Transcripts For CSPAN The Communicators 20150919

Card image cap



com. mcsweeney: the ftc is the primary consumer protection authority in the federal government so we have a very broad jurisdiction but we work closely with the fcc when it telecommunications issues. for a number of years, we shared some areas of consumer protection jurisdiction primarily. the ftc prevents us from having too much jurisdiction in this space and i'm sure we will get to that in our conversation because it exempts common carriers. peter: commissioner ohlhausen, one of the issues semi-settled is the net neutrality issue, something the ftc had been involved in. how has your work changed, how has your role changed since the fcc decided on net neutrality? com. ohlhausen: you are a true optimist if you think it is semi-settled. i think there's still more to go in that story. the issue isn't the common carrier exemption. now that the fcc has reclassified broadband internet service as title ii service, it is common carrier service. it creates a hurdle for the ftc to bring some of our traditional consumer protection enforcement into this space. it is a hurdle to our antitrust authority and you have the antitrust division that does not run into the problem. i am very concerned that we may not be able to continue to protect consumers as well online because of the reclassification. peter: commissioner mcsweeney, do share that concern? com. mcsweeney: i do. we really do view the common carriers as an -- when it was past, the idea was to protect common carriers who are regulated by the icc from dual government authorities or conflicting government authorities. the icc no longer exists. we are not talking about locally regulated monopolies. i think it is an inaccurate. ronism.h peter: joining our conversation this week is brent kendall from "wall street journal." brent kendall: while we are on net neutrality in the world we are now can you talk briefly , about what this, carrier exemption and where the ftc's authority has been displaced? are there gray areas where it is not entirely clear if ftc has a role or mostly fcc? com. ohlhausen: we have litigation ongoing right now against at&t, alleging it made misrepresentations and engaged in unfair practices involving unlimited wireless broadband service. we are able to continue our litigation because that activity took place before the fcc was -- reclassified. down the road should we have problems like this again with another provider, there would be a serious question that provider the defense would be we are a common carrier and your authority is closed. com. mcsweeney: i think if you are engaged in the activity of providing a broadband or telecommunications service, that's very likely outside of where our jurisdiction lies. if it is a different activity by you are classified as a common carrier, we may still have jurisdiction. for example, we brought cases and worked closely with the fcc to combat cramming which is a practice of putting unauthorized charges on mobile phone bills. my view is we would continue to have jurisdiction with that kind of area. brent kendall: when you are engaged in activity not related to common carrier, the ftc in theory would still have a role to play? com. mcsweeney: i would argue that, yes. the fcc also uses the status of versus activity-based classification when it is making decisions about its own act. i think we would do the same way. com. ohlhausen: i would have a concern the fcc in the order reclassified left open the possibility it could reach out to edge providers who have traditionally not been considered common carrier. so if the fcc ins of interpreting -- ends up interpreting its authority even more broadly, it could impinge more on the ftc's authority. peter: how does all of this affect the consumer? behind the scenes turf war or does it have real impact? com. ohlhausen: i think it has real impact in two ways. the ftc is primarily law enforcement agency and not a regulator. we have brought more than 100 data security and privacy cases. of cramming, billing issues, the ftc has been active in trying to protect consumers in the internet space. i would be concerned they may lose some of the protections because of the fcc has not traditionally played the type of consumer protection enforcement role that the ftc has. the concern is consumers may not really understand that there are two different regulatory schemes and they may think their activities are protected in the same way when they are dealing with an isp or dealing with an edge provider. ultimately, they may not be protected in the same way and i am not sure they will be able to understand that. com. mcsweeney: there are some differences between the ftc's authority and fcc's authority. as maureen pointed out, we are primarily in consumer protection enforcement agency. we protect consumers from deceptive acts and practices. and we can get redress if they are harmed. and that is a very important way we protect consumers. we have a long history of working closely with the fcc and working well with the fcc. i do not view this in a situation in which there is a turf war on one agency or the other ought to have authority. i think consumers are best all do you when we can our jobs. brent kendall: you mentioned data security and the ftc won an important test case in philadelphia involving windham. the commission's brought several dozen cases against companies involved in data breaches on the theory they did not do basic things they should do to protect consumer data. windham the hotel chain challenged the ftc's authority and said the commission is going after victims of hacking instead of the hackers themselves. the appeals court rejected the argument and said you had clear authority in this area. just ask more generally given , that data breaches occur in corporations every week it seems like these days how does the , commission begin to decide where it gets involved? where do you look, where the staff look? the kind of breach where a victim through no fault of his -- its own or you say the company should have done more? com. ohlhausen: in the wyndham case which has not been decided on the merit, using our data security by the ftc act to require reasonable data security requirements was upheld by the third circuit. and i think our requirements have been companies undertake reasonable precaution. if they have sensitive data, important consumer data, data who was released could harm through medical information, things like that, companies have an obligation to safeguarding that. the third circuit itself mentioned the idea as a provider, as a business, if you leave a lot of risks around that could harm consumers you might , be liable. that is what we are requiring. a company needs to take reasonable precaution. but i think people do not necessarily understand when there is a data breach, is not necessarily the fact that the ftc said there will be a violation. we look at many, many data breaches. we close about 1/2 to 2/3 of our investigations without taking any action against the company. brent kendall: when it is a major corporation, is it an automatic thing? when i read about a big one, is the commission at that point looking to see if the company have done the basic steps you would expect companies to take in protecting consumer data? com. mcsweeney: there are gaps in our jurisdiction. we have talked about common carriers and nonprofit are a gap. yes, do we take very seriously large-scale breaches that affect millions of consumers? i think we do. as maureen pointed out, our standard is the company practicing security by design and the best practices in this area and security guidance in all of our 50 cases. we rely on technical security experts to evaluate the security and procedures in place and making law enforcement decisions. brent kendall: are these internal people who work for the commission? com. mcsweeney: they are both. we have taken steps to expand our technical resources. we are expanding to understand highly technical issues. we use outside experts. brent kendall: before we move on, one interesting fact of the wyndham case was that they had been hacked multiple times and the court said surely by the time they were hacked multiple times, they should have realize there was a problem. which left open the question if you have been hacked just one time, conceivably could you get in hot water with the commission for having some security not up to snuff? com. ohlhausen: yes, if you do not take reasonable precaution and led to a hack and even a single hack sometimes being quite extensive then you might be liable. for example, some of the things the ftc has brought actions against companies that failed to have a firewall and the password was "password." these are very basic things. they have not trained their staff. com. mcsweeney: if you're storing your passwords in a folder marked "password." and not undertaking basic security hygiene. brent kendall: have you found it has happened in sizable u.s. companies? com. mcsweeney: yes, it has. peter: is the ftc the leading federal agency when there's hacking? com. mcsweeney: we're in a very important consumer agency and a number of places you might touch the federal government if you are dealing with a hack. you might have a dhs doj, might , be criminal components to it. we are the consumer protection enforcement certainly that you would encounter at the federal level. com. ohlhausen: i think that is right. terrell mentioned some of the carveouts we have from our authority. insurance is another one. some of the biggest hacks have been against insurance companies. the ftc would not been to investigate. peter: why? com. ohlhausen: congress said we do not have authority over insurance. peter: why is there only one republican commissioner and three democrats? com. ohlhausen: well, the commission is a bipartisan agency, no more than three can be from the same political party and the current administration or the administration chooses the commissioners. you are always always going to have more of the sitting party's commissioners than the other. but my fellow ftc commissioner joshua wright, my fellow republican recently resigned , from the commission to return to academia. peter: do you perceive getting another republican on the commission soon? com. ohlhausen: well, eventually, congress has a lot on its plate as we're all over -- all aware. i would hope they would bring somebody on board soon. i understand they have a lot of priorities. brent kendall: we have talked about data security and the commission's privacy agenda and a close cousin of that. a chairwoman in introductory remarks she gave at a security conference described the ftc as the nation's key privacy agency. i wanted to ask you how we got to this point. i know the ftc has authority over unfair practices. is it entirely where the authority is derived from? we are in a world where the ftc is preparing to hold major privacy conferences. you go out and meet with computer programmers and hackers as you advise businesses on building security into their applications and products. how did we get to where we are? com. ohlhausen: the first privacy cases came out of deception authority in the late 1990's when the internet first became a consumer experience. the first case was in 1999. i happened to work at the ftc at the time. i think it is a great example of the bipartisan continuity we have at the ftc that this focus on privacy, consumer privacy on the internet started back then. and each chair of the committee -- commission has continued to make it the focus of his or her enforcement. and our consumer education and business education so that we have established a greater baseline of information of knowledge, of expertise in this area that both republicans and democrats have continued to build on. brent kendall: would you have conceived of the commission evolving in this way where you are the de facto government agency liaison with the tech community? com. ohlhausen: well, it's always hard to foresee but i understand that the current, the leadership of the agency at the time really saw the potential here and were very wise and invested a lot of resources to get out in front of that and continues to pay dividends. com. mcsweeney: just to backup, the security plays an incredible valuable role and even more valuable one as we are increasingly digitizing our lives and connecting more and more things to the internet and each other and carry vast amounts of information on our smartphones and connecting appliances and things like that. it is important to remember that a the u.s. we have sector-based approach to privacy. we have laws that protect children's information if they are under 13. laws that protect financial information, health information. we have laws that protect educational records, administered by the department of education. we have had a sector-based approach where the ftc steps in and all of this unregulated space that is evolving very rapidly, where huge innovation is occurring that impacts directly consumers, their privacy and information. that is where we use our deceptive authority to make sure consumers are getting accurate information about how their data is handled and how it is secured. peter: is the unfairness issue, is it clearly defined? com. mcsweeney: i think it is clearly defined by the ftc cases. peter: what would you like to see congress do when it comes to privacy? com. mcsweeney: a great question. i would say a few things. i would like to see congress really clarify data breach in -- and data security legislation. i think comprehensive security legislation would be very, very helpful. i will not speak for my colleague and i would love to hear what is on her list as well. there have been really interesting debates specifically in the privacy space around student data and if it should be one federal approach to that as well. right now, there are 21 different state laws. we've had in the background this discussion about a privacy bill of rights ongoing for a number of years. there it is a policy that is meant to really codify what rights consumers have in their information is being collected. peter: one of the issues that europe is currently dealing with and some of the american companies that deal with europe as well do not remember on the , internet. do you agree with that? com. mcsweeney: i think it presents a really interesting challenges in the u.s. because we have a very vibrant history around the first amendment and this is an issue of what kind of, primarily what kind of search results should be presented to people? and what your rights ought to be if you want to take down certain information. i like to think about how we would approach of this if something was reported in a newspaper. would we then allow that to be erased from the public record? and i think we have a very different set of values in the u.s. around the question. peter: maureen ohlhausen, the same general questions about privacy, etc. com. ohlhausen: taking your first question about congressional action, i agree the ftc has had a unanimous, bipartisan recommendation that congress adopt legislation. i continue to support that. i think there's a patchwork of state obligations that are problematic for consumers and businesses and i would like to see a uniform standard applied because i think it would have wide ranging benefits. i would like to see a clarification of our authority one of the things of the bills , considered earlier by congress and clarified the ftc would continue to have authority and -- in some of these areas and now put into question by the ftc's classification. regarding the right to be forgotten, i have grave concerns about that. we have freedom of the press in the u.s. i would be more interested in seeing what uses information can be put to that might be harmful to consumers. rather than try to restrict people's ability to know things or no information -- know information that has been out in the public record such as it would come up in a search area i would be more interested in saying, how can companies or other entities use that to harm consumers? we have the fair credit reporting act and that has been in a place for a long time and has worked rather well. it covers not collection of information but use of information to deny consumers or give consumers credit or housing or employment, either deny or give it to them unless favorable terms. that is an area we should be thinking more about. how do we look at harms to consumers and try to address those more directly than trying to foreclose the ability for members of the democratic society where we have the first amendment to foreclose their ability to get information. brent kendall: in the privacy space, there are main principles you two fully agree on and areas where you do not. i want to explore one of those about an enforcement case against the company, company that helps retailers track customers as they come into their stores by using the wi-fi signals from their cell phones. commissioner mcsweeney, you were in the majority that brought a case against this company. basically, they offer consumers or promised consumers two ways to opt out and they were actually offering one of them is how i understand the allegations. for the majority, the view was, they offered something and did not actually follow through on the offer and that is a problem. commissioner ohlhausen, i understand from your side it is a case of the ftc should not have brought and it is a company doing more in terms of giving consumers room to opt out and publicize what they are doing and what their policies were. at least left open the argument a company that tries to do less is actually more protected from an ftc enforcement action. just see if you can both flesh out where you're coming from. com. ohlhausen: i am happy to go first. i teed up my dissent, my objection based on prosecutorial objection. it was a company not required to give consumers any notice because it was a third-party collector of nonsensitive consumer information. but it went a step beyond and it did try to give consumers notice and it didn't accurately -- did accurately give them notice and the ability to opt out through its website of data collection if consumers do not wish to have it occur. it also said that could opt out through the retailers and it turned out the retailers did not offer that. what we did see is the consumers opted out at a fairly high rate in terms -- compared to other opt outs through the website of nomi. we were seeing consumers were able to exercise of that choice. by imposing a kind of strict liability approach where there was no indication that nomi made this representation to benefit itself and going on above what it should, ultimately it would discourage companies from giving consumers additional information and additional choices because it would only be a downside for them. and as the comments came in on our proposed consent, we heard that from a lot of different that the knowledge, the learning from the nomi case for industry is say as little as possible and do only the bare minimum for consumers. com. mcsweeney: i think it is a fascinating case. i would point out the vast majority of the cases we bring in technology and privacy data security, we have bipartisan consensus on and that is an important feature of how the commission does it work. this one, we did disagree on it. i think what is interesting is it tees up some of the gaps in our laws and policy that many people are not really aware exists. this is a technology, other companies use it as well that passively gathers your location information off of your mobile phone and can petition the off potentially gather it off of your wearable devices. and they are under no legal obligation to provide you with any notice it is occurring. i think that people do not really fully understand that in this country and sort of surprised know that is the case. in this situation i do not view it as restricted liability. i viewed as a continuation of the ftc using its authority to protect consumers from deceptive representations. here the company said that the retailers would provide notice of the technology being used and opt out in the retail location. for us, the question is that material to a consumer acting reasonably under the circumstances? i believed it would be a meaningful choice for someone who is privacy sensitive and not offered or presented a false choice to consumers. i think as we have more and more of this technology in our homes and kitchens and bedrooms, surrounded us in our daily lives, we really do need those promises that are being made to consumers about what is happening to their information to be true promises. i thought it was important we bring a case. brent kendall: companies in this space do not have to give you any notice at all. you would say if they do what they take have to be accurate? com. mcsweeney: nomi continues total opt out on its website. we have not chilled it. it is a privacy sensitive company that some people would be sensitive about this information being gathered. we have not chilled that approach. we have required them to make promises that are truthful. peter: we have one minute left so final issue. brent kendall: commissioner mcsweeney, i wanted to ask you, you focus some on encryption and the importance of consumers having their data protected and you wrote a piece in "huffington post" recently and mentioned among other things the latest versions of smart device in which companies like apple have taken extra steps. the owner of a device has access to their data. you were very careful about it raised the debate about whether there should be backdoors for enforcement to get into a phone's content when they are investigated somebody. you seem to to suggest if you leave the back door open for enforcers, you're leaving it open for potential hackers. i know it is a big issue for the fbi director who has criticized apple and other companies for making the devices hard to get into and if you can speak to this. com. mcsweeney: we are on the cusp of this information age revolution with the internet of things. we're connecting ourselves and devices more rapidly than ever before whether appliances in our home, wearables that are tracking our health and fitness or our smartphones. on our smartphones, warehousing all of that personal information, fitness, health, doctor, financial, access to accounts, access to homes all right there. and so it is a very important moment to think about what we can do to make sure consumers can trust all of that connectivity in their lives. but that is why i think data security is absolutely vital in this space. technologists have raised real concerns about the ability to protect information if backdoors create vulnerabilities. my point is to say this ought to be very important piece of information in weighing the calculation of between what access law enforcement needs to carry out its vital mission and what protections we need as consumers to have trust in this fantastic new technology. peter: maureen ohlhausen, any thoughts? com. ohlhausen: i agree. the internet of things holds great promise and we need to strike a balance correctly. consumers are demanding these services and demanding these conveniences and i think that a lot of the information that will be provided by the devices can be very useful for society in general and the improvement of services to consumers. we need to make sure consumers know about sensitive information and things like real-time location, health information that terrell mentioned and they know how this information is collected and how it is being safeguarded. and how it is being kept. peter: maureen ohlhausen has been on the commission since 2012, graduate of the university of virginia law school. of virginia law school. 11 years on the ftc staff. terrell mcsweeney spent several years with senator and vice president joe biden, prior to becoming a commissioner in 2014, a graduate of georgetown law. brent kendall is with "the wall street journal." >> c-span, created by america's cable companies 30 years ago and brought as a public service buyer local cable or satellite provider. >> on newsmakers, our guest is representative ben ray lujan. he talks about the 2016 election

Related Keywords

United States , Virginia , New Hampshire , Philadelphia , Pennsylvania , America , American , Brent Kendall , Terrell Mcsweeney , Joshua Wright , Ben Ray Lujan , Joe Biden ,

© 2024 Vimarsana

comparemela.com © 2020. All Rights Reserved.