Weighty high-tech issues are likely to flummox Congress again this year, just as they did last year, when lengthy hearings with chief executives of Facebook and Google drew a spotlight to the deep unfamiliarity of some legislators with technology matters.
Rather than tackling issues head on about privacy, data protection, and artificial intelligence, legislators may opt for lesser steps.
Democrats now in control of the House say they will heed growing public clamor about the use — or misuse — of personal data by social media platforms and other digital companies. But they acknowledge that little action may emerge from the divided Congress.
Rep. Frank Pallone, a a New Jersey Democrat who chairs the House Energy and Commerce Committee, which covers an array of internet issues, said he will push “policies that protect net neutrality, promote public safety, and provide meaningful privacy and data security protections that are seriously lacking today.”
Will that lead to concrete legislation? Other Democrats set the bar low. “I think it’s not impossible…. I don’t think it’s out of the question,” said Rep. Pramila Jayapal, a Democrat from Washington state who sits on the House Judiciary Committee.
Some Republicans concur.
“It’s going to be around the edges. It’s not going to be anything particularly substantive,” said Rep. Andy Biggs, an Arizona Republican and member of the conservative Freedom Caucus.
Industry experts voiced concern that inaction on Capitol Hill will allow the muscular lobbying arms of Big Tech companies to mold future regulation, and leave individual states and the European Union to continue with their own regulatory initiatives, bypassing Washington.
“Other countries are defining the rules of the road for us right now,” said Andrea L. Limbago, chief social scientist at Virtru, a Washington cybersecurity firm focused on digital privacy.
Only a handful of legislators have a deep understanding of digital technology, and they routinely are called upon to tutor other House members.
“I’m always shocked by the number of colleagues that come to me for advice and perspective,” said Rep. Will Hurd, a Texas Republican who studied computer science at Texas A&M before joining the CIA.
Another legislator, Rep. Ted Lieu, a California Democrat, was scornful of a House Judiciary committee hearing Dec. 11 in which Google chief executive Sundar Pichai faced repeated complaints of bias, about how its search engine algorithms function.
“We’re not going to be doing those stupid hearings anymore,” Lieu said.
During the Google hearing in December, one legislator appealed to Pichai to direct his company to offer more personalized tutorials. Another legislator posed a question to Pichai while holding up an iPhone, a device made by Apple, not Google, suffering ridicule on social media.
Legislators have not put their best foot forward, Limbago said.
“Shaking an iPhone at a Google exec is sort of the meme we see going everywhere to show the disconnect … of what the actual state of the tech environment is,” Limbago said.
Emerging tech issues that have drawn calls for congressional action include the use of facial recognition technology, activities of large Silicon Valley firms in China, how to secure connected home devices that are part of the Internet of Things, whether to adopt federal standards that pre-empt a patchwork of state laws, and how to protect the personal data of users.
“These are big, gnarly, hard problems that really thoughtful people have to work through, and that’s my worry. I don’t see that,” said Shane Green, the chief executive of the U.S. branch of digi.me, a British company that helps consumers keep control of their own data.
Green said he was taken aback by legislators during hearings with Facebook founder Mark Zuckerberg before House and Senate committees last April. He said some legislators failed to understand the “insatiable appetite” of Big Tech to track users for advertising purposes.
“They really just don’t understand the basics. In the Facebook hearings, literally a couple people asked how they made money and how they could do all this stuff for free,” Green said.
Green worries that legislators might design regulations that hinder companies and stifle innovation, or worse yet, “end up not regulating the companies at all and letting them effectively continue with their bad practices. … The worst case, candidly, is actually having regulations that are co-opted by the platforms.”
Large tech companies like Google have robust operations in the capital.
“They are one of the biggest lobbying powerhouses in Washington,” said Tom Galvin, executive director of the Digital Citizens Alliance, a nonprofit focused on internet consumer safety issues.
Congress isn’t the only focus of the lobbyists. Other regulatory entities, including attorneys general at the state level, are already molding the tech environment, some with a consumer focus, or in the case of the European Union with a focus on competition and privacy, Galvin said.
Last May, the European Union implemented its General Data Protection Regulation, which enshrines protections for EU citizens of their personal data and restricts its use outside the continent. Potential fines are mammoth – up to four percent of a company’s annual global turnover.
But Galvin said such fines are not always a deterrent to Big Tech companies.
“A billion dollar fine to a company like Google is like our dry cleaning. If they can solve this problem with money, they will do it every time,” Galvin said.
Perhaps more worrisome to Big Tech is the changing public perception among ordinary users, some of whom are voicing privacy concerns to their representatives.
Rep. Raja Krishnamoorthi, a Democrat from Illinois who has a mechanical engineering degree, said he hears such constituent concerns routinely.
“They understood they gave up some of their privacy and some of their data but they didn’t realize the extent of it. And it feels unfair. So they come to us now, and they’re basically saying, ‘We need to regulate this industry,’” Krishnamoorthi said.
At least two states have gotten a jump on Washington. Vermont became the first state last May to regulate data broker firms that buy and sell personal consumer information. A California law, which takes effect in January 2020, grants consumers the right to know what data is being collected and what high-tech companies are doing with the data.
On a federal level, no single data privacy law currently exists, although Sen. Brian Schatz, a Democrat from Hawaii, floated a proposal with 14 co-sponsors in mid-December. His is one of three such proposals in the Senate. Sensing a changing public mood, the tech industry has offered support for any federal bill that might override California’s privacy law.
Another area with a variety of state laws – and no federal law – is that around disclosure of data breaches. Hurd said he believes there are 47 laws around the country that corporations must comply with when they suffer a hack.
Krishnamoorthi said Capitol Hill shouldn’t stand by as states take on such high-tech matters.
“We should not cede our authority to anybody on this particular issue. If some states are moving sooner than others, that’s fine. But we need to catch up. … We need to act,” he said.