The US Supreme Court’s decision this week in Trump v. Slaughter, giving the US president the power to control supposed-to-be independent agencies set up and funded by Congress, may be as profound internationally as it is domestically. In his newsletter, the economist Paul Krugman calls the president’s new power “dictatorial”, and notes the Court’s exception for the Federal Reserve. Krugman highlights the importance to average citizens of the Federal Trade Commission, which oversees consumer protection and the US’s meager privacy law. It is one of the agencies Trump now fully controls.
At day later, at Euractiv, Claudie Moreau reported that as a direct result Max Schrems and his NGO, noyb, is preparing a legal challenge to the three-year-old EU-US Data Privacy Framework.
Quick recap. This is the third time Schrems, an Austrian citizen, is challenging a formal legal arrangement for permitting data flows from the EU to the US. The saga began in 1998, when the EU Data Protection Directive, passed in 1995, came into force. To enable data flows to the US, the EU and US negotiated the Safe Harbour agreement. Then came Edward Snowden’s 2013 revelations of US intelligence spying. A bunch of lawyering later, in 2015, the European Court of Justice struck down Safe Harbour. In 2016, the EU and US replaced it with Privacy Shield, based on the US passage of the 2015 Judicial Redress Act, which granted non-US citizens limited rights to access redress in US courts for illegal data transfers.
Days after arriving in office in 2017, Trump issued an executive order demanding that agencies ensure that their privacy policies exclude those who are not US citizens. In a flurry at the in-progress Computers, Privacy, and Data Protection, many asked, had he just killed Privacy Shield? Schrems’ second case was already underway, and in 2020 he won again, when the European Court of Justice struck down Privacy Shield.
“There must be no Schrems III,” the Dutch MEP Sophie int’ Veld said a few months later. That possibility pervaded CPDP 2022. Yet all agreed the big issue was and is lack of enforcement.
The 2023 adoption of the Framework was enabled by the US creation of the Privacy and Civil Liberties Oversight Board to handle complaints from and redress for foreigners whose privacy rights have been violated. Last year, again days after taking office, Trump gutted the PCLOB. Many wondered then if the Framework could survive. Schrems commented, “This deal was always built on sand.”
The SCOTUS ruling this week granting US presidents free rein to control independent agencies like the FTC, noyb writes in a press release / blog posting, “…the entire structure of the EU-US Data Privacy Framework has just collapsed”. It also notes that EU treaty law requires such agencies to be independent – and counts 259 times that the EU relies on the FTC in its data flow decision.
“Even in the European Commission’s logic, the basis for any EU-US data transfer deal is dead,” Schrems concludes. Because the Framework must be actively repealed or ruled illegal by the courts, noyb is both filing a lawsuit and asking the European Commission to repeal it.
And so begins Schrems III.
This week I presented the talk I did at Greenwich Skeptics in April for the Cambridge Skeptics. Titled “What We Talk About When We Talk About AI”, the talk was an attempt to disentangle the different things people mean when they say “artificial intelligence”. The AI we have – generative AI, image generators, scoring systems, surveillance systems – has little in common with the original idea mooted by Alan Turing in 1950 or the problems the Dartmouth workshop sought to solve over the summer of 1956.
The founders and CEOs of AI companies, however, seem quite happy for us to conflate the two, since it makes them sound more worth investing in. Demis Hassabis, for example, founded Deep Mind (since 2014, part of Google) with the mission statement, “Solve intelligence. Then use that to solve everything else.” With respect to at leaast some intractable problems this is obviously nonsense. We have long known what needs to be done about climate change. All the intelligence in the universe will not create the political will to do the things we already know need to be done.
Many of the things we want from AI – automation, helpers, guardians, (sadly) weapons, companions – are things humans have wanted as long as there have been humans and have many precursors. Some of these constructs, both fictional (Asimov’s Laws, Rosey the Robot), and non-fictional (Arthur C. Clarke’s Laws of Science) come up routinely in academic and legal conferences to this day. I personally don’t believe today’s “AI” paradigm will lead to a superintelligence or a new form of consciousness (as net.wars readers probably already know). But the evidence is clear that today’s “AI” can do plenty of damage to today’s people and places.
The talk ended with a few thoughts about how to respond: resist the inevitability narrative; change the framing; be specific about naming systems, their purposes and owners; and count the opportunity costs.
The talk was not recorded and is not online, but the references are.
Illustrations: Max Schrems, in 2024 (via Murielle Gerber and EPFL media library at Wikimedia.
Also this week: At Plutopia, we talk to computer security professor Steve Bellovin about his newly-released free book on home security Don’t Get Hacked!.
Wendy M. Grossman is an award-winning journalist. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. She is a contributing editor for the Plutopia News Network podcast. Follow on Mastodon or Bluesky.