Data Ownership and Remuneration in the Attention Economy
Or why I transitioned from Cybersecurity to Social Media
My focus as a cybersecurity professional has always been on identifying and protecting intellectual property from bad actors intent on stealing them, however in 2017 and 2018, my attention started to shift to individual data privacy and data ownership, and the bad actors who have been actively working to deny, degrade, disrupt, deceive, and destroy those rights. Those bad actors have been so successful over the years that we now invite them into our lives on a daily basis without a second thought. The umbrella term for them is, ironically, FAANG, and Harvard Professor Shoshona Zuboff has named their business model Surveillance Capitalism.
The more I learned about it, the angrier I became, and the more I wanted to do something. I was fortunate to eventually meet others who shared my concerns. Today, after almost 18 months of research, testing, and development, I'm proud to announce the launch of our crowdfunding campaign for the world's first social video app Duel™, where privacy and profits are not mutually exclusive, and the users, content creators, and brands all benefit.
However, this is not an essay about Duel. It's a thought piece on why we built it, and why it, or something like it, needs to succeed.
“Data may well be the new oil, but in the digital economy, attention is the scarcer resource.” (Dentsu Aegis Network “The Attention Economy” June, 2019)
Big data’s business model of providing a free service in exchange for the use of the customer’s data is a throwback to the pre-Internet days when you could watch television and listen to the radio for free by enduring the occasional interruption of commercial advertising spots. There was no additional data exchanged unless you were also a “Nielson family”, and if that was the case, Nielson paid you for your participation in their ratings service and sold access to that information to its studio customers. That information is known in the media advertising business as “currency”.
Today, Facebook and Google collect far more data about us than any TV network or streaming service, and are many times more profitable. A 2018 Esquire article by Scott Galloway (Silicon Valley’s Tax-Avoiding, Job-Killing, Soul-Sucking Machine) provided some surprising context: “You could merge the world’s top five advertising agencies (WPP, Omnicom, Publicis, IPG, and Dentsu) with five major media communications companies (AT&T, Verizon, Comcast, Charter, and Dish) to get only 90 percent of what Google and Facebook are worth together.”
Poorly compensated content creators (i.e., "influencers") on a handful of platforms drive consumer engagement, and consumer engagement drives advertising sales for the many brands who spend billions of ad dollars on the platforms that we all use.
Privacy abuses by those platforms have resulted in FTC charges and consent agreements as well as GDPR fines issued by EU Privacy Regulators against Facebook, Google, and YouTube (and many other companies). Unfortunately for the consumer, that hasn’t prevented any of those companies from repeated violations of the consent decrees, most recently witnessed by a $5B fine for Facebook and $170M fine for YouTube.
“Google and YouTube knowingly and illegally monitored, tracked, and served targeted ads to young children just to keep advertising dollars rolling in,” said Attorney General Letitia James. “These companies put children at risk and abused their power, which is why we are imposing major reforms to their practices and making them pay one of the largest settlements for a privacy matter in U.S. history."
There are multiple issues at play: the ability to micro-target ads based on what Facebook, Google, and their ad partners know about us; how Facebook, Google, and other big data companies acquire our personal data to enable such micro-targeting; how much attention are we actually paying to those ads when we are browsing Facebook or reading web pages on Google; and how can all this be happening with data that we own but are not paid for, and seemingly cannot control? Researchers at the Brookings Institute summed it up nicely:
“In a sense, data is being treated as free land for tech companies to discover and sweep up from our online footprints. This leaves users, in the absence of any bargaining power, destitute of a way to meaningfully negotiate over payments for their data and completely unprotected from the invasion to their privacy. This way, each of us are being denied a share in the economic value of the production our data empowers.”
Similar to worker abuses during the Industrial Revolution, individual users in the Internet Age have no bargaining power or say over how their data may be used or how much it is worth to the billion-dollar companies whose operations run on it.
Unlike the European Union, the United States does not have a federal privacy law so the sole line of defense against data abuse is the Federal Trade Commission, whose only leverage is to sue in federal court (usually against companies with larger warchests than the FTC has) or negotiate a settlement like they did recently with Facebook. This prevents fines from being large enough to actually make a difference. As an example, the $5B fine levied against Facebook for multiple flagrant violations of its 2012 consent decree resulted in the company’s stock going up because $5B is about what the company earns in a single month.
FTC Commissioner Slaughter wrote in her dissent three reasons why the FTC should have brought litigation against Facebook:
(1) The negotiated civil penalty is insufficient under the applicable statutory factors we are charged with weighing for order violators: injury to the public, ability to pay, eliminating the benefits derived from the violation, and vindicating the authority of the FTC.
(2) While the order includes some encouraging injunctive relief, I am skeptical that its terms will have a meaningful disciplining effect on how Facebook treats data and privacy. Specifically, I cannot view the order as adequately deterrent without both meaningful limitations on how Facebook collects, uses, and shares data and public transparency regarding Facebook’s data use and order compliance.
(3) Finally, my deepest concern with this order is that its release of Facebook and its officers from legal liability is far too broad.
“Rather than accepting this settlement, Commissioner Slaughter writes, “I believe we should have initiated litigation against Facebook and its CEO Mark Zuckerberg. The Commission would better serve the public interest and be more likely to effectively change Facebook by fighting for the right outcome in a public court of law.”
Unfortunately, the FTC doesn’t have independent litigating authority in cases involving civil penalties and must refer those cases to the Dept of Justice. Considering that the FTC is the sole overseeing body to a technology industry generating trillions of dollars on the personal data of billions of people globally, it isn’t surprising that there is so much federal and state lobbying dollars being spent by Big Data to water down or kill any legislation that potentially would harm their enormous profits by protecting peoples’ individual ownership rights to their own digital resource.
Even the FTC’s order with its accompanying record-setting fine of $5B does nothing to change what Facebook can do with its user data. The company merely agreed to ask for certification from third-party apps who want access. Facebook retained free rein to determine what is proper use all on its own; a privilege that it has proven time and again it cannot perform (witness its repeated violations of the 2012 FTC commission order).
Facebook and Google are immensely profitable because of their ability to offer micro-targeted advertising to their business customers. That capability exists because users have been repeatedly misled or kept in the dark about how much of their data is being collected and shared with third parties. Fortunately, privacy advocates are increasingly fighting back.
The Irish Council on Civil Liberties (ICCL), for example, recently filed a lawsuit against the Internet Advertising Bureau (IAB) for alleged violations of the GDPR that stem from real-time bidding (RTB) systems harvesting of personal data results in "Irish people’s health condition, political views, and whereabouts… analysed and sold in a dark data market", as described in an earlier ICCL complaint filed against the Data Protection Council.
In the above video, Dr. Johnny Ryan explains to a panel of U.S. Senators what happens every time one of them visits a website.
What’s needed is nothing short of a revolution in user engagement, where "Opt-out" is the default seting, "Opt-in" entitles users and content creators to share in the ad revenue of the platform, and where the ad tech stack complies with data protection protocols instead of being the source of the world's biggest ongoing data breach. That new model is what we've built with Duel™.
Now that you know why I transitioned from cybersecurity to social media, you can learn more about what we've built by visiting our WeFunder campaign page. If you agree with me, please support the launch of Duel by investing and/or sharing this essay with your friends and colleagues. Together we can change social media and send a message to big tech that the era of profiting off of our creative content for free is gone forever.