Tech Companies Should Regulate Themselves

(Bloomberg View) -- Earlier this month, Mark Zuckerberg faced intense scrutiny before Congress over the manipulation of Facebook Inc.’s user data by malicious third parties. Zuckerberg issued a broad mea culpa and promised to make changes. But given the growing public backlash over how social-media companies handle personal information, that probably won’t be enough. The question now is not whether there will be new regulation, but what kind it will be.

As former officials at the U.S. Treasury Department, we worked diligently to secure the financial system after the Sept. 11 terrorist attacks. The mechanisms we helped develop point to ways to safeguard the tech industry from similar threats. At Treasury, we used to say that financial institutions were on the front lines of combating illicit finance. Why should it be any different with social-media networks? Instead of waiting on government edicts, embattled tech leaders should start embracing self-regulation.

Financial and tech regulation are comparable, in part, because the rules governing social-media platforms are no longer solely a matter of “user experience.” In light of foreign interference in U.S. elections, and widespread use of these platforms by terrorist groups, they’re also a matter of national security. It’s obvious that the social-media industry has been too slow to identify these problems, and even slower to react. But it isn’t too late for them to take the initiative — and to start restoring their users’ trust in the process.

Four steps in particular would help.

First, the industry should create a Self-Regulatory Organization, or SRO. In U.S. financial markets, SROs act as the first line of defense by providing market surveillance and self-enforcement under the auspices of regulators. While trading venues still have in-house compliance units, SROs provide an independent authority that helps to ensure a level playing field between market participants and to safeguard proprietary information. Importantly, the use of an industry-led SRO takes advantage of the extensive expertise of the participating businesses. Establishing one for the tech industry could help set clearer rules without needlessly slowing down innovation.

Second, the SRO could adopt a “code of conduct” to create uniformity across the industry on matters of public interest. Although the companies involved have different business models, technologies, and source codes, they all have users who post content in some form for further public distribution. The rules of the road when it comes to privacy, transparency, and control over the use of personal information should be uniform across platforms, and the industry should take the lead in setting them. The financial industry recently published a set of principles for protecting, sharing and aggregating customer information; tech companies would benefit from doing the same.

Another concept that could be borrowed from finance is the adoption of know-your-customer policies. Reports of fake accounts, bots and other abuses indicate that social-media operators often don’t have a handle on who’s using their systems, or why. Imagine if a financial institution were to claim that it didn’t know who its account-holders were. And just as we wouldn’t knowingly let foreign intelligence services open U.S. bank accounts, we shouldn’t let them abuse Facebook or Twitter. Tech companies could work through an SRO to adapt the know-your-customer concept for social media.

Finally, there should be a better way to scrutinize online activity in real time. For example, under the U.S. Treasury’s Terrorist Finance Tracking Program, representatives of the public — sometimes called “scrutineers” — were given authority to monitor the government’s probes of sensitive financial data and stop any unauthorized searches. In a similar way, social-media sites could ask independent groups to look over their shoulders and protect the public against the inappropriate or malicious use of data.

As the technology industry faces proliferating investigations and a mounting public backlash, it has a choice. It can wait for the next set of hearings and probes, or it can take the initiative. The U.S. financial system is safer today thanks to cooperation between industry and government. That model could go a long way toward restoring public trust in social media, too.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Morgan D. Ortagus served at the U.S. Treasury Department as the deputy attache to Saudi Arabia and a financial intelligence analyst. She is a U.S. Naval Reserve officer and the national co-chair of Maverick PAC.

Chris Smith is a former chief of staff at the U.S. Treasury Department, and now advises the financial services industry.

To contact the authors of this story: Morgan D. Ortagus at morgan@maverickpac.com, Chris Smith at csmith@chartwellstrategies.com.

For more columns from Bloomberg View, visit http://www.bloomberg.com/view.

©2018 Bloomberg L.P.