Over the last few days, the Guardian has broken the story of the illegal use of personal data in the US 2016 general election. We are now waiting for the trail to come back to UK politics, in particular, the use of Cambridge Analytica (or one of its associates) by the alliance of Leave organisations. The data was stolen, well acquired, from Facebook, but it seems they knew for two years and there is some argument as to their corporate complicity. Their Chief Information Security Officer has been on the way out since the end of last year and some stories suggest it’s because he argued for greater openness in co-operating with the enquiries into Russian state sourced fake news.
Citizens, their representatives and law makers have been arguing that IT companies should have a duty to report security breaches to law enforcement and the EU is introducing such a law now; such Laws exist in California which is where Facebook is headquartered. We should also note that their duty to protect their users personal data is governed by the US privacy laws, the now defunct EU Safe Harbour agreement and its successor, the Privacy Shield. In addition, the US signed up to the 7 Principles of Data Potection when first declared by the OECD. It is a fact however, that many US business executives (and their employees) consider the European Data Protection laws as non-tariff import barriers, not that this should matter but I have no doubt that considerable time has been spent in determining where the line between legality and illegal activity stands.
There are several factors in the US political culture which often makes it hard for the US to obey foreign laws (and their own), one of them being, that they often have difficulty in legitimising their own laws and law enforcement.
This is, to me, summarised in the 10th Amendment, one of the Bill of Rights amendments to the US Constitution.
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
There is a beauty to the sentiment and an economy to the words, but they are a fundamental challenge to the rule of law. (Is this a bit extreme?) The Citizen’s United ruling, which upheld the citizen’s free speech rights for an association, can be taken to mean that corporations have citizenship rights. US Laws are hard to make and often Laws re challenged in court often to the Supreme Court asking for laws to be struck down as unconstitutional. The upshot of all this is that politicaly citizens can take a view on whether a law is legal in the knowledge that if they win, unlike in Europe & the Antipodes where the Government’s have majorities in their legislatures and will rewrite the laws, they get to do what they want.
The US tradition of a people’s access to justice, showcased by the Judge Judy show is also admirable, if a bit bizarre to UK eyes but it is another dimension of the US commitment to rights and the rule of law; they’e just a bit weaker in understanding collective and inalienable rights, such as privacy (except from Government).
We also have the growing dichotomy between companies Legal and Compliance teams, with Legal advising under the protection of client/attorney privilege in the best interests of their clients and Compliance having a duty to the public advising how not to break the Law.
One can see how US Companies might lose their way. It’s nothing to be proud of though, the UK route to corruption is just shorter as currently viewing the C4 news program on Cambridge Analytica will show.
Do politicians understand? They may not understand the details of the tech., but they do understand Human Rights law and the rule of law, although some of the House of Commons are to quote the shadow chancellor “Fucking Useless”, and the select committees could do with better advisors; the purpose of the witnesses is to deliver this advice and knowledge, but you need to know the questions and understand the answers. You need a nose for a cover up and to know the 2nd question. …
