P
H
O
T
O
B
Y
C
H
I
P
S
O
M
O
D
E
V
I
L
L
A
/
G
E
T
T
Y
I
M
A
G
E
S
curred over the past 23 years, the law
is largely outdated and simply does
not address how companies collect,
share, monetize, and protect personal and service-usage data, nor does
it address the issue of data security
breaches. Regulatory activity advocates generally believe the collection of such a large amount of data,
its huge commercial value, and the
potentially negative repercussions of
this data falling into the wrong hands
portends the need for strong regulatory controls, along with stiff penalties for noncompliance.
Within the U.S., several government
regulations have been enacted that address general cybersecurity issues, in-
IN THE SPRINGof2018,Facebook CEO Mark Zuckerberg was called to testify before Con- gress, largely in response to the news that British consulting firm Cambridge Analytica had captured and used the data of more than
87 million Facebook users to influence
elections without the social media giant’s knowledge or consent, as well as
the admission that Facebook itself had
been used by Russians to spread fake
news and propaganda. During his testimony, Zuckerberg laid out his views
on both the need for, and inevitability
of, regulation of technology companies and their products and services.
Zuckerberg has since published a
call for governments to regulate the
Internet by limiting harmful content,
addressing long-standing privacy concerns, securing the integrity of elections, and ensuring data portability.
However, as of the writing of this article, there has been little to no substantive action on the part of the U.S.
federal government to address these
and other IT-related concerns.
The lack of consistent and widespread regulation of Internet and computer technology, particularly around
data privacy and security, within the
U.S. points to a confluence of complicated factors that make the creation of
new federal rules related to technology
unlikely, despite the public’s growing
desire to have some entity police how
their personal data and information is
tracked, collected, and used.
“We’re under the 20-some-year-old
framework that doesn’t really work
closely for the industry,” says Lee
McKnight, an associate professor in
the School of Information Studies at
Syracuse University, referring to the
Telecommunications Act of 1996, the
last major piece of federal regulation
that addresses the activities of com-
munication and IT companies. While
the Act deregulated the communica-
tions business, letting any company
offer local and long-distance telepho-
ny, cable TV programming, and other
video services, its only reference to
the issues of data privacy or security is
Section 725’s reference to prohibiting
local exchange carriers from record-
ing or using the “the occurrence or
contents of calls received by providers
of alarm monitoring services for the
purposes of marketing such services
on behalf of such local exchange car-
rier, or any other entity.”
Indeed, McKnight says that, giv-
en the vast technological and busi-
ness model changes that have oc-
Regulating Information
Technology
Why isn’t IT regulated, when it can have
such substantial impacts on people’s lives?
Society | DOI: 10.1145/3365583 Keith Kirkpatrick
Facebook chairman Mark Zuckerberg was called to testify before U.S. Senate committees
after it was reported U.K. consulting firm Cambridge Analytica had harvested the data of
more than 87 million Facebook users without their consent to influence elections.