The United States Needs to Strengthen Trust in the Internet

Americans’ trust in the Internet is at an all-time low. While people continue buying into the products offered by Meta, Amazon and Google, they simultaneously distrust the very products they consume. Many don’t see a way to avoid using these services, while others have attempted to disconnect from the Internet entirely.

This is not simply an American problem. Trust in the Internet is declining worldwide, and social media companies play an outsized role in contributing to that distrust. According to a 2019 survey of over 25,000 Internet users worldwide, 75% of those who distrusted the Internet said that social media companies were a leading cause of their distrust — a 5% increase from 2018. 

Evidently, something needs to be done about this distrust in the Internet to keep its benefits accessible for all.

Although the United States is certainly not the only country with social media platforms, it is home to the largest and most influential ones. And while laws like the European Union’s General Data Protection Regulation (GDPR) have shifted how people consume the Internet, the United States retains a position of authority over how the Internet and digital data can be used. Because of its unique position as the global leader in Internet technology, the United States needs to take strong action to build trust in the Internet.

It’s first worth considering why so many people distrust the Internet. The most prominent concerns over the Internet are related to data privacy. As targeted advertising and data collection become increasingly effective, many have grown concerned about its implications for broader society. Concerns about government surveillance, loss of privacy and interference by foreign governments have become increasingly salient.

The fundamental problem creating this distrust is not just that social media companies are collecting data. It is that no one really knows what data is being collected or what it is being used for. 

While agreements like privacy policies are supposed to explain the terms of data collection and use, they are often either extremely long, as in the case of Google, or extremely vague, as in the case of Facebook. The problems of these privacy policies are compounded by the fact that there is no incentive actually to read them. As a result, people don’t know what they are agreeing to, and social media companies have exploited this to the detriment of public trust in the Internet.

As distrust grows in social media, many countries and regions have turned to new solutions to address data privacy concerns. Unfortunately, many of those solutions fall short. One common solution, the “opt-out” model, involves allowing users to opt-out of various data collection schemes. 

You have very likely encountered this type of regulatory regime. It’s found in those annoying pop-ups asking for your cookie preferences and those complicated agreements which require you to scroll through hundreds of pages of legalese. As you have probably experienced, however, this type of regime is ineffective. Not only do most people not have the time or ability to opt-out of every instance of data collection, but this provides no way to remedy any harms arising from misuse of data. While allowing for opt-outs does represent some progress in protecting privacy, its opaqueness limits its ability to build trust in the Internet.

With how complex regulating data collection can be, especially on behalf of third parties, some countries have decided to pull out entirely. Brazil, China, India and Vietnam have all implemented what is known as “data localization” laws. In brief, these laws require that information about users from a given country be stored within its borders. For example, Facebook is required to store data about a Vietnamese user in Vietnam. This simple premise seems like a win for data security on the surface. It allows these countries, which increasingly have their information technology networks imposed upon from the outside, to regain control over data produced in their country.

However, data localization laws are flawed in their own way. Rather than fostering an open, interconnected Internet, data localization laws create a Balkanized Internet within which it is difficult for users to access services from outside their country. Although these countries are interested in protecting their citizens’ data security, data localization laws are too limiting. There is also the frequent fear that data localization laws may be used as a means for governments to limit their citizens’ access to the Internet, degrading trust in Internet governance institutions.

The United States must take the lead in developing innovative solutions to address data privacy concerns. First, the United States must develop some form of national legislation to govern digital data. Currently, the United States is governed by a patchwork of state laws with small federal carve-outs for certain data types. In turn, Internet companies can decide which states they do business in based on which have the low or limited regulations. Adopting a national regulation scheme would solve this problem.

Further, any rules the United States adopts must be built on the “opt-in” principle. As opposed to opt-out rules, opt-in rules require that users explicitly opt-in to various types of data collection. While these policies have not yet been adopted, prototypes and solutions using the opt-in principle do exist. Most notably, executive director of the California Privacy Protection Agency Ashkan Soltani has developed the Global Privacy Control browser extension. This browser extension automatically disables all forms of data collection on websites you visit, except for those you explicitly permit. While not a regulatory solution, this proves that opt-in rules which do not impinge on the user’s experience are technologically possible. The United States should adopt rules which mirror those that Global Privacy Control enforces.

In the meantime, the Federal Trade Commission (FTC) should use its existing powers to go after companies with misleading privacy policies. The FTC Act empowers the FTC to punish companies for false and incomplete privacy policies — a power the FTC has already used to mandate a clearer privacy policy from Facebook and punish Zoom for unfactual claims regarding user data privacy. The FTC already has broad leeway to interpret what “misleading privacy policies” are. The FTC should use its existing powers to demand greater transparency from Internet companies.

There’s a long way to go before trust in the Internet can be rebuilt. But the United States, home to some of the largest Internet companies in the world, cannot sit on the sidelines while the abuses of social media companies continue. To rebuild trust in the Internet, the United States must pass new laws to ensure that Internet users can feel secure in their data. Doing so will ensure that the Internet remains an accessible tool for users everywhere.

Comments

Molly Miller

Molly Miller is a second-year student majoring in International Relations and the Global Economy. Molly is from Tempe, Arizona and has always been interested in how policy can shape interactions at the international level. Molly has had a strong focus on communications, qualifying twice to the National Speech and Debate Association’s National Tournament. Molly has also been involved in local politics, chairing an official commission of the City of Tempe. Molly is committed to encouraging active engagement with politics at all levels, local and international.

carterdm@usc.edu