Advertisement

SKIP ADVERTISEMENT

Introducing the Internet Bill of Rights

Democrats promise that if they win back the House, they will start regulating Silicon Valley.

Credit...Illustration by Peter Dazeley/Photographer's Choice, via Getty Images

Ms. Swisher covers technology and is a contributing opinion writer.

Should American citizens get a new Bill of Rights for the internet?

Given all the damage that giant tech companies have done of late, including the disaster of the week — a breach at Facebook that exposed tens of millions of accounts and maybe lots more — many Democrats think the answer is yes.

In an interview with me this week, Nancy Pelosi even suggested that a new agency could be created to manage tech’s growing impact. “Something needs to be done,” she told me, to “protect the privacy of the American people” and “come up with overarching values” — a set of principles that everyone can agree on and adhere to.

Call it a Bill of Rights for the internet.

Six months ago, Ms. Pelosi charged Ro Khanna — the Democratic representative whose California district is home to Apple, Intel and Yahoo — with the creation of that list. After consulting with think tanks like the Center for Democracy and Technology and big Silicon Valley companies like Apple, Google and Facebook, as well as some of tech’s biggest brains, like Nicole Wong and Tim Berners-Lee, he came up with a list of 10 principles that cover topics such as privacy, net neutrality and discrimination.

Mr. Khanna gave me a copy of the list, the full contents of which have not been reported elsewhere, and which appears at the bottom of this essay.

To set the table, let’s be clear that the tech industry has long operated nearly unfettered, aided by laws that have given its major companies broad immunity and an open plain on which to operate. The goal was to foster and encourage innovation. And like the pioneers who once set out for California to make their fortune, tech companies have thrived in that regulation-free landscape.

[Kara Swisher answered your questions about this column on Twitter. Watch: Part 1 | Part 2]

But it has become ever clearer with every misstep — including but not limited to Russian interference on social media platforms, the amplification of hate speech and fake news, and the misuse of personal information — that tech’s freedom has come at a steep price to the American people. If voters give her the chance, the once and perhaps future speaker of the House says she will lead a push to get the industry in line.

But will it be too little, too late? Consider Mr. Khanna’s list of principles, which begins by stating:

“The internet age and digital revolution have changed Americans’ way of life. As our lives and the U.S. economy are more tied to the internet, it is essential to provide Americans with basic protections online.”

In short: Horse, meet barn door.

The first principle, for example, covers an issue that seems dead obvious and should have been enshrined in law back in the early 2000s: The right “to have access to and knowledge of all collection and uses of personal data by companies.” (Some companies voluntarily follow this rule already, as well as a few of the following, but none are required by federal law.)

The second says consumers should have to give their permission — an “opt in” rather than “opt out” system — before their data can be collected and shared with third parties. I like to call it the anti-Cambridge Analytica rule.

Mr. Khanna noted that this requirement must be fulfilled in a way that is not onerous — consumers shouldn’t have to click on something affirming their consent every time data is collected, for example. “If you have to click on something 50 times, it kind of defeats the purpose,” he said.

The third principle moves into a dicier area: the right “to obtain, correct, or delete personal data controlled by any company.” In Europe, this idea has manifested as the controversial “right to be forgotten” laws, which wouldn’t fly here. Because of First Amendment issues, and also to prevent anyone from removing information that is merely critical, Mr. Khanna added a caveat that covers a lot of sins: “where context appropriate and with a fair process.”

And so on down the list: The fourth centers on timely notifications in the case of breaches. The fifth would give consumers the right to move their data (called data portability). The sixth calls for making net neutrality a law rather than a regulation that gets Ping-Ponged every time a new administration takes office. The seventh would hinder big internet access providers like AT&T and Verizon from collecting more data than is necessary for the rendering of services. The eighth addresses fostering competition. The ninth would protect consumers from being “unfairly discriminated against or exploited based on your personal data.” And the tenth would demand that companies that collect personal data practice “reasonable business practices and accountability to protect your privacy.”

You could call that last one the Equifax/Facebook/Yahoo conundrum: How do we protect consumers from endless data incursions and hacking by bad actors while also getting all the benefits of a fully networked society?

It’s an admirable list, but I suspect that if Democrats try to turn these principles into law, it will be like pushing back the ocean, especially since the business models of many of these companies are predicated on sucking up as much data as they can and exploiting it for gain. The consumer is the product — as much as insiders at companies like Facebook scoff at the idea.

Mr. Khanna said he gets that it will be a slow road, and it will definitely require bipartisan support.

“This is a 15-year fight, but I do not think tech is immediately primed against it and Congress is more willing to be strong on regulation,” he told me. “Tech is amoral — it is great in many ways but not as great in others, and they need to now spend the next 10 years thinking about how they shape that tech for public good.”

Mr. Berners-Lee, who is widely known as the inventor of the World Wide Web and who advised Mr. Khanna on the creation of his list, agrees. “If the internet is to live up to its potential as a force for good in the world, we need safeguards that ensure fairness, openness and human dignity,” he said in an email. “This Bill of Rights provides a set of principles that are about giving users more control of their online lives while creating a healthier internet economy.”

Ms. Pelosi said that national legislation does not have to be hostile, noting that tech companies know that public sentiment is turning against them. She said that more and more people are “aware that there is some vulnerability with the status quo” and that she believes that “legislation would get public support.”

It already has in Europe — which has become the leader in stopping tech’s aggressive march — and in Ms. Pelosi’s home state, California, which has passed many of the kinds of laws that Congress should be considering.

Recent legislation out of Sacramento has included the nation’s most significant privacy law, as well as another on net neutrality (which is now being challenged by the Trump Justice Department) and even one to require publicly traded companies operating in the state to have at least one woman on their board.

The federal government is very late to the party, but Ms. Pelosi promised that if Democrats get back the House in November, there will be a push for action.

“It is not a question of being antagonistic, but being ready to find a better way for the future,” she said, noting how quickly change has come via tech. “Think backward a dozen years and look forward a decade. Like they say, you haven’t seen nothing yet.”

It’s certainly well past time to see something from the politicians whose job it is to protect the rest of us.


The internet age and digital revolution have changed Americans’ way of life. As our lives and the U.S. economy are more tied to the internet, it is essential to provide Americans with basic protections online.

You should have the right:

(1) to have access to and knowledge of all collection and uses of personal data by companies;

(2) to opt-in consent to the collection of personal data by any party and to the sharing of personal data with a third party;

(3) where context appropriate and with a fair process, to obtain, correct or delete personal data controlled by any company and to have those requests honored by third parties;

(4) to have personal data secured and to be notified in a timely manner when a security breach or unauthorized access of personal data is discovered;

(5) to move all personal data from one network to the next;

(6) to access and use the internet without internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices;

(7) to internet service without the collection of data that is unnecessary for providing the requested service absent opt-in consent;

(8) to have access to multiple viable, affordable internet platforms, services and providers with clear and transparent pricing;

(9) not to be unfairly discriminated against or exploited based on your personal data; and

(10) to have an entity that collects your personal data have reasonable business practices and accountability to protect your privacy.

Follow The New York Times Opinion section on Facebook and Twitter (@NYTopinion), and sign up for the Opinion Today newsletter.

Kara Swisher, editor at large for the technology news website Recode and producer of the Recode Decode podcast and Code Conference, is a contributing opinion writer. @karaswisher Facebook

A version of this article appears in print on  , Section SR, Page 9 of the New York edition with the headline: The Internet Bill of Rights. Order Reprints | Today’s Paper | Subscribe

Advertisement

SKIP ADVERTISEMENT