Policy

More bad news for Big Tech: Lina Khan’s a privacy hawk, too

The incoming agency chair once likened widespread data collection to environmental pollution. What can she do about it now?

FTC chair Lina Khan

FTC chair Lina Khan's privacy views may be bad for Big Tech.

Photo: Saul Loeb-Pool/Getty Images

In December 2019, a Columbia Law School fellow named Lina Khan co-authored an article in the Harvard Law Review comparing social media executives to used-car salesmen.

In it, Khan and her co-author, Columbia Law professor David Pozen, dismissed as "implausible" the idea that a company like Facebook or Google, which makes its money from personalized ads, could ever truly put its users' privacy first.

"As long as such companies make most of their money through personally targeted advertisements, they will be economically motivated to extract as much data from their users as they can," they wrote, "a motivation that runs headfirst into users' privacy interests as well as any interests users might have in exercising behavioral autonomy or ensuring that their personal data is not stolen, sold, mined, or otherwise monetized down the line."

The article was a full-throated condemnation of the very business model that dominates the web and a call for regulation that would actually force tech companies to protect users' privacy. "By and large, addictive user behavior is good for business. Divisive and inflammatory content is good for business. Deterioration of privacy and confidentiality norms is good for business," the article reads.

Now, as she takes over as chair of the Federal Trade Commission, it's a critique Khan might be able to translate into action.

Ever since Khan was first nominated to the FTC, another piece of her writing, in which she built a novel antitrust case against Amazon, has been cited endlessly as evidence that she'll be coming for the ecommerce giant (Disclosure: I'm married to an Amazon employee). That speculation only increased after Sen. Amy Klobuchar unceremoniously let slip that Khan would not only join the commission, but also lead it. But while Khan built her name on competition policy, her writing on online ads deserves its own close read. It offers insights into how Khan thinks about online privacy just as she prepares to become one of the country's chief privacy enforcers.

Paging Dr. Zuckerberg

While Khan might not describe herself as a privacy scholar per se, Pozen, her co-author on the privacy article, said that Khan's views on personalized advertising are a natural outgrowth of her views on competition. She is, after all, is best known for pushing the theory that pricing isn't the only metric for measuring the harm monopolies can do to consumers. There are other harms, like, for instance, privacy violations. "Lina has emphasized the point that there are a much broader set of potential harms from companies getting so powerful that can't be captured by their monetary prices," Pozen said, noting that ad-funded businesses are often cheap or even free, "but that very same model also creates an obvious and massive privacy concern."

The 2019 article grapples with an increasingly popular concept in privacy law that proposes turning tech companies into "information fiduciaries." Just as these companies have a fiduciary duty to maximize profits for their shareholders, the thinking goes, they could also be required to be fiduciaries — which is to say, legally-bound stewards — of user data.

The idea has been floated in privacy legislation at the state and national level — and Khan and Pozen more or less rip it to shreds.

The enormously successful business of behavioral ads, they argue, is so at odds with user privacy that a company like Facebook could never truly uphold its duty to shareholders while also upholding its duty to user privacy. In a world in which information fiduciaries existed, Khan and Pozen argue, user privacy would still come second, rendering the duty meaningless. "The social media executive who is exhorted to treat users well [...] yet not required to place users' interests first resembles, instead, the used-car dealers and restaurateurs who are classic examples in the case law of service providers who are not ordinarily fiduciaries for their customers," the article reads.

Proponents of information fiduciaries often point to the fact that doctors are bound by certain duties of care for their patients in order to suggest that the same concept could be applied to tech. But once again, Khan and Pozen show how that idea would border on ridiculous if doctors also made all their money on ads.

"Imagine visiting a doctor — let's call her Marta Zuckerberg — whose main source of income is enabling third parties to market you goods and services," they write. In Khan and Pozen's telling, this Dr. Zuckerberg flings ads for pills and procedures at patients based on their demographic, economic and psychological profiles, and gets paid every time patients even look in their direction.

"They are also continually updated in light of information Dr. Zuckerberg collects on you; to be sure she does not miss anything, she has planted surveillance devices all around your neighborhood as well as her office," Khan and Pozen write, asking ominously whether this system could "plausibly be reconciled with a commitment to prioritizing your health?"

To Chris Hoofnagle, faculty director at Berkeley Center for Law & Technology and author of a book on the FTC, this line of thinking is precisely what differentiates Khan from other regulators and lawyers. "Most attorneys are basically snowed by business people. The business people come in and say: 'This is how the tech works.' Most lawyers can only nod along," Hoofnagle said. "Khan is a realist and has spent a lot of time studying the business models of these different companies."

Cleaning house and writing rules

The article goes so far as to liken abuse of user data to environmental pollution and calls for "clear prohibitions and economic disincentives, rather than morally laden standards" to deal with that pollution. The question now is what Khan can do about any of that as chair.

While the chair of the FTC has more power than individual commissioners, Khan still won't be able unilaterally to bring a case against individual tech companies, a decision that falls to FTC staff. But she will have the power to staff the FTC with people who share her outlook on both competition and online privacy.

"The cases the attorneys get to work on, the topics the attorneys explore, what cases make it and don't in terms of getting dropped or getting pursued, all of those decisions are made by the bureau heads," said Ashkan Soltani, former chief technologist for the FTC. "Who the chair chooses to install as the bureau chiefs will have a huge implication on the approach the agency takes moving forward."

Soltani said while the FTC has suffered from lack of funding and authority, part of its inaction in recent years has had to do with inertia among the never-changing staff. Some inside the agency, he said, refer to themselves as the "webes" as in "we be here," while individual chairs cycle in and out. One of the most significant changes Khan could make, Soltani said, is to "clean house."

"She has congressional backing on a lot of this stuff," he said, noting that she was confirmed to the commission with bipartisan support. "That essentially would permit her to say: 'I think Congress is looking for a refresh.'" He also encouraged Khan to elevate the office of chief technologist, his former role, enabling the chief technologist to consult on enforcement cases in the same way the Bureau of Economics currently does.

Another important change, Hoofnagle said, would be to develop a new basic internet privacy rule. The FTC, which has rule-making authority, already has rules regarding children's online privacy and financial privacy, which give the FTC the ability to seek damages from violators. "The FTC could pass a rule that says: If you materially mislead a consumer through third-party information sharing, it is an unfair practice, and violators of that rule would have to pay money damages," Hoffnagle said.

Former acting chair Rebecca Slaughter already signaled her interest in reinvigorating rule-making within the FTC by forming a new rule-making group earlier this year. "I believe that we can and must use our rule-making authority to deliver effective deterrence for the novel harms of the digital economy and persistent old scams alike," Slaughter said at the time.

Slaughter and Khan also have some overlap in how they see the connection between competition and privacy, two issues that the FTC has authority over, but which are often handled along different tracks. Khan and Pozen clearly considered this dynamic in their article on online ads, writing that "antitrust lawsuits reversing key acquisitions and penalizing forms of monopoly" are one possible remedy.

Khan and Pozen also wrote about imposing interoperability requirements on tech platforms, arguing that if consumers could take their data and go to a competitor, "a platform that perennially violated users' privacy would likely lose ground to more privacy-conscious rivals."

Both Soltani and Hoofnagle said the FTC would be well-served by encouraging more coordination between the Bureau of Competition and the Bureau of Consumer Protection.

Ultimately, though, one of the biggest tools Khan will have as chair is the power to use the bully pulpit to communicate these concerns both to Congress and to industry. Slaughter used her limited time as acting chair to ask Congress for additional funding and authority for the FTC and to issue a warning to tech companies that selling or using biased AI could violate the agency's prohibition on deceptive or misleading practices. As chair, Khan could issue much the same sort of guidance on deceptive data practices and send a message about how the FTC plans to pursue such cases in the future.

"There's enforcement, which is entering new cases," Soltani said, "but there's also the soft regulatory dance that's done with industry and regulators about what industry is planning and how regulators will receive those plans."

Workplace

The tools that make you pay for not getting stuff done

Some tools let you put your money on the line for productivity. Should you bite?

Commitment contracts are popular in a niche corner of the internet, and the tools have built up loyal followings of people who find the extra motivation effective.

Photoillustration: Anna Shvets/Pexels; Protocol

Danny Reeves, CEO and co-founder of Beeminder, is used to defending his product.

“When people first hear about it, they’re kind of appalled,” Reeves said. “Making money off of people’s failure is how they view it.”

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.

Sponsored Content

Foursquare data story: leveraging location data for site selection

We take a closer look at points of interest and foot traffic patterns to demonstrate how location data can be leveraged to inform better site selecti­on strategies.

Imagine: You’re the leader of a real estate team at a restaurant brand looking to open a new location in Manhattan. You have two options you’re evaluating: one site in SoHo, and another site in the Flatiron neighborhood. Which do you choose?

Keep Reading Show less

Elon Musk has bots on his mind.

Photo: Christian Marquardt/Getty Images

Elon Musk says he needs proof that less than 5% of Twitter's users are bots — or the deal isn't going ahead.

Keep Reading Show less
Jamie Condliffe

Jamie Condliffe ( @jme_c) is the executive editor at Protocol, based in London. Prior to joining Protocol in 2019, he worked on the business desk at The New York Times, where he edited the DealBook newsletter and wrote Bits, the weekly tech newsletter. He has previously worked at MIT Technology Review, Gizmodo, and New Scientist, and has held lectureships at the University of Oxford and Imperial College London. He also holds a doctorate in engineering from the University of Oxford.

Policy

Nobody will help Big Tech prevent online terrorism but itself

There’s no will in Congress or the C-suites of social media giants for a new approach, but smaller platforms would have room to step up — if they decided to.

Timothy Kujawski of Buffalo lights candles at a makeshift memorial as people gather at the scene of a mass shooting at Tops Friendly Market at Jefferson Avenue and Riley Street on Sunday, May 15, 2022 in Buffalo, NY. The fatal shooting of 10 people at a grocery store in a historically Black neighborhood of Buffalo by a young white gunman is being investigated as a hate crime and an act of racially motivated violent extremism, according to federal officials.

Photo: Kent Nishimura / Los Angeles Times via Getty Images

The shooting in Buffalo, New York, that killed 10 people over the weekend has put the spotlight back on social media companies. Some of the attack was livestreamed, beginning on Amazon-owned Twitch, and the alleged shooter appears to have written about how his racist motivations arose from misinformation on smaller or fringe sites including 4chan.

In response, policymakers are directing their anger at tech platforms, with New York Governor Kathy Hochul calling for the companies to be “more vigilant in monitoring” and for “a legal responsibility to ensure that such hate cannot populate these sites.”

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

We're answering all your questions about the crypto crash.

Photo: Chris Liverani/Unsplash

People started talking about another crypto winter in January, when falling prices had wiped out $1 trillion in value from November’s peak. Prices rallied back in March, restoring some of the losses. Then crypto fell hard again, with bitcoin down more than 60% from its all-time high and other cryptocurrencies harder hit. The market’s message was clear: Crypto winter was no longer coming. It’s here.

If you’ve got questions about the crypto crash, the Protocol Fintech team has answers.

Keep Reading Show less
Latest Stories
Bulletins