1997-07-18 - FTC privacy comments from CEI and National Consumer Coalition

Header Data

From: Declan McCullagh <declan@well.com>
To: cypherpunks@toad.com
Message Hash: 79e0544cc708c55019d90a9f8f79b030c75a825850ce525499022f36149273f4
Message ID: <Pine.GSO.3.95.970718103108.13136X-100000@well.com>
Reply To: N/A
UTC Datetime: 1997-07-18 17:47:10 UTC
Raw Date: Sat, 19 Jul 1997 01:47:10 +0800

Raw message

From: Declan McCullagh <declan@well.com>
Date: Sat, 19 Jul 1997 01:47:10 +0800
To: cypherpunks@toad.com
Subject: FTC privacy comments from CEI and National Consumer Coalition
Message-ID: <Pine.GSO.3.95.970718103108.13136X-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Fri, 18 Jul 1997 10:30:59 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship-announce@vorlon.mit.edu
Subject: FTC privacy comments from CEI and National Consumer Coalition

The Competitive Enterprise Institute and the National Consumer Coalition
filed these comments in response to the FTC's four-day privacy hearing
last month. Some excerpts:
	
	The fear over children seeing sexually explicit materials
	online led to hasty calls for Internet censorship in the
	Communications Decency Act. Yet the Supreme Court
	recently struck down the law, ruling that the Federal
	government should not be in the business of trying to
	protect children with such a blunt - and patently
	unconstitutional - instrument. Similarly, the  rhetoric
	surrounding the issue of children's privacy on the
	Internet has led to hasty calls for regulation.  Indeed,
	the Administration has taken a strong, even ominous
	position: "This problem warrants prompt attention. 
	Otherwise, government action may be required." [...]

	Sometimes information has been released to anybody and
	everybody, via chat rooms or other forums.  Since this
	information becomes part of the knowledge of others, our
	"property right" to control this information is actually
	a "right" to control the actions of other people who now
	have this information.  This is an infringement upon our
	basic freedoms of association, contract, and speech.
	There is nothing wrong with collecting information freely
	placed in public, as much of this information is. [...]

More info:

 http://pathfinder.com/netly/editorial/0,1012,1050,00.html
 http://pathfinder.com/netly/opinion/0,1042,1055,00.html

-Declan

---------- Forwarded message ----------

July 14, 1997

Secretary
Federal Trade Commission
Room H-159
Sixth St. and Pennsylvania Avenue, NW
Washington, D.C. 20580

Consumer Privacy 1997
Additional Comments P954807


To the Secretary:

The Competitive Enterprise Institute and the National
Consumer Coalition hereby file additional comments on
the Commission's June 10-13 hearings on "Consumer
Privacy Issues Posed by the Online Marketplace." CEI
is a non-profit, non-partisan free-market research and
advocacy group.   The NCC is a coalition of nine
organizations dedicated to the proposition that
consumers are best served by a free market in goods
and services.   We thank the Commission for including
us in the four Roundtable discussions during the
hearings, and appreciate the opportunity to elaborate
upon some of the issues raised during the course of
the hearings.

What is Privacy? - Part II

In our opening comments, we wrote that when it comes
to collection of consumer data, "privacy is not a
right, it is a preference."   The evidence presented
during the hearings regarding ways to "protect"
privacy, as well as the surveys showing consumer
views, have convinced us that this remains true.

The Harris/Westin survey was an interesting
contribution to the discussion of privacy on the
Internet. We are not convinced, however, that everyone
interviewed understood "privacy" in the same way.
Privacy is an abstraction, like "freedom" or
"justice," so it is likely that the people surveyed
imposed their own concerns upon the term "privacy."
One point on which the survey is clear is that people
who are concerned about their privacy have done
something about it.  In this case, it is more
illuminating to look at what people do than at what
they say.

Nevertheless, some have used this survey to support
their arguments for federal regulation and
congressional privacy legislation.  Neither of these
would be appropriate responses to consumers' hesitance
towards Internet commerce.  It is the job of companies
operating on the Internet to gain consumer confidence,
not the duty of the government. Indeed, the proper
role for the government is to guard against force,
theft, and fraud.

Property Rights on the Internet

Professor Alan Westin said that web users "are worried
that their e-mail communications may be intercepted,
their visits to web sites can be covertly tracked,
their participation in chat rooms and forums can be
monitored without their consent."   One possible
solution was to give individuals a "property right" in
the information they have released onto the Internet.
 From this follows a call for federal protection of
this "property right" via limits on the collection and
sale of personal data.

The argument that people have a "property right" in
their personal data is ironic, as it comes from those
who would have the government infringe upon the
property rights of both ISPs and companies on the Web.
 We believe that this upside-down conception of
"property" will work against consumers' interests in
freedom of contract and association.

Traditionally, private property rights have been
understood to be the means by which we secure our
privacy, as expressed in the old adage, "A man's home
is his castle." Our system of property rights enables
us to enjoy privacy (i.e. from government intrusion).
 In recent years, however, the basis for legal claims
has become the idea of an  inviolate personhood.  A
"legal right" to information about oneself on the
Internet, as some have advocated, is the next step.
>From this comes the "right" to control information
about oneself after one has already released it.  This
is a step in the wrong direction.

If an individual has released information about
himself in a contractual agreement with certain limits
on it, then he has a right to see that that
information is treated in a certain way.  For example,
if a company web page says that it will not collect
information, and it does, then that is a broken
contract.  On the other hand, if a company says it
will collect all kinds of information, then
privacy-sensitive individuals have been warned and
should avoid that site.  From the examples discussed
at the hearing, it seems that many companies are still
getting used to the way the Internet works, and they
are only beginning to understand the utility of
publishing privacy policies. For example, the New York
Times discovered during the course of the hearings
that it had no published privacy policies on its web
site, a situation it addressed immediately.
Time-Warner's Pathfinder site recently added prominent
links to its privacy policy as well.

Sometimes information has been released to anybody and
everybody, via chat rooms or other forums.  Since this
information becomes part of the knowledge of others,
our "property right" to control this information is
actually a "right" to control the actions of other
people who now have this information.  This is an
infringement upon our basic freedoms of association,
contract, and speech. There is nothing wrong with
collecting information freely placed in public, as
much of this information is.  Nor is there anything
wrong with one party selling information to another
party as long as it was not under fraudulent
circumstances.  If a person objects to this
information being sold, then it is up to the
individual to make alternative arrangements with which
he is more comfortable. .  In other words, protecting
your privacy is your responsibility. That is the value
inherent in the freedom to contract.

Bringing back the original conception of property
rights, as well as freedom of contract, is the best
way of protecting an individual's privacy preferences
on the Internet. Rather than implementing a system of
government regulation of data collection practices,
people should be able to choose whether or not to
contract with a company or otherwise.  Restricting the
downstream actions of others based upon a made-up
right will undercut our other valued freedoms.

On Self-Regulation

We laud the Federal Trade Commission for its cautious
response toward calls to regulate the Internet.  We
are also pleased with the Clinton Administration's
stated intention to refrain from regulating most parts
of the Internet.   We agree in principle that
data-gatherers ought to inform consumers what kinds of
data they are collecting and how that data will be
used.  If it really is true that consumers are highly
concerned about this, then companies scrambling to
sell goods and services over the Internet will
accommodate them. (We also note that there are already
strong incentives for information brokers to ensure
the accuracy of information they collect, since there
is no market for inaccurate information.)

What troubles us is the concept of "self-regulation."
Although the term implies a lack of government
regulation, many of these codes are being developed in
response to a threat of regulation. As the Clinton
Administration's recently released report on Internet
commerce stated, "We believe that private efforts of
industry working in cooperation with consumer groups
are preferable to government regulation, but if
effective privacy protection cannot be provided in
this way, we will reevaluate this policy."   We
believe that the Commission should not use
"self-regulation" as a way to steer the development of
policies on the Internet  without going through the
standard process for proposing regulations.  The
Commission must still defend whatever goals it
proposes.

One component of this "self-regulation" was the
Platform for Privacy Preferences.   This template
would allow consumers to fine-tune their preferences
and allow them to know what sort of policies a web
site has.  This may be a fine idea, and we hope that
if consumers find it acceptable, it will be adopted by
many organizations.

However, we do not believe that a single privacy
standard is necessarily desirable.  There are many
real-world examples of competing standards co-existing
peacefully.   There are different monetary systems,
there are different systems of measurement (English
and metric, Celsius and Fahrenheit), there are
different languages. The Commission should be wary of
backing a single standard for the Internet.

The threat of regulation is nearly as serious as
actual regulation.  It may well be that the solutions
supported by the Commission and the Administration are
the best ones.  It also may be that there is an
alternate solution around the corner, one which we
cannot predict now but one which might be stifled
because it does not match the goals supported by
current government officials.  This could have very
serious ramifications for the future development of
the Internet.  After all, companies already entrenched
in a particular market that ask for regulation often
do so in order to constrain the actions of future
competitors and to derive windfall benefits, a
practice known as "rent-seeking."  If regulation
stymies the growth of the Internet, we will have no
way of knowing what we have given up as a result.

The idea that federal regulation of the Internet is
somehow better than a market solution to privacy
questions is completely unfounded.  Indeed, the
evidence is that federal regulation in every other
sector of American life has had adverse and unforeseen
consequences which end up hurting consumers.   There
is no reason to believe that federal regulation of
privacy practices will be any better than the current
situation, and it may well be worse.

Children and The Internet

The fear over children seeing sexually explicit
materials online led to hasty calls for Internet
censorship in the Communications Decency Act. Yet the
Supreme Court recently struck down the law, ruling
that the Federal government should not be in the
business of trying to protect children with such a
blunt - and patently unconstitutional - instrument.
Similarly, the  rhetoric surrounding the issue of
children's privacy on the Internet has led to hasty
calls for regulation.  Indeed, the Administration has
taken a strong, even ominous position: "This problem
warrants prompt attention.  Otherwise, government
action may be required."

We believe that before the Commission begins to
regulate in the name of children, it should recognize
from the start that today's children are tomorrow's
adults, and that these regulations may restrict their
rights when they are grown up.  The Commission should
be wary of proposals which would effectively treat
adults like children.

The Center for Media Education's report on the privacy
practices of some web sites seemed to shock the
Commission.  Yet we are not sure why the fact that a
toothpaste company which sends a solicited e-mail to a
child in the name of the Tooth Fairy - an e-mail which
contains neither the name of the product being sold
nor the name of the company -is so disturbing,
especially since for many years people have been able
to have letters from Santa Claus sent to children. We
are in fact puzzled as to why similar "information
collection practices" which have gone on for decades
(e.g. children sending box tops away for magic decoder
rings) are suddenly sinister when performed over the
Internet.

We note that CME's primary objection is advertising
itself, and "privacy" is just a means to criticize it.
 For example, one target of CME's outrage is "animated
product spokescharacters," e.g. Tony the Tiger, which
"interact with your children...fostering intimate
relationships that compel your children to buy
specific products and services."   That these
"spokescharacters" also ask children for e-mail
addresses appears to be a slightly less urgent
concern. CME's recommendations to the Commission
include restrictions on the use of these cartoons:
"Product and other fictional figures should not be
used to solicit personally identifiable information
from children."   Indeed, elsewhere CME states
explicitly that "there should be no direct interaction
between children and product spokescharacters"  on web
pages.  This is tantamount to a ban on selected
content simply because of its advertising nature.

This is not the proper forum for a discussion of the
great value of advertising to consumers, and why
advertising is not, and never was, a sinister seducer
of consumers.   We will, however, say that children
are far more skeptical of advertising than CME gives
them credit for.  No matter how much advertising, or
how little, there is, children will still want things
and their parents can still tell them, "No."  In
short, it appears that this issue has very little to
do with privacy on the Internet, and far more to do
with CME's anti-advertising agenda.

Nonetheless, CME did introduce some interesting
issues.   CME looked at the existence and content of
privacy practices on children's web sites, and
publicized them. There is nothing wrong with this;
indeed, if children's privacy is such a high concern
for individuals, then companies will respond (many of
the web sites in question addressed the issue as soon
as it was brought to their attention).  As more and
more people become comfortable with the Internet, and
become aware of its capabilities, we expect to see all
kinds of practices - from content, to advertising, to
data collection - to become more refined in response
to consumer demand.

CME also raised the question of how and when to obtain
verifiable parental consent to collect information
from children. One suggestion was to have parents mail
in a signed form indicating that their child may use
the web page and may divulge certain information.  Not
only would this curtail what is an essentially benign
practice - not even CME can explain what actual harm
might result from this collection - but anyone who has
ever known a child to forge his parent's signature to
play hooky knows that this is not a good solution.

It is an irony of the Internet that the technology
which enables data-gatherers to collect information on
what people look at can easily be thwarted by
Anonymizers and other disguising technologies.  It
still holds true that sometimes on the Internet, as
the famous New Yorker animal cartoon showed, "nobody
knows you're a dog."  Nobody has to know that you are
or are not a child, either.  Obviously, forcing
children to identify themselves as minors, especially
in such a public area as the Internet, would be
unwise.

Consequently, regulations aimed at "protecting
children's privacy" are going to hit adults as well.
For this reason, we urge the Commission to refrain
from drawing up regulations specifically targeted
towards children. Nor should the role of parents be
underestimated or tossed aside in favor of federal
regulation.  Though the Harris/Westin survey showed a
nearly unanimous belief that children's privacy ought
to be protected on the Internet, the survey also said
that not even a plurality of parents have done much to
protect it.  There are a plethora of technologies
available to enable parents to monitor and adjust what
their children see, and more are on the way.  We urge
parents to keep in mind that just as they would think
twice before allowing a child wander around New York
City alone, they should supervise their children on
the Internet.

Conclusion

The Commission is under a great deal of pressure, from
within the government and without, to regulate at
least some parts of the Internet. As more and more
people become Internet users, it is even more
important for the government to refrain from
regulating.  The Commission should confine itself to
policing fraud and investigating any actual injury.


Julie DeFalco on behalf of the Competitive Enterprise
Institute and for the National Consumer Coalition
Endnotes



-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/











Thread