An image of data
Image: Getty Images

Washington wants to protect your data — and take some for itself

Protocol Policy

Hello, and welcome to Protocol Policy! Today, we’re taking a look at the CIA spying scandal and what it means for Washington’s Big Tech crackdown. Plus, the U.K. Online Safety Bill is getting more extreme by the day, and Facebook settles a decade-old score.

Is it 2013 again, already?

You remember the post-Snowden days. It was the beginning of the end of the chummy relationship between Washington and Silicon Valley — except, back then, the sour feelings were mostly traveling west to east. Tech leaders scrambled to do damage control with a global user base that suddenly saw its data as unsafe in the hands of American companies, and years of debates over encryption and government-mandated backdoors ensued.

So fast forward about a decade, and the news about the CIA’s bulk data collection program feels a lot like déjà vu. But now there’s one crucial difference: This time, the techlash is upon us. Suddenly, all of Washington’s finger-wagging looks like that Spider-Man meme.

  • Take the Earn It Act: Critics say the bill would force platforms to scan every message users post and could punish companies for deploying end-to-end encryption. Who can argue now that certain agencies within the federal government wouldn’t take full advantage of those snooping capabilities if they could?
  • “You couldn't ask for a more crystal clear example [of] why legislation like the EARN IT Act that undermines encryption is a terrible idea,” Evan Greer, director of the advocacy group Fight for the Future, tweeted last week.
  • At the same time, despite a flurry of bills, Washington has failed to make any measurable dent in actually passing privacy legislation or even preventing the government itself from exploiting the very same data lawmakers and regulators so often criticize Big Tech for collecting in the first place.

The CIA program is hardly the only reminder that Washington isn’t taking its own advice on privacy and surveillance. But lately, the doublespeak has been hard to ignore.

  • Members of Congress cheered the IRS’ decision to stop working with facial recognition firm this tax season. Meanwhile, ICE’s contracts with Clearview AI — whose facial recognition tech, it should be noted, was ruled illegal in Canada — have doubled under President Biden.
  • Lawmakers have called for sanctions against NSO Group over its Pegasus spyware. Meanwhile, the FBI paid NSO Group $5 million to test the tool itself.

That doesn’t mean Washington should let tech off the hook. Congress’ resident privacy hawk, Sen. Ron Wyden, who together with Sen. Martin Heinrich exposed the CIA program last week, warned against leaning on what-aboutism when it comes to privacy.

  • “Whenever reformers suggest protecting Americans’ personal information from surveillance, whether by the government or corporations, the knee-jerk response is: ‘What about the other guy?’” Wyden told Protocol.
  • “The truth is, Americans don’t want the CIA or any other government entity to secretly search through their personal information without a warrant,” he said. “And they don’t want big companies abusing our private data to rack up higher profits either. My top priority when it comes to tech is passing aggressive privacy legislation to protect Americans’ rights on both fronts.”

Wyden’s right, of course. But as they scrutinize Silicon Valley, lawmakers do need to look more closely at the privacy violations happening right under their noses. And that’s not just because they need to keep up appearances.

  • As global governments, most notably the EU, forge ahead with privacy protections, the U.S. is in an increasingly weak position.
  • It’s the whole reason that Privacy Shield, the legal mechanism that allowed Europeans’ data to be processed in the U.S., was invalidated. The EU courts didn’t see any way to protect European citizens’ data from the prying eyes of the U.S. government.

The U.S. is still cleaning up the mess of the NSA spying scandal. Now, it’s got another mess on its hands. If lawmakers want tech to clean up its act, they’ve got to get their own house in order too.

— Issie Lapowsky (email | twitter)

In Washington

The long-promised kids’ privacy bill is finally here. Sens. Richard Blumenthal and Marsha Blackburn introduced the Kids Online Safety Act, which requires tech platforms to take steps to mitigate harm to minors and give them options to turn off algorithmic recommendations, among other things.

Congress wants answers about the fake accounts that have been used to prop up the “Freedom Convoy” in Canada. In a letter to Mark Zuckerberg, Rep. Carolyn Maloney, who chairs the House Oversight Committee, requested details on how many fake accounts have been linked to the convoy, where they originated and whether they were part of coordinated networks.

Tech companies swore off of donating to election objectors after Jan. 6. Their lobbyists didn’t.POLITICO found that in-house lobbyists for at least 13 such companies, including Amazon, Meta, Google and Microsoft, all made personal donations in 2021 to members of Congress who objected to the election results.

The Pentagon says consolidation in the defense industry is a threat to national security. In a new report, the Department of Defense argued that “having only a single source or a small number of sources for a defense need can pose mission risk,” particularly when suppliers are “influenced by an adversary nation.”

The U.S. needs data-minimization requirements, teen privacy laws, algorithmic transparency and changes to Section 230, according to a new report from the Future of Tech Commission. The bipartisan group — led by former Massachusetts Gov. Deval Patrick, former Education Secretary Margaret Spellings and children’s advocate Jim Steyer — based the report on polling, a series of town halls and conversations with experts and business leaders. The group also found widespread public support for broadband buildouts and curbing the power of the biggest tech companies.

In the states

Homegrown chips hit another snag: Taiwan semiconductor giant TSMC is reportedly three to six months behind schedule for its first U.S. manufacturing facility in Arizona. Sources told Nikkei Asia that COVID-related labor shortages and the difficulty of obtaining licenses are contributing to the delay.

A new bill in San Francisco would put an 18-month moratorium on new Amazon delivery facilities. During the ban, the city would study the facilities’ impact on public health and safety. “With this legislation, San Francisco is taking a monumental step toward allowing communities to set the standards and determine if they want these kinds of facilities to be built in their cities,” San Francisco Board of Supervisors President Shamann Walton, who introduced the bill, said in a statement.


As we move into a world after COVID-19, the biopharma industry must understand how to maintain this incredible pace of innovation without forfeiting precision or quality. Smart manufacturing — otherwise known as Industry 4.0 — converges IoT, software-defined infrastructure, advanced analytics and AI to create more flexible and interoperable digital manufacturing platforms.

Learn more

In the C-suite

Nick Clegg is now president of Global Affairs at Meta, meaning he will lead all of the company's policy work globally, "including how we interact with governments as they consider adopting new policies and regulations, as well as how we make the case publicly for our products and our work," Mark Zuckerberg wrote in a post.

On Protocol

Google is planning privacy changes on Android devices that could limit data sharing across apps. It sounds a whole lot like what Apple has already done, which has had a devastating impact on apps, most notably Facebook. According to The New York Times, Google promises its changes won’t be as disruptive. We’ll see about that.

Facebook will cough up $90 million to settle a decade-old privacy lawsuit in California. The case centered around Facebook’s use of cookies to track users who weren’t signed in. Facebook promised to delete the data as part of the settlement.

Mark your calendar for Feb. 22 when Protocol’s Anna Kramer will interview Stephen McMurtry of the Alphabet Workers Union about the rise of union organizing in tech. RSVP here.

Around the world

European lawmakers are poised to reach a final deal on the Digital Services Act by June, a member of the European Parliament involved in negotiations told Reuters. The law will create sweeping new content moderation requirements for online platforms.

The U.K.’s Online Safety Bill could make tech platforms liable for “lawful, but harmful” content if the U.K. Home Office gets its way. Which would be … extreme. One tech executive told FT the measure would cross a “huge red line.”

Stop trying to make fetch happen

Facebook has so many new names, you’d think it’s in witness protection. As of Tuesday, News Feed is now Feed, and Facebook employees are … Metamates. According to Boz, the term “metamates” was coined by scholar Douglas Hofstadter.

Funny, I would have sworn it was Mike Judge.

Thanks for reading — see you Friday!

Recent Issues