LAS VEGAS — What do a hacker and a 26-year-old Republican legislator have in common? They both believe that one of the core values of good privacy law needs to be consent.
Eric Fulton and Daniel Zolnikov went to college together and when Zolnikov decided he wanted to run to be a representative in his home state of Montana, Fulton saw an opportunity. He came to Zolnikov and proposed the two write up a privacy bill, later called HB 400, two months before the PRISM leaks.
“Six months ago a lot of people were like, ‘I trust my government,’” said Fulton in a talk at hacker conference Def Con. “Six months ago a lot of people didn’t necessarily know why we need these privacy laws.”
The two agreed that the focus of the bill needed to be on consumers giving consent before data can be collected. By making this law, Fulton and Zolnikov believe this kind of language will put data ownership in the hands of the person who created that data.
At this point, it seems like almost every company you interact with is collecting and using your data. Fulton pointed out that even your grocery story is pulling in your purchase history from loyalty cards and selling that information. When you have to provide consent, you’re saying, “This is actually mine, you have permission to use it.”
But lobbyists did not like this and legislators in some cases simply didn’t care.
“It wasn’t something they could tangible see and touch … We were about two months ahead of our time,” said Fulton. And, “We didn’t fundraise. Apparently you need money to push ideas.”
And, so it failed. But the two have hope to push forward a full privacy act in Montana and hope it will serve as a model for the rest of the country. The two will shorten the bill, and take out “overreaching statements” to protect more businesses. But more than anything, timing might be on their side.
“We didn’t have a story the people could latch on to,” said Fulton. “And, in a way, we now have that story with PRISM.”