Analysis & Opinions - Hive

Why the Government Matters: A Primer for Data-Minded Entrepreneurs

| April 12, 2013

Washington can often be the last thing on an entrepreneur's mind. And naturally so — the culture of bureaucracy and reputation for being out of touch is the last thing that someone working on the cutting edge of technology wants to think about. Developing innovative products, especially ones that are data-driven, often requires an out-of-the-box style of thinking that can seem directly antithetical to the lethargic enforcement mechanisms of the government. But there are many good reasons for those working on the cutting edge to think about the issues that are "top of mind" for law enforcement and regulators during product development — and in Washington, DC, privacy is undoubtedly one of the key issues of the day.

Over the course of a series of blog posts, I’ll discuss some of the various facets of "privacy" that entrepreneurs should think about. Most of you — especially those of you that work with personally identifiable information, or, even more sensitive health information — are probably familiar with data security. Countless articles have led to the (somewhat justified) widespread fear of the risks of identity theft given a data breach or unauthorized disclosure of such information. Yet among the informed public, fear of misuse of personal information is not limited to a wary eye towards cyber criminals — increasingly, concern has been voiced at the increasing power of the government in electronic surveillance.

Justice William O. Douglas, one of the leading lights on privacy of the 20 th century, famously lamented in the 1966 case Osborn v. United States — "We are rapidly entering the age of no privacy, where everyone is open to surveillance at all times; where there are no secrets from government." The last half-century has not quite seen our society devolve into this predicted dystopia; but the combination of rapidly evolving technology, changing social norms, and outdated laws have led us far closer to the edge than most expect.

Today, we’ll take a look at how laws can age in ways that we didn't expect. Despite the best intentions of the drafters, changing technology and behavior have impacted the operation of various laws to create counterintuitive — and sometimes downright crazy — incentives. The Electronic Communications Privacy Act of 1986, known as "ECPA," which sets the standards that government agencies must adhere to when seeking to access an individual's electronic communications, provides an excellent case in point.

Cloud computing has fundamentally changed the way we store and access data; now, as our most sensitive information is increasingly stored remotely by third parties, the law creates a set of perverse incentives for providers of that storage space. In the late 1980s, email was delivered in a method much analogous to the postal service — email was "sent," where it would reside upon a server until it was "pulled down" by the local machine that received the message. Acting upon the belief that such basic precepts of electronic communications would endure, ECPA built upon this analogy. In the physical world, mail that has been "abandoned" or discarded is no longer provided Fourth Amendment protections against search and seizure. In other words, the government does not need a warrant to root through your trash. ECPA, for reasons that made sense in the 1980s, defined mail that had been read but was left on a remote server for more than six months as "abandoned" — thereby allowing the government to access it without a warrant. Unread mail, however, no matter the age, was considered to still be "in transmission," and the government needs a warrant — issued by a court after a showing of probable cause — to access it.

Let's stop to think about this for a second: in the age of cloud-based email, what does this mean? The government can access all of your most private, sensitive communications that are more than six months old — naturally, these are the ones you have read and retain in your Gmail account — without a warrant. Meanwhile, every communication from a Nigerian scammer or Viagra salesman — the emails you have naturally left unread, piling up in your spam folder — are afforded the protection of the judicial system. The ability to conduct electronic surveillance — which former deputy homeland security advisor Richard Falkenrath has called "the single most important power of the U.S. government," has grown in ways that had never been envisioned simply due to technological advancement.

Law enforcement access to data stored in the cloud is but one unintended consequence of the increasing quantity of data that we generate and share. Even as we draw attention to how technology has warped ECPA (as we will discuss in subsequent posts, ECPA has several other problematic provisions), it important to keep an eye on how our behavior itself can be responsible for dramatically changing the operation of the law. The Video Privacy Protection Act (VPPA) is a case study in how social changes can be just as important as technological developments.

The VPPA was passed in 1988 in response to the public outcry at the disclosure of Judge Robert Bork's video rental history during the hearings regarding his nomination to the Supreme Court. At the time, the disclosure (albeit admittedly involuntary) of one's video rental history was considered to be so abhorrent that Congress passed an unusually narrow statute to prohibit such a practice. But over the last few decades, we have begun to share more and more online — through Facebook, Twitter, and various other platforms that serve a dual role both as a social platform as well as data aggregators themselves.

As a consequence of such a reduced "demand" for privacy, we have run up against such laws that were created to protect us. In early 2013, an amendment was passed by Congress and signed by President Obama permitting a consumer to provide "advance consent" for Netflix — or other video rental or viewing companies — to share this information with third parties. In a mere 25 years, the behavior — and expectations — of the country has swung so dramatically towards openness and sharing as to force Congressional action (no small feat in our gridlocked nation's capital) — to permit it.

As of our information becomes available in ways that it never was before, advancement in analytics have provided unforeseen benefits in targeting and the development of predictive models. Yet even as we continue our inexorable march towards the cloud, there is a cautionary lesson for start-ups. As social norms change, and as technology develops, Silicon Valley might expect law and policy to keep pace. But as we have seen even from these two examples, while innovation may race forward, the law will plot a more deliberate path. Even the best of ideas can have unexpected legal consequences — for consumers as well as for entrepreneurs.

So, entrepreneurs: keep an eye on Washington. As Microsoft, Google, and Facebook have learned, it is better to be proactive than reactive when thinking about the government. And don't we all want to be responsible for the next Microsoft, Google, or Facebook?

Vivek Mohan is a Fellow of Information & Communications Technology Policy at the Harvard Kennedy School of Government. A graduate of Columbia Law School, Vivek is a native of the Bay Area, and formerly worked as an attorney for Microsoft in Washington DC.

For more information on this publication: Belfer Communications Office
For Academic Citation: Mohan, Vivek.“Why the Government Matters: A Primer for Data-Minded Entrepreneurs.” Hive, April 12, 2013.

The Author