Truth, Transparency, and the Right of Privacy | Part 3 of 3
“Truth, Transparency, and the Right of Privacy” is a three-part special:
- Synopsis: An introduction and overview to lecture. – posted November 3, 2020
- Part 1: What does truth mean today? – posted November 10, 2020
- Part 2: Lessons learned as the Chair of the Financial Action Task Force (FATF): – posted November 17, 2020
- Part 3: Balancing attorney-client privilege and an individual’s right to privacy (this podcast) – posted November 24, 2020
“Truth, Transparency and the Right to Privacy,” that’s the subject of today’s ACTEC Trust and Estate Talk.
This is Susan Snyder, ACTEC Fellow from Chicago. Welcome to the conclusion of a special three part edition of ACTEC Trust and Estate Talk. ACTEC Past President Duncan Osborne, who is an ACTEC Fellow from Austin, Texas presented the annual Trachtman Lecture in front of a live audience at ACTEC’s annual meeting in March of 2020. Our previous podcast discussed his frustration with FATF and transparency. Today he will conclude his lecture by discussing the right to privacy and attorney-client privilege.
The Right to Privacy and the Attorney-Client Relationship
Let me add here that this was not a solo battle. I may have conveyed a sense of mano a mano between Duncan and the FATF. Many ACTEC soldiers have participated in the FATF wars. I acknowledge and express my profound gratitude to these Fellows who have helped carry this fight. And I particularly want to thank Carolyn Reers for agreeing to carry the fight forward. So, I am sure it is clear to you all that I profoundly disagree with the attempts to trample on the attorney-client relationship.
Now, you might ask if my insistence on standing up for the attorney-client relationship might create a situation where lawyers are in fact facilitating crime/facilitating criminals. I can see that there is potential merit in that argument. The risk is not so much one of intentional facilitation as it is unintentional facilitation. If you do not ask the right questions, do you really know for whom you are working and what you are doing? Let me give you two examples of actual situations where lawyers agreed to a representation that facilitated money laundering.
In a major U.S. city, a female Mexican national with a bona fide green card approached a law firm — a large law firm. She asked to speak with a trust and estates lawyer. After being introduced, she told the lawyer she was receiving a large inheritance from Mexico. She wanted the lawyer to create a trust for her five grandchildren, all of whom were U.S. citizens. She wanted to serve as trustee. To fund the trust, some five million dollars would be wired into the law firm’s trust account. She also requested an introduction to a banker, to a certified public accountant and to an investment advisor. The lawyer agreed to the representation.
Another example, in a mid-size city, in a Mid-western farming community, a lawyer was approached by a client who wanted to acquire a small number of small to medium-sized farms. The client wanted to intake the acquisitions through a series of separate LLCs, so as to achieve anonymity and not set off an escalation of prices. To pay for the properties, the client would periodically wire money into the law firm trust account. Again, the lawyer agreed to the representation.
In both these examples, the lawyer was hoodwinked into money laundering. If the lawyer had followed the good practices guidance, he/she would, in all likelihood, have declined the representation. But to come back to my point, there is a much better way to address the problem than compromising the lawyer’s duties to the individual’s – that is mandate due diligence. The ABA’s good practices guidance is voluntary. While it recommends due diligence, knowing who you are working for and what you are being asked to do, the guidance does not have the force of law. And frankly, it has not achieved the traction that it should. I submit that this is the next really important step and that is an amendment to the model rules,: make risk assessment mandatory; make due diligence mandatory for both existing and prospective clients.
On this point, I will confess that my interactions with the FATF had moved my thinking. However, it should be noted that my argument to amend the model rules stands in contrast to FATF’s calls for more transparency. I remain steadfast in my assertion that blanket transparency is a dangerous proposition. While the FATF gives lip service to protecting the individual’s information and rights to privacy, there is scanned evidence of such in its promulgations. And furthermore, there is no appeal. FATF is not accountable to any elective or democratic process. In my opinion, we have bureaucrats run amok. As Thomas Paine said, “He who is not accountable is not to be trusted.” FATF seems to believe that everyone should live in a glass house and wear an open kimono. Damn Jack, I am sorry. I don’t know how he got in here.
Obviously, FATF’s success with transparency comes at a loss of privacy. This at a time when an individual’s right to privacy is under siege from many quarters. Remember that an individual’s right to privacy is protected by the United States Constitution. This was established firmly in Griswold v. Connecticut, and as Justice Kennedy subsequently phrased it, “Liberty protects the person from unwarranted intrusions into a dwelling or other private place.”
In our tradition, the state is not omnipresent in the home, and there are other spheres of our lives and existence outside the home where the state should not be a dominant presence. There is a fundamental question here. Why is privacy so important? Certainly, an individual may want to keep confidential religious beliefs, political affiliations, sexual preferences, sexual orientations, financial matters, personal relationships, and professional relationships. It does not take much imagination to see why one might want to maintain confidentiality about any of these topics.
Consequences could range from something as easy as or simple as embarrassment but more seriously to ostracization, to loss of employment, to ridicule, to prosecution, to financial setbacks, to compromised relationships. But privacy is not just about the protection of the individual; privacy is also important in the ability of groups to organize and effect political change. All forms of reform begin with private conversations. Political change does not happen until people take private action to organize and challenge the law. As I began to focus on the importance of privacy, which was initially catalyzed by the overreach of the FATF, I came to realize that there are actually much larger issues afoot.
It is at this point in my talk today that I want to both shift and broaden the scope of this discussion. It turns out that my experiences with the FATF had primed me to take a more active interest in the larger threats against privacy across society. Over the past several years, there have been an increasing number of stories about threats to privacy posed by the practices of the tech industry. More and more, Silicon Valley is under a microscope, and in my view, deservedly so.
Concerns about data collection and privacy are at the heart of the matter. I took it upon myself to engage deeper with the issue, and what I learned has given me a totally new perspective as to just how perilous the moment is. It is a complicated set of issues to summarize. Perhaps one of the most comprehensive and persuasive books to capture the scale and depth of the problem is “The Age of Surveillance Capitalism,” by Shoshana Zuboff. Ms. Zuboff deals with the evolution of data collection and exploitation by companies such as Google and Facebook. Now, this is a 700-page poem, and not exactly an easy read. I am not necessarily suggesting that you all run out and buy a copy and read it. Some of you might want to, but I am here to hopefully give you the cliff-notes version.
Zuboff begins her argument by tracing the rise of surveillance capitalism. The way she tells the story, it all started in the late 1900s with Google. Early in the company’s history, Google discovered that the data they were collecting on their customers had predictive value. It is fairly simple, really. If you know what kinds of things people are searching for online, and if you can track and record their search-term language, then you can use that data to predict their future behavior. Obviously, predictions of future behavior are a value to advertisers.
Indeed, Google’s data came to be treated as a resource like oil, or timber, or coal. The key distinction, though, is that the resource being harvested here and monetized is people’s behavior. Zuboff says that in essence, what Google created was a behavioral futures market, where advertisers placed their bets on what people will do. This, of course, also creates an incentive for Google and other companies to be on a never-ending quest to improve the accuracy of their predictions. The more precisely they predict our behavior, the more valuable. Once Google realized the value of this resource, they invented targeted advertising, and the company’s fortunes rose fast.
In the year 2000, their revenue line was about 86 million. In the year 2004, the revenue line was 3.2 billion, with a “B.” So, in four short years, their profits increased 3,590 percent. Now, back in the early 2000s, Congress was actually aware of growing threats to privacy presented by the Internet. And in the year 2001, legislation was being advanced to regulate the use of personal data. However, the events of 9/11 immediately shifted its perspective and Congress realized they wanted to take full advantage of surveillance capability. According to Zuboff, the National Security Administration and the Defense Department developed an informal alliance with the surveillance capitalists to exploit surveillance capability. Proposed regulations were shelved, and Google was free to continue monetizing user data. As Google’s profits rose in the early 2000s, the business logic of surveillance capitalism took root throughout Silicon Valley.
In subsequent years, Facebook and other social media were following the surveillance capitalism playbook. As you might imagine, the data generated by social media users also holds tremendous predictive power. In addition, the rise of social media seems to have reset the norms for privacy and transparency across society. For old people like me, it appears at first glance that younger generations no longer care at all about privacy. Ms. Zuboff argues that is a fallacy. She says there is a difference between what I call acknowledged transparency — that is the data we know we are disclosing — and what I call stealth transparency. That is the data that can be inferred that we do not know we are disclosing. In other words, the data we freely surrender to companies like Google and Facebook is far more revealing than we realize. For example, your choice of laundry detergent or your musical preferences can be correlated with your political views or your sexual orientation. Such is the power of big data.
Of course, the incredible valuation of Google and Facebook has not been lost on the tech industry as a whole. In recent years, Amazon and Microsoft have moved increasingly toward surveillance-based revenue streams. The pivot is logical. Given the vast stores of data these companies are already collecting, the fact that in terms of regulations and incentives, there is nothing to keep them from capitalizing on the behavioral futures market.
To be sure, the business of surveillance capitalism is not just a problem confined to private companies. Zuboff’s critique is not only one of excessive corporate power, it is government as well. We know from the Edward Snowden revelations that the American government also piggybacks the data collection undertaken by the tech companies. In fact, oftentimes, the lack of regulation on data collection in the private sector allows law enforcement and intelligence agencies to otherwise skirt rules that protect the public.
Evidence of the extent and magnitude of the data collected on persons on whom it is collected is staggering. We are asked to trust governments, law enforcement, and the motives of people behind so-called legitimate purposes. The problem, of course, is that governments, from time to time, have abused their citizens.
Let me emphasize, this is not a left or right issue. Data that can predict consumer behavior can also predict political behavior, or any other kind of behavior. The state and government are just as complicit as the tech companies. At this point, it is really just a question of who has access to what, and how they plan to use it.
There is one more point for me that is the most troubling issue Zuboff raises. The data being collected is not just being used to predict behavior; increasingly, it is being used to manipulate behavior. The more you as a surveillance capitalist can use data to guarantee future outcomes, the more value you bring to your company. So, one way to improve your predictions is to design systems that nudge, herd, and guide people toward pre-determined outcomes.
The system incentivizes mass manipulation. To suggest a person may enjoy a product, as for example, an advertisement on television for a specific soft drink, is one thing. To manipulate a person’s behavior or compel an individual toward a choice is something else altogether. When personal behavior is impacted, we are indeed in George Orwell’s “Nineteen Eighty-Four.” If personal behavior can be manipulated by businesses, by politicians, by governments, there is a fundamental loss of individual autonomy, of freedom of the self. That is, of course, what happened to Winston Smith in “Nineteen Eighty-Four.”
Is mass manipulation possible? As it turns out, we actually know that Facebook can make decisions that sway our emotional reactions because they told us so. In 2014, researchers at Facebook published a study, which showed that by tweaking their newsfeed toward either positive or negative comments, Facebook users would react with more positive or negative language accordingly. In other words, Facebook could affect its user’s emotions simply by tweaking its algorithm. This experiment was performed inside the company without the knowledge of the people participating. Facebook’s emotional contingent studies demonstrate that people are more vulnerable to manipulation than we appreciate. Now, one response you frequently hear is, “Okay, but what do I care?” “What do I have to hide? If I have nothing to hide, nobody has anything on me.” Zuboff would say that we do not realize how much we are giving up. We sacrifice self-determination, our freedom, and ultimately, the ability to be morally autonomous. If personal behavior can be manipulated by businesses, by politicians, by governments, there is a very fundamental loss of individual autonomy, of freedom of the self. I find her arguments compelling, and I think her critiques demonstrate that privacy is necessary for self-determination of individuals and for a democratic society as a whole.
So, as it turns out, my preoccupations with FATF’s intrusions into the attorney-client relationship and its insistence on more and more transparency — they were symptomatic of much larger invasions. There are differences, of course, between FATF’s ambitions and the ambitions of the surveillance capitalist. But in both instances, there is an intrusion that needs to be called into question. The value of privacy is necessary for protecting institutions and for curbing unforeseen consequences. As a citizen, I am deeply concerned about what transparency data collection, data manipulation, means for the strength of our institutions.
And as lawyers, and as a devoted Fellow of ACTEC, I think it is high time we begin a serious dialogue about where we stand. There is currently no federal law aggressively addressing data collection and personal privacy. So, where do we go from here? This is a complex problem, and we all know how important the Internet and the digital technologies are to modern life. Any regulation that deals with data collection not only has to account for the issues I have presented, but also for the fact that increasingly this is a geopolitical issue.
For example, China and the United States are in something of a data-driven arms race, and many of the same companies in the West that are guilty of surveillance capitalism are the same companies that can combat China’s ambitions. So, I am aware this is not a simple situation, and I want to say at the outset, I do not have all the answers. Perhaps, I might call on our in-house resources whom I have attempted to identify. I am sure many of these folks have much more to add to the dialogue. But as we begin what, I hope, will prove to be meaningful exploration, I want to share with you what I have learned about existing laws and also want to try to communicate principles and values that I believe should be our guiding lights as we confront this enormous problem.
To start, in the United States, there is not a single comprehensive national law regulating the collection and use of personal data. Instead, there are a variety of laws that govern privacy, govern particular categories of information, and cover particular activities. These laws are all limited in scope and content. They are inadequate to address the problems I have listed. Numerous states have enacted provisions in their state constitutions related to the right of privacy. For example, in Alaska, the right of people to privacy is recognized and shall not be infringed. Likewise, California’s constitution provides that all people have inalienable rights including pursuing and obtaining safety, happiness, and privacy. In order to expand on protections, several states have enacted legislation designed to address the manipulation, collection, and sale of personal information data collected over the Internet. California, Maine, Illinois, Massachusetts, New York, and Nevada have enacted various forms of legislation to protect their residents from the sale and manipulation of their personal data. The California statute is arguably the most protective.
The European Union has enacted very comprehensive legislation. The EU General Data Protection Regulation (GDPR) took effect May 25, 2018, almost two years ago. Under the GDPR, all entities established in the EU are subject to the regulation, and all of their processing activities are subject to the regulation. Entities not established in the EU but that offer goods and services in the EU are also subject to the regulation. The GDPR defines personal data, and it also contains protection for particularly sensitive data, which includes racial or ethnic origin, political opinions, religious beliefs, and trade union membership.
The processing of genetic data, biometric data, and health data is prohibited. The GDPR also provides a number of meaningful remedies for consumers. We need a similar statute in the United States. Not only can we model on the California Act and the GDPR, but since the GDPR has been in effect for almost two years, we can benefit by observing what has worked and what has not worked. Whatever policy is developed, whether it resembles the California Law, the GDPR or something else, I hope I have persuaded you all regarding the importance of this challenge.
The data being created today is like a resource. It is like oil or timber. In the history of capitalism is one where the discovery of a new resource tends to be harvested to the point of exhaustion unless laws are passed to curb over-exploitation and assert our values. That is why we have conservation laws; that is why we have child labor laws. In this case, the resource that is being exploited is us and our future behavior. The health of democracy and our democratic institutions depends on us doubling down on our commitments to the rights of individuals.
So, I close with calls to action. As lawyers and Fellows, we should stand up for and defend the truth. We should always insist on a dialogue based on facts. We should remain zealous and proactive in the defense of the rule of law. We should guard with passion and deep commitment the essential elements of the attorney-client relationship, remembering at all times that we are part of a jurisprudential culture that has a duty to protect the individual.
Finally, I make two calls on the leadership of the College, the officers and the Regents. First it is time to update the model rules. Lawyers need to be tasked with due diligence procedures to make sure they are not being used to facilitate money laundering or terrorist financing. The model rules should address this head on and mandate due diligence and risk assessment. I believe ACTEC should be proactive and undertake a precise and formal communication with the ABA on amendments to the model rules. Indeed, perhaps endorsing the current working draft amendment.
Second, I am keenly aware that there are important and appropriate strictures on ACTEC in endorsing, promoting, or advancing legislation, but there are exceptions. ACTEC has, on occasion, taken a position on a case or on legislation. I would ask the leadership to explore seriously the possibility of taking a role in privacy legislation. I believe this may well be a situation in which advocacy of a law is important as well as appropriate. This is an issue for the ages. It transcends politics. In the final analysis, what can be more important than protecting privacy, protecting our client’s private information, protecting the individual, and protecting our democratic institutions? Thank you.
This concludes our three-part ACTEC Trust and Estate Talk Special. Our thanks to Duncan Osborne, for sharing his thoughts and experience regarding such a critical topic for all lawyers.
This podcast was produced by The American College of Trust and Estate Counsel, ACTEC. Listeners, including professionals, should under no circumstances rely upon this information as a substitute for their own research or for obtaining specific legal or tax advice from their own counsel. The material in this podcast is for information purposes only and is not intended to and should not be treated as legal advice or tax advice. The views expressed are those of speakers as of the date noted and not necessarily those of ACTEC or any speaker’s employer or firm. The information, opinions, and recommendations presented in this Podcast are for general information only and any reliance on the information provided in this Podcast is done at your own risk. The entire contents and design of this Podcast, are the property of ACTEC, or used by ACTEC with permission, and are protected under U.S. and international copyright and trademark laws. Except as otherwise provided herein, users of this Podcast may save and use information contained in the Podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing, of this Podcast may be made without the prior written permission of The American College of Trust and Estate Counsel.
If you have ideas for a future ACTEC Trust & Estate Talk topic, please contact us at ACTECpodcast@ACTEC.org.
© 2018 – [wpsos_year] The American College of Trust and Estate Counsel. All rights reserved.
Latest ACTEC Trust and Estate Talk Podcasts
“An Analysis of Wyoming’s Asset Protection Provisions,” that’s the subject of today’s ACTEC Trust and Estate Talk. Transcript/Show Notes I’m Stacy Singer, an ACTEC Fellow from Chicago. Wyoming has had recent changes to its state law primarily related to asset...