Prison Time Is the Answer to Tech’s Privacy Crisis
The executive director of the Surveillance Technology Oversight Project lays out a strategy to regulate tech companies like Facebook
It’s just the “cost of doing business.” I first heard that phrase as we mulled over my client’s plea deal. Evidently, when you run a multinational company, you pay a lot of bills that would give the rest of us sticker shock. One of them was a multibillion-dollar fine for price-fixing.
I was just a few months out of Harvard Law, working at one of the top law firms in New York, and I felt like I was staring through the looking glass. I had naively assumed that these record penalties would stun my clients, but I was wrong. In the end, navigating antitrust violations was just another business negotiation.
Sound familiar? Facebook was hit with a $5 billion fine from the Federal Trade Commission earlier this month for mishandling user data — a decision that sent the company’s stock soaring, perhaps because Facebook anticipated the fine and budgeted against it months ago in its first-quarter earnings report.
With potential antitrust action against Facebook and other tech companies on the horizon, it may be worth thinking beyond money. One thing actually did keep my clients up at night — a strategy that had huge success in fighting price-fixing and that we may need now to combat the tech sector’s growing list of privacy abuses: jail time.
In a world where products are increasingly available for free, our privacy is the only measure of their true cost.
At its heart, antitrust law is a question of power. It’s the calculus of how the government can intervene just enough to make sure that large, established firms don’t use their sheer size to strangle infant competitors in the cradle. More simply, it’s about keeping the “free” in “free markets.” Lawmakers in the Gilded Age created the antitrust laws that we still enforce today, pushing back against the ever-present incentive to conspire and cheat consumers out of the benefits of competition: product variety, low prices, and, these days, privacy. But in a world where products are increasingly available for free, our privacy is the only measure of their true cost, which lawmakers couldn’t possibly have anticipated in the 19th century.
The Sherman Act outlawed antitrust violations in 1890, but during its first 84 years, those crimes were considered misdemeanors. Theoretically, a violation could land you in prison for as long as a year, but the law was rarely enforced. There wasn’t a single conviction from 1921 all the way to 1959. That means throughout the boom times of the Roaring ’20s and the postwar expansion, periods when antitrust violations were rampant, the competition cop was asleep on the beat.
In 1955, Congress edged the penalties upward, raising the maximum fine to all of $50,000. It wasn’t enough to stem the tide of price-fixing — the international cartels inflated the price of everything from produce to petroleum products — so Congress raised the fines again in 1974 and 1984 to reach sums in the millions. And it didn’t stop there. Criminal antitrust fines against corporations skyrocketed from $1.6 billion in the 1990s to more than $4 billion in the 2000s. Average antitrust conviction rates rose from 37% in the 1990s to over 80% by 2009.
But even these massive penalties still weren’t enough to stop the seemingly endless string of price-fixing conspiracies. As the Government Accountability Office found, 1) prosecutors had a hard time calculating fines, 2) collection efforts were spotty, and 3) many defendants completely failed to pay. The turning point came in 2004, with the passage of the Antitrust Criminal Penalty Enhancement and Reform Act (ACPERA), which increased the maximum sentence for antitrust violations to 10 years in prison. Congress understood that fines alone are ineffective in tackling antitrust violations. As a result, the average antitrust prison sentence went from eight months to more than two years.
Following years of high-profile criminal prosecutions, with more and more executives ending up behind bars, the impact was clear: Price-fixing declined. In 2018, the number of price-fixing and other criminal antitrust violations declined to less than a quarter of the peak 2011 level. This history makes clear what DOJ has said itself, “that the most effective way to deter and punish cartel activity is… jail sentences.” If the potential penalties are limited to fines — no matter how large — these corporations will factor them in as merely a cost of doing business.
Right now, some of the largest U.S. tech firms necessitate more drastic action. Privacy breaches reveal our secrets and compromise our elections; they undermine civil society and put millions of Americans at risk. We must have punishments proportional to this threat; we must put the worst privacy offenders in jail.
As someone who has represented criminal defendants throughout my career — including both white-collar executives and alleged “terrorists” — I’m loath to expand our system of mass incarceration. Yet some acts of corporate maleficence are so harmful, and the executives who drive them so insulated, that there may be no other way to protect the public.
It is the power of predictable, regularly enforced criminal penalties that will make tech executives reform.
Let me be clear: It’s not a question of lengthy prison sentences. As anyone who has been incarcerated can tell you, even the shortest stay in prison can be a deeply terrifying and traumatic experience. This is not a matter of terrorizing defendants with the specter of years behind bars. Instead, it is the power of predictable, regularly enforced criminal penalties that will make tech executives reform. The fear that when they endanger users, the employees responsible will be locked away, stripped of their privileges and air of immunity, and held to account.
Even if you think jail is a step too far, it’s clear that what we’re doing right now isn’t working. Fines, even massive ones, are a drop in the bucket for these historically profitable tech behemoths. In January of this year, French regulators forced Google to hand over $57 million for violating the EU’s GDPR privacy law. But with Google’s 2018 revenue reaching more than $130 billion last year, that number hardly registered.
And, as mentioned, here in the United States, the FTC approved a record $5 billion fine against Facebook for mishandling users’ personal information. This historically large fine proves to be just about a month’s worth of revenue for the social giant, which topped $55 billion last year.
But even as the fines continue to grow, the privacy breaches haven’t stopped, with many of the largest breaches unfolding in just the past two years. And even if the fines go higher, they’ll never be enough. For the tech executives looking to move up the ranks or meet next quarter’s growth projections, the incentives will always be there to misuse our data and abuse our trust. As long as it becomes ever easier to aggregate, analyze, and monetize the sprawling databases of personal information, the fines will be just a cost of doing business.
Like antitrust, these are corporate crimes of a different caliber. Unlike tax dodges and run-of-the-mill regulatory issues, these constitute a class of crimes that undermine the integrity of core systems upon which we all depend. Antitrust violations clearly damage how the markets operate, making it harder for all of us to conduct business. Privacy breaches are similar. They have a market effect, but they also have something more pernicious: They compromise civil society.
They make it harder for us to engage in the democratic process and interact with our neighbors. They undermine our elections. They compromise our sense of self, as individuals and as a community. This is a cost far too great to be repaid in dollars and cents. It’s a threat too large to be countered through fines and penalties. It is a danger that must be fought through the threat of imprisonment.
Albert Cahn is executive director of the Surveillance Technology Oversight Project, a New York–based civil rights and police accountability organization. You can find him on Twitter at @cahnlawny.