Speaker 0
0:10 – 0:14
Welcome to Tech Talk. Bye. CT. Tea.
Speaker 2
0:16 – 2:32
Welcome to CDT's Tech Talk where we dish on tech and Internet policy while also explaining what these policies really mean to our daily lives. I'm Brian Wasilowski, and it's time to talk tech. During this episode, we'll be talking about the so called on demand economy and how new entrants into traditionally highly regulated spaces are raising important questions about personal data and government reporting requirements. We'll also be talking about a case involving a sheriff in Illinois who has seemingly made it his personal mission to shut down backpage.com. In sending threatening letters to financial service companies that work with Backpage, the sheriff was directly challenging intermediary liability restrictions that are a pillar of the Internet and core to free expression online. Disrupters, innovators, call them what you will, but without a doubt, the companies that are driving the so called on demand economy, such as Uber and Airbnb, are profoundly changing the landscape in some heavily regulated industries. Many of these new on demand companies are proving to be extremely popular with both consumers and those wanting to offer their services. As entrenched companies in a variety of industries grapple with the new competition, trench companies in a variety of industries grapple with the new competition, government agencies and regulators are also faced with the challenge of what rules should apply. Should these tech companies be regulated in the same way as the more traditional players? What are the differences, given that they have so much more data on individual consumers? And what do existing and a number of new proposals mean for the privacy of the users of these services. I'm thrilled to have actually physically here in DC and not just in San Francisco, CDT's San Francisco director and policy counsel, Gautam Hans. And he's going to talk about data privacy and government agencies in the on demand economy. Welcome back, Autumn. It's great to see you. And your voice already sounds better now that we're not doing this remotely. I know. The tele in person is better than the telephone. Well, as in the case of so many things. So you're working on a paper about the on demand economy and government access to user data data generated by these companies. What are the key issues raised by trying to regulate these emergency emergency emerging on demand services in traditional ways?
Speaker 1
2:33 – 3:42
Yeah. So I think one of the challenges that we see in this space is that companies that are new entrance, whether it's through apps or through online websites, usually have a lot more data about individual users than the traditional taxi cab or hotel. So it's just one of the major things that we think about here is volume of data and how much these records contain. We at at CDT, completely believe in the role of regulation to protect consumers, to promote anti discrimination and equal access. And I think that we definitely see a need for regulation in the space. But the challenges of new entrants means that there's just so much more data about individual users. And that creates a lot, sort of a greater number of questions about how the regulations should be written and what that means for individual users, what that means for the companies, what that means for the government. And so there needs to be, we believe, more of a detailed examination of how to write these laws, how to write these regulations in a way that promotes the governmental interest while still preserving individual privacy and security.
Speaker 2
3:42 – 3:48
So a couple of follows follow ups to that. First, what is like, what more data do they have?
Speaker 1
3:48 – 5:17
So let's say that you had hailed a cab in New York, you know, on the street, not, you know, ten or fifteen years ago. Even if you paid with a credit card, the information that would be tied to that would probably just be, you know, when you were picked up, your credit card information, potentially where you were dropped off, the time of the trip. But if you're using Uber or, you know, Lyft or another ride sharing app, and Uber or Lyft has to or that other company has to transmit that data to the government, they have a longitudinal amount of data on you, the individual. It's not just about you and that one trip. It's about maybe all your trips and maybe not just in this one area, maybe in New York or San Francisco or Austin or LA. And so what the company is transmitting both is associated with an individual user potentially, not probably not, but potentially over a longer period of time. And it I think if you use an app, you obviously can't pay with cash. And so there are the issues about privacy and anonymity. If I really cared about my privacy in the old days, I could go to a hotel and pay with cash Sure. Or I could pay with a cab in cash. But with data, when it's associated with an individual person, you know, there's just much more of an expansive record. And theoretically, that could be associated with other governmental records as well. Now I wanna, you know, state, especially we don't see any evidence of this happening. I don't think that there is any malfeasance on anyone's part, whether in the government or a company or from an individual user. But I do think just as we've seen in so many other contexts,
Speaker 2
5:18 – 5:38
more data means more questions. Yeah. It can't just be one of those hand over all the data. It is very different data. That's a good point. So there's a couple of bad proposals that we've seen. I know in the paper that hopefully will be published in the next week or two. Hopefully, even actually next week. You highlight two case studies of kind of proposals that, well, potentially well intentioned,
Speaker 1
5:39 – 7:26
missed it. What are what are we seeing in bad proposals by, you know, governments that try to address the regulatory issues here? Yeah. So the the good thing about this or the good good in quotes is that the issues that we see with these proposals are very common to the proposal that CDT runs across in a lot of different governmental context. Collection of a lot of data that maybe the government doesn't need, not specifying the purposes for which it's used and limiting those purposes, not talking about security of transmission and of storage, questions about de identification, you know, what you can get away with not sending to the government and what you really need to send. And then finally, and this is actually, I think, really of interest and maybe a bit novel, is the FOIA question. You know, what happens when you as a private citizen, FOIA the government, FOIA, the Freedom of Information Act, for public records requests and how the government should be dealing with those questions as well. So, again, all of these issues are not, you know, fatal to these proposals. We don't think of that, you can't write a proposal at all. But it will I think in CDT's view, we really want the government to be thinking about these questions and really articulating what is the data that we really need need and what data do we not need? How long are we gonna keep this data? How do we make sure that the data is transmitted securely? And how do we make sure that in the event of a breach, that individual citizen's privacy isn't negatively affected? And finally, what do we do when the public submits a FOIA request to us? These are all questions that I think could be answered. And in the paper, we provide proactive solutions and we will continue to do so for governmental agencies. This is gonna be an ongoing project for CGT. But I do think, they really should be answered pre, preemptively and proactively rather than trying to clean up it later down the road. So you address some of the things that,
Speaker 2
7:27 – 7:53
agencies should be thinking about. What about on the flip side of it, companies? What you know, if they get demands for data or requests for data, you know, absent certain regulations or policies, are there certain things that, you know, a lot of these these on demand companies are relatively new players, you know, but there's a lot of start ups probably being based on this. You know, does a company have rights? What should they be thinking about when they get these demands? Right. So we certainly, I think, hope that companies will,
Speaker 1
7:54 – 9:51
in the event of the request, sir, first think about why is this request happening and under what authority. I think we are really opposed to the idea of someone at a regulatory agency calling up a company or emailing a company saying, hey, give us all your data and not really saying why and for what reason and what the authorizing ability is for that. Now I don't think that that needs to be necessarily adversarial, but I think these are, you know, pretty just common sense basic questions to ask. Well, why does the government need the data? And there may be a very good reason for it. But I think it's important to at the first instance sort of say, okay, what are what is this for? What do you need it for? Can we provide you a data step that fulfills the governmental needs and interests while still, you know, not revealing too much personally identifiable information. So I think that's a balancing act. I think companies, when they get a sort of one off request, those are the questions you need to ask. When there's a proposal on the table, that's a regulatory proposal or, you know, potential lobbying passed at the state or the local level. I think it's really behooves the company to think about, you know, what are the languages what are the language issues here? Are there any? And how can we sort of, you know, come back to the agency or to the legislator and say, okay, here's what we think could work. Here are the problems we see. I think the upside of this is that we're starting to see a little bit more cooperation between the companies and the governmental agencies on this front. Airbnb announced just this week, in New York that they're gonna try to provide some more information to the city of New York about their rental habits. More of the aggregate as opposed to yeah. Yeah. Aggregate information that doesn't really identify individual users, which I think does a good job of balancing privacy and transparency. Uber is, I think, has tried to do this in the past, with the city of Boston and I think is trying to iterate on those proposals as well. And I think, you know, encouraging a bit more cooperation is I think probably in everyone's best interest. I think, there has been a lot of public debate about these issues, which I think is very welcome. But,
Speaker 2
9:51 – 10:47
you know, we would like to deescalate the adversarial nature and, you know, at CTT, we're all about convening. And so I think that we would really love to bring all the parties together. Yes. We would love to convene more of a solution and I think we're gonna try to do that going forward. So you've hinted on this a bit, but I mean, obviously, one of the at the core of this is the users of these these services. So I mean, on my phone, I probably have apps to every one of the companies you've mentioned plus some. You know, what should you be thinking about while you're using these services knowing that, you know, there's kind of this right now, I wouldn't say a a full void, but there certainly is, you know, some negotiation going on and the the terms are being kind of mapped out still in this emerging on demand economy that we have. As a user, are there things I should be asking of my government and also of, you know, the companies that provide these services? Absolutely. So I think on the government side, we've seen a lot of proposals that have been stymied or even,
Speaker 1
10:48 – 11:21
forestalled by user action. There was a very prominent case over the summer in New York about, mayor de Blasio's proposals and Uber sort of organized their users to really protest it. So I think that again can be a little bit more adversarial than we would like. But I think from the user perspective, directed towards the government, I think to the degree that users care about obscure governmental regulatory policy, they should certainly try to voice by, you know, their concerns. I mean, and sometimes as we saw in San Francisco, there are proposals on the ballot, and I think it's really important to sort of actively. I've heard a lot of those though, like a lot of the protests more about
Speaker 2
11:22 – 11:25
protest is probably a little bit too strong of a word. But,
Speaker 1
11:25 – 12:28
more about banning the service as opposed to just the debt limiting it. Okay. And so, you know, I think that's probably why, like, it's a little bit too blunt force. But I do think that there is a role to sort of, you know, as we see in all our political advocacy of calling your, you know, local representative or emailing or what have you, trying to, you know, exercise your civic duty to the degree possible. With regulatory agencies, it's a bit probably removed for the individual user. But, you know, there's still the possibility of it. I think directed at the companies, you know, I will say that in CDT often feels both from the government and from a company side that limiting collection and being very delineated about what you're using data for is important. And so I would encourage users when thinking about services, really question, you know, why does the service needs particular categories of data and what are they using it for? And that really, you know, is trickles down to how the company communicates with the government. You know, we've often said that apps should not request data that are not necessary for those apps. And I think that really applies to every company. And so I think users have a role to play in that context as well. Absolutely. So we'll keep using the apps but ask better questions. Right? Yeah. That's the CDC way.
Speaker 2
12:29 – 14:35
Alright. Great. Thanks so much, Gautam. And as mentioned, he's working on a paper that will be up in the next week or so. We'll definitely be sure to tweet that, share it on Facebook. Check back for that in the very, very near future. For all your regulatory policy needs. You're gonna love it. It's great reading. Thanks, Gautam. Sheriff Dart, which is an incredible name, is not a fan of Backpage. The classified ad site has come under scrutiny for some of the adult ads posted on the site. But as listeners to this podcast know, one of the fundamental underpinnings of free speech online is the liability protections websites receive when they host user generated content. In short, the person posting the content, not the website, is liable for any illegal content, and websites are protected from the threat of litigation based on their content takedown policies. Well, sheriff Dart didn't believe that this protection should apply to classified ad sites, but he lost his very first case that he brought against Craigslist in 2009. After this initial set setback, Dart decided to go after the financial service companies, in this case, Mastercard and Visa, that make it possible for classified ad sites like Craigslist and Backpage to conduct business online. He sent them threatening letters of potential action against them if they did not stop providing their services to Backpage. Backpage, rightfully so, sued, but a lower court ruled that the sheriff was practicing personal advocacy in sending the letters, deeming it protected free speech. But last week, the Court Court of Appeals reversed this ruling and ordered Sheriff Dart to not only halt his campaign of coercion against Backpage, but to also notify Visa and Mastercard of the court's ruling. CDT filed a brief in support of Backpage in this case, and CDT's amazing free expression fellow, Rita Kant, joins me today to discuss the case and why it is so important to free speech online. Welcome, Rita. Thank you. We typically have Emma here, but Rita has agreed to join us today. So, Rita, I gave probably the longest background I've ever given on a case. What do you find most troubling about this case?
Speaker 0
14:36 – 15:09
Well, what was most troubling for me and many other free expression advocates was the serious lack of regard for the first amendment rights at stake here. So this was not just the sheriff who was clearly determined to throw the baby out with the bathwater, but also by the lower court. And it's rare that you see officials so openly hostile to the right of a community of users to come together and exchange information and opportunities online. But we really saw that in this case. Yeah. It seems like it was really a personal mission for him in this case. But,
Speaker 2
15:09 – 15:38
one of the interesting things for me in this case is kind of that murky line line between, like, when are you acting as a government official and when are you acting in a professional or I'm sorry, a personal capacity. How should we be thinking about this issue? I mean, clearly, I guess, in this case, the sheriff sheriff actually sent the letters to the credit card companies on official letterhead, but still said he was acting as an end of, you know, a person, you know, personal capacity. That seems ridiculous. But what should we be thinking about?
Speaker 0
15:39 – 16:42
Well, you're right. I think it's absolutely crucial that we reserve our rights to engage in freedoms of expression and association even when we decide to work for the government, or when we decide to become law enforcement officers. The supreme court has emphasized that government employees like other citizens have the right to march in a protest, back page. But and and officials like police officers are sometimes in the best position to be able to talk about problems within the agency. So it's really crucial that we we maintain their free expression rights. But in a situation like this, as you said, where the police officer is writing letters on department letterhead threatening criminal action, using the bully pulpit of his office, the sheriff's office to blacklist people from economic life. It's clear that that's official capacity and the Supreme Court has defined sort of the the parameters of that that kind of activity. Great. So for our listeners who might not know, although they all should know this,
Speaker 2
16:42 – 16:52
in this case, one of the core things was intermediary liability protections. Why are those so tell us what those are again, and why are they so fundamental to free speech online?
Speaker 0
16:54 – 17:50
Well, Congress enacted section two thirty of the Communications Act to encourage Internet companies to keep providing the intermediary services that that all of our Internet speech relies on. And this is really crucial because protections against liability for, civil, or or or criminal law in state in states, or also civil suits in in federal, courts, can can really chill an ISP or a website's willingness to host other people's content. We really like, the idea of basically behind all this is that we just don't wanna shoot the messenger because people will stop signing up to be a messenger when, when we don't provide those protections and then, you know, the messages stop coming.
Speaker 2
17:51 – 18:13
And But the amount of content that's being produced today, when you really think about it, like, how can some of these platforms really monitor all of it? And I think, you know, the the core here is that with take down policies, if there is illegal content, they'll take it down. And the the person who posted that content should be the one responsible, not the website necessarily. Right. And that's exactly the purpose of section two thirty,
Speaker 0
18:14 – 18:27
to encourage websites to, you know, actively monitor their their websites or the networks, will just, you know, discourage people from, you know, providing those services to users.
Speaker 2
18:27 – 18:50
So what was kind of unique about this case with Sheriff Dart is, that he decided to then go after after losing his initial case based fully on or solely on section two thirty, he decided to go right after the credit card companies, the financial intermediaries here. Is this new? Have we seen this before? On some levels, it seems like a fairly novel clever approach on his part. Right.
Speaker 0
18:50 – 20:24
Right. Well, there's nothing new here. In fact, the original precedent for this kind of, for the for the ultimate decision in the, Seventh Circuit Court of Circuit Court of Appeal, dates back to the early sixties. Oh, definitely not new. Right. I mean, I'm sure this kind of activity has been going on for even longer. But in a case called Banton Books v Sullivan, there was a Rhode Island Commission to Protect Morality of of youth, they realized they couldn't just shut down a bookstore which was selling sort of steamy adult novels so they took their black list, of books and sent it to all the book distributors in the state, instead. And the supreme court said, well, you're not banning books, but it's clear that you're just circumventing the rights of booksellers and readers by leaning on their business partners. So this is the sort of premise that, Backpage brought its suit against sheriff Darton. And, you know, we we think that it's really important that we've established this precedent in this case. We've that we've brought that sort of protection that the Supreme Court recognized against informal extra legal censorship offline. We've imported it to the online world. And and the reason is because so much of our speech online is completely intermediated. Every blog you post or website you read is available online only because of the series of technical and financial intermediaries working together to make sure that you you can get that content. So that's why, it might seem like a really good idea.
Speaker 2
20:25 – 20:48
I think it's a terrible idea. I just thought it was a clever approach. It's a clever approach, but it's probably not a long term strategy. Cool. So, for other financial intermediaries you mentioned and we mentioned Visa Visa and Mastercard. I mean, you could certainly think of PayPal or Stripe and all the other different ones out there. If they were to get a letter like this, you know, a threatening letter from a government official, whether in a,
Speaker 1
20:48 – 20:49
you know, personal or, you know, professional capacity, what should they be doing? I mean, I know that Visa
Speaker 2
20:50 – 21:04
and Mastercard actually stopped providing service to Backpage for a bit. Should other companies do that? You know, I don't know. Or what's what's their recourse of action here?
Speaker 0
21:05 – 22:35
Well, actually, I think Visa and Mastercard are continuing to not provide services to Backpage, which means that Backpage has stopped, offering its ads for a price, which so right now, all of its ads are available for free. But that really, you know, puts into question whether Backpage was gonna be around next year and coming years, because it just can't turn a profit from offering free services. So so but I think that kind of, you know, implication for free expression, for users free expression is is not something that most Internet users are willing to to accept from just a, you know, card provider or another, payment processor. We don't tend to think of those entities as, you know, being anyway interested in the the kinds of things we are and aren't, able to say on the Internet. So I I wouldn't be surprised if we start seeing more and more companies, financial intermediaries specifically developing policies to sort of tell, government officials or even other private actors that no, we're we're not willing to discriminate against certain, clients because of, you know, your concerns about what they're saying online. I think, you know, companies card companies probably don't wanna be content police for the Internet, and unless they wanna start becoming that go to source for censorship, I think they'd be they'd be wise to start developing policies.
Speaker 2
22:35 – 22:54
Yeah. It definitely seems like a place that, you know, these companies would not wanna be. I mean, just why would you wanna be the ones that police content online? It seems like a terrible position to put yourself. So last question, Sheriff Dart, we've heard from him before. He's come back. Do you think we'll hear from him again or is this kind of the final word, from Sheriff Dart?
Speaker 0
22:54 – 23:34
Well, unfortunately for Sheriff Dart, I think the Seventh circuit ruling is pretty clear that this kind of activity and any other kinds of official capacity conduct you might take against any other kind of intermediary that enables Backpage to provide services online is really out of the window. This that means this kind of tactic is gonna be a lot harder for him or anyone in his office to engage in and it's probably going to have the same message and implication for other government officials who would consider doing kind of thing in the future. So hopefully, he'll take the hint and just keep busy with his law enforcement responsibilities.
Speaker 2
23:34 – 24:16
Well, there you go. That's some good advice. Thanks so much for joining, Rita. Thank you. That's it for this week's CDT Tech Talk. You can find more information about today's topics at www.cdt.org. Be sure to check there for Gautam's paper on the on demand economy and government quest for user data. Also, CDT is looking for summer interns. If you're intrigued by the thought of interning for the very best tech policy advocacy org out there, check out the career section on our website. As always, tweet us any questions you have or topics you'd like us to cover to at SemDEMTech. I'm Brian Wasilowski. Thanks for listening.