" rel="noopener noreferrer" target="_blank">twice the rate of</a> their white peers — 54% compared to 30%, respectively. Microfinance institutions and CDFIs have stepped in to fill this void, supporting applications for those previously denied loans. However, the demand exceeds the resources and tools available, and getting funds to those who need it urgently can be challenging. New digital tools can be transformative in this situation if we could accelerate access for these organizations. Many rely on slow paper-based processes, but through the digitization of both applications and distribution of loans, CDFIs like the <a href="https://crfusa.com/" rel="noopener noreferrer" target="_blank">Community Reinvestment Fund</a> and micro-finance institutions like <a href="https://www.grameenamerica.org/" rel="noopener noreferrer" target="_blank">Grameen America</a> have been able to process requests faster, more securely and for more businesses, throughout the pandemic.
</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>
<strong>Going all in. </strong>Finally, one of the most important lessons we've learned is that the programs and partnerships used to tackle these issues can't be just for a moment in time or a single intervention. For maximum impact, companies need to be all in with the full breadth of their assets — funding, product pilots, supplier practices, consulting services, data insights — as this is how to drive a catalytic impact and create a more sustainable, inclusive digital economy.
</p><p>
As more businesses, CEOs, corporate treasurers and venture capitalists join in this effort, we can collectively help bridge that wealth and opportunity gap. Startups can't scale up if they aren't given that first chance.
</p><p>
As we are reminded during this Black History Month, the problems of racial economic disparity have existed for too long, and although the challenge seems daunting, we are confident that with perseverance we can successfully build a more just and equitable economy. Our early progress matters, and we should make every effort to build on the first steps by coming together across sectors and organizations so that amazing ideas like Tanya's are embraced from the outset.
</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p>
Keep Reading
Show less
Michael Froman serves as vice chairman and president, Strategic Growth for Mastercard. He and his team drive inclusive growth efforts and partner across public and private sectors to address major societal and economic issues. From 2013 to 2017, Mike served as the U.S. trade representative, President Barack Obama’s principal adviser and negotiator on international trade and investment issues. He is a distinguished fellow of the Council on Foreign Relations and a member of the board of directors of The Walt Disney Company.
Sponsored Content
Building better relationships in the age of all-remote work
How Stripe, Xero and ModSquad work with external partners and customers in Slack channels to build stronger, lasting relationships.
Image: Original by Damian Zaleski
February 21, 2021
February 8, 2021
Every business leader knows you can learn the most about your customers and partners by meeting them face-to-face. But in the wake of Covid-19, the kinds of conversations that were taking place over coffee, meals and in company halls are now relegated to video conferences—which can be less effective for nurturing relationships—and email.
Email inboxes, with hard-to-search threads and siloed messages, not only slow down communication but are also an easy target for scammers. Earlier this year, Google reported more than 18 million daily malware and phishing emails related to Covid-19 scams in just one week and more than 240 million daily spam messages.
<p>To keep the lines of communication wide open in this new reality, organizations are adopting new cloud solutions at a rate CIOs expected to see years from now. In fact, 79% of CIOs agree that the pandemic will force their organizations to digitally transform faster than planned, according to <a href="https://slack.com/blog/transformation/people-partners-systems-slack" rel="noopener noreferrer" target="_blank">J.P. Morgan</a>. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>But executive leaders know it takes more than just adopting a communication platform or software bundle to build relationships remotely. You have to find the <em>right</em> solution that meets both your internal and external collaboration needs. That's why competitive businesses today are turning to Slack, the <a href="https://slack.com/features/channels" rel="noopener noreferrer" target="_blank">channel-based messaging platform, </a>to close communication gaps with partners and customers in the age of remote work. Companies can securely collaborate with external parties using <a href="https://slack.com/help/articles/360017938993-What-is-a-channel" rel="noopener noreferrer" target="_blank">Slack channels</a>, a single place to share files and messages, in the same <a href="https://slack.com/resources/using-slack/setting-up-a-shared-channel" rel="noopener noreferrer" target="_blank">Slack workspace</a> through <a href="http://slack.com/connect" rel="noopener noreferrer" target="_blank">Slack Connect</a>.</p><p>With Slack Connect, organizations can build stronger customer and partner relationships through real-time communication. And unlike email—which leaves users open to the risk of spam and phishing—companies and external parties receive communications only from <a href="https://slackhq.com/introducing-new-layers-of-enterprise-grade-security" rel="noopener noreferrer" target="_blank">verified members in Slack channels</a>. Plus, Slack workspace administrators can maintain control over data and monitor external access. </p><p>Here's a closer look at how teams at Stripe, Xero and ModSquad are using Slack Connect to engage customers, prospects and partners in real-time and close deals faster. </p><h4>Stripe: Expediting sales deals while building lasting relationships with customers</h4><p><a href="https://stripe.com/" rel="noopener noreferrer" target="_blank">Stripe</a> is an online payment provider with a mission to support e-commerce. The Stripe sales team works with early-stage startups all the way through global Fortune 500 companies, and uses Slack Connect to engage with customers, keep communication organized and teams in sync, and jump on sales opportunities.</p><p>Jeanne DeWitt Grosser, head of Americas revenue and growth at Stripe, says communicating with prospective customers in Slack has been instrumental in maintaining engagement and closing deals.</p><p class="pull-quote">"Historically, the gold standard of a deep relationship in sales was getting the person on text," says DeWitt Grosser. "Now the gold standard is getting them into a Slack channel."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Usually at the beginning of a sale, DeWitt Grosser explains, reps used to double down on communication using the "law of 2x." Essentially, you start with a meeting and then follow up a week later. But this strategy no longer makes the cut: A lot could change in a week, and Slack is more in line with the tempo of the digital workplace. </p><p>"In Slack channels, the dialogue with the prospect happens in real time, as opposed to the next time you align your schedules," DeWitt Grosser says. "This kind of personal, persistent connection grows customer loyalty and retention."</p><p>Often sales reps have to communicate with a variety of departments to seal the deal. Instead of emailing them separately and creating silos, Stripe's account executives and solution architects set up a Slack channel with key customer stakeholders, like developers, the head of payments and a finance representative. </p><p>"When you need to move quickly, email is not the right format: It's more formal and responses take longer," says James Dyett, Stripe's head of global product sales and payments optimizations. "Slack has super powers. It's a much better experience." </p><h4>Xero: Working with external partners like they're on the same team</h4><p>If the pandemic has taught us one thing, it's that relationships matter. Whether it's launching a marketing campaign with a partner or hiring contractors to complete a specific project, we can't—and shouldn't—try to do everything ourselves. <br><br>When it comes to nurturing partnerships in the midst of the pandemic, <a href="https://www.xero.com/" rel="noopener noreferrer" target="_blank">Xero</a>, a cloud-based accounting software company, affirms that working in Slack Connect has been a game changer. Justine Wallendorf, New Zealand partner marketing manager at Xero, says Slack Connect helped her team launch a joint online marketing campaign with partners, <a href="https://www.figured.com/en-us/figured-xero" rel="noopener noreferrer" target="_blank">Figured</a> and <a href="http://paysauce" rel="noopener noreferrer" target="_blank">Paysauce</a>. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>The three companies were offering a complete software solution for farmers looking to manage their business digitally. By coming together in one Slack channel, #xero-partners, the sales and marketing teams across all three businesses could connect and ensure alignment on: </p><ul class="ee-ul"><li>Immediate universal access to all campaign details</li><li>Consistent messaging across sales enablement deliverables, such as one pagers and slide decks</li><li>Quick feedback and turnaround times for deliverables</li><li>Clear leadership signoffs</li></ul><p class="pull-quote">"Working in Slack Connect guaranteed that everyone was beating the same drum and speaking the same language, positioning our partnership as best as possible in the market," Wallendorf says.</p><h4>ModSquad: Winning customer loyalty with exceptional customer support</h4><p>With so much uncertainty in the world, efficient and reliable customer support is akin to a safe harbor in a storm. That's why Slack customer, <a href="https://modsquad.com/" rel="noopener noreferrer" target="_blank">ModSquad</a> has its support teams troubleshoot customer issues in real time with Slack Connect.</p><p>As a customer experience outsourcer, ModSquad knows good customer service. Each day, ModSquad's global crew of experts—the Mods—help their customers engage with their audiences online through customer support, content moderation, community management and social media. </p><p>ModSquad works with its clients in Slack Connect to set up service level agreements and incorporate support dashboards. With the <a href="https://slack.com/apps/A0108APQFQC-geckoboard" rel="noopener noreferrer" target="_blank">Geckoboard Slack integration</a>, ModSquad monitors clients' incoming calls and chats—without ever leaving Slack. Whenever the team sees an uptick in activity or service impacting issues, they can quickly alert clients and internal teams for quick resolution. The team also relies on a <a href="https://slack.com/apps/A9WFQ3M0B-zendesk" rel="noopener noreferrer" target="_blank">Zendesk Slack integration</a> to track service desk tickets, troubleshoot and resolve issues.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>According to Steve Henry, senior vice president, client services at ModSquad, Slack channels also help build a culture of transparent communication and trust with clients.</p><p>"Establishing trust with our clients is very important, and Slack provides a crucial component for all of our efforts" Henry says. "With Slack, we can provide world-class support solutions and improvements for our clients, driving efficiencies while growing their business in the process."</p><h4>In an all-remote world, Slack Connect builds strong partnerships</h4><p>Slack Connect is available for <a href="https://slack.com/pricing/paid-vs-free" rel="noopener noreferrer" target="_blank">all paid plans</a>. If you're already a customer but new to Slack Connect, feel free to <a href="http://slack.com/contact" rel="noopener noreferrer" target="_blank">reach out</a> or learn more on <a href="https://slack.com/resources/using-slack/setting-up-a-shared-channel" rel="noopener noreferrer" target="_blank">how to get started</a>. And if you want to see how others are using Slack Connect to work with external partners, check out a few of our recent <a href="https://slack.com/blog/collections/slack-connect-shared-channels-shared-success" rel="noopener noreferrer" target="_blank">customer stories</a>. </p>
Keep Reading
Show less
People
Citizen’s plan to keep people safe (and beat COVID-19) with an app
Citizen CEO Andrew Frame talks privacy, safety, coronavirus and the future of the neighborhood watch.
Citizen added COVID-19 tracking to its app over the summer — but its bigger plans got derailed.
Photo: Citizen
February 24, 2021
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
February 24, 2021
Citizen is an app built on the idea that transparency is a good thing. It's the place users — more than 7 million of them, in 28 cities with many more to come soon — can find out when there's a crime, a protest or an incident of any kind nearby. (Just yesterday, it alerted me, along with 17,900 residents of Washington, D.C., that it was about to get very windy. It did indeed get windy.) Users can stream or upload video of what's going on, locals can chat about the latest incidents and everyone's a little safer at the end of the day knowing what's happening in their city.
At least, that's how CEO Andrew Frame sees it. Critics of Citizen say the app is creating hordes of voyeurs, incentivizing people to run into dangerous situations just to grab a video, and encouraging racial profiling and other problematic behaviors all under the guise of whatever "safety" means. They say the app promotes paranoia, alerting users to things that they don't actually need to know about. (That the app was originally called "Vigilante" doesn't help its case.)
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>Above all, Citizen raises questions: When does safety trump privacy? What are people willing to give up or risk in order to keep themselves and their loved ones safe? What does "safety" even mean in an increasingly digital world?</p><p>Frame joined the <a href="https://www.podpage.com/sourcecode/" target="_blank">Source Code podcast</a> to discuss all that and more. He talked about the app's history, what it means to promote safety above all else, how his company tried — and failed — to fight COVID-19 long before other tech companies got involved and what it means to be a good Citizen citizen.</p><div class="rm-embed embed-media"><iframe frameborder="no" height="200px" scrolling="no" seamless="" src="https://player.simplecast.com/1cb18adc-4514-4097-b9a5-3c9a5c2e5408?dark=true" width="100%"></iframe></div><p><em>The following excerpts from our conversation have been lightly edited for length and clarity.</em><br></p><p><strong>Citizen has had sort of a windy history, so maybe go all the way back to the beginning of the product and the company. What was the thing you were trying to build when you started out building it?</strong></p><p>I wanted to build something that was consumer [facing], because that's where my passion lies. And I feel like that's the only thing I'm sort of good at. It had to be mobile first, network-effect driven, with a very noble mission so that once the network effect activates, hopefully, it becomes the gift that keeps on giving. </p><p>As soon as I identified wanting to build a safety product, the question was, how do you get to market with a product that keeps people safe? There was a moment where I was sitting outside, and I was just thinking about, what is the Trojan horse to build a safety system? And it just dawned on me: I think all of us remember playing with police scanners, and listening to police. It's this incredible data stream that is filled with people in need of help. And it was just this closed system that had open access for listening. When a fire hits a building, nobody knows except the fire department. Why don't the 1,000 people inside of the building know that their building is on fire? The information is right there, transmitted right through the walls of that building. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>And so it just instantly hit me: Let's open this system, create a trusted shared safety system where police and civilians and everybody has access to the same information. There are so many great byproducts of creating this open, shared system, one of which is you get the people out of the burning building. You get the kidnapped kid back because you got the whole neighborhood engaged. You eliminate police brutality, because now you've built what I call "conditional transparency." It's not a radical transparency. It's a conditional transparency, meaning the transparency hits once a kid is missing. It doesn't mean there's overhead planes surveilling, there's no surveillance state in this. It's simply transparency when it is urgently needed. And that was kind of the genesis of this thing.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p><strong>I'm getting ahead of myself here, but you kind of already got into what over the years has been complicated in how people think about Citizen. The reason to not tell the people in the building that there's a fire is that you don't want to cause a panic, right? And the reason to not tell people in the neighborhood is that you don't want them running toward the fire, because some people will run toward a fire.</strong> </p><p><strong>All the pushback I've ever seen about Citizen has basically been about that fundamental question. Is it productive to have all of this information given to everyone all the time? At some point, do you just have to decide that, on balance, you believe it is?</strong></p><p>You know, there would be no innovation if people were just fixated on worst-case scenarios. On any product, we can think about worst-case scenarios. And of course, there are valid reasons. But it's not going to stop you from building something great. </p><p>Just take Uber, right? I was taught not to hitchhike, that'd be a very dangerous thing. And if we were all in a room thinking about what happens when you just allow people to hitchhike with their neighbors, and build it as a global platform? People would say, "Oh, my gosh, that's the worst idea of all time."</p><p><strong>A lot of people did say that about Uber!</strong> </p><p>Yeah. So you know, it's just so easy to just fixate on the worst-case scenario. This is no longer an idea. This is something that is prevalent across 28 cities, we have ZIP codes, where 60[%], 70[%], 80% of the entire ZIP code are active Citizen users. We don't have those stories. Believe me, I was also terrified of this. At the beginning, it gave me and the team a huge amount of anxiety, because we also thought about the worst-case scenario. But we also thought about the best-case scenario, which is why we built this and why we're scaling. And it far exceeds the unfounded fear of some of these worst-case scenarios.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p><strong>I feel like COVID has become kind of a bigger part of Citizen than I would have expected. Rewinding to the early days of the pandemic, was it obvious to you that Citizen needed to be part of this, needed to help be the solution here?</strong></p><p>At first, everybody in the company wanted to pitch COVID ideas. It wasn't until we realized just the architectural model of contact tracing — a very simple idea of just enabling Bluetooth and allowing everybody's Bluetooth radio to say hello to each other as you come in close physical contact — that it was like, OK, wait a sec, we already have distribution. We had 30% of New York City on the app back in March. </p><p>We just went, "Oh, my goodness, we have the safety platform, all we have to do is ask these 30% of New Yorkers to turn on Bluetooth." Suddenly, we have the largest and most dense contact-tracing system in any big city in the world, in ground zero, which was New York at the time. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>Unfortunately, we never got the approval to launch it. </p><p><strong>What happened?</strong> </p><p>It's a complicated story. Apple and Google had their own plans. We came forward with this architecture, and we needed help. We needed allies. We needed Apple, we needed Google, we needed the government. </p><p>We created a product that integrated at-home testing and contact tracing. Because we knew those were the two tactics on how to manage this here in the U.S. Our ask was basically, a) obviously we need to get it in the App Store; b) we wanted the government to pay for all that at-home testing for the U.S. Labcorp was working on their at-home test kit. And basically, you could just ship a test kit to anybody that asks for it within 24 hours, saliva sample, they send it back, and the result is delivered in the app. So it'll say, "You're negative for COVID." </p><p>Keep in mind, this is back in March that we had this. We built prototypes and everything inside the company, we were taking tests and getting the results in the app. Now, if you are positive, it would automatically inform all of the people that your Bluetooth recently saw that "you have had a potential exposure to COVID." Those people would then be offered a free test that would show up the next day. You can imagine if we partnered with Amazon on the logistics side, where Amazon is trucking these. It's like OK, tech, come together and let's go, like, what can we do about COVID? There was zero government support. None whatsoever. We needed them to pay for the tests. It'd be great if Amazon did the logistics. But we called it the "testing-tracing flywheel." And this is, again, back in March, people had never even heard of contact tracing.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>We didn't get the support. We didn't get the alliances, we were on our own on this one. And the government, there was a Contact Tracing Task Force, we were selected as the app to provide contact tracing to America, before [the task force] was suddenly just disbanded and dissolved and just went away one day.</p><p><strong>My question was going to be, wouldn't this be a useful time to do things like partner with local governments, but you're saying you did, and then it fell apart?</strong></p><p>Well, there was no official partnership. But we were told that this was by far the best system for America. And there were just a bunch of meetings that didn't really go anywhere. And then suddenly, you know, they put a bunch of great technology entrepreneurs on the task force, who we knew! We knew all these people, and it was great. Sometimes government needs entrepreneurs to step up and solve problems. And in this case, it seemed like something was going to happen, but then it was just instantly disbanded with no plan. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p><strong>Looking back now with almost a year of hindsight, was there anything else you could have done? Should you have just pushed through and said, "We'll figure something else out, screw all the rest of you?"</strong></p><p>No, we couldn't, we didn't have approval from the app stores. Right now, innovation is no longer open. You have to go through the app stores, and they will decide if your innovation can reach the world. This is not how it was, pre-mobile. With the internet, you can build anything you want. And you have an open, uncensored, unfiltered internet. And with app stores, you don't. You must get through the process.</p><p><strong>This is actually sort of a perfect example of the kind of tension we were talking about earlier. You have an obvious societal good. No one is going to argue that curbing the spread of COVID-19 is not a good thing. We're all on the same page about that. But then, and this is what I think we spent maybe six months too long debating, you have all of the privacy implications of that. What does it mean that there's now a system that knows that not only do I have COVID, but who gave it to me and where they got it from? Were those the kinds of debates that you were having, even back in March? Was that the holdup?</strong></p><p>That actually annoyed me, because I just don't think that COVID was this mass privacy thing. All of the data was protected, nobody would know. But most likely, just through the social interaction, like people, every person that has COVID has told me. It's not like, "Oh, my gosh, this person has COVID. Nobody can know." </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p>And we didn't expose the name. We did expose the location. There was a big fight even with the app stores, because we thought that the location was super relevant. Why? Because it protects more people. If you went to a superspreader dinner, it should say, here's the time and place you got COVID. We can say Friday night, 8 p.m., here's the location. We're not going to tell you who, but you're like, "Oh, that was the birthday party." What's the next step? Tell everybody at the birthday party that there was an exposure there, because not everybody has the contact tracer. </p><p>This was about beating COVID. I just think that there was this red herring around privacy that stopped everything. Privacy became the fundamental discussion, when it's like, OK, we won on the privacy side, but how are we doing as a nation now? Printing trillions of dollars, small businesses all going out of business. What mattered more: this privacy thing that seems to be extremely unfounded and a red herring, or beating COVID?</p><p><strong>That's the big existential question around all of this, right? And it goes back to what you were saying before about best- and worst-case scenarios. There's just always going to be a tension between privacy and safety, right? Even as we talk about things like encryption, there's always going to be that tension. And at some point, all you can do is pick a side and be clear about which side you've picked.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="9">
</div>
</div></p><p>Yeah. I mean, you've got to use judgment. And this is really where mission comes in. What is this privacy preservation that we're even talking about? I mean, the amount of tracking going on by Big Tech is thousands of times more privacy-invading than the COVID thing we were talking about. </p><p>The fact that we just got so sucked up talking about privacy preservation being the only issue, when in the meantime, COVID is spreading rapidly and just destroying families and small businesses and American restaurants that'll never come back. I think that the focus was on the wrong area.</p>
Keep Reading
Show less
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
Transforming 2021
Blockchain, QR codes and your phone: the race to build vaccine passports
Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.
One day, you might not need to carry that physical passport around, either.
Photo: CommonPass
February 23, 2021
Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.
February 23, 2021
There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.
Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>But building a system that everyone agrees with — and can access — is no small task. There are several companies working on competing projects to verify vaccinations. But beyond that, there are more than a few hurdles that could prevent vaccine passports from succeeding, from antiquated medical records systems to interoperability issues and privacy concerns. Here's how they could actually succeed. </p><h3>Competing projects, similar standards</h3><p>Pretty much since the first blockchain white paper, people have been looking for perfect examples of where a distributed, immutable ledger could be valuable. There's obviously the push to use it for currencies, and companies have tried to use it for things like tracking <a href="https://www.protocol.com/ibm-blockchain-supply-produce-coffee" target="_self">food production</a> and <a href="https://www.govtech.com/products/Blockchain-Voting-Debate-Heats-Up-After-Historic-Election.html" rel="noopener noreferrer" target="_blank">voting</a>, but there are few use cases that have truly taken off, at least so far. "We've been working on this since 2014; we never thought that health care would be the kind of the use case that we take this mainstream," Jamie Smith, the senior director of business development at Evernym, a company focused on using the blockchain as a basis for verifying identities, told Protocol. </p><p>Smith said Evernym had been discussing its concepts with automakers, retailers, telcos, governments, loyalty companies and banks prior to the pandemic. One of those companies was IAG, the airline group that owns British Airways, which had been interested in the idea of contactless travel based on a single identity credential that follows you from the airport check-in to your gate. With the pandemic, that morphed into thinking about ways to verify that passengers have had negative COVID tests, and eventually, that they've received a vaccine. "From our perspective, it was a really easy lift to see," Smith said. "We're doing contactless travel, and we just added verifiable credentials for test results."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>It's a similar genesis for IBM's Digital Health Pass initiative, which leader Eric Piscini said started about two years ago as a way to store people's entire health records in a safe, accessible platform. It also relies on the blockchain for its immutable record of proof, and both Evernym and IBM are part of an open-standards group called the Good Health Pass Collaborative, which aims to bring private credentialed vaccine records to business and people around the world. Companies are working on their own implementations of the standards, but Evernym's Smith said the data is meant to be portable from one passport to another. </p><p>Most of the companies working on passports say their systems are private by design, especially given that they're mainly working off the same open standards. In most cases, the health information only ever remains on a user's phone, but where it asks to verify that the user's information meets a system's standards — such as whether this person has had two COVID vaccines and should be allowed into an office — that information is recorded on a blockchain. "You can, using blockchain technologies, verify that someone has been tested recently, without having access to the underlying data," Piscini said. "I don't know any other technology where you can do that."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Similarly, the nonprofit Commons Project's CommonPass, backed by the likes of Oracle, Microsoft and Salesforce, started out as a project to bring an analog to Apple Health for Android. JP Pollak, a senior researcher at Cornell and founder of the Commons Project, first launched CommonHealth to bring the sort of data and insights that Apple Health offers to iPhone owners to Android users. Last summer, the group started building an app that could take health data and privately share it with others — in that case, it was to help truckers stuck at the borders in <a href="https://www.newtimes.co.rw/opinions/digital-technology-re-opening-africa" rel="noopener noreferrer" target="_blank">East African countries</a> who couldn't easily prove they'd taken COVID tests. This morphed into vaccine credentialing, with the group now working to pull together the various data streams needed to get a project like this off the ground. </p><p>"Health care institutions, EMR vendors, retail pharmacies, state vaccine registries, all issuing people a digital verifiable credential of their vaccination record that they could then use in the app of their choice, to be able to get access to various kinds of services," Pollak said. CommonPass is also working with the Mayo Clinic, as well as Epic Systems and Cerner, two of the largest EMR vendors. </p><h3>Something for everyone </h3><p>With so many competing efforts to become the world's digital vaccine passport, it might seem that the country is heading for some sort of VHS versus Betamax format war for proving everyone has had COVID vaccines. But given that so many of the efforts are using the same standards, and in many cases, looking to embed their tech in someone else's app rather than their own, the race might be less about the best tech winning, and more about various approaches working in different situations. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>"The intent is not to be the only company; we don't want to be the proprietary platform that everybody has to use because they have no choice," IBM's Piscini said. "That's not who we are right now: That's the IBM from 30 years ago, not the IBM of today."</p><p>For IBM, though, the selling point is that the company already works with so many other massive companies. Why look elsewhere for a vaccine passport solution if your airline booking system is already powered by IBM? "We believe our network is going to be more valuable than any other because of our scale and our ability to integrate the platform with CRM systems, building systems or stadium systems — we can do that every day," Piscini said.</p><p class="shortcode-media shortcode-media-rebelmouse-image">
<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNTY2NTc3NS9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYyMTM1MjYyM30._ykxxCyx3_wDbZrYgCcmK0QT2Ue1tZFdP5pf60kOmPU/img.jpg?width=980" id="c81c9" class="rm-shortcode" data-rm-shortcode-id="3967636652192acfdaad341861263bc8" data-rm-shortcode-name="rebelmouse-image">
<small class="image-media media-caption" placeholder="Add Photo Caption...">IATA's digital passport app.</small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Photo: IATA</small></p><p>For other companies, it's about securing new partnerships with major players in the hopes of finding that scale. Evernym, for example, is working with International Air Transport Association, the airline industry's trade association, on an air travel-specific app called Travel Pass. IATA is working with airlines and local governments to ensure it has the latest requirements to feed the app's rules engine. "It will say, 'Hey, you're flying JFK to Heathrow, you need a PCR test 48 hours in advance before you can land,'" Evernym's Smith said. "And of course, those policy changes are changing every day." Qatar, Emirates and Etihad Airways are all <a href="https://simpleflying.com/qatar-iata-travel-pass-launch/" rel="noopener noreferrer" target="_blank">expected</a> to start trialing the app in the next few weeks.<br></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>In other instances, the technology will live inside other companies' existing apps; why make someone download yet another app and add another hurdle to compliance? Instead, the experience will be rather like adding a loyalty account or TSA PreCheck number when booking a flight. Airlines and other venues restricting access will require uploading negative test results or vaccine records using one of these services. "You're going to be using the United or the Delta app, and they'll be using our solution or somebody else's, but you will do it via their app," IATA's Travel Pass lead, Alan Murray Hayden, told Protocol.</p><p>The World Health Organization is also working on its own offering, and recently convened the <a href="https://www.who.int/groups/smart-vaccination-certificate-working-group" rel="noopener noreferrer" target="_blank">Smart Vaccination Certificate Working Group</a>. It's built upon the WHO's nearly century-old notion of the "yellow card" vaccination record, which first was used to document that travelers had been inoculated against diseases such as cholera and yellow fever. Evernym Chief Trust Officer Drummond Reed is part of the working group; he said there should be more to share in the coming months. </p><h3>What could go wrong?</h3><p>It's entirely possible that as more people start to get vaccinated, vaccine passports start to become the norm. You walk to work — still masked, of course — scan a QR code reader in the lobby, and are let in. You go out for lunch, and your loyalty card app has a discount for in-store shoppers verifying they're vaccinated. Your concert ticket is also tied to health pass information that you shared earlier in the day with Ticketmaster. But there are more than a few hurdles ahead of the companies rushing to turn these concepts into realities. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>First off, there's the … reality … of the real world that any digital system has to contend with. For anyone without access to the internet, digital vaccine credentials will prove difficult to acquire, though all the companies Protocol spoke with said they would offer a paper-based QR code for people who don't have smartphones. But there's also the issue of having to corral so many different stakeholders into one system, especially when some health care providers are still reliant on antiquated database systems or <a href="https://www.protocol.com/manuals/health-care-revolution/electronic-health-records-after-coronavirus" target="_self">even paper records</a>. "The amount of inefficiency in the system is tremendous," IBM's Piscini said. </p><p>But in the U.S. at least, all vaccinators are required to report COVID-19 vaccines to their state. Piscini said that even for people who just received a paper copy of their vaccine records, systems like IBM's can likely link up to the state's immunization registry and allow people to import records to a vaccine passport.</p><p class="shortcode-media shortcode-media-rebelmouse-image">
<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNTY2NTc4My9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTYzNzg3MTM2M30.RZtqR7F_FuXK1S24V6jVaqUZ0xOSG-gCwj00xU3fxcM/img.png?width=980" id="b0bd3" class="rm-shortcode" data-rm-shortcode-id="11d8002d92c0cd6ef39b12fc7b8dccf8" data-rm-shortcode-name="rebelmouse-image">
<small class="image-media media-caption" placeholder="Add Photo Caption...">How CommonPass's app shows your records. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Image: CommonPass</small></p><p>And states are willing to help out, Pollak said, adding that CommonPass has started working with Hawaii to roll out its offering for would-be tourists. "We're seeing a lot of state governments stepping up and doing a really good job with this," Pollak said. "It would be surprising if there wasn't a coordinated federal effort very soon." That being said, while <a href="https://www.cbc.ca/news/canada/north/iceland-covid-passports-canada-1.5904828" rel="noopener noreferrer" target="_blank">many countries around</a> the world are committing to working on vaccine passports, getting a straight answer out of the U.S. government on what it's doing has proven difficult. The State Department, which maintains America's traditional, analogue passports, referred me to Homeland Security, which referred me to the White House. The acting director and chief of staff of the White House's Office of Science and Technology Policy, Kei Koizumi, told Protocol that "OSTP can't discuss projects we are working on before they are publicly announced."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>But even with systems in place at a federal level, there's still a fair amount of education that needs to happen before people will trust systems like these. "There's a substantial gap in understanding and knowledge of how these systems work, and people's views, in terms of who should get access to which data," Pollak said. </p><p>"We assume there's a Facebook Borg in the sky, monitoring every interaction," Smith said. "The emergence of verifiable credentials breaks down that mental model, where actually it becomes more like decentralized bits of paper that I can carry around, and no one's to know that I've been sharing this information."</p><p>"Our belief is that if you do the right thing, from a platform point of view, protecting your privacy, and giving you control and access to the platform to everybody who wants to use it," Piscini said. "I think those are very basic things that allow the core of the platform that we build to generate adoption by the individuals."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p>Even with a system that works, there may still be holdouts to this potential new normal. "Some people are saying, 'I will never get vaccinated,'" Piscini said, "and I don't know if the airlines are going to say, 'Well, maybe you will never fly again.'"</p>
Keep Reading
Show less
Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.
Policy
Here are Big Tech’s biggest threats from states
The states are moving much quicker than Congress on privacy, taxes and content moderation.
Virginia is expected to be the second state to pass a comprehensive privacy law.
Photo: Ron Cogswell/Flickr
February 19, 2021
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
February 19, 2021
When critics say that Virginia's new privacy bill is "industry-approved," they're not totally wrong, said David Marsden, the state senator who has been working for months to shepherd the law through the state legislature.
It was an Amazon lobbyist who originally presented Marsden with the text of the bill, which hews closely to the failed Washington Privacy Act, versions of which have been pushed by Microsoft across the country.
<p>"Amazon gave us the first cut of a draft to look at that was based on other work," Marsden said. </p><p>An Amazon spokesperson called the text a "starting point." "It was an example of strong legislation and, like many other stakeholders, we consulted with the Senator as he refined his bill," the spokesperson said. </p><p>Marsden and Virginia delegate Cliff Hayes held meetings with other large tech companies, including Microsoft; financial institutions, including Capital One; and non-profit groups and small businesses, who all wanted desperately to have a hand in shaping the legislation. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>But Marsden said he didn't hear much from consumer advocacy groups. That is, until this week, when it became clear that Virginia Gov. Ralph Northam <a href="https://www.rollcall.com/2021/02/16/virginia-set-to-become-second-state-to-pass-data-privacy-law/#:~:text=Gov.%20Ralph%20Northam%20expected%20to,and%20exempts%20many%20small%20businesses&text=Virginia%20is%20set%20to%20become,to%20pass%20data%20privacy%20legislation.&text=The%20law%20would%20exempt%20health,collected%20for%20assessing%20credit%20worthiness." rel="noopener noreferrer" target="_blank">intends to sign the legislation</a> after it passes the Virginia General Assembly, and a barrage of organizations including the U.S. Public Interest Research Group and Electronic Frontier Foundation came out aggressively against the bill, calling it "<a href="https://uspirg.org/resources/usp/group-letter-opposing-weak-industry-backed-privacy-bill-virginia" rel="noopener noreferrer" target="_blank">weak</a>" in a flurry of letters and public statements. </p><p>Marsden concedes there's some truth to their concerns. "If it has a business focus to it, it's because the folks who put it together, they're the ones who showed up," he said. </p><p>Ed Mierzwinski, a senior director at the U.S. Public Interest Research Group, said he and other national consumer and privacy groups didn't find out about this bill until a few weeks ago. Mierzwinski said the groups sent a letter to Marsden and other lawmakers on Feb. 4 raising concerns with the bill. "We're disappointed that he didn't reach back to us," Mierzwinski said.</p><p>The showdown in Virginia is only the latest battle in the influence war between Big Tech and their critics playing out in states across the country. Players on all sides are seeking to push their agenda on privacy, taxes, content moderation and AI through unpredictable and malleable state legislatures, with less-resourced advocacy groups fighting to keep up with tech giants' expansive lobbying efforts. All of it is happening in the void of any federal action from Congress.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>"Now, when I talk to state lawmakers or state staff members and say, 'Hey, it's a really bad idea to have a state patchwork of laws,' I just hear silence from them because they're like, 'Well, Congress still hasn't done anything,'" said Billy Easley, a senior tech policy analyst with Koch-backed Americans for Prosperity, which advocates against state-level legislation on privacy and speech. </p><p>As the Virginia case highlights, it's hard to predict where the next serious legislation will emerge. But Protocol compiled a list of the tech-related state efforts to watch most closely this year. </p><h3>The Washington Privacy Act </h3><p>Washington's tech-friendly privacy legislation has <a href="https://www.govtech.com/policy/Why-Did-Washington-States-Privacy-Legislation-Collapse.html" rel="noopener noreferrer" target="_blank">failed to pass</a> for the past two years amid disagreements over whether individuals should be allowed to sue tech companies for privacy violations and whether the bill should address concerns around facial recognition technology. But its supporters are more gung-ho than ever that this could be the year that Washington finally pushes through the privacy bill, which has spawned copycats across the country.</p><p>Washington State Sen. Reuven Carlyle <a href="https://www.geekwire.com/2021/washington-state-finally-pass-data-privacy-laws-bill-backed-tech-industry/#:~:text=The%20Washington%20Privacy%20Act%20grants,personal%20data%20under%20the%20legislation." rel="noopener noreferrer" target="_blank">told Geekwire</a> last month that he believes the bill has a substantially higher chance of passing following years of negotiations with tech companies, consumer groups and discussions with the Washington attorney general's office.</p><p>"Washington is absolutely there," said Tom Foulkes, who leads state policy for BSA, also known as The Software Alliance, which has been working on the Washington legislation.</p><p>The Washington Privacy Act would give consumers the right to access, correct and delete data that companies hold on them, while opting out of particular forms of data collection and sale. It does not include the right for individuals to sue companies. Instead, it grants that authority to the attorney general. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Tech companies including Microsoft and Amazon have made it clear that they would prefer Washington's model over California's complex approach, which includes the right for individuals to sue over data breaches, if they have to choose. But the companies are still pushing for federal privacy legislation. </p><h3>New York privacy legislation</h3><p>The New York legislature can be hard to predict as it's very dependent on which bills congressional leadership and the governor will get behind their proposals. But this year's legislative session <a href="https://www.jdsupra.com/legalnews/new-york-legislature-introduces-ccpa-6501577/" rel="noopener noreferrer" target="_blank">started off with a flurry</a> of privacy and <a href="https://www.technologylawdispatch.com/2021/01/privacy-data-protection/new-york-proposes-a-new-biometric-privacy-act/" rel="noopener noreferrer" target="_blank">biometrics-related legislation</a> from the House and Senate, and Gov. Andrew Cuomo is proposing a comprehensive law to provide New Yorkers with "<a href="https://www.governor.ny.gov/news/governor-cuomo-announces-proposal-safeguard-data-security-rights-part-2021-state-state" rel="noopener noreferrer" target="_blank">transparency and control</a>" over their personal data.</p><p>"New Yorkers appreciate the value and convenience that technology has afforded their lives, but progress does not need to come at the expense of basic privacy," Cuomo <a href="https://www.governor.ny.gov/news/governor-cuomo-announces-proposal-safeguard-data-security-rights-part-2021-state-state" rel="noopener noreferrer" target="_blank">said in a statement</a>. "New York will act to pass a strong privacy law that safeguards New [Yorkers'] personal information and continues to encourage innovation."</p><p>The <a href="https://www.law.com/newyorklawjournal/2020/09/02/inside-the-proposed-new-york-privacy-act/" rel="noopener noreferrer" target="_blank">New York Privacy Act</a>, which was set aside last year as the legislature focused on COVID-19, appears poised to make a comeback. It would create extensive new requirements for businesses to obtain consumers' consent before processing their data. It also includes a private right of action, which tech companies lobby aggressively against.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><h3>New York antitrust legislation </h3><p>New York State Sen. Mike Gianaris believes that New York could become the first state to update its antitrust laws to rein in Big Tech this year. Gianaris made a name for himself through strident opposition of Amazon's plans to build a second headquarters in New York — plans the ecommerce juggernaut eventually scrapped.</p><p>After his battle with Amazon, he said he began researching ways to keep the tech giant's "incredibly powerful and unaccountable position from hurting people and other businesses." </p><p>"I had very up-close and personal experience with them," Gianaris said. </p><p>Gianaris' <a href="https://www.nysenate.gov/newsroom/press-releases/michael-gianaris/wake-landmark-federal-hearings-senate-deputy-leader" rel="noopener noreferrer" target="_blank">21st Century Antitrust Act</a>, which was introduced last summer on the heels of the House Judiciary Committee's congressional hearing with the tech CEOs, would allow the state to sue companies for "abusing" their dominance.</p><p>Right now, New York state law requires two parties to conspire to manipulate the market. But many of the monopoly concerns around Big Tech revolve around the companies' efforts to buy up rivals and muscle into new markets.</p><p>Adopting an abuse of dominance standard, he said, "opens the door to a lot more enforcement ability, particularly against Big Tech, which transcends so many different markets." </p><p>Gianaris said his office consulted with Attorney General Letitia James, who has publicly supported the bill, as well as anti-monopoly groups like the American Economic Liberties Project and Zephyr Teachout, a key antitrust advocate. </p><p>He said the tech companies initially ignored his legislation when it came out last year, but as it's become clear that the legislature might have interest in moving it forward, he's heard more pushback from the major tech trade groups. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><h3>Online ad taxes </h3><p>Maryland last week sent shockwaves through the industry when it approved the country's first tax on Big Tech's ad revenue. The law's supporters have claimed that it's an effort to get the tech companies to pay their fair share in taxes, while the companies have <a href="https://internetassociation.org/news/statement-on-gov-hogans-veto-of-the-digital-sales-tax-bill/" rel="noopener noreferrer" target="_blank">threatened</a> that they will ultimately pass the new costs onto Maryland's businesses and individuals buying digital ads. </p><p>"The intentionally equivocal claim that internet companies need to 'pay their fair share' is useful only to politicians pushing a political agenda, not to the development of sound public policy," said Robert Callahan, who heads state government affairs for Internet Association. "It is also detached from reality. The internet industry is providing enormous economic benefits to states like Maryland, whether or not companies are actually headquartered there."</p><p>A group of tech industry trade associations and the U.S. Chamber of Commerce <a href="https://internetassociation.org/news/statement-on-md-digital-ad-tax-litigation/" rel="noopener noreferrer" target="_blank">sued</a> Maryland on Thursday, claiming that the new tax is unconstitutional and violates federal law. </p><p>Other states will watch the litigation in Maryland closely as they weigh whether to move forward with their own digital ad taxes. Lawmakers in Indiana and Connecticut have proposed similar taxes.</p><p>Gianaris, who is also supportive of a New York bill that would impose similar taxes on digital ads, said New York could renew its push if Maryland succeeds. "If their effort gets upheld, we'll move quickly to do the same here in New York," he said. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><h3>Florida's privacy and speech bills </h3><p>Florida Gov. Ron DeSantis at a <a href="https://www.tampabay.com/news/florida-politics/2021/01/14/desantis-top-legislative-priority-stopping-censorship-of-conservatives-online/" rel="noopener noreferrer" target="_blank">press conference this month</a> said that taking on Silicon Valley will be "the most important legislative issue that we're going to have to get right this year and next year." He's <a href="https://www.clickorlando.com/news/local/2021/02/15/gov-desantis-offers-new-details-in-plan-to-take-on-big-tech/#//" rel="noopener noreferrer" target="_blank">since laid out</a> a series of proposals, including privacy legislation and a proposal to ban companies from "deplatforming" political candidates. </p><p>While other lawmakers have promoted privacy bills as an effort to protect consumer privacy, DeSantis has explicitly tied his state's privacy legislation to the populist battle against companies including Facebook and Google. "Big Tech platforms have created a surveillance economy, which enriches those platforms by free-riding on consumer data," DeSantis <a href="https://news.bloomberglaw.com/tech-and-telecom-law/florida-governor-backs-data-privacy-bill-akin-to-california-laws" rel="noopener noreferrer" target="_blank">said at another press conference</a> this week. "Worse, Big Tech platforms have made privacy an illusion. The truth is Floridians' most intimate information is collected, analyzed and sold to the highest bidder."</p><p>He has also <a href="https://reason.com/2021/02/04/florida-gov-ron-desantis-wants-100000-fines-for-social-media-companies-that-deplatform-politicians/" rel="noopener noreferrer" target="_blank">proposed legislation</a> to fine social media companies for deplatforming politicians, a clear rebuke over Twitter, Facebook and YouTube's decisions to bar President Trump from their platforms. </p><p>Lawmakers in red states have increasingly proposed legislation aimed at social media's "censorship" of right-wing voices, and that effort has only intensified in the wake of the companies' decision to kick off Trump, Easley said. </p><p>"I think it's least 50 to 50 or 60 to 40 that some of these bills pass," Easley said, pointing to Florida's effort as a prime example. But he predicted that those efforts will get tied up in court as companies argue over the First Amendment and the role of Section 230.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p>
Keep Reading
Show less
Emily Birnbaum ( @birnbaum_e) is a tech policy reporter with Protocol. Her coverage focuses on the U.S. government's attempts to regulate one of the most powerful industries in the world, with a focus on antitrust, privacy and politics. Previously, she worked as a tech policy reporter with The Hill after spending several months as a breaking news reporter. She is a Bethesda, Maryland native and proud Kenyon College alumna.
Latest Stories
See more
Most Popular
Bulletins
February 26, 2021 16:23 EST
February 26, 2021 13:45 EST
February 25, 2021 17:33 EST
Get Source Code in your inbox
David Pierce's daily analysis of the tech news that matters.