I imagine that some of you have been wondering, “Whatever happened to Ate Up With Motor? Is it dead or something?” If you are curious about this subject, you’ll find an explanation under the cut.
If you’ve visited this website in the past, you’ve likely noticed that the frequency of new articles progressively decreased over time. This was originally a function of two things: the individual articles growing longer and more elaborate (which takes longer to do, as you may well imagine) and my need to balance that time with other things that make up a greater proportion of my income. I imagine that many readers can relate and, I hope, regarded it as an acceptable tradeoff for quality content.
Then, we came to the Time of Calamity. This included a whole series of problems that have made it harder and harder to do anything with the site.
First, there was what I can only describe as a “household environmental problem” that damaged or ruined many of my books and other materials. (I had to throw away whole bookcases worth of stuff, which was traumatic.) Despite considerable effort, I’ve never gotten a clear explanation of exactly what the problem really is — I know only too well how it manifests, but not what it is, whether things that were damaged are now actively hazardous or just disfigured, or whether there’s anything to be done about it short of discarding most of my possessions and starting over (which I can’t even remotely afford). Since then, I have not dared to replace any books or magazines that were lost, I stopped buying any new ones, and I’ve even become afraid to check out library books for fear of triggering the same problem in them.
There have also been a series of technical issues with the site, which have consumed a significant amount of time without producing any new content. Some of these have had what I hope are constructive results — for instance, you might have noticed that there are some additional accessibility features — while some have involved struggling with problems I still don’t know how to fix.
I also had my elderly computer expire, more or less in lockstep with the growing infirmity of my ancient phone. The computer has been replaced and the phone is in the process, thanks mostly to the considerable largess of others, but this whole struggle posed a series of significant obstacles to getting anything constructive done.
When Regulators Attack
Then, we come to the regulatory problem. As you might or might not be aware, various jurisdictions have been attempting to tackle the personal privacy issues created by Big Tech and its ravenous appetite for your personal data, which has put listening devices in ordinary household items and rebranded what used to be called “spyware” as “software telemetry.” (Did you know that the current versions of the Microsoft Office suite (even the non-subscription-based versions), by default, will capture, inter alia, any text you spell-check and send it to Microsoft, and the only ways to prevent this involve some fairly elaborate tinkering with the operating system that many people would find intimidating?)
I want to be clear that I understand and sympathize with the impetus for these laws. I do not like being spied on any more than anyone else, and I have gone to considerable lengths to minimize that kind of surveillance. However, in their zeal to rein in the tech industry, the legislators and regulators have created rules that, paradoxically, ONLY tech giants like Google and Facebook can really comply with, and that make running any kind of smaller website or business — especially a one-person enterprise like mine — very difficult and potentially very costly. (As with the European GDPR, the California law includes the threat of enormous financial penalties.)
Sold Down the River
Even more than the European GDPR, the new California law is preoccupied with giving people control over the sale of their personal information. This is, on the face of it, a worthy goal. However, in an attempt to avoid loopholes, the Legislature has defined both “personal information” and “sale” so broadly as to lose any coherent meaning. The new law’s definition of personal information includes not only obvious things like names and addresses, but also stuff like “olfactory information” and even inferences about individuals or “households.” Its standards for what constitutes a “sale” are equally expansive (and, even where the law concedes that a transfer of information might not be a sale, disclosures “for business purposes” are still subject to assorted requirements).
California (and the EU, by whose regulations the California law was clearly inspired) now regards most of this data as personal information, just like your phone number. So, if I share a YouTube video and you access it, I have, by the law’s definitions, shared your personal information with YouTube, or at least facilitated their collection of that information (which I think amounts to the same thing so far as the law is concerned). Now, YouTube is a commercial entity, so if you watch a video, they’re probably going to show you advertisements. YouTube is owned by Google and if you watch videos while using a Google account, it gets added to Google’s repository of information about you, which they use for all manner of commercial purposes. Therefore, by posting an embedded video, I could, by the expansive definitions of this law, be deemed to have shared the personal information of any person who viewed that video with YouTube/Google for commercial purposes.
It’s still unclear if the state will actually interpret that as selling your personal information, but the statutory definitions can certainly be read that way, and the law definitely treats as “sales” the posting of some types of behavior-based online advertising (which I have not used on this website since 2009) that function in similar ways.
What Year Is It, Again?
The framers of this law apparently envision a world where any personal information a business collects exists in some discrete, tangible way — on punch cards, perhaps — over which the business entity has absolute discretion and a comprehensive index. If all your information is on punch cards, after all, you should be able to pop them in the computer to produce on-demand readouts of all the data you have on a specific individual or household, and you should definitely be able to control who accesses that information. (Do you know where your punch cards are?)
For better or worse, that is simply not how the modern online world works, which puts many businesses — including self-employed people like me — in a very awkward position. For instance, I don’t own the servers on which Ate Up With Motor runs or that process email messages sent to or from my ateupwithmotor.com email addresses; my web host does. This means any time someone visits the site or emails me, I am effectively sharing their personal information with my web host. Even entering someone’s name into a search engine probably constitutes “sharing personal information” by the law’s definitions, as does most anything I might do with my new smartphone, like using an online mapping or navigation tool to find my way to a business meeting or interview.
The law doesn’t prohibit sharing information with vendors and service providers who need that information to perform some service. However, the law assumes — and effectively insists — that I have absolute contractual authority over how those vendors or service providers use that data. While I might be able to do that with individual service providers, the idea that I could control, for example, how Google uses data about YouTube viewers is frankly absurd. (I’m not sure I could even get a non-automated response from most big tech companies without serving them with an actual subpoena.) I simply do not have that kind of leverage, nor do I necessarily have a lot of meaningful alternatives.
A point that’s especially vexing for me as a writer is that the California law makes little distinction between information that’s already publicly available and data that’s not. It provides certain exemptions for public information, but defines that very narrowly as information available to the public from official government sources, and only where the information is being used in the manner for which it was originally intended, whatever that means. There are no exemptions for information in published books, news stories, documentaries, and so forth.
So, if I read the memoir of a public figure and want to discuss it here, or if I write an article about someone for which I receive any kind of compensation, the law likely regards that as sharing personal information for business purposes, and might also regard it as selling personal information, at least in some contexts. The law does expressly describe “political speech and journalism” as “noncommercial speech,” but for professional writers, that can be an uncomfortably gray area, where writing an article or a book may be deemed noncommercial, but pitching it to an editor or promoting it on Twitter might not be.
Some of this comes down to how the attorney general decides to interpret the applicable statutes, which is not especially reassuring. When you have laws written this expansively, their enforcement is inevitably both arbitrary and capricious. Furthermore, despite considerable outcry from businesses (I myself submitted three sets of public comments) and warnings from more tech-savvy observers that some of the law’s requirements are not technically feasible, the attorney general is promising zealous, punitive enforcement — and the law allows for enormous financial penalties for even accidental violations.
Before anyone makes the obvious suggestion, I must sadly note that, as with the GDPR, a business or website does NOT have to be based in California to be subject to this law. These laws operate by creating certain rights for people who live in (and/or are citizens of, in the case of the GDPR) that area, so residents can, at least in principle, exercise these rights even if a business is not located in that jurisdiction. How much leeway courts will allow in this regard remains to be seen (which is also not very reassuring), but the bottom line is that simply relocating to a different state or a different country would not necessarily make these problems go away.
For what it’s worth, I have tried for years to be upfront about privacy-related matters (most of the many obnoxious policy revisions have reflected my trying to more accurately describe how I do things rather than any meaningful change in what I’m doing) and to exercise reasonable diligence with regard to data security. Unfortunately, I don’t know if that’s going to be enough.
The Future Ain’t What It Used to Be
California’s new privacy law arrives concurrently with the state’s other great attempt to destroy my livelihood, which is a new law intended to essentially outlaw most freelance work. Since I am a professional writer/editor, this puts my vocation, my livelihood, and my survival in considerable jeopardy.
All this has left me reeling and quite upset, since these legal machinations have made almost every professional activity I might undertake or even contemplate very messy and fraught. For someone like me, having to second-guess myself every time I start to type something into a search engine is jarring, to say the least.
So, if you are asking, “Does this mean Ate Up With Motor is dead?” the answer is “I don’t know.” If I don’t survive — or if the state decides that I’m not allowed to write professionally except as the employee of some other business entity, with no rights to my own work — the answer would obviously be yes. In the meantime, my intention is to keep the site alive for as long as I can. Whether I will be able to add any new content, or when that might happen, I honestly do not know.