FTC Wants More Power to Regulate Internet

(June 5, 1998)  The Federal Trade Commission held a press conference in Washington Thursday to denounce websites that collect information from individuals and then sell or abuse that information without notice or consent.   Congressional committees, advocacy groups, and government agencies have been investigating and reporting on this problem for years.  However, the FTC is also seeking to parlay its condemnation of privacy violations into increased FTC authority to regulate the Internet.  Moreover, its action marks a break with the Clinton administration's policy of encouraging and relying on industry self-regulation.

The FTC already has authority to prosecute fraudulent or deceptive trade practices on the Internet.  It has been exercising that power.  Now, FTC Chairman Robert Pitofsky wants more power.  He wants Congress to pass legislation to ban certain data gathering practices by web sites targeted at children.  Moreover, he stated that the FTC would make recommendations for further legislation later this summer.

"The enactment of legislation embodying these principles will go a long way toward protecting children's online privacy," Pitofsky said. "Protecting the privacy of all online consumers continues to be a high priority for the Commission. To date we are not satisfied with the implementation of fair information practices by the online industry. Recommendations for further protections will be forthcoming."

The FTC just surveyed over 1,400 web sites, including 212 sites directed to children, and found that about  85% collect personal information from consumers.   Moreover, it found that a majority of these do not post privacy policies.

Rep. Billy Tauzin (R-LA) addressed the FTC's action later in the day at a Commerce Committee hearing.  "The message today, I hope, from the Pitofsky report would be that the industry has a lot to do in self-regulation if they would wish to avoid the heavy hand of government regulation at this and other levels of our society.  And I would encourage the industry to pay very close attention to the ripples and waves that I think will be caused when that report is in fact fully discussed today in the media."  (See, full text of Tauzin's remarks, below.)

The Internet industry favors self-regulation of Internet privacy practices.  The Clinton administration also favors this approach.  Ira Magaziner, Clinton's top Internet policy adviser, addressed this issue at the Policy 98 Conference in Washington last month.  Magaziner advocated a minimal government role in protecting privacy on the Internet.   "We believe very strongly that people should be able to control their own privacy on the Internet."  He stated that the problem with government regulation is that with so many websites, and many of them located offshore, monitoring and enforcement would be difficult.

"Instead, what we think works better ... is that there are codes of conduct set up by industry groups, and consumer groups together."  Magaziner suggested that the basic principles to be adopted would be that "A seller or website owner should notify a buyer or a visitor of what is going to be done with information that is collected.   The buyer or visitor should have the ability to say no. ... The seller is bound to accept that. ... And then websites that conform to that conduct can display a seal."

According to Magaziner, this "leaves the choice with the individual about the protection of their own data."  The only role of government, in this case the FTC or Department of Justice, would be to monitor complaints about the use of the seal, and prosecute violators.

In contrast, for some groups, such at the Center for Democracy and Technology, the FTC is not going far enough.  It should proceed to promulgate and enforce new rules, without getting statutory authority to do so.   (See, text of CDT press release, below.)

The FTC is not the only federal bureaucracy eying the Internet.  The Commerce Department announced Thursday that it will convene a two day summit to explore issues surrounding electronic commerce privacy on June 23-24 at the Commerce Department in Washington DC.

The Commerce Department is requesting public comment on various aspects of Internet privacy, including the effectiveness of self regulation.   Comments are due July 5, 1998.  The request specifically asks for public comment on a draft staff discussion paper, "Elements of Effective Self Regulation for Protection of Privacy," which was informally released in January 1998.

Internet privacy is not the only area where the FTC is expanding its regulatory activity.  The FTC is also about to embark on a sweeping and unprecedented prosecution of the large and successful chip maker Intel.  The FTC has already leaked information about the matter.  It is likely to formally announce its action next week.

Copies of both the FTC's press release and report on Internet privacy are available in both HTML and PDF in the FTC website.


Rep. Billy Tauzin's Response to the Pitofsky Report

Rep Billy Tauzin (R-LA) addressed the FTC's report and press conference at a hearing of the House Commerce Committee's Subcommittee on Finance later on Thursday.  He stated:

"... This morning at 10 o'clock Chairman Pitofsky of the FTC released a report, finding, on Internet privacy, and what he has found is alarming.  What he found is that 85% of the OSPs, the online service providers do in fact gather information from their customers and use it for different purposes.  Some in fact sell it to other individuals.  Most do it without the acknowledgement or consent of those from whom they are gathering the information.  In fact only 14% as of March had established procedures to advise their customers and to seek their consent to the collection of such data."

"Obviously, here at the Finance Subcommittee the questions of privacy and security are foremost as we begin to explore the implications of financial transactions conducted over the Internet.  And as the Internet is a global institution now, those questions are even much larger than those that are normally posed in the national review, of a national issue.  In short, we are learning that multijurisdiction questions of taxation, multijurisdiction questions of regulation, questions of privacy, and the right of individuals to know when information is being gathered and consent to its use, questions of encryption and security in the transactions, are all posed as we examine here today another aspect of the increasing use of Internet services as a means for electronic commerce in our society."

"It is important to note that the House is beginning to act in some of these areas.  We have privacy bills filed.  The Chairman of this Committee has filed a children's privacy bill himself.  I believe that Mr. Pitofsky pointed out today in his report that over 89% of the service providers that deal with children gather information from those children, again a large number of them.doing so without the advice or consent of the parents. Those issues of deep concern."

"The message today, I hope, from the Pitofsky report would be that the industry has a lot to do in self-regulation if they would wish to avoid the heavy hand of government regulation at this and other levels of our society.  And I would encourage the industry to pay very close attention to the ripples and waves that I think will be caused when that report is in fact fully discussed today in the media."

"And finally, I want to point out that the Chairman is correct.  We are now entering a world where Internet currency is as real as the dollar bill, and where financial transactions, both here in America, and globally now, where banks are bypassed, and new forms of payments for services and goods are being devised, pose for us enormous and difficult questions of making sure that consumers and online service providers working in a world where there is some confidence and security and protection for privacy rights.   Those are all issues I know this Subcommittee and the other Subcommittees of our Commerce Committee are sincerely interested in."

"In short we will be watching for the response of the industry to the Pitofsky report.  And we would again encourage our colleagues in the House to pay close attention to our encryption bill, and our privacy bills, which are moving forward in this session of Congress. ..."


Center for Democracy and Technology Press Release

CDT CALLS GOVERNMENT RESPONSE TO INDUSTRY INACTION INADEQUATE

CALLS ON FEDERAL TRADE COMMISSION TO SET ENFORCEABLE STANDARDS TO PROTECT PRIVACY FOR ADULTS AND CHILDREN ON THE INTERNET

WASHINGTON, June 4, 1998 -- The response of the Federal Trade Commission (FTC) to documented inaction to protect privacy online is inadequate, the Center for Democracy and Technology (CDT) said today. In the wake of overwhelming industry inaction, revealed by the FTC's survey of Web sites and review of trade associations policies, CDT called upon the FTC to immediately commence regulatory proceedings to establish enforceable rules of the road to protect the privacy of all American's online.

The FTC report can be found at: http://www.ftc.gov/reports/privacy3/index.html

"The FTC has administered the test and found few companies with passing grades, based on the performance its time for remedial measures," said Deirdre Mulligan, CDT Staff Counsel. "Over the past three years the FTC has gathered the knowledge and expertise necessary to set comprehensive guidelines for privacy online. CDT believes that the FTC should immediately take steps to ensure that internationally accepted principles for protecting personal information become the baseline for privacy protection during online activities."

CDT believes the FTC should take the lead in establishing privacy protections because it can move quickly, has developed expertise, and is more likely to result in comprehensive rules. "Punting this issue to Congress without taking this first step may result in a political nightmare for the Internet community, with controls on content and moves to a national identification scheme for the Ônet rearing their head," Jerry Berman, CDT's Executive Director, emphasized.

"These numbers should also serve as a wake up call for White House officials. Unless FTC action and industry efforts can bring about radical change before the next Congress, the Administration should put pen to paper and begin drafting enforceable rights to protect American's privacy," Berman said.

"The good actors in industry are working in a vacuum. With so few companies even taking the basic step of posting their privacy polices on the Web, steps need to be taken to create a playing field where self-regulation and government action can create effective safeguards," Mulligan added.

CDT will have a full analysis of the report posted to the CDT Web site soon.

The Center for Democracy and Technology, a non-profit organization, is dedicated to developing public policy solutions that advance civil liberties and democratic values in the new computer and communications media.