Bruce Schneier and Corporate Responsibility

Bruce Schneier and Corporate Responsibility

Legal professional with strong interest in antitrust, strategy and new technology.

I’ve just finished reading Bruce Schneier’s “Data and Goliath“, and have something to say about his notion of corporate responsibility.

Schneier holds web-economy corporations in contempt for taking all our data and doing whatever they want with it. Quoting Google executive chairman, Eric Schmidt, he points out that technology platforms’ “ability to grow” and “speed to scale” have endowed them with an “inherently monopolistic nature”. Quick aside: Eric Schmidt was not Google’s CEO at the time of writing, as stated by Schneier. This is the first of three untrue/misleading statement about the company that I found when reading the book*. The author quotes some market share figures and accuses the companies of using their power to influence and manipulate users. In other words, early in the book he paints them in a very negative light.

This got me thinking about the industrial organization of many markets on the web and the benefits they bring, which Schneier largely ignores. He correctly points out that the structure of the markets, which largely involve huge fixed costs and low – even negligible – marginal costs and which benefit from network effects leading to explosive growth, results in the markets becoming winner-takes-all, or winner-takes-almost-all, industries.

One benefit  is the enormous value that data collection creates through the services that employ it. It takes a data-collector of sufficient scale to show us ads that we consider to be relevant to ourselves individually (which we probably value more than we care to admit). Google could not show us accurate traffic density in its Maps application if a considerable number of users did not have it installed on their smartphones. But another huge benefit these companies bring, as a direct result of their scale, is their ability to keep government surveillance in check. Importantly, the power they wield in this respect is beyond the capability of smaller companies competing in less concentrated markets.

As a result of market pressures (or “business value in championing privacy and fighting the NSA”) and “PR motivations”, technology platforms have become more transparent with their interaction with government surveillance agencies, stepped up their use of encryption, become more litigious in the face of attempted access by law enforcement and have lobbied for legislative restrictions on how the US government conducts surveillance. Take Microsoft’s battle with the US government in the Irish Warrant case, for example. Upon receiving the data-request in Dublin in 2013, made under the 1986 Stored Communications Act, Microsoft actively put itself in contempt of court by refusing to comply. Microsoft continues to fight the case in the 2nd Circuit Court of Appeals due to the dangerous precedent that would be set by a ruling that customers’ personal data is part of Microsoft’s “business records”. I think we can speculate with some certainty that a smaller data-collector would not fight the government tooth and nail for such a data request: they would either hand over the data, encryption keys, etc., or shut down their entire business in protest. Schneider tells how one small company’s owner, Ladar Levison, did just this. After a US Court of Appeals upheld a contempt of court ruling against him, Levison said, “I haven’t read the court’s opinion, nor sought advice from lawyers on any possible legal strategy, so [the possibility of appealing] is still pending”. I’m doubtful that Microsoft would react so lethargically.

Schneier praises Google, Facebook and Microsoft (all giant platforms) for actively lobbying legislative restrictions on how the US government conducts surveillance, and holds them to account for not doing more in the political arena. But the action taken by these companies is a direct result (especially in the case of Google and Facebook) of the cash that flows to them through the use of users’ data for target advertising.  Almost 90% of Google’s revenue comes from advertising, and it uses this cash to fund its other futuristic ventures and, importantly, to combat intrusive surveillance by governments. I’m not sure that Schneier can have his cake and eat it too here: putting limits on the amount of data that companies can collect may reduce intrusive demands by government agencies, but would also hamper the litigation and lobbying efforts of the companies by reducing their ability to profit from the data they collect.

I’m sure Schneier would respond by saying that political efforts by Internet giants is a second best outcome: ideally we would live in a world where it wasn’t necessary for Microsoft to fight for the protection of its user-data against government requests, because there should be limits on the amount of data pulled from users and their devices in the first place. There is some thrust to this argument, in the sense that many companies pull data beyond what is useful for their services to function (see here for an interesting study). But the data that is probably most useful to government surveillance agencies is probably the same data that the companies need to to provide us with such useful services. Whenever there is collection by companies, there will be subsequent government requests. Think about Waze (as Schneier directs us to on pg 199 (print ed.)). Schneier claims that broad coverage, or a representative sample of people, would be good enough to provide us with useful traffic flow information. I scrambled to the back of the book for a citation, but my frantic flicking was in vain. It makes a lot of sense to me that having as many devices on board as possible would vastly improve Waze’s capabilities (citation needed…). He further doubts Waze’s need for historical data, but I can also see the use in collecting this: perhaps to guess a road’s traffic flow at certain times, on the off chance that no Waze users are driving there at the relevant time.

Schneier’s inability to embrace the inherent value of data-collection is his downfall. The value we derive from the functionality of services that employ our data is enormous (“What was life like before Google?”), and this, along with the companies’ ability to combat the intrusiveness of government surveillance, is broadly a direct result of the fact that they monetize the vast array of data they collect and, at the same time, grow explosively to become household names.


*The other two are, firstly, the statement that you can pay to be included in Google’s search results. This is simply not true. The lay-reader would most likely take this statement to refer to Google’s natural search results, and they may well be the target audience of the book. Follow the link he cites at the end (and who checks these things?) and we see that it is actually results like Google Shopping where Google allows paid placement. But we knew that already because Google tells us. Sweeping statements like this that the user may never follow up on constitute scaremongering rather than constructive argument. The second is the statement on page 200 (print ed.) that “Google has my lifelong search history, but I don’t have access to it to refresh my memory”. In the endnotes, he clarifies that he could access his search history if he had enabled it in his Google account. But his statement is therefore untrue: he won’t have a search history in the first place if he hasn’t enabled it. Mine is enabled and I can see that five years ago today I searched for “f maj7 chord”. I can also delete this record if I want to. These statements, and others like it, build a culture of mistrust for Internet giants which bolsters Schneier’s own arguments towards the end of the book.

Data Facebook Google Platform Technologies Privacy Silicon Valley

Comments