Mozelle Thompson Addresses Online Privacy and Internet Fraud

(April 7, 1999) FTC Commissioner Mozelle Thompson addressed online privacy and Internet fraud in a keynote address at the CFP 99 conference on Wednesday, April 7, in Washington DC.

Mozelle Thompson is one of four sitting Commissioners of the Federal Trade Commission. He spoke at the annual Association for Computer Manufacturing conference in Washington DC on Wednesday morning, April 7. The title of the conference this year is "Computers, Freedom & Privacy 1999." He gave a keynote address.

One of the functions of the FTC, said Thompson, is to protect consumers "across all media, print, radio, TV, telephone, and yes, the Internet." Thompson addressed two issues pertaining to consumer protection in electronic commerce: fraud and deception on the web, and online privacy.

He stated that "I think that our job is to create an environment, where through competition and consumer protection, markets will flourish with safe investments from consumers who will benefit from low prices and choice."

Thompson noted that there is a large gap between the number of people online, and the number whole make online purchases. "Privacy and the possibility of fraud are among the top reasons consumers give for their non-purchases."

Commissioner first covered fraud on the Internet. "The fraud artists are also online, hoping to take advantage of low startup costs, instant access to a global customer base, the possibility of real time immediate payment, and the nearly infinite number of places to hide from law enforcement, in an unparalleled ability to mimic legitimate businesses."

He outlined what the FTC is doing "to combat Internet fraud, generally, the FTC has embarked on a new strategy."

• The FTC is using the web to both search out fraud, and to educate consumers and businesses about fraud.
• The FTC is "partnering with technology firms to provide the FTC staff with the best information and resources available to combat these offenses."
• "The FTC has also significantly expanded its staff in this area within the past couple months in order to enhance our enforcement capabilities." (Thompson did not cite any numbers.)
• The FTC "developed partnerships with federal, state and local law enforcement agencies in order to broader our effectiveness, by coordinated cases, surf days, and to improve criminal case referral and conviction rates."
• The FTC is "working with our international colleagues to battle cross border fraud perpetrated by electronic means."

However, Thompson said that perhaps the most important FTC role is not in enforcement, but in "taking a lead policy making role before the OECD." The OECD's "international guidelines for consumer protection in electronic commerce," said Thompson, "should be completed by the end of 1999."

Thompson then turned to online privacy policy. "In my view, respecting consumer privacy online is no different than protecting the security of consumer credit card data, or making sure that consumers actually get the product they ordered. It is all about good business practices."

Thompson reiterated the FTC's support for a policy of industry self-regulation. "The Commission has consistently supported self-regulation to provide the best means for protecting consumer privacy on the grounds that it provides the biggest opportunity for clear and effective policy development ..."

He also added a few of his own thoughts. "I have also been clear in stating that self-regulation must be real, and effective. Now, I might also add, that it has to be timely."

Thompson said that self-regulation is not yet fully operational. "This presents serious concerns on three fronts. First, is coverage, because consumers need to be confident about more than the top 100 biggest web sites. The second is enforcement, because remedies of consumers have to be effective. And finally, there has not been a consensus reached here in the United States of how to deal with public records which there is a public interest in having, but at the same time, they take on a different character when appear ... on the web."

Thompson added, however, that "the FTC is not waiting for legislators, or the self-regulatory movement, to take other action to protect online privacy." He cited the FTC action against GeoCities for violating its own privacy policy. "That action sent a clear message to the world that the FTC is looking carefully at web site information practices and the obligations of online companies to their consumers."

During the question and answer session following Commissioner Mozelle's keynote address, as well as those following other addresses, many of the comments and questions argued for greater governmental protection of privacy. In contrast, Drew Clark, a senior writer for the National Journal's Technology Daily, asked whether self-regulation "is just another nicer way of saying regulation: and unless you guys get in line, ... behind our priorities, ... doing it the way we want to, we are going to step in and regulate you. Can you explain to me why it is not tenable for consumers not to choose whether they want to do business with a web site that posts a privacy policy, or refuses to post a privacy policy, and letting the market shake out what succeeds and what doesn't?"

Thompson replied that "self-regulation is not no regulation. What it means though is that industry has some say, some control, some major role in determining how it polices itself. Our goal, from the government's perspective, is to look at how the public is protected."

"What it requires is that they have adequate information to make that choice. That means it is up to web sites to provide that. One of the things about privacy that is a little different from a lot of other issues, is that you may not know that it has been violated, and you may not know who is violating it, until it is far too late."

Courtney Macavinta, of CNET's news.com, asked if consumers should have access to their records. "What about the issue of access? Should consumers have a baseline legal right to access their personal records, or any records containing personal information about them ... ?" Thompson did not offer a definitive answer.

Commissioner Thompson did not address the FTC's proceeding involving Intel, other than to say that the FTC is "ensuring that there is a full and fair opportunity for market competition and innovation, as evidenced in our recent settlement of the Intel matter."