On September 26, 2018, a row of tech executives filed into a marble- and wood-paneled hearing room and sat down behind a row of tabletop microphones and tiny water bottles. They had all been called to testify before the US Senate Commerce Committee on a dry subject—the safekeeping and privacy of customer data—that had recently been making large numbers of people mad as hell.
Committee chair John Thune, of South Dakota, gaveled the hearing to order, then began listing events from the past year that had shown how an economy built on data can go luridly wrong. It had been 12 months since the news broke that an eminently preventable breach at the credit agency Equifax had claimed the names, social security numbers, and other sensitive credentials of more than 145 million Americans. And it had been six months since Facebook was engulfed in scandal over Cambridge Analytica, a political intelligence firm that had managed to harvest private information from up to 87 million Facebook users for a seemingly Bond-villainesque psychographic scheme to help put Donald Trump in the White House.
To prevent abuses like these, the European Union and the state of California had both passed sweeping new data privacy regulations. Now Congress, Thune said, was poised to write regulations of its own. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he declared. “The question is, what shape will that law take?” Sitting in front of the senator, ready to help answer that question, were representatives from two telecom firms, Apple, Google, Twitter, and Amazon.