Trump camp descends on Pennsylvania as alarms grow over 2020

Senior Trump 2020 advisers are headed to Harrisburg on Wednesday to meet with Pennsylvania GOP officials amid mounting concerns about the president’s prospects in the critical battleground state.

Trump’s campaign is moving to shore up the state after 2018 midterm elections that saw Republicans get blown out in races up and down the ballot. Compounding the situation is a state party organization riven by turmoil and infighting.

The private meeting, confirmed by a half-dozen party officials, underscores the high stakes for the president in the state. Trump won Pennsylvania by less than 1 percentage point in 2016, and reelection aides view the state’s 20 electoral votes as crucial to his 2020 hopes. Pennsylvania also has symbolic significance: In 2016, Trump geared his campaign toward the state’s large proportion of blue-collar voters, many of whom had traditionally voted Democratic.

The Trump contingent is expected to include political director Chris Carr, who is orchestrating the campaign’s national field deployment, as well as Bill Stepien and Justin Clark, who are overseeing outreach to delegates and state party organizations. Republican National Committee officials are also expected to attend.

The meeting is the first of what Trump aides say will be a series of visits to battleground states. The fact that Pennsylvania is the first stop underscores the state’s importance, they say — and the level of concern about it.

“The party is not in great shape,” said Rob Gleason, a former Pennsylvania GOP chairman. “It doesn’t take a rocket scientist to see that.”

The meeting is expected to focus on field deployment, voter data and coordination between state and national officials.

Among those expected to be on hand are Pennsylvania GOP Chairman Val Digiorgio and RNC member Bob Asher. Ted Christian and David Urban, who helped spearhead Trump’s 2016 campaign in the state, are expected to join, as is former GOP Rep. Lou Barletta, an ally of the president who waged an unsuccessful 2018 Senate bid.

Tim Murtaugh, a Trump 2020 spokesman, declined to comment on the meeting other than to express confidence in the president’s prospects in the state.

“The voters of the commonwealth were there for President Trump in 2016 and will be with him again in 2020,” he said.

The Trump campaign has been focused on Pennsylvania for months. In January, DiGiorgio traveled to Washington to privately huddle with reelection aides. The chairman presented a sweeping 2020 blueprint, detailing how he planned to recruit volunteers, target swing voters who bolted the party in 2018 and boost the state party’s lackluster fundraising.

DiGiorgio said in a text that the state party is working closely with Trump’s campaign and that he’s confident the collaboration will produce "another victory" in Pennsylvania next year.

Wednesday’s meeting comes after months of bad news for the Pennsylvania GOP. In March 2018, Republicans lost a special election in a conservative southwestern Pennsylvania congressional district. In November, Republicans lost Senate and gubernatorial races by double digits as well as three House seats, partly because of a redrawn congressional map that favored Democrats.

Democrats also flipped 16 state legislative seats in the midterms.

The bleeding hasn’t stopped since then. In a special election this month, Democrats won a state Senate seat in a district that Trump carried in 2016. Nationally, it was the first such legislative seat that Democrats flipped this year, prompting grumbling among some Republicans that the state party did not invest enough in turning out voters.

A power struggle, meanwhile, has consumed state GOP leadership, with some Republicans complaining that DiGiorgio lacks fundraising skills and has failed to unite the party after a bruising election for state party chief in 2017.

There have been other black eyes. Last week, Fox News held a town hall with Democratic contender Bernie Sanders in Northampton, a traditionally Democratic county that Trump won in 2016. Prime-time viewers were treated to visuals of Sanders getting cheered in Trump country, leading some to wonder whether Republican organizers failed to lure fans of the president to the event.

Still, there are some indications the party has begun to stabilize. After rumors swirled for months that DiGiorgio critics might stage a vote of no confidence at the state party’s winter meeting, it never materialized.

Bruce Hottle, a state party committee member from western Pennsylvania, had called for state party leadership “to be looked at” before the event. Since then, he’s changed his tune.

“Leadership has taken a hard look at what worked and what didn’t work in the fall campaign and has made efforts to correct it so we don’t fall in that same trap again,” he said.

Others contend that the challenges the party faces in the state aren’t simply operational. A Franklin & Marshall College Poll released last month said just 34 percent of the state’s registered voters approved of Trump’s job performance — a precarious standing for an incumbent.

To win Pennsylvania again in 2020, party officials say Trump will need to pull off a repeat of his 2016 performance by again carrying traditionally blue areas that had gone for Obama four years earlier.

Asher, a longtime GOP official and fundraiser, lavished praised on Trump’s reelection campaign for “getting everybody together from all corners of the state and all parts of the party” for Wednesday’s meeting.

“I’m not going in with any preconceived notions,” he said.

Article originally published on POLITICO Magazine


Ireland is supposed to be the world’s privacy policeman. Instead, it’s catering to Big Tech.

Last May, Europe imposed new data privacy guidelines that carry the hopes of hundreds of millions of people around the world — including in the United States — to rein in abuses by big tech companies.

Almost a year later, it’s apparent that the new rules have a significant loophole: The designated lead regulator — the tiny nation of Ireland — has yet to bring an enforcement action against a big tech firm.

That’s not entirely surprising. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build glittering new headquarters.

Now, data-privacy experts and regulators in other countries alike are questioning Ireland’s commitment to policing imminent privacy concerns like Facebook’s reintroduction of facial recognition software and data sharing with its recently purchased subsidiary WhatsApp, and Google’s sharing of information across its burgeoning number of platforms.

Interviews with scores of privacy experts, data watchdogs, academics and regulators in other countries reveal increasing concern that the landmark General Data Protection Regulation, the product of years of wrangling with data companies, is vulnerable because of the one provision on which the tech companies prevailed: That the lead regulator be in the country in which the tech firms have their “data controller” – in most cases, Ireland.

“We need to be careful and ensure that the margin for maneuver given by the GDPR doesn’t lead to an attractiveness competition between EU countries, as is already the case for taxation,” Marie-Laure Denis, France’s new chief privacy regulator, warned the French parliament in January, in a clear reference to Ireland. “I don’t want to see a race [between EU countries] to attract or keep the headquarters of the big tech actors.”

Leaving open a loophole

Ireland’s willingness to crack down on the companies that dominate its economy has long been questionable, even when its regulatory officials spot a potential violation. Such a situation developed with Facebook in 2011, in events detailed here for the first time.

Years before the social-media giant unwittingly released the personal data of 87 million users that made its way to Cambridge Analytica and the 2016 Trump campaign, Ireland’s data-privacy regulator found that it was failing to screen applications in a way that could have prevented the breach.

The then-head of Ireland’s Data Protection Commission recorded his complaint in a 2011 audit report that zeroed in on how Facebook was allowing outside app developers to gain access to oceans of “friend” data. Facebook pushed back on the finding, according to the agency, and the Irish regulator backed off, issuing an almost perfect score for Facebook’s privacy practices in a follow-up report a year later. The rampant exposure of data wasn’t corrected until years later — too late to prevent the Cambridge Analytica breach.

Ireland’s failure to safeguard huge stores of personal information looms larger now that the country is the primary regulator responsible for protecting the health information, email addresses, financial records, relationship status, search histories and friend lists for hundreds of millions of Americans, Europeans and other users around the globe.

Already, regulators in other countries are expressing concern over Ireland’s failure this year to crack down on Facebook’s sharing of data with the messaging tool WhatsApp, which it purchased in 2014.

According to the EU, Facebook misled European officials into believing the two networks would not exchange information, thereby allaying concerns at the time of the merger that WhatsApp users could be drawn into Facebook’s web. In 2016, a German court found that the two networks were indeed sharing data, and barred Facebook and WhatsApp from exchanging information about German users. The ban became unenforceable when the GDPR took effect and Ireland became the lead supervisory authority. Now, German authorities say the sharing has resumed and Ireland must crack down. For their part, Irish officials said in a statement they’re satisfied that Facebook and WhatsApp aren’t sharing information for the purposes of “friend suggestion or enhanced advertising.”

Meanwhile, Facebook took advantage of Ireland’s assumption of the lead regulator role last May to reintroduce its facial recognition tool, which had been banned in the EU out of fear that photos would be used to track people without their permission. Facebook says it will not utilize the photo data until it receives consent from individuals. But other EU regulators and privacy lawyers contend that merely storing the photographs amounts to an unauthorized taking of data under GDPR rules. Although Irish authorities have suggested they share many of the lawyers’ concerns and have begun a preliminary “examination,” they have yet to launch a formal probe.

Google, meanwhile, aroused the ire of regulators in other countries last year by failing to obtain consent before sharing data among its fast-growing line of networks and products — from YouTube to Google Photos to Gmail and more. Irish regulators declined to open a probe against Google, which had consolidated most of its operations for Europe, Middle East and Africa in Ireland, arguing that the company had not yet finished the paperwork that would give Irish regulators “lead supervisory authority.” The paperwork was finished in January, but Ireland has yet to announce an investigation.

Critics, including German authorities, insist that the Irish Data Protection Commission had the authority to launch a probe without Google’s consent, and should have done so. Meanwhile, France stepped in to issue its first-ever fine under GDPR against the company for €50 million.

The head of the Irish Data Protection Commission, Helen Dixon, declined requests for interviews. Her spokesman, Graham Doyle, wrote in an emailed response to POLITICO’s questions that the commission takes its regulatory responsibilities seriously and has 16 investigations underway, probing complaints against networks including Twitter, WhatsApp, Instagram, LinkedIn, and Apple, along with seven probes involving Facebook.

The Irish Data Protection Commission is “one of the most strongly resourced data protection authorities in Europe” and stands ready to impose “fines and firm remedies when appropriate,” he wrote.

Doyle said the commission, which earlier this decade was so obscure it was headquartered in a small office above a convenience store in the tiny village of Portarlington, is recruiting state-of-the-industry experts to join its staff of approximately 140 people currently working out of temporary offices in Dublin, with a goal of eventually employing 180 people.

He noted the agency’s tough new enforcement powers include fines of up to 4 percent of a company’s annual worldwide revenues and cited the agency’s willingness to enforce privacy rules by pointing to a pre-GDPR case in which Irish regulators ordered LinkedIn to delete data on nonmembers.

He rejected any suggestion that the agency is being overly deferential companies under its purview, but added: “Those with an interest in data protection don’t always agree on every point, and we respect that.”

Nonetheless, regulators in other EU countries, particularly Germany, remain skeptical, maintaining that Ireland is letting major complaints slide and creating the risk of a regulatory safe zone in Europe. So, too, are independent experts who are familiar with the actions of the Irish Data Protection Commission.

“It’s the appearance of an investigation rather than the substance of one,” said the independent Dublin-based data management consultant Daragh O’Brien, referring to the Ireland’s data enforcement culture, which he scrutinizes closely.

Max Schrems, an Austrian privacy advocate behind some of the most successful legal challenges against major technology companies, said he believes Ireland’s approach to regulation is more or less unchanged since 2012.

“They’ve basically gotten smarter about not doing things,” said Schrems, whose initial complaint about transatlantic sharing of data was thrown out by the Irish regulator in 2013, only to succeed in European courts, bringing down the transatlantic data flow known as Safe Harbor.

Ireland continues to take a more corporate-friendly approach to regulation than many of its EU counterparts, openly favoring negotiation over sanctions and lists of questions over on-site inspections.

For example, as of last October, the Data Protection Commission had yet to dispatch any regulatory agents to Facebook’s Dublin headquarters, despite its multiple investigations, according to a person close to the matter who spoke under the condition of anonymity. Rather than seek answers more aggressively, the regulator has been satisfied by “updates” from Facebook’s headquarters that often reveal little more than what’s been said in public statements. Both Facebook and the DPC declined to say whether any on-site visits had taken place since 2011.

Around the same time, France posted its own regulatory officers inside Facebook’s offices to monitor the network’s efforts to police hate speech and terrorist content, a core concern in many countries where terrorists have connected via social media and hate speech encouraged racist or sectarian violence. But France has no authority to enforce standards beyond its borders.

Privacy watchdogs also voice concerns about the 2014 appointment of Dixon, an Irish civil servant with no prior experience in regulatory enforcement, to replace Billy Hawkes, the regulator who initially presided over the finding of Facebook’s over-sharing of data with researchers and developers of third-party apps.

If Ireland were serious about cracking down on privacy violations, some legal professionals said, it would have followed the lead of the United Kingdom and appointed an outside specialist with a history in law enforcement or regulatory investigation. Moreover, they said, Dixon’s budget is overseen by the Irish Justice Ministry, while other data regulators, like the U.K.’s, are financed through fees on the companies they oversee. That could make her, or any future chief regulator, more susceptible to interference by government officials, who have long cultivated close relationships with tech executives.

In 2014, Facebook’s chief operating officer, Sheryl Sandberg, personally lobbied Enda Kenny, then Ireland’s prime minister, over the selection of a data protection chief, according to emails revealed by the Irish Independent.

Now, just as some of its investigations should be wrapping up — with Dixon telling Bloomberg News in January that her office would announce decisions by midyear — the Data Protection Commission is launching an “international consultation on regulation strategy” that some critics fear will be an invitation for corporations to critique its practices.

Doyle said the agency will reach out to a broad range of as yet unnamed parties to weigh in on how Ireland should apply regulation. Doyle declined to say whether those consultants would come from the tech industry, only specifying that the panel would be “international.”

The call for advice is symptomatic of what Dixon’s critics among privacy advocates, lawyers and other EU data protection authorities argue is a preference for resolving issues amicably over public enforcement actions, which Dixon, in speeches, has suggested might expose the regulator to extremely costly legal battles. It’s a reasonable fear in a place where the tech companies’ resources far outstrip the government’s. Google’s market capitalization, by itself, is twice the size of Ireland’s gross domestic product. Facebook’s is larger by about a third.

“Regulation is a particularly fraught area for a country like Ireland because they have less leverage [over companies] than a bigger country,” said Josephine Wolff, a professor of public policy at the Rochester Institute of Technology. “If Facebook announced tomorrow, ‘We’ve had it with Ireland, we are closing down our office,’ that would be a huge deal with political and economic consequences for the whole country.”

Bringing Silicon Valley to Europe

The story of how a country known for poetry and dark ale ended up in the unlikely role of global tech policeman stretches back to the aftermath of World War II.

As a neutral power, Ireland had emerged physically undamaged from the war but with a sputtering economy and bleak prospects. It had limited access to U.S. reconstruction funds from the European Recovery Program, or Marshall Plan, due to its neutral position, and no industrial base to speak of, thanks largely to Britain’s long-held interest in keeping Roman Catholic southern Ireland in a firmly agrarian state. (Ireland won independence from Britain in 1919.) There was little chance of jump-starting domestic manufacturing 250 years after the rest of Europe, so Irish leaders turned to the next best thing: nurturing ties with countries that had flourishing industries of their own.

Spurred on by an economist and central banker named Thomas Kenneth Whitaker, Ireland’s leaders oversaw an economic transformation starting in the late 1950s — away from protectionism, toward free trade and encouraging foreign investment. The most obvious partner was the United States, to which generations of Irish people had emigrated and whose Irish-origin population already far surpassed the population at home.

So began Ireland’s epic and enduring courtship of U.S. corporations. Via the Irish Development Agency, a powerful entity that acts as a sales office for the country, the Emerald Isle established missions across the United States, dispatching dozens of agents to start preaching the good word about Ireland to U.S. companies from New York to San Francisco.

One of these investment missionaries was Larry Mone, a former accountant who joined the IDA in the late 1970s because he was, in his own words, “really bad at” accounting.

After a brief stint in Chicago, Mone was sent out to join the IDA’s office in what was already known as Silicon Valley. In an office that overlooked a golf course, Mone and his colleagues spent their days trying to coax emerging digital giants — Microsoft chief among them — over to Ireland. Working from an alphabetical list of the important companies in the region, they spent their days cold-calling executives in an atmosphere he describes as “boiler room-like.”

“We had an almost messianic zeal to bring jobs to Ireland,” Mone, who’s now retired and lives in Palo Alto, said in a telephone conversation.

Mone’s section of the list covered companies with names from the letter G to the letter O and included giants like Microsoft and Intel, which would both go on to establish major footholds in Ireland. Apple set up its first manufacturing plant in Cork in 1980, setting off a wave of tech companies coming to the country.

The pitch, as Mone recalled, was “very simple.” Any product exported from Ireland would be totally exempt from taxation. That was later updated, under EU pressure, to a 10-percent flat rate that could be offset in other ways. When added to the promise of cheap labor, cheap land and an English-speaking workforce, this amounted to an almost unbeatable argument for locating sales operations in Ireland, because it would allow U.S. firms to reach hundreds of millions of European consumers without facing the heavy corporate taxes in France, Germany or even the Netherlands.

The IDA’s approach had other refinements, like inviting top tech executives over to Ireland for country tours during which they would be entertained, fed whiskey and “sent home punch-drunk, in love with the country,” according to Mone. It didn’t hurt that Ireland shares a common-law legal system with the United States.

But the basic argument — which remains Ireland’s unique selling point today, despite intensifying scrutiny of its tax practices by the European Commission — never varied: not having to hand over a significant portion of income to the Irish taxman.

“At the end of the day, these are profit-drive companies, and they go where the offer is the most profitable,” Mone said.

Data regulation wasn’t an issue at the time when most of the companies were recruited, but Ireland did everything in its power to create an industry-friendly landscape.

“Back in those days there really was not much thought given to regulation of the technology industry, more what could be done to foster its development and bring it on shore,” he said.

The pitch was so seductive that, over the next 30 years, Ireland morphed into what Mone calls “the 51st state of the United States.”

Google and Facebook both landed in Ireland during the first decade of the new century. While the highly advantageous tax arrangements they enjoyed came under pressure from the European Commission (Apple was forced to pay the Irish government $13 billion in back taxes that Ireland had neglected to collect), regulation was just starting to become a concern.

Ireland’s 1995 Data Protection Act lacked significant enforcement mechanisms — so much so that Billy Hawkes, then the head of the Irish Data Protection Commission, had no legal power to apply any sanctions or penalties against the companies he was regulating in the years leading up to the Cambridge Analytica scandal. His successor, Dixon, herself acknowledged the lax culture in 2015, one year into her job, mentioning the problem of “forum-shopping” and perceptions that companies locate where “soft, incompetent or under-resourced regulators are.”

In the event that any regulatory issue should arise, as it did in the 2011 audit involving Facebook’s sharing of data with app developers, U.S. companies had a powerful insurance policy: access to top Irish politicians via direct contacts or through the American Chamber of Commerce Ireland in Dublin, which continues to play an outsize role in shaping the direction of Irish policy. Top tech executives had Hawkes’ cellphone number and could access him directly whenever they had a need, according to two people with knowledge of such calls.

This welcoming atmosphere explains why Facebook, in particular, kept doubling down on its Irish presence throughout the 2000s, according to Sandy Parakilas, former operations manager for Facebook who left the company in 2012.

“It was simply the country with the least regulatory scrutiny,” he explained in a phone conversation from Los Angeles, where he is now senior product marketing manager, privacy, for Apple.

That statement was put to the test during Ireland’s 2011 audit of the company. Prompted by a groundswell of complaints against Facebook, Hawkes’ deputy, Gary Davis, undertook what is likely to have been the most in-depth review of Facebook’s privacy practices ever. In his capacity as lead regulator not just for Europeans but Facebook users worldwide, Davis’ staff spent three months scouring the company’s machinery, including sending officers to its Dublin headquarters to investigate first hand.

His first report, published in December 2011, called for dozens of changes and upgrades to Facebook’s privacy practices, including its practices for screening third-party apps.

“We do not consider that reliance on developer adherence to best practice or stated policy in certain cases is sufficient to ensure security of user data,” the report stated. “This is not considered sufficient by this Office to assure users of the security of their data once they have third party apps enabled. We expect FB-I [Facebook Ireland] to take additional steps to prevent applications from accessing user information other than where the user has granted an appropriate permission.”

Parakilas, who was Facebook’s “point person” on privacy matters at the time, said the criticism did not rile the company. Facebook responded to the audit in a “professional manner” but did not feel pressure to make fundamental changes, he said. When Parakilas tried to escalate concerns about the key critical findings in the original audit report, he was brushed off by senior executives.

At the time, Facebook expressed its concern about the audit to Irish officials, according to later testimony by Dixon before a government committee. Afterward, the Data Protection Commission appeared to go out of its way to give Facebook a clean bill of health.

In a 74-page follow-up report published in 2012, the commission declared that “most of the recommendations [had] been fully implemented to our full satisfaction.” On its call to improve screening of third-party apps, where major problems later emerged, the report stated: “Satisfactory response from FB-I.” A year later, Davis left the commission to join Apple as its chief privacy officer.

"They didn’t go anywhere near as far as you would have hoped," Parakilas said, referring to the Irish commission. Parakilas, who left Facebook in 2012, added that he doubts Ireland’s approach to regulation has changed substantially.

“Facebook is certainly the one that has the leverage in that relationship,” he said.

Asked whether Ireland had done enough to stop the Cambridge Analytica scandal, Doyle said the commission had gone as far as it could, within its legal limitations, in simply flagging the problem with app developers and seeking changes to Facebook’s privacy practices. He pointed to comments Davis had made outside the report saying there were “still a number of items on which progress has not been as ‘fully forward’ as hoped,” although the issues flagged did not have to do with third-party apps. In 2017, Helen Dixon told the Irish parliamentary committee that Facebook “did not agree with the recommendation” for significant changes to its privacy rules in 2011, and that the changes were made only through an “iterative process” 18 months later.

Facebook disputes that account.

In comments to POLITICO, a spokesperson said that the company had “complied fully” with all requested changes, and claimed that the Irish regulator had never requested any changes that would have prevented the Cambridge Analytica scandal.

Hawkes, who at the time was the top Irish regulator, declined to comment on the matter, according to a spokeswoman at the International Association of Privacy Professionals, a nonprofit association that brings together people working on data protection. Gary Davis did not respond to repeated requests for comment and a spokesperson for Apple, where Davis now works, did not respond.

Facebook flexes its muscles

The years that followed Davis’ audit brought Facebook’s relationship with Ireland to new levels of closeness.

In 2013, the commission dismissed Schrems’ claim against the company over data transfers to the United States, calling the suit frivolous. The company then won an award of funds from Ireland’s national asset management agency — the so-called “bad bank” that took over assets on troubled lenders during the financial crisis — to build its Frank Gehry-designed headquarters in Dublin.

When the Cambridge Analytica scandal broke in 2018, the U.K. launched an investigation and fined the company, while Ireland merely issued recommendations. A few months after Facebook CEO Mark Zuckerberg appeared before the U.S. Congress and European Parliament to answer questions from lawmakers, the company announced the construction of a new 14-acre campus in Dublin and the opening of several new data centers in County Meath, north of Dublin.

As far back as 2014, the question of how Ireland would handle the new privacy rules under the GDPR was on the minds of Facebook’s leaders. As it happened, Ireland was in the process of choosing a new chief data regulator to replace Hawkes. Sandberg took it on herself to investigate the matter, lobbying then Irish Prime Minister Kenny on the sidelines of the World Economic Forum in Davos and also at her offices in Menlo Park, Calif.

According to emails obtained by the Irish Independent via Freedom of Information requests, Sandberg wanted to know that Hawkes’ successor would be “as strong as” he had been in the role. But if the wrong choice was made, Sandberg suggested, there would be consequences for Ireland’s attractiveness as a destination for tech investment.

“The risk is that companies will revisit their investment strategies for the EU market,” she wrote in a June, 2014, email to Kenny, adding that Ireland’s regulator should be a person who would “establish a strong collaborative working relationship with companies like ours.”

The choice of Dixon, a former Irish civil servant with a law degree but no background in law enforcement or regulatory investigation, was in line with Sandberg’s wishes. Before she became one of the most important privacy regulators in the world, Dixon had spent four years working for U.S. software company Citrix, followed by a stint at the business-friendly Irish Department of Enterprise, Trade and Innovation.

While the regulator’s statutes called for the appointment of three co-equal directors in order to properly separate the agency’s enforcement and adjudication roles, the other two were never named.

TJ McIntyre, a law professor at University College Dublin who sued the government over the process under which Dixon was chosen, complained that she’s “not coming from that investigatory and enforcement perspective.”

Instead, he said, Dixon was chosen to supervise the DPC’s development into a more substantial regulator than the one housed above a convenience store in Portarlington, building a bureaucratic structure rather than targeting specific issues.

In speeches and interviews, Dixon has emphasized the need to engage with tech companies to help them understand the law, rather than cultivate adversarial relationships.

“We are very committed to this approach of engaging with the multinationals,” she told the Irish Times in 2016. “We do firmly believe the way in which we work with them produces much better safeguards for data subjects.”

That approach yields good results in terms of compliance, said Bojana Bellamy, who runs the Centre for Information Policy Leadership, an industry-backed privacy think tank whose members include Facebook and Apple.

“I do believe that constructive engagement is incredibly important to build that trust,” she said. “Sticks and enforcement — that doesn’t create the best behavior in the marketplace.”

Ireland’s more conciliatory approach is now fueling tension with other EU regulators. After France’s data watchdog fined Google €50 million in January for failing to comply with GDPR, Germany’s prominent Hamburg data regulator told the regulatory-analysis publication MLex that Ireland should be investigating the company. In a separate statement to POLITICO, the German watchdog underscored “differences” in the way Irish and German authorities interpreted and enforced EU rules, singling out “face recognition techniques by Facebook” and the “exchange of data between WhatsApp and Facebook.”

“Unfortunately, it has not yet been possible to set up the data protection we have enforced in national court proceedings against Facebook at the EU level,” wrote professor Johannes Caspar, head of the Hamburg regulator. “After the transmission of user data between WhatsApp and Facebook was stopped, they [Facebook] took the entry into force of the GDPR as an opportunity to return to their former practice.”

Zuckerberg’s announcement of plans to merge WhatsApp, Facebook Messenger and Instagram messaging were also “reason for concern,” added Caspar, echoing the German Justice Ministry’s warning that such a merger would create a “monopoly” and call for enforcement of European antitrust rules.

While the Irish regulator said it would examine the implications of such a merger, France echoed the German concerns.

“In general, in relation to Facebook, you have a pattern where other regulatory authorities have been much more active and found themselves thwarted by the fact that Facebook was headquartered in Ireland,” said McIntyre, adding that “enforcement has been lax.”

Jimmy Stewart, an adjunct professor of finance at Trinity Business School at Trinity College Dublin, said less rigorous regulation is part of Ireland’s strategy.

Google, Facebook, Twitter and other companies like them make their money by harvesting vast amounts of data on users that is used to target them more precisely with advertising. Thanks to the data collected on Facebook, an advertiser can pinpoint categories of users down to hyper-minute criteria including their age, sexual orientation, health issues or political beliefs. This technology has allowed tech platforms to corner the global market for online advertising, turning them into juggernauts worth hundreds of billions of dollars.

But those dollars could disappear if regulators interfere with the tech giants’ ability to collect and hold that information.

“Regulatory arbitrage is an important part of the country’s arsenal” to attract tech companies “along with tax incentives,” Stewart said.

Feuding over facial recognition

Ireland’s handling of new technologies such as Facebook’s facial recognition tool will go a long way toward determining how seriously it intends to scrutinize tech companies.

Last spring, just as the GDPR was about to take effect, Facebook prepared to reintroduce its banned facial recognition tool, this time promising to ask users if they wanted the tool switched on, so that the platform could match their names to photographs of them posted by friends online. But when senior executives, including Chief Data Protection Officer Stephen Deadman, disclosed the plans to a small group of privacy specialists and journalists in Dublin, the meeting did not go exactly as planned, according to multiple participants who asked not to be named out of respect for the meeting’s private nature.

The journalists and privacy watchdogs peppered the executives with questions about whether the tool violated GDPR principles, suggesting that Facebook may be unlawfully “processing” biometric data on users even if they chose to opt out of the tool, because the data was being gathered and stored anyway — a process that would go against GDPR rules.

"They are analyzing every photograph, even those where they don’t have permission, and their argument is this is not processing biometric data because they don’t take the final step of identifying the person,” said Dublin-based privacy lawyer Simon McGarr. “From a privacy standpoint, this is cloud cuckoo land.”

After a brief exchange, Facebook executives ended the meeting stating that they needed to catch planes, the participants said.

Facebook representatives told POLITICO last year that the meeting had gone as planned. They also said they had discussed the facial recognition tool with the Irish Data Protection Commission and not been informed of any concerns. Yet Doyle contradicted that account, saying that while no initiative was taken to halt the rollout, an “examination” — as distinct from a statutory investigation — was launched.

“It is standard practice to conduct an examination on this basis to determine whether a statutory investigation is warranted,” Doyle said in his email. “In the case of FB’s facial recognition facility, that determination has not yet been made.”

In the following months, Facebook was rocked by a series of scandals, data breaches and PR disasters that included Zuckerberg being grilled by lawmakers on both sides of the Atlantic, and The New York Times revealing the firm had hired a public relations firm to attack critics, including by such dubious tactics as linking them to Hungarian-born investor George Soros.

Yet in Ireland, the going was relatively quiet. In early October, the commission announced the launch of its first official investigation of Facebook, over a data breach that compromised the private messages and data of an estimated 50 million users. The commission has since disclosed it is carrying a total of seven investigations into Facebook, which Dixon told Bloomberg were all “substantially advanced,” and should lead to the first decisions being taken in “June or July.”

However, as of late October, it had yet to send any officers to visit Facebook’s Irish headquarters and was receiving its information mainly via “updates” from the company, which often coincided with its disclosures to the public, a person close to the matter said. Asked whether any visits had taken place, both Facebook and the commission said such visits had taken place “in the past” but did not specify whether any had taken place in the past year. The last publicly disclosed site visits took place in 2011, under Billy Hawkes.

“We visit companies being audited or investigated when we need to, and regular meetings often take place in the normal course of our supervised engagement with companies at their premises,” Doyle said. “Such visits have taken place to Facebook Ireland’s offices in the past but we won’t be disclosing any details on these for operational reasons.”

For Daragh O’Brien, whose Castlebridge consultancy routinely carries out privacy audits on companies, not sending an officer to Facebook is the equivalent of “police investigating a crime from the doughnut shop.”

“You miss the opportunity for someone to grab you and tell you something they can’t do in writing … It happens all the time, especially in the context of complex investigations,” he said.

Asked whether it intends to launch any probes into data-sharing by the various networks controlled by Google, the commission said that it gained jurisdiction over the search giant only on Jan. 22 and still is not the lead supervisory authority for Google’s search engine and indexing service.

But Caspar, the German regulatory chief, said that Ireland had a responsibility to investigate any privacy complaint lodged in the European Union. (Google is appealing the French fine. In previous comments to POLITICO, a spokesperson for Google said the company had been under no legal obligation in 2018 to finalize the steps for its “main establishment” in the European Union.)

As for the scandals that rocked Facebook over the past year, Doyle pointed to the commission’s limited mandate as a regulator of data security as a reason to defer action or public communications. The spread of hate speech and the use of micro-targeting for online political advertising — both of which have been identified as major areas of concern by the European Commission — are outside its purview as a data regulator, Doyle said.

Yet such an interpretation of the regulator’s role and responsibility does not sit well with privacy professionals. In addition to being responsible for compliance with data protection statutes, Dixon and her staff have an “ethical duty” to lead debates on where and how regulation should be applied in response to emerging issues, O’Brien said.

“It’s not just about the letter of the law, but also anticipating where problems may be coming from,” he said, adding that the next big problems would crop up if and when facial recognition technology is combined with targeted ads to beam commercial messages at people in public spaces. “The sort of scandals and breaches we’ve seen over the past few years are just a prelude to what may be coming as 5G [next generation] networks come online.”

I’m continuing to report on data privacy issues with Big Tech. If you have a tip for me, you can reach me at

Article originally published on POLITICO Magazine


How Buttigieg’s first losing campaign set up his 2020 bid

As Pete Buttigieg prepared to drop out of the race for Democratic National Committee chair before the vote in 2017, a handful of committee members offered sympathy and encouragement, promising to support him in a future campaign. They just didn’t think it would be for the White House — or so soon.

Committee member Winston Apple was among those impressed and remembers thinking that Buttigieg should run for president — someday. “I hoped he would be a little bit older than he is right now because I don’t want to see him retire at 48,” Apple said. “I’d like to see him in the game a little bit longer than that.”

Buttigieg’s first attempt to leap from mayor of Indiana’s fourth-largest city to national politics ended with a thud in the DNC race — but that campaign episode foreshadowed his plucky rise to contention in the Democratic presidential field two years later.

Then as now, Buttigieg presented himself as a compromise candidate acceptable to two warring factions of the Democratic Party. Then as now, his unique status as a 30-something millennial, veteran and openly gay candidate set him apart in a crowded field. And the DNC race proved Buttigieg’s ability to command media coverage even as a long shot — a skill now paying major dividends in the 2020 race.

“I saw Mayor Pete’s ability to go viral before,” said Jaime Harrison, one of Buttigieg’s rivals in the DNC contest and who is running for Senate in South Carolina. “To be honest, it was even a little frustrating for me, given that I was running against him.

“I had more hard votes and support, but he was able to turn limited opportunities into so much media coverage,” Harrison added. “And he impressed a lot of people that way.”

Buttigieg has employed the same talk-to-anyone-anywhere strategy — and the same experienced communications strategist, Lis Smith — early in his presidential run. While he’s happy to dig into policy, he also has shown a flair for a viral one-liner.

After all, it was a tweetable remark at a CNN town hall on March 10 — when Buttigieg called Vice President Mike Pence a “cheerleader of the porn star presidency” — that first turbocharged his candidacy. And during the DNC chairmanship race, Buttigieg prompted another look from some DNC members after ripping President Donald Trump as “a draft-dodging ‘chicken hawk’ president.”

Since his dig at Pence, Buttigieg has been everywhere: He has accepted a wide range of interview requests — from national TV to podcasts — to keep momentum going, while banking money from new supporters online and speaking to growing early-state crowds.

In both the DNC and presidential races, Buttigieg has leaned into his youth and flair for delivering a speech to earn a first look from the electorate. He also left an impression by creating striking moments in public forums, whether in debates for DNC chair or in the town halls and meet-and-greets that have characterized the presidential campaign. Buttigieg writes important speeches himself, from the morning he conceded the DNC race to the edits and rewrites he was making to his presidential announcement speech in the hours before he delivered it earlier this month.

“He’s incredibly bright, articulate, thoughtful, passionate,” said Rion Ramirez, another DNC member. “And just somebody that when you sit down and talk with him, he’s someone who’s hearing you.”

The DNC race also helped Buttigieg in another way: It put him in touch with well-connected donors who are now helping fund his presidential campaign. Though the bulk of his endorsements came from mayors, a few former DNC chiefs endorsed his campaign for chairman, including Steve Grossman and Howard Dean. Grossman, a prized Democratic donor, recently said he planned to raise money for Buttigieg’s presidential campaign fund.

Other major donors who have gave to Buttigieg’s “Pete for DNC” committee included Facebook co-founder Chris Hughes and philanthropists Deborah Simon and Cynthia Simon Skjodt. Simon is now among the donors who have given to Buttigieg’s presidential bid, according to Federal Election Commission records.

They were attracted by Buttigieg’s pitch that not only could he rise above the feuding between leading candidates Tom Perez and Keith Ellison, he was so far removed from the Washington power structure that he could rise above it and unite the party.

The tag line for Buttigieg’s DNC campaign was “New Leadership. Fresh Start,” and he’s tweaked it only slightly to lean into the not-so-subtle message that his opponents in the Democratic presidential primary are not only older — they’re appealing to yesterday’s voters.

“The reason I wanted him to be the chair of the DNC was because the core constituency of our party is young people, people of color, and women and he’s incredibly appealing to” all those groups, Dean said.

Buttigieg started both of his latest campaigns in near-total obscurity — first to the secluded insiders of party politics and then to millions of Democratic primary voters. But as he started the race to run his party, it was clear to his backers that the campaign might not have been the real end goal.

“He wasn’t running for DNC to be the end of it,” said Moses Mercado, a former DNC deputy executive director. “He wasn’t running for DNC chair like: ‘This is my dream. I wanted to be DNC chair and then retire.’

"He wanted to inject himself in national politics," Mercado continued.

Elena Schneider contributed reporting.

Article originally published on POLITICO Magazine


The Best Quotes From Jonah Goldberg’s ‘Suicide of the West’

The following article, The Best Quotes From Jonah Goldberg’s ‘Suicide of the West’, was first published on John Hawkins' Right Wing News.

I am generally a fan of Jonah Goldberg’s work and I thought his book, Suicide of the West: How the Rebirth of Tribalism, Populism, Nationalism, and Identity Politics is Destroying

Continue reading: The Best Quotes From Jonah Goldberg’s ‘Suicide of the West’


Hegar launches Texas Senate bid against Cornyn

Democrat MJ Hegar, an Air Force veteran, launched her campaign against Sen. John Cornyn (R-Texas) Tuesday morning.

The former helicopter pilot is the first Democrat to join the race against Cornyn, but others are still considering running in the primary. Democrats believe Texas could be competitive in 2020 after former Rep. Beto O’Rourke lost narrowly to GOP Sen. Ted Cruz last year.

Hegar, who lost a House race in a Republican district in 2018, released a video launching her campaign. The video highlights similar themes as her viral launch video last year, which helped her raise more than $5 million for her failed bid against GOP Rep. John Carter.

Her new Senate ad features celebrity tweet endorsements, footage of O’Rourke from his Senate campaign, and Hegar explaining her personal history as helicopter pilot, including being shot down while fighting the Taliban.

"Texans deserve a senator who represents our values: strength, courage, independence, putting Texas first," Hegar said in the video. She referenced her campaign against Carter, which she lost by 3 percentage points in a district President Donald Trump carried by 13 points.

Hegar also took shots at Cornyn, including calling him "that tall guy lurking behind [Majority Leader] Mitch McConnell" during press conferences and accusing him of "shrinking out of the way again" on protecting pre-existing conditions.

Cornyn’s campaign responded by highlighting his work on relief for Hurricane Harvey and passing laws to help sexual assault victims — and also linking Hegar to Senate Minority Leader Chuck Schumer (D-N.Y.).

“MJ Hegar is Chuck Schumer’s handpicked candidate for good reason: She supports government run health care that would eliminate private insurance, crushing new taxes, and late-term abortion. Texans rejected her radical views once, and they will again," said John Jackson, Cornyn’s campaign manager.

Preston Elliott, a veteran Democratic strategist with experience in Senate campaigns, will manage Hegar’s bid, according to three sources familiar with the decision. Elliott previously managed campaigns for Montana Sen. Jon Tester and former North Carolina Sen. Kay Hagan, and was deputy executive director for the Democratic Senatorial Campaign Committee in 2016.

The Democratic primary to face Cornyn could become crowded. Rep. Joaquín Castro is seriously considering running, and Amanda Edwards, a city councilwoman in Houston, is also weighing a campaign. Some Democrats fear a crowded primary could hurt their chances to defeat Cornyn.

Cornyn, meanwhile, has acknowledged he faces a tough race and hit the ground running to prepare, hiring key staff and raising more money than any other Senate incumbent up for reelection next year. He had $7.4 million in the bank as of March 31.

Article originally published on POLITICO Magazine


Defense Digital Service chief stepping down after ‘nerd tour of duty’

Chris Lynch, director of the Pentagon’s Defense Digital Service, will step down this month after four years running his so-called “SWAT Team of Nerds.”

“When nerds like us have a seat at the table, a lot of amazing things can happen. Don’t forget that,” Lynch wrote today in an email to his team, according to a copy of the message obtained by POLITICO.

After serving with the U.S. Digital Service team at the Obama White House, former Defense Secretary Ash Carter recruited Lynch in 2015 to establish a small team of engineers and digital experts from places like Google and Facebook to untangle DoD’s most critical IT problems.

The team quickly made a name for itself with the 2016 “Hack the Pentagon” program — the federal government’s first bug bounty effort that uncovered nearly 140 previously unidentified flaws on some Pentagon websites.

“To say that this has been the greatest detour of my life would be an incredible understatement but starting this team and working with you has fundamentally changed my life, and I believe the lives of so many others as well,” wrote Lynch, who was a software entrepreneur in Seattle before coming to Washington.

“The impact our team is making all across the Department of Defense and for our service members is mind boggling and profound,” he added. “I think at the end of the day it’s because people like you and people like me have come to serve.”

Noted technologist Brett Goldstein will replace Lynch this week.

Goldstein began his career at OpenTable before joining the Chicago Police Department. There he earned the rank of commander, eventually becoming the city’s chief data officer. Since leaving government in 2013, Goldstein has run a venture capital fund, held fellowships at the University of Chicago and Harvard, and served on the board of the tech nonprofit Code for America. He most recently served as a special adviser to the U.S. Navy, where he’s worked with the DDS team.

“Although we will miss Chris, the unique startup culture he built and the talented team he recruited will continue to disrupt and transform technology at the DoD,” acting Defense Secretary Patrick Shanahan said in a statement.

Goldstein’s “public and private sector knowledge, technical expertise, and commitment to improving government through technology will be invaluable to a range of critical missions across the department,” added Shanahan, who recruited Goldstein to support the department’s IT, cyber and modernization efforts.

Goldstein will inherit an organization that has grown from roughly a dozen staffers a few years ago to almost 70 and has worked on nearly every facet of the DoD’s digital infrastructure.

Since “Hack the Pentagon,” DDS has gone on to help oversee more than a dozen such efforts throughout the armed services and even the Pentagon’s travel booking system.

In addition, the team has worked on building next-generation GPS, a new security clearance system and teamed up with Army Cyber Command to create a partnership program dubbed “Jyn Erso” (after the heroine of the movie Rogue One) to get tech solutions to the battlefield faster, including drone detection.

Based out of an office inside the Pentagon with a title on the door that says “Rebel Alliance,” DDS also helped create the agency’s “Vulnerability Disclosure Program,” which provides a legal avenue for security researchers to find and disclose weaknesses in any DoD public-facing system, and is currently shepherding the procurement of the $10 billion JEDI cloud project being bid on by Amazon and Microsoft.

“Also, let’s be honest, we’ve made Star Wars come to life at the f—— DoD,” according to Lynch, who often could be spotted walking the halls of the buttoned-up Pentagon in a Star Wars T-shirt and hoodie.

Lynch nor the Pentagon said where he was going after his role at DDS.

In his message marking the end of his “nerd tour of duty,” Lynch warned that the DDS mission is “forever dependent upon the flawless execution of technology, and our adversaries are quite good at software.”

“We have to bring other great technologists here,” he wrote. “We have to empower technical talent to make technical decisions alongside our DoD partners … Keep delivering. Keep getting shit done. Nothing else matters.”

Article originally published on POLITICO Magazine