Companies like Facebook and Google are global brands for which data mining is at the core of present and future profits. How far should they go? Current laws provide few limits, mainly banning data collection from children under 13 and prohibiting the sale of personal medical data. Beyond that, it’s a digital mosh pit, and it’s likely to remain that way because more regulation tends to be regarded by politicians in both parties as meaning fewer jobs. Students will probably continue to beat the FTC to the punch: The agency just has one privacy technologist working in its Division of Privacy and Identity Protection and one in the Division of Financial Practices. “I don’t think it’s controversial to note that they seem to be understaffed,” Mayer said in a phone interview between classes. “I think that’s pretty clear.”
This isn’t the usual sort of story about regulation watered down by intimate ties between government officials and the industry they oversee. Unlike the U.S. Minerals Management Service, where not long ago a number of officials were found to have shared drugs and had sex with representatives of the oil and gas industry, key FTC officials hired by the Obama administration are privacy hawks who worked previously for consumer-rights groups like Public Citizen and the Electronic Frontier Foundation. Under Chairman Jon Leibowitz, a Democrat appointed to the FTC in 2004 and tapped as chairman by President Obama in 2009, the FTC has pushed boundaries; its first privacy technologist, hired shortly after Liebowitz became chairman, was a semifamous activist who made a name for himself by printing fake boarding passes to draw attention to airline security lapses (the FBI, which raided his house, was not pleased). The agency is working with the tech industry to create and voluntarily adopt a Do Not Track option, so that consumers can avoid some intrusive web tracking by advertising firms. And it issued a report this year that called for new legislation to define what data miners can and cannot do.
Yet the FTC is ill-equipped to find out, on its own, what companies like Google and Facebook are doing behind the scenes. For instance, ProPublica discovered that the FTC’s Privacy and Identity Protection technologist has a digital hand tied behind his back because the computer in his office has security filters that restrict access to key websites. While Mayer has an ultrafast Internet connection, top-of-the-line computer, an office chair he loves and tasty lunches for free (“Stanford students do not want in any way,” he notes), the FTC technologist uses his personal laptop and, because there is no Wi-Fi at the agency, connects to the internet by tethering it to his iPhone. He browses the web at cell phone speed. There are no free lunches.
The FTC is headquartered in a landmarked building on Pennsylvania Avenue flanked by two sculptures of a man trying to restrain a muscle-bound horse that is straining to gallop away. The sculptures, completed in 1942, are entitled “Man Controlling Trade,” and they explain a lot about the FTC’s current dilemma. The notion of controlling trade, popular when the sculptures were erected a half-century ago, is not a vote-winner today. The FTC was an early battleground of the movement that began in the Reagan era to reduce government regulation. The agency had more than 1,700 employees in the 1970s, but is down to 1,176 today, even though the economy has more than doubled in that span. The FTC’s responsibilities are vast: It must police everything from financial scams to antitrust activity, identity theft and misleading advertising.
Especially among Republicans, there is little interest in providing more resources. California Rep. Mary Bono-Mack, at a recent hearing on privacy legislation, warned that the government “has this really bad habit of overreaching whenever it comes to new regulations.” Although the American Civil Liberties Union may see an epidemic of privacy violations, Bono-Mack said, “I haven’t gotten a single letter from anyone back home urging me to pass a privacy bill.” The skepticism is not just an outside-the-building phenomenon; it comes from within the FTC, too. One of the agency’s five commissioners, Republican Thomas Rosch, dissented from its 2013 budget request, which asks for less money than the prior year budget of $312 million. Rosch said he believed the FTC still wanted too much. “In these austere times we should do more … with fewer resources,” his dissent said.
The cold shoulder is not entirely Republican. Earlier this year the Obama administration unveiled a “Privacy Bill of Rights” that sets a variety of enviable standards for consumer privacy. “American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online,” President Obama said. The document, which among other things would allow individuals to control the data collected on them, was welcomed by consumer groups. But it’s not legislation. It’s a wish-list. The administration hopes that some of its wishes, like a Do Not Track system, will be granted through voluntary industry standards. But many of the wishes require Congress to pass laws that it is unlikely to pass anytime soon. The FTC’s meager budget request would seem to be the best indication yet of the prospects for significantly greater federal privacy protection.
It’s an old story with a new twist. Few industries have as many admirers in Washington, D.C., as Silicon Valley, which unlike the oil industry has what appears to be an equally large number of friends on both sides of the aisle. The tech industry is generally regarded as liberal-leaning—for instance, Eric Schmidt, the Google chairman, was an Obama campaign adviser and serves on the president’s Council of Advisors on Science and Technology. But Sen. John McCain, R-Ariz., was counseled in his presidential bid by both Carly Fiorina, the former CEO of Hewlett-Packard, and by Meg Whitman, the former CEO of eBay who now heads HP. Silicon Valley is one of the country’s few global growth industries; politicians are reluctant to put restrictions on what it can and cannot do.
The FTC tries to do the best with what it has. In 2009, with new Obama-era appointees aboard, it hired Christopher Soghoian, a privacy technologist who could perform the sort of sophisticated forensics that Mayer conducted on Google. A year later, in 2010, the FTC hired its first chief technologist, Edward Felten, a Princeton computer scientist who is highly regarded in tech policy circles. But the three men who have filled the privacy technologist job that Soghoian filled first (each have served for about a year) faced an awkward problem: The desktop in their office is digitally shackled by security filters that make it impossible to freely browse the web. Crucial websites are off-limits, due to concerns of computer viruses infecting the FTC’s network, and there are severe restrictions on software downloads. When Soghoian tried to download a Wi-Fi sniffing app, his boss told him within a few minutes that he had tripped a security alarm; he could not use the app on his computer. It had to be deleted immediately.
- ‘Buyer’s remorse’ dogging Common Core rollout - October 30, 2014
- Calif. law targets social media monitoring of students - October 2, 2014
- Elementary world language instruction - September 25, 2014