It's Time to Stand up to Facebook, Google and the NSA and Take Back Our Data

Several weeks after the events of 9/11, I was in the West Wing of the White House debating the Patriot Act. I was a technology policy director at the time, and we were discussing the balance between personal liberties—particularly the privacy of our citizenry—against the need to protect America from terrorist threats. The most pressing concern was clear: how much freedom should the National Security Agency (NSA) be granted to spy on US citizens on US soil?

As it happened, top secret courts, largely comprised of people with no technological backgrounds, were granted an essentially unfettered ability to determine the boundaries of what law enforcement can or cannot do with our personal data. And our personal data includes everything transactional we do as human beings when interacting with technology. Our landline phones, our smart phones, our TVs, our credit cards, the internet.

I unsuccessfully argued for stricter guidelines to govern the courts, outlining when and where it was OK for government agencies to spy on us. Great caution is required when encroaching on the implied right to privacy enshrined in the fourth amendment to the Constitution. But the Patriot Act, while accomplishing many important policy goals, fell short on protecting our rights as citizens. And while I disagree with the notion of betraying state secrets, the Edward Snowden revelations demonstrated the degree to which new guardrails are required.

Just last month, Congress updated a number of the Patriot Act provisions only for the secrecy guidelines to stay the same. Last month also marked the ignominious six-month anniversary of Equifax confessing to the greatest privacy intrusion in history, affecting nearly every American adult. And then we have Google paying huge fines for failing to follow European privacy guidelines; Facebook admitting to effectively selling access to American citizens’ data so that Russia could infiltrate the US election process at the highest levels. You get the idea.

While European and other nations have been quick to act to protect citizens’ privacy, the U.S. has remained strangely complacent. Europeans have been faster to identify the fact that we are our data and therefore it must be protected, by introducing very strict regulatory guidelines impacting all multi-national corporations and levying massive fines when they are crossed.

facebook surveillance privacy instagram data The Facebook logo on a wall at a start-up companies gathering at Station F, Paris, January 17. REUTERS/Philippe Wojazer

Why are Americans so complacent in the face of this threat? I think this is due to several factors, chief among them is that a handful of extraordinarily powerful corporations have effectively lulled Americans into trusting them to do the right thing with their most sensitive data. The seductive power of our smartphones, our Facebook feeds and Google’s search bar is very real and very powerful. Meanwhile, whether Equifax or Google or Amazon or Facebook, these companies are financially incentivized to collect and monetize all of your data, everything about you. Think about it, today, all of our family photos, texts, search histories, interests, relationships, even at times our DNA sequencing are known by third parties.

History tells us that we can’t simply legislate or regulate our way out of this mess. But we can step up as citizens and demand control of our data. If we’re OK with our data being used for business purposes, that’s ok and it is our right. But if we want to take our data back and protect it, that is our right too.

As CEO of a company and an ardent capitalist, this isn’t about limiting corporations’ ability to make money. It is about putting protections in place to make certain that companies do the right thing. As Ronald Reagan said, "Trust, but verify." Today’s age leaves a massive footprint of personal information out in the wild, controlled by others. We must all work together to address this problem. Because the truth is that while we may not have a lot to hide, we certainly have a lot to protect.

John Ackerly is CEO and Co-Founder of Virtru, a data protection and data privacy software company. He previously worked as a technology policy advisor at the White House and as Strategic Planning Director at the U.S. Department of Commerce.