I imagine that some of you have been wondering, “Whatever happened to Ate Up With Motor? Is it dead or something?” If you are curious about this subject, you’ll find an explanation under the cut.
If you’ve visited this website in the past, you’ve likely noticed that the frequency of new articles progressively decreased over time. This was originally a function of two things: the individual articles growing longer and more elaborate (which takes longer to do, as you may well imagine) and my need to balance that time with other things that make up a greater proportion of my income. I imagine that many readers can relate and, I hope, regarded it as an acceptable tradeoff for quality content.
Then, we came to the Time of Calamity. This included a whole series of problems that have made it harder and harder to do anything with the site.
First, there was what I can only describe as a “household environmental problem” that damaged or ruined many of my books and other materials. (I had to throw away whole bookcases worth of stuff, which was traumatic.) Despite considerable effort, I’ve never gotten a clear explanation of exactly what the problem really is — I know only too well how it manifests, but not what it is, whether things that were damaged are now actively hazardous or just disfigured, or whether there’s anything to be done about it short of discarding most of my possessions and starting over (which I can’t even remotely afford). Since then, I have not dared to replace any books or magazines that were lost, I stopped buying any new ones, and I’ve even become afraid to check out library books for fear of triggering the same problem in them.
There have also been a series of technical issues with the site, which have consumed a significant amount of time without producing any new content. Some of these have had what I hope are constructive results — for instance, you might have noticed that there are some additional accessibility features — while some have involved struggling with problems I still don’t know how to fix.
I also had my elderly computer expire, more or less in lockstep with the growing infirmity of my ancient phone. The computer has been replaced and the phone is in the process, thanks mostly to the considerable largess of others, but this whole struggle posed a series of significant obstacles to getting anything constructive done.
When Regulators Attack
Then, we come to the regulatory problem. As you might or might not be aware, various jurisdictions have been attempting to tackle the personal privacy issues created by Big Tech and its ravenous appetite for your personal data, which has put listening devices in ordinary household items and rebranded what used to be called “spyware” as “software telemetry.” (Did you know that the current versions of the Microsoft Office suite (even the non-subscription-based versions), by default, will capture, inter alia, any text you spell-check and send it to Microsoft, and the only ways to prevent this involve some fairly elaborate tinkering with the operating system that many people would find intimidating?)
This has resulted in a series of cumbersome laws and regulations, the newest of which is a wildly overreaching California law that took effect January 1. Although I believe I don’t currently meet any of the new law’s applicability thresholds, the law’s onerous requirements have prompted an extensive preemptive revamp of the Privacy Policy that took me easily as much time as TWO Ate Up With Motor articles, have consumed a great deal of my time and mental energy, and make it very questionable whether the site can survive in even an archival sense.
I want to be clear that I understand and sympathize with the impetus for these laws. I do not like being spied on any more than anyone else, and I have gone to considerable lengths to minimize that kind of surveillance. However, in their zeal to rein in the tech industry, the legislators and regulators have created rules that, paradoxically, ONLY tech giants like Google and Facebook can really comply with, and that make running any kind of smaller website or business — especially a one-person enterprise like mine — very difficult and potentially very costly. (As with the European GDPR, the California law includes the threat of enormous financial penalties.)
Sold Down the River
Even more than the European GDPR, the new California law is preoccupied with giving people control over the sale of their personal information. This is, on the face of it, a worthy goal. However, in an attempt to avoid loopholes, the Legislature has defined both “personal information” and “sale” so broadly as to lose any coherent meaning. The new law’s definition of personal information includes not only obvious things like names and addresses, but also stuff like “olfactory information” and even inferences about individuals or “households.” Its standards for what constitutes a “sale” are equally expansive (and, even where the law concedes that a transfer of information might not be a sale, disclosures “for business purposes” are still subject to some very cumbersome requirements).
To give you an example of how this works and why it becomes so troublesome, let’s consider the humble embedded video player so ubiquitous to the modern Internet. You probably see these every day: a player, provided by YouTube, Vimeo, or some other such platform, that lets you watch a video or listen to an audio track without leaving the website you’re on. In the language of the Privacy Policy (q.v.), these players are what’s known as “embedded content,” which means that the various files reside on servers other than those of the site that posts the players. Whenever you visit a page that has an embedded player, your browser asks the player’s provider to supply the code for the player and the files you access through it, which gives the provider your IP address, your user agent information, (probably) the referring site (i.e., the web page you’re visiting that has the player on it), and other information about your device. This doesn’t require any specific action by the site on which the player is posted; that’s just how embedded content works, and most providers’ terms of use prohibit tinkering with the player in a way that would change this.
California (and the EU, by whose regulations the California law was clearly inspired) now regards most of this data as personal information, just like your phone number. So, if I share a YouTube video and you access it, I have, by the law’s definitions, shared your personal information with YouTube, or at least facilitated their collection of that information (which I think amounts to the same thing so far as the law is concerned). Now, YouTube is a commercial entity, so if you watch a video, they’re probably going to show you advertisements. YouTube is owned by Google, and if you watch videos on that platform, especially while logged into a Google account, that information gets added to Google’s repository of information about you, which they use for all manner of commercial purposes. Therefore, by posting an embedded video, I could, by the expansive definitions of this law, be deemed to have shared the personal information of any person who viewed that video with YouTube (and thus with Google) for commercial purposes.
It’s still unclear if the state will also interpret that as selling your personal information, but the statutory definitions can certainly be read that way, and the law definitely regards as “sales” the use of some types of online “behavioral” advertising (which I have not used on this website in years) that functions in similar ways.
What Year Is It, Again?
The framers of this law apparently envision a world where any personal information a business collects exists in some discrete, tangible way — on punch cards, perhaps — over which the business entity has absolute discretion and a comprehensive index. If all your information is on punch cards, after all, you should be able to pop them in the computer to produce on-demand readouts of all the data you have on a specific individual or household, and you should definitely be able to control who accesses that information. (Do you know where your punch cards are?)
For better or worse, that is simply not how the modern online world works, which puts many businesses — including self-employed people like me — in a very awkward position. For instance, I don’t own the servers on which Ate Up With Motor runs or that process email messages sent to or from my ateupwithmotor.com email addresses; my web host does. This means any time someone visits the site or emails me, I am effectively sharing their personal information with my web host, who processes it for me. Even entering someone’s name into a search engine probably constitutes “sharing personal information” by the law’s definitions, as does most anything I might do with my new smartphone, like using an online mapping or navigation tool to find my way to a business meeting or interview.
The law doesn’t prohibit sharing information with vendors and service providers who need that information to perform some service. However, the law assumes — and effectively insists — that I have absolute contractual authority over how those vendors or service providers use that data. While I might be able to do that with individual service providers, the idea that I could control, for example, how Google uses data about YouTube viewers, is frankly absurd. (I’m not sure I could even get a non-automated response from most big tech companies without serving them with an actual subpoena.) I simply do not have that kind of leverage, nor do I necessarily have a lot of meaningful alternatives.
A point that’s especially vexing for me as a writer is that the California law makes little distinction between information that’s already available to the public and information that’s not. The law provides an exemption for publicly available information, but defines that very narrowly as information lawfully made available to the public from federal, state, or local government records. There are no exemptions for information in published books, news reports, documentaries, or even public statements and press releases.
So, if I read the bestselling memoir of a public figure and want to discuss it here, the law might regard that as sharing personal information for commercial purposes, and if I write an article about that same public figure for which I receive any kind of compensation, the law might regard it as selling personal information. The law does expressly describe “political speech and journalism” as “noncommercial speech,” but for professional writers, that can be an uncomfortably gray area, where writing an article or a book might be deemed noncommercial, but pitching it to an editor or promoting it on social media might not be, and being paid for it is a whole other question entirely.
Some of this comes down to how the attorney general decides to interpret the applicable statutes, which is not especially reassuring. When you have laws written this expansively, their enforcement is inevitably both arbitrary and capricious. Furthermore, despite considerable outcry from businesses (I myself submitted three sets of public comments) and warnings from more tech-savvy observers that some of the law’s requirements are not technically feasible, the attorney general is promising zealous, punitive enforcement — and the law allows for enormous financial penalties for even accidental violations.
Before anyone makes the obvious suggestion, I must sadly note that, as with the GDPR, a business or website does NOT have to be based in California to be subject to this law. These privacy laws operate by creating certain rights for people who are residents of and/or located in those areas, so those people can, at least in principle, exercise these rights even if a business is not located in that jurisdiction. How much leeway courts will allow in this regard remains to be seen (which is also not very reassuring), but the bottom line is that simply relocating to a different state or a different country would not necessarily make these problems go away.
I know that there are readers who cringe whenever I bring up any of this regulatory stuff, and I want to be clear that I feel the same way. At this point, I can’t even read the words “privacy policy” without twitching, which is no fun at all now that most every retail store in Los Angeles has posted stickers at the register inviting you to review their corporate privacy policy. However, the potential consequences of ignoring these laws and regulations are very dire. I’m a sole proprietor; I don’t have a legal staff or general counsel to handle the policy stuff, I can’t afford to hire a compliance officer, and even the low end of the possible fines would be ruinous.
For what it’s worth, I have tried for years to be upfront about privacy-related matters (most of the many obnoxious policy revisions have reflected my trying to more accurately describe how I do things rather than any meaningful change in what I’m doing) and to exercise reasonable diligence with regard to data security. Unfortunately, I don’t know if that’s going to be enough.
The Future Ain’t What It Used to Be
California’s new privacy law arrives concurrently with the state’s other great attempt to destroy my livelihood, which is a new law intended to essentially outlaw most freelance work. Since I am a professional writer/editor, this puts my vocation, my livelihood, and my survival in considerable jeopardy.
All this has left me reeling and quite upset, since these legal machinations have made almost every professional activity I might undertake or even contemplate very messy and fraught. For someone like me, having to second-guess myself every time I start to type something into a search engine is jarring, to say the least.
So, if you are asking, “Does this mean Ate Up With Motor is dead?” the answer is “I don’t know.” If I don’t survive — or if the state decides that I’m not allowed to write professionally except as the employee of some other business entity, with no rights to my own work — the answer would obviously be yes. In the meantime, my intention is to keep the site alive for as long as I can. Whether I will be able to add any new content, or when that might happen, I honestly do not know.
I appreciate your honesty and candor in explaining your reasoning. It makes perfect sense. As you said you have made many good faith updates to comply. I don’t think a reasonable person would try to pin anything on you. Nor do I think the attorney general would waste time with small fish. But we are not living in normal times. So I understand the caution.
One of the most alarming aspects of the law, which I mentioned in some of my public comments, is that it creates significant avenues for abuse of the kind California’s fairly robust anti-SLAPP laws were intended to discourage. (SLAPP = “strategic lawsuit against public participation.”) There are various ways thin-skinned public figures could use the law to stifle unfavorable public discourse, or that other malicious actors could use to harass and threaten small businesses who don’t have deep pockets for legal defense, potentially over things that aren’t even technologically feasible.
For example, if the AG decides that posting an embedded video that shows ads constitutes selling your visitors’ personal information, the law would expect you to provide a way for visitors to opt out of that “sale,” which in this case would mean preventing any embedded video player on your site from gathering information about that visitor for any commercial purpose. This is supposed to be permanent and remain in effect regardless of what device the visitor uses. In the real world, even if you set up some mechanism to block embedded videos for them by setting a cookie or excluding their IP address, that measure will stop working if they delete the cookie, switch to a different device, or use a VPN or proxy. If they do that and then visit a page on your site with an embedded video player, you’re now technically violating their rights and they can file a complaint with the attorney general’s office.
Also, that’s a comparatively innocuous example. If things like YouTube videos and context advertising are grounds for action, you can well imagine the potential danger to an author or journalist working on an exposé or unauthorized biography of a politician.
Worse, the attorney general has publicly advocated expanding the law even further to allow individuals or households to personally sue businesses for rights violations like these. If that happens, individual visitors could actually sue you for stuff like not having the correct language in your privacy policy. That’s terrifying.
I have found this site to be very informative and entertaining. I am sorry you are attempting to navigate a complex and bewildering set of laws. Truly a case of unexpected consequences that is impacting your ability to earn a living.
The fact that the CA attorney general is advocating expanding the law is scary. It seems they are pushing it to the extreme in response to bad behavior by the tech giants.
As Ronald said scary words, “We are from the government and are here to help”.
I wish you well and hope it can be resolved in your favor.
Good luck
Thanks for the update and Sorry to hear about the headwinds you face.
I really enjoy this site and often come back to read an article or two, even one that I have read before.
I do hope that circumstances allow for you to write more articles for the site in the future.
Aaron, Thank you so much for the update (Man, I was worried that something had happened!) Sorry for your difficulties-both in your home and the “Brave New World”. I fear what California has hatched will spread elsewhere-more than likely up the coast and out to the NorthEast. Perhaps us folks in ‘Flyoverland’ will be spared..but for how long. Hope to see some new material (How about the Ford Sierra/Merkur saga??). Best wishes.
What’s probably going to end up happening is that enough other states will do the same thing, and also try to impose their laws on other states, that Congress will end up feeling compelled to pass some kind of federal legislation. A federal law that preempts individual state efforts might ultimately be less onerous, but if it still also allows states to impose their own individual rules, being on the Internet will become basically impossible except for big corporations, and the web will become cable TV 2.0.
The bitterest irony is these laws seem likely to actually empower the tech giants, who are in a much better organizational position to comply or make a pretense of compliance, and who can easily absorb the fines as a cost of doing business. The CCPA fines would utterly ruin me, but are less than Facebook probably spends on employee snacks. If there was ever a point where the tech giant surveillance state could have been forestalled by legislation like this, I think that window passed at least 15 years ago. (I don’t know what would stop them now — I wish I did, since legislators clearly don’t.)
A few years back, I actually did a piece on the Merkur XR4Ti (née Ford Sierra) for Autoweek. (I don’t know if it’s still online or not.) I had intended to eventually expand that to talk more about the Sierra and its various derivatives, including of course the Sierra Cosworth — in my files, I have many pages of notes on that subject.
Thank you for the reaponse, I feel Orwell is chuckling as we chat here. (Very Sadly, I might add..) BTW, the Merk article is still online. (I owned 2 and am caretaker of the pair my friend owns, one of which is a Cossie clone.) Thank you!
Whatever you do, don’t give up on AUWM. I still reference this all the time and love finding articles I hadn’t read before.
Aaron, I do hope that you find a way out of this legal noose, your website is a great read
Aaron, I’ve never commented, but would like to say how much I’ve enjoyed reading all the articles on your website. It is a tremendous resource for people that are interested in automotive history. Please know your efforts are appreciated. Also, moving is never fun, but it seems like you need to move from California, as so many others have done.
Sadly, there is really nowhere to go even if I could afford to move, which I absolutely cannot. As it says in the text, not being in California is NOT any protection from their misguided data protection regulations. It might be possible to temporarily avoid their effort to ban freelance work, but other states have done similar things (Massachusetts a couple of years ago passed a similar law with disastrous results, New Jersey wants to follow California, etc.), and most other states also have fewer or no legal protections in other areas that matter to me. It makes for a bad situation.
Such a relief to see fresh writing from you, even if the contents are distressing. To be honest, I’m more upset with your household problems than the legislative ones. I hope things improve for you in 2020.
Yeah, I’m pretty dismayed about that, although lately it’s been reduced to background noise compared to the agonizing, ongoing self-audit prompted by the regulatory boondoggle (which has left me feeling like I have to try to list and categorize literally every type of interaction I might have in the course of my writing or work). I tried to get some professional advice on the household problem, which produced frustratingly inconclusive results, and my efforts to get other opinions — waving my checkbook at other experts and begging for help — yielded no further response. As you might well imagine, I have a lot of books, magazines, and so forth (I have more than a hundred of the Brooklands road test collections, which ain’t cheap), and if it turns out they aren’t salvageable, it would be a catastrophic loss.
Aaron, thank you for giving us an update. I hope you can successfully navigate the challenges you outline – and keep Ate Up With Motor active. In my book your automotive research is right up there with the likes of Richard Langworth.
I don’t know how to think about the privacy regulations. It appears that other smaller-scale websites are keeping their heads down, perhaps with the expectation that they aren’t big enough to become a target.
California’s freelance law sounds quite problematic. Last I heard, a freelance writer’s group was attempting to make some legislative changes. Do you see any promise there?
I hope you can find the assistance you need to preserve your automotive library; I get how expensive it can be to build.
The California legal situation is honestly nightmarish and keeps getting worse. The latest proposed revision to the privacy regulations, of which I was notified today, would impose astonishingly onerous, utterly infeasible technological requirements for treating visitors’ browser settings and privacy add-ons as opt-out requests; would expressly prohibit businesses from sharing their request compliance records with ANY third party, even outside legal counsel; and would require businesses to continue offering products and services to consumers who opt out of the commercial use of their information, on the grounds that failing to do so would be “discriminatory,” leaving me scratching my head as to what the opt-out requirements are actually intended to do. (The “illustrative examples” for the latter change include an assertion that an online retailer doesn’t need a customer’s email address to do business with them!) I honestly don’t know if these farcical nuances are intentional or if the Office of the Attorney General is just not recognizing how badly framed and worded these regulations are, and I’m not sure which would be worse. I just got through spending two hours writing a lengthy and quite bitter set of public comments to that effect.
My guess is that the ultimate effect of these laws will be to force Congress to pass preemptory federal legislation. Whether that would be an improvement or just make things worse, I daren’t even speculate.
I really like your site. However, I wonder if you have networked with other “free lance” informative sites to see (a) if they are being targeted and (b) if they are doing anything to mitigate these regulations. Putting it simply, do you really believe a (pardon the frankness) small (but well-loved) informational site such as Ate Up With Motor, which doesn’t sell anything, will really be targeted? By this logic, Etsy will go out of biz for CA customers immediately. So will Kickstarter, and all the Tumblrs, all the Flickrs…. If they are not being targeted in CA, why do you think a site that is purely informational (and not “adult”) would be targeted? I have two informative web sites. Neither sets cookies, so I’m not concerned.
How likely it is that sites like mine will be held to be subject to the regulations is kind of TBD. The current tone of the regulations would tend to imply “no,” but it really depends how broadly the attorney general decides to interpret the law’s insanely expansive definitions. No one knows. If you read the current version of Flickr’s privacy policy, for instance, you’ll find a good deal of rather bitter vitriol about this law! Incidentally, the response of both Google and Microsoft has been to assert that they do not sell personal information, which is kind of darkly hilarious and suggests that their lawyers are prepared to go to war with the state over the law’s definition of “sale,” which is VASTLY broader than anything in common law or anything the average person would consider “selling.”
The distinction, of course, is that Google and Microsoft can shrug off the fines. I’m in the unpleasant position of having to do a bunch of really cumbersome stuff so that I’m at least partly covered in the event the state’s interpretation of their ludicrous rules ends up being broad enough to cover people like me, because the prospect of being fined $2,500+ for even an accidental violation would be life-ending for me. So, the relatively likelihood has to be weighed against the potential severity. Worse, if the AG and some of the nuttier elements of the Legislature get their way, they’ll expand it so that individual people can sue you for not having the right language in your privacy policy or whatever, which is a MUCH broader problem than being individually targeted by the state.
Cookies, incidentally, are a fairly minor area of the law’s concern (although it seems like they treat the presence of any cookie as a type of personal information, a technically dubious proposition evidencing the lack of technical understanding on the part of legislators and regulators). The bigger issue is whether a business collects personal information about “consumers” or “households,” and “personal information” can include almost any piece of information that could be associated with a specific individual or household. It doesn’t apply to entities that are not businesses, so an Etsy retailer might be subject to it, but a personal Tumblr or Flickr account probably would not, and I don’t think nonprofit organizations are either (although I’m not sure about that).
I agree that it would be complete madness if the state mounted an all-out enforcement attack on small businesses. As evidenced by their current determination to outlaw freelance work, however, the California Legislature is clearly not thinking clearly about the possibilities of widespread collateral damage, so it’s entirely possible that they will be destructively zealous about the whole thing until public outcry, unfavorable court rulings, and/or preemptory federal legislation force them to back off. There’s a lot of precedent for that, sadly.
Aaron,
If you’re concerned about your exposure to potential liability under these various and sundry new laws, you could always form an LLC for this website, which would shield your personal assets in the event that there was a large fine levied. I notice your copyrights list you as a “dba” which doesn’t offer such protections. There are several jurisdictions like Montana where you can get an LLC set up without ever having set foot in their state, and there’s shady about it; it’s all above board. My understanding is that it is not terribly expensive to do this; there are people who register their RVs with Montana LLCs just to avoid registering their vehicles in high-tax jurisdictions.
Just a thought.
That is a possibility I’ve thought about, although the costs are not trivial for me (there are minimum corporate taxes that would increase my total annual tax burden by at least 40 percent), the copyright issues involved could be complex and messy, and there would be a substantial number of additional administrative and accounting burdens (like the distinct possibility of having to set up payroll just to pay myself). I’d have to sit down with a lawyer and a CPA to just determine how practical it would be for me, which would cost at least several hundred dollars in hourly time, and I would need to hire a CPA to deal with the tax issues (which for an out-of-state registered LLC would involve corporate tax filings in multiple states, allocation formulas, and other stuff I don’t claim to understand).
I’m certainly not ruling it out — there are clearly pros as well as cons — but it’s an intimidating prospect at a time when legal and administrative minutiae is already eating my brain.
Are you familiar with the Shorpy site? He sells merchandise, the site is huge and he’s been around for a long time. I would contact him and get his perspective.
I don’t think I’m familiar with that site.
PM me if you want to discuss mold, we just went through that.
I could email you directly, if that’s convenient for you. (The site doesn’t have a PM system as such, although since comments are moderated, I guess people can theoretically communicate with me by leaving a comment and asking for it not to be published.)
e-mail me but please do not publish my address, thanks
Will do, thanks!
What a crying shame. I’d suggest getting out of the hell-state known as California before it gets even worse. This is such a wonderful site to read, it would be a shame to see it go extinct.
Sadly, not being in California would not provide an out with regard to their badly conceived privacy laws!
I do appreciate the plethora of information that you have complied. Even if you never do another article, you have written enough for anyone to be proud of. Thanks for the time and effort you put into AUWM.