The Case for a Federal Digital Privacy Strike Force

With the recent enactment of the first-ever federal privacy legislation dealing with robocalls—the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED)—there already has been notable activity at various Executive Branch and independent regulatory agencies.

In late January, the Department of Justice filed lawsuits seeking temporary restraining orders against five companies and three individuals, based on allegations that they had carried hundreds of millions of fraudulent robocalls to American consumers. Within days, the Federal Trade Commission (FTC) sent letters to 19 Voice over Internet Protocol providers to warn them that any assistance or facilitation of telemarketing through robocalls would be deemed to violate the new law. And less than a week later after that, the Federal Communications Commission (FCC) sent letters to seven U.S. telephone companies that provide gateway service for international robocalls into stateside networks. It asked for these companies to cooperate in tracing back these calls to help the FCC pursue enforcement actions that are warranted under the TRACED Act.

Despite the close timing of these separate actions, the three agencies were not acting in an explicit coordinated manner to protect the privacy of individuals who are bombarded with unwanted robocalls at all hours of the day and night. But there is an existing framework that can be established in short order to ensure greater efficiency and effectiveness in enforcing the TRACED Act. It’s called a Strike Force.

Last November, for example, the Department of Justice (DOJ) formed a Procurement Collusion Strike Force to focus on deterring, investigating, and prosecuting antitrust crimes that undermine competition in government procurement, grant and program funding. This Strike Force has several internal DOJ divisions that will be working closely together, including the Antitrust Division and 13 U.S. Attorneys Offices. The FBI also will be involved, along with the Department of Defense Office of Inspector General, the U.S. Postal Service Office of Inspector General and other federal Offices of Inspector Generals.

The organization of such an entity, operating continuously with buy-in from the leadership of its constituent units, sends a powerful message that these agencies are willing and able to pursue bad actors that are involved in government procurement misdeeds. It also marshals resources to minimize duplicative efforts that can be costly to taxpayers and be less impactful in achieving desirable outcomes.

Other older Strike Forces have been established using this cross-agency collaborative approach, and seem to be working well. A notable success is the Health Care Strike Force that brings together the investigative and analytical resources of the DOJ, the FBI, the Department of Health and Human Services, the Drug Enforcement Administration, the Centers for Medicare and Medicaid Services, the Internal Revenue Service, and other government agencies. Those in the Strike Force work full-time on the cases focused on health care fraud that results in patient harm and/or large financial losses to the public treasury. This enables a higher level of expertise that can be brought to bear.

That brings us back to enhancing current digital privacy protection. Even without any new federal privacy legislation, which is unlikely to be enacted before the 2020 elections, there already are a number of privacy laws already in place that could benefit from the coordinated Strike Force model. In addition to the TRACED Act, these include privacy protections in the Communications Act that are applicable to video and telephony services, the Financial Modernization Act’s financial data safeguards, and the Electronic Communications Privacy Act’s wiretap, stored communication and computer fraud/abuse provisions. With the enhanced resources of a Strike Force, these laws could be enforced more often and more vigorously, creating greater digital privacy protection through improved inter-agency coordination.

In the longer term, this Digital Privacy Strike Force then could be deployed if and when broader measures are established through any new law. The Department of Justice, the FTC and the FCC all will continue to play a role in this area. By acting in concert now, they will be well prepared to undertake an expanded set of challenges that any future legislation might create.

Stuart N. Brotman is a Fellow at the Woodrow Wilson International Center for Scholars in Washington, D.C. He is based in its Science and Technology Innovation Program, focusing on digital privacy policy issues.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.