Greetings from New Hampshire!

It has been a busy two weeks in between P.S.R. and next week’s IAPP Europe Data Protection Congress in Brussels. No rest for the weary here at the IAPP, that’s for sure!

This week, we featured two original pieces that address the controversial Computer Fraud and Abuse Act. Citigroup Senior Vice President and Assistant General Counsel Amanda O’Keefe discussed legislation that would fill in some of the gray areas surrounding the CFAA and queried whether companies should proactively go after adversarial hackers, something known as “hacking back.” Also, be sure to check out IAPP Westin Fellow Lee Matheson’s analysis of the CFAA in relation to lawsuits involving former employees who have accessed corporate data, as well as businesses that have used automated tools that scrape data from larger companies. These lawsuits are on the rise, and Matheson looks at how they might affect privacy pros.

One of the issues that has been top of mind for me this week is the hours of testimony on Capitol Hill from the general counsels of some of the world's largest social networks. The top lawyers from Facebook, Google and Twitter faced consecutive days of tough questions from Congressional lawmakers and revealed the stunning extent to which Russian misinformation campaigns to influence the 2016 presidential election spread throughout their platforms. Regardless of which side of the political spectrum you reside on, I hope you’ll agree the spread of fake news, divisive posts and other misinformation is now a serious challenge to democracy and civic discourse.

I’ve been thinking about how this all connects with privacy. Social media, for the most part, allows us to create our digital personas. Users can decide to use their real names or create pseudonymous or even anonymous identities. There has always been a certain freedom in that, allowing for our intellectual and social curiosities to develop. Of course, the flip side is the armies of trolls, bots and other nefarious accounts that poison the online public space — from revenge porn sites to state-sponsored misinformation campaigns. This week’s testimony has prompted some U.S. lawmakers to call for legislation that would require real names on social media sites. I think this is a bad idea because it would chill intellectual curiosity and potentially place victims of domestic abuse and others who are vulnerable in danger. 

Senator Lindsay Graham, R-S.C., is going so far as to call for a “9/11-style commission on social media vulnerabilities.” According to Politico, this proposed bipartisan panel would bring together, he said, “experts in national security and technology to sit down and advise Congress: What kind of legal infrastructure do we need that balances privacy and national security interests? Because I think it’s going to be really hard for us to come up with a consensus.”

Indeed, finding a solution to this big data paradigm will be extremely difficult. I just hope that the pendulum doesn’t swing too far toward ending forms of online anonymity and pseudonymity.

Another issue is how vulnerable we’ve all become to big data’s ability to pinpoint our political beliefs, behavioral tendencies and psychological profiles. These are topics Sociologist Zeynep Tufekci addresses in the TED Talk video below. Her discussion brings up the need for building strong ethical processes into coding algorithms.

We’ve entered a new digital phase, it appears, and I think there are more connections here to privacy issues. I’d love to hear your thoughts on the role social media and big data is playing in our lives, our speech and our democracies, and how that ties in with the privacy profession. I will certainly continue to think about this, but please send along any thoughts you might have. I’m all ears. 

Well, I’m off to catch a plane to Brussels. Hope to see you there!