One thing made clear by the recent Facebook–Cambridge Analytica scandal is that the challenge ahead is no longer to prevent the misuse or leaks of consumer data — that information is already out there — but to clean up the spills after they happen.
For that, Paul Ford, the co-founder of Postlight, has a novel solution. Data leaks, he writes for Bloomberg, are not dissimilar to environmental disasters. To deal with them, the United States should create a Digital Protection Agency (DPA) analogous to the Environmental Protection Agency. “Its job,” he explains, “would be to clean up toxic data spills, educate the public, and calibrate and levy fines.”
Granted, America’s recent experience with creating new federal agencies is far from unblemished. The Transportation Security Administration is not universally beloved. Conservatives root for the dissolution of the Consumer Financial Protection Bureau, and the woke Left has recently been campaigning for the abolition of Immigration and Customs Enforcement. The Independent Payment Advisory Board proved so controversial that it never got off the ground, and was abolished earlier this year. So I can see why you might question the wisdom of creating a DPA, especially when it is explicitly modeled on an agency many on the right see as an out-of-control behemoth. Yet it is worth considering nevertheless.
At its most basic, the DPA could offer a service similar to the website haveibeenpwned.com, developed by the Australian security expert Troy Hunt, which tells users whether they’ve been hacked, and how bad the breach is. While it is all well and good that Hunt has taken it upon himself to serve this function, we can hardly expect him to do all the work for us, especially given that data security is pretty essential to making a modern market economy hum. The DPA would also educate students about data risks and provide information for getting new Social Security numbers and the like. Further, the agency could rank banks and other services by their data-security records and could create national standards for the handling of private information. Most importantly, the DPA would also be able to impose fines for infractions.
“I know that when you think of a Superfund site, you think of bad things, like piles of dead wildlife or stretches of fenced-off, chemical-infused land or hospital wings filled with poisoned families,” Ford concludes. “No one thinks about all the great chemicals that get produced, or the amazing consumer products we all enjoy.” Similarly, Facebook and other social-media sites didn’t set out to pollute our data ecosystem, or to create vulnerabilities rival governments might seek to exploit. Unfortunately, however, millions of Americans have ended up “pwned,” and the country needs a way to start cleaning up the mess.