Facebook chief executive Mark Zuckerberg at a hearing at the Capitol on Tuesday. (Matt McClain/The Washington Post)

Facebook chief executive Mark Zuckerberg testified before House and Senate committees this week after revelations that political research firm Cambridge Analytica gained access to 87 million Facebook users’ data during the 2016 election season. Zuckerberg survived a five-hour Senate grilling on Tuesday, returning to the House for four more hours the next day. Topics ranged widely, even as many pundits pilloried senators for their weak grasp of social media and technology.

But focusing on the theatrics risks losing sight of big picture. Here are three takeaways from the hearings.

1. For a change, Congress examines privacy concerns

Congress has rarely focused on privacy issues related to technology and cybersecurity. That’s true even though breaches of “cybersecurity” — a term that can include the protection of electronic information from outside intruders and the prevention of hacking into critical infrastructure and financial systems — have become an increasingly widespread public problem.

The Policy Agendas Project compiles every congressional hearing and codes them according to policy topic. The figure below shows Congress’s limited attention to privacy issues as a subset of all hearings on different cybersecurity-related topics since the 1960s.


Source: Policy Agendas Project congressional hearings data, compiled by the author.

Congress held its first hearing on what we consider “cybersecurity” in 1966, when it examined privacy concerns about newly created government databases of citizens’ IRS, Social Security and census information. The United States has the dubious distinction of leading the world in data breaches in sectors including entertainment and health care, education and manufacturing. Those include exposed corporate emails, government services captured by “ransomware” and, of course, stolen financial and personal identity data.

But congressional attention to privacy has not kept pace. Hearings focused on privacy make up roughly 10 percent of more than 1,000 hearings touching on cybersecurity since the mid-1960s. Rather, when Congress focuses on cybersecurity, lawmakers primarily examine potential national security threats like hackers aligned with other nation-states and terrorist groups.

That’s because congressional committees regularly interact with defense and intelligence agencies about their budgets and global threats — but rarely if ever with any agency or group concerned about such privacy issues as access to patient medical records, consumer financial information and online user data.

2. Many lawmakers are trying to get up to speed on online privacy

Congressional hearings often get a bad rap as mere platforms for grandstanding. And many observers this week portrayed senators as out of touch with today’s technology and social media platforms. But many legislators were genuinely trying to understand what happened and what to do about it.

Among others, Reps. Greg Walden (R-Ore.) and Fred Upton (R-Mich.) asked Zuckerberg whether Facebook should be considered a media or a financial company. Sens. Roy Blunt (R-Mo.) and Richard Blumenthal (D-Conn.) probed about the company’s policies for users who do not want their data collected for targeted advertising. And Sens. Orrin G. Hatch (R-Utah) and Lindsey O. Graham (R-S.C.) asked Zuckerberg about potential legislative and regulatory solutions for user privacy concerns.

Such questions — about what Facebook is and how it works — are fundamentally questions about what laws should apply to the company.

These sorts of exploratory hearings are common. As I show in research with colleagues in which we studied the content of more than 22,000 hearings since the 1970s, nearly 70 percent of hearings include multiple perspectives and analysis rather than one side’s point of view. Hearings are also increasingly used to understand implementation of existing government programs as well as new and emerging policy problems. About a third of hearings in the 1970s focused on policy problems and implementation. Today, that figure is closer to three-fourths.

3. Send help, now!

Congress has a hard time keeping up with technological developments — and understandably so. Science and technology do not develop in a linear way. Some technologies leap forward dramatically in a short period of time. And in just a few years, technologies can spread to vastly different industries, as with the spread of Internet-connected cars, household appliances and civic infrastructure in recent years.

Even experts, scholars and watchdogs have trouble keeping track of what’s happening — not to mention trying to envision how these exploding new technologies could be used to compromise individuals and society.

Moreover, although Congress established the Office of Technology Assessment in 1972 to help lawmakers prepare for new and emerging technology issues, Republicans abolished it in 1995 in a belt-tightening move. That left lawmakers without in-house expertise devoted to helping them understand the technological issues on which they’re expected to make policy.

As some on social media suggested, age might be limiting lawmakers’ fluency with technology: The average age of a senator is 63. But even younger legislators have trouble grasping complex cybersecurity, technology and privacy issues when they must spread their attention over so many policy areas. The Senate Commerce, Science and Transportation Committee, which “co-hosted” Tuesday’s hearing, also oversees aviation, oceans and fisheries and product safety. Cybersecurity and data privacy are not members’ only focus.

Given lawmakers’ competing priorities and limited incentives to specialize in technology and privacy matters, it’s hard to imagine that much will come of the Facebook hearings this year.

Jonathan Lewallen (@jonlewallen) is assistant professor of political science at the University of Tampa specializing in agenda setting, the U.S. Congress, and cybersecurity policy.