yesIssie LapowskyNone
×

Get access to Protocol

Will be used in accordance with our Privacy Policy

I’m already a subscriber
Politics

Microsoft can’t get its privacy bill passed in its home state. It’s trying its luck elsewhere.

The company is pushing versions of the failed Washington Privacy Act in at least four states far from Redmond.

Microsoft Chief Privacy Officer Julie Brill

Microsoft Chief Privacy Officer Julie Brill says the company wants to work with legislators "in any state interested in advancing people's privacy."

Photo: Chip Somodevilla/Getty Images

Microsoft's multiyear effort to get privacy legislation passed in its home state of Washington came up short for a second time last month when state legislators couldn't agree on a compromise version of what would have become the Washington Privacy Act.

But the losses at home haven't stopped Microsoft from trying elsewhere. Protocol has identified four other states — Arizona, Hawaii, Illinois and Minnesota — where the company is trying to get versions of the Washington legislation passed.

Now, the same privacy groups that helped quash the Microsoft-backed bill in Washington are being drawn into similar, simultaneous battles across the country against the same well-funded opponent.

"We work openly and collaboratively with legislators in any state interested in advancing people's privacy," Microsoft Chief Privacy Officer Julie Brill said in a statement. The company declined to provide a full list of states where it's working, but it confirmed the four Protocol identified.

There may be more. Versions of the Washington Privacy Act have begun popping up in states across the country, and Joe Jerome, director of multistate policy at Common Sense Media, says Microsoft's fingerprints are on many of them. "In almost every state where there's a version of the bill that looks like the Washington Privacy Act, that bill was introduced because someone from Microsoft introduced themselves to a lawmaker," Jerome said.

That was certainly the case in Minnesota. Last spring, a Microsoft lobbyist began shopping around a privacy bill in the state, looking for a lawmaker who might be willing to sponsor it. The search ultimately led to state Rep. Steve Elkins. Elkins spent a 25-year career in IT, and he was eager to apply his technical know-how in his new position in government.

Elkins said he sponsored the bill "as the convener of the discussion and not necessarily as an advocate." But a year later, he admits, "I thought I knew more about the subject than I really did."

The bill Elkins sponsored at Microsoft's behest was identical to an early version of the Washington Privacy Act, which Microsoft had been noisily advocating for in Washington state — and which privacy advocates there had been noisily opposing. Elkins quickly realized that the bill had gaps that had already drawn criticism from privacy advocates in Washington.

The bill would have given Minnesotans the right to access a copy of the data companies were collecting on them, the right to correct it and delete it, and the right to restrict the processing of that data, among other things. But like the original Washington Privacy Act, it would have created loopholes that exempted businesses from complying if they were using the data for certain "business purposes," and included definitions Elkins calls "loose."

Elkins said he spent the year after he introduced the bill burying himself in research and consulting with privacy groups. Last month, he introduced a new bill that he said is "basically plagiarized" from the latest version of the Washington Privacy Act. That bill gets rid of the business purpose exemption and some other line items privacy groups opposed. "The bill has been dramatically improved by the legislative process in Washington and will make a much better starting point for our discussions here in Minnesota," Elkins said.

Of all of the U.S. tech giants, Microsoft was among the earliest to support privacy legislation. It's been advocating for a federal privacy bill since 2005. In 2018, the company called for the regulation of facial recognition. It's also opted to extend data protections required in Europe and California to customers around the world.

"We believe people will only use technology if they can trust it, and strong privacy law is an important part of building trust," Brill said in her statement. "We believe it's important not to just call for new law but to engage constructively and openly to help make it happen."

But even as Microsoft has embraced privacy regulations, it has also butted heads with privacy groups, including the American Civil Liberties Union and the Electronic Frontier Foundation, over the precise design of these regulations. That's been particularly true in the case of the Washington Privacy Act. That bill was introduced in 2019 and again in 2020 with Microsoft's support, but it failed to pass both times after privacy groups fought hard for significant amendments. Microsoft also testified against an ACLU-backed bill that would have placed a moratorium on government uses of facial recognition technology in 2019, only to support a more limited facial recognition bill that was signed into law this March.

In Arizona, state Rep. Domingo DeGrazia said he was already in the process of writing a privacy law based on Washington's last year when he met with Microsoft lobbyists. In December, he and other Arizona legislators flew to Redmond to meet Microsoft executives and discuss the bill he was working on.

DeGrazia, who also sought feedback from Apple lobbyists, said Microsoft urged him to make changes that would harmonize his bill with Washington's and with Europe's General Data Protection Regulation. "Some of their suggestions were just to bring everything in line, so that if there is a state-by-state rollout, it's as easy for businesses as possible," DeGrazia said.

But not all of those suggestions would have strengthened privacy for consumers, DeGrazia said. For instance, Microsoft wanted to change DeGrazia's definition of "identifiable natural person" to mirror Washington's. It's a term used throughout the bill that's key to determining what data is protected under the law. DeGrazia had defined the term as "a person who can be readily identified, directly or indirectly." But he said Microsoft wanted him to adopt the original Washington definition, which specifies types of data that might identify a person, such as their name or specific geolocation information. DeGrazia worried that offering a few examples and not the full range of possible identifying data might risk limiting the law. He opted against expanding that definition.

"As a legislator, I have to run that middle line between protecting consumers as much as possible, but having something businesses can integrate that's workable for them," he said. "For every good negotiation, there should be a pain point on both sides."

Microsoft has also been seeking buy-in on the bill from advocacy groups in the states. Mandy Fernandes, policy director for the ACLU of Hawaii, said a Microsoft lobbyist and the company's senior director of public policy, Ryan Harkins, reached out directly late last year to get the organization's thoughts on both the Washington Privacy Act and the facial recognition bill Microsoft was backing. That's despite the fact that the ACLU in Washington had vocally opposed both bills.

The response from the ACLU in Hawaii was not much different, Fernandes said, noting that the organization draws a "pretty hard line" on the use of facial recognition for law enforcement purposes, which the Washington bill would allow. "We do not support that legislation. We are just on different sides of this issue," Fernandes said.

One particular point of frustration among privacy advocates is the problem Elkins encountered in Minnesota: Microsoft's Minnesota bill echoed the original Washington Privacy Act, as it was introduced in 2019, not the most recent iteration, which addressed many — though not all — of the issues advocacy groups opposed. That forces these groups to fight the same battle state-by-state against their better-resourced industry opponents.

"It's like, can we at least give them the most recent version that everyone can at least tolerate?" Common Sense's Jerome said.

Another concern is that these Washington-style bills preempt local laws that cities may want to pass. "We don't want to see a bill with loopholes, weak enforcement, and preemption becoming a so-called gold standard," said Jennifer Lee, the ACLU of Washington's technology and liberty project manager. "We want to make sure what happens in Washington doesn't set a ceiling for other states to pass stronger laws."

Despite the pushback they've received from the privacy community, the lawmakers who have worked with Microsoft agree the company has been a bigger champion for privacy rights than some other influential tech companies. "I've noticed other software platform companies like IBM and Apple are on board with this," Elkins said. "It's more the folks that are collecting data — the Googles, the Amazons, the Facebooks — that are much more reticent."

DeGrazia described a similar experience. "I did get in touch with the lobbyist for Google who was nonplussed by my efforts," he said. "It's understandable given their business model."

Microsoft has, however, stood beside those other industry giants in states like Illinois, where it joined the Internet Association and TechNet in opposing an ACLU-backed privacy bill last year. This year, a Washington-style bill was introduced in Illinois, sponsored by Rep. Kelly Burke. A Microsoft spokesperson confirmed that the company worked on that bill.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


For now, whatever momentum Microsoft was building in state governments seems to have been at least temporarily stalled by the onset of coronavirus. Not only has the virus cut short the legislative session in states across the country, but lawmakers and their constituents are now grappling with an endless to-do list of life or death issues. "When you start weighing out what's going to be important to your constituents, as far as putting food on the table or data privacy, data privacy is probably going to take a bit of a back seat," DeGrazia said.

At the same time, as states adopt new surveillance techniques to track the virus, Elkins argues it's more important than ever for states to simultaneously implement privacy laws to protect their constituents. "Ironically, there is more interest in the issue than ever because of the specter of widespread government tracking of our comings and goings for epidemiologic disease-tracking purposes," Elkins said.

As that conversation grows, Microsoft will undoubtedly be working to shape it.

Protocol | Fintech

Jack Dorsey is so money: What Tidal and banking do for Square

Teaming up with Jay-Z's music streaming service may seem like a move done for flash, but it's ultimately all about the money (and Cash).

Jay-Z performs at the Tidal-X concert at the Barclays Center in Brooklyn in 2017.

Photo: Theo Wargo/Getty Images

It was a big week for Jack Dorsey, who started by turning heads in Wall Street, and then went Hollywood with an unexpected music-streaming deal.

Dorsey's payments company, Square, announced Monday that it now has an actual bank, Square Financial Services, which just got a charter approved. On Thursday, Dorsey announced Square was taking a majority stake in Tidal, the music-streaming service backed by Jay-Z, for $297 million.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Sponsored Content

The future of computing at the edge: an interview with Intel’s Tom Lantzsch

An interview with Tom Lantzsch, SVP and GM, Internet of Things Group at Intel

An interview with Tom Lantzsch

Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corporation

Edge computing had been on the rise in the last 18 months – and accelerated amid the need for new applications to solve challenges created by the Covid-19 pandemic. Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., thinks there are more innovations to come – and wants technology leaders to think equally about data and the algorithms as critical differentiators.

In his role at Intel, Lantzsch leads the worldwide group of solutions architects across IoT market segments, including retail, banking, hospitality, education, industrial, transportation, smart cities and healthcare. And he's seen first-hand how artificial intelligence run at the edge can have a big impact on customers' success.

Protocol sat down with Lantzsch to talk about the challenges faced by companies seeking to move from the cloud to the edge; some of the surprising ways that Intel has found to help customers and the next big breakthrough in this space.

What are the biggest trends you are seeing with edge computing and IoT?

A few years ago, there was a notion that the edge was going to be a simplistic model, where we were going to have everything connected up into the cloud and all the compute was going to happen in the cloud. At Intel, we had a bit of a contrarian view. We thought much of the interesting compute was going to happen closer to where data was created. And we believed, at that time, that camera technology was going to be the driving force – that just the sheer amount of content that was created would be overwhelming to ship to the cloud – so we'd have to do compute at the edge. A few years later – that hypothesis is in action and we're seeing edge compute happen in a big way.

Keep Reading Show less
Saul Hudson
Saul Hudson has a deep knowledge of creating brand voice identity, especially in understanding and targeting messages in cutting-edge technologies. He enjoys commissioning, editing, writing, and business development, in helping companies to build passionate audiences and accelerate their growth. Hudson has reported from more than 30 countries, from war zones to boardrooms to presidential palaces. He has led multinational, multi-lingual teams and managed operations for hundreds of journalists. Hudson is a Managing Partner at Angle42, a strategic communications consultancy.
Protocol | Enterprise

Tony Bates hears the call at Genesys

Running a contact center company isn't as sexy as his previous gigs. But this company could be the best chance for him to make a lasting mark.

Tony Bates arrived at Genesys as CEO after hopscotching through various parts of the tech industry.

Photo: Genesys

Be careful what you wish for. For Tony Bates, that's been running a big tech company.

He rose to Cisco's top ranks but didn't get the No. 1 job. His big CEO break was at Skype when it was poised to go public — but months into that gig, Bates' venture backers sold it to Microsoft instead. After a stint at Microsoft, where some eyed Bates for the CEO job that went to Satya Nadella, he took over GoPro. There, he got cut in a round of layoffs as the camera company struggled. He joined Social Capital, which helped fund Slack and Box, for a gig that lasted a year before tech investor Chamath Palihapitiya blew up the venture capital firm he started.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Transforming 2021

Blockchain, QR codes and your phone: the race to build vaccine passports

Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.

One day, you might not need to carry that physical passport around, either.

Photo: CommonPass

There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.

Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.

Keep Reading Show less
Mike Murphy

Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.

People

WhatsApp thinks business chat is the future — but it won't be easy

From privacy policy screw-ups to UI questions, can WhatsApp crack the super-app riddle?

WhatsApp Business is trying to wrap shopping around messaging. It's not always easy.

Image: WhatsApp

At some point, WhatsApp was always going to have to make some money. Facebook paid $21.8 billion for the company in 2014, and since then, WhatsApp has grown to more than 2 billion users in more than 180 countries. And while, yes, Facebook's acquisition was in part simply a way to neutralize a competitor, it also knows how to monetize an audience.

The trick, though, would be figuring out how to do that without putting ads into the app. Nobody at WhatsApp ever wanted to do that, including co-founders Jan Koum and Brian Acton, who reportedly left Facebook after disagreements over ads. More recently, even Mark Zuckerberg has slowed the WhatsApp ad train, with The Information reporting that ads in WhatsApp likely won't come while the company's under so much regulatory scrutiny. So: $21.8 billion, no ads. What to do?

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Latest Stories