the Future of Change

As federal police in camouflage with no identification travel in unmarked cars in the city of Portland, OR, seizing people without probable cause and holding them without charge, it takes no great leap to look ahead to how these and other tactics could threaten the integrity of the 2020 election.  We are already seeing protesters across the country subject to surveillance through new technologies, and the harsh tactics being used in Portland could portend similar thuggish action to dissuade voters in November.  But we don’t have to look far back to see similar behavior–albeit of the digital kind–interfering with a national election.  And yet since that previous scandal, much more needs to be done to protect the 2020 election. The Cambridge Analytica scandal was supposed to be a wake-up call that our private information maintained on social media is not as secure as we like and, moreover, that it can be manipulated for electoral ends.  While Facebook accepted a $5 Billion fine for the breach  (which Kara Swisher called a parking ticket when one takes into account the company’s valuation), this incursion on users’ private information wasn’t really a breach: access to users’ private information to which Cambridge Analytica ultimately gained access was essentially consistent with the Facebook user agreement and many users consented to give access to their private information, even the private information of their friends.  Despite efforts to provide data transparency through such initiatives as the European Union’s General Data Protection Regulation and states like California strengthening their respective privacy regulations, we face a looming election not much better prepared or protected than we were in 2016.  In a forthcoming piece in the Florida State University Law Review, I explore some ways that we might consider protecting the sort of information exposed in the Cambridge Analytica scandal. You can read a working draft of the piece here.  Comments and feedback welcome. For a taste, here’s the abstract:

When it was revealed that Cambridge Analytica obtained the personal and private information of eighty-seven million Facebook users to aid the U.S. presidential campaign of Donald J. Trump, it was described as privacy’s “Three Mile Island”: an event, like the famed nuclear accident from which the term comes, that would shake and shape an industry and its approach to digital privacy and the underlying political information such privacy protects. In the intervening three years, with another presidential election looming in the United States, and despite these revelations, little has changed in terms of protecting the type of private information essential to the functioning of democracies. But what the Cambridge Analytica scandal also made clear is that threats to private information revealed and embedded in our digital activities threaten democracy. What is more, these threats risk undermining individual identity and autonomy and the ability of individuals to pursue individual and collective self-determination. An individual’s political identity—who she associated with, what she says, what she thinks, the questions and ideas she explores, for whom she votes—is all caught up in notions of political privacy. While current public-law protections are fairly robust when it comes to protecting political privacy, even as some fear that current responses to the pandemic may require a degree of intrusion upon privacy by government, the threats to privacy that have emerged in the digital age preceded the current public health crisis and emanate mostly from private actors, where protections for political privacy are quite weak. Nevertheless, democracy requires a high degree of protection for individual identity and political privacy, regardless of the source of the threat, especially when the lines between private action and public effects are blurred, as in the Cambridge Analytica scandal. Given the importance of the integrity of identity to democracy, and the fact that many of the threats to political privacy emanate from private actors, as this Article shows, enhanced protections for this political privacy are also necessary in the private law context. Calls for greater protection of digital privacy often result in recommendations that a single institution—the market, political bodies, or the courts—should take a greater role in policing online privacy. Yet these institutions are often interdependent when it comes to protecting digital privacy, and, by extension, political privacy. Efforts promoted through one institution can often have positive—and negative—spillover effects on the functioning of other institutions: they can at times strengthen the protections of such privacy in other institutional settings, or undermine the ability of those other institutions to function effectively to protect political privacy. So which institution or set of institutions is best suited to protect such political privacy? This question calls for the application of the method known as comparative institutional analysis, which assesses the relative strengths and weaknesses of different institutions in achieving desired policy goals. At the same time, as this discussion will reveal, even comparative institutional analysis, if it does not take into account the extent to which different institutional settings can have spillover effects on the ability of other institutions to achieve particular policy goals, fails to offer sufficient tools for the assessment of the best institution or institutions to achieve such goals. Indeed, as this Article attempts to show, at least when it comes to protecting political privacy in private-law contexts, any effective institutional response to the threats to political privacy will likely require not just an appreciation for the ways in which different institutional settings are interdependent when it comes to achieving that goal, but also that any such effort will require an integrated and comprehensive approach that spans different institutional settings. In the end, this Article is an attempt to use the tools of comparative institutional analysis to assess the relative abilities of different institutions to protect political privacy, including an assessment of the litigation that has arisen in the wake of the Cambridge Analytica scandal, to determine the role of different institutions in protecting political privacy in private law—as opposed to public law—settings. Through a review of this and other litigation to protect digital privacy, which, more and more, affects political privacy, I will show not just how different institutional settings can strengthen the functioning of other settings, but also how they can undermine such settings. Thus, given the fact that institutions that protect political privacy can often work at cross-purposes in policing political privacy, this Article argues for the need for comprehensive, integrated, and cooperative action across institutions to ensure the proper protection of this type of privacy.