The key hallmark of the current transformation of the global economy is an increase in the velocity of change, and consequently a growing sense of “loss of control”, but the digital economy is global and so how one country or region resolves these issues “affects us all”, according to Terrell Mc Sweeny, Commissioner with the US Federal Trade Commission, (FTC).
Commissioner McSweeny, was speaking during a recent address she gave at the IIEA entitled ‘A U.S. Enforcer’s Perspective on Innovation and Technology Policy’.
Introducing the FTC
The FTC, which was founded in 1913 and, after the Federal Reserve, is the oldest independent regulator in the United States. Its primary role is to protect consumers from unfair competition and deceptive acts and practices. As consumers have increasingly conducted their activities online over the last two decades, the FTC has evolved and moved with them into the digital sphere. In the process, the scope of its activities has necessarily broadened to include areas like data privacy and data security, (the FTC is sometimes colloquially referred to as the ‘Federal Technology Commission’).
Commissioner McSweeny says that the FTC’s capacity to learn and adapt to technological change is part of the reason why it has outlived other federal agencies. Another factor has been the inclusion of computer scientists and technologists on the FTC staff, who are experts in the technology they are dealing with.
The FTC – An Enforcement Agency with Expert Regulators
According to Mc Sweeny, the FTC is known in the online world as a privacy enforcer and an agile data security enforcer due to its ability to conduct rapid analysis of trends and new technologies, including data brokers, building with security in mind, ransomware, drones, crowdfunding and Blockchain. It took its first internet privacy case against Geocities in 1998. In the intervening period, it has brought approximately 500 more data security and privacy cases, during which time the internet has changed almost beyond recognition. Through burgeoning trends like the internet of things and artificial intelligence, ubiquitous connectivity is constantly being amplified and extended.
Monetization of Personal Data
With the internet’s growth has come its monetisation, in large part through mass collection of personal data for the purposes of advertising. The collection of that data, combined with the ability of internet services to be scaled rapidly, has resulted in the substantial concentration of power in a small number of companies, raising a host of issues around privacy and competition. McSweeny sees parallels between the challenges of this ‘Fourth Industrial Revolution’ and those of the First Industrial Revolution.
“The FTC was founded at a time in our country when we were very worried about the economic power of these large, vertically integrated companies that were owned by a very small number of very powerful individuals, and controlled by them too. It’s a thing that sounds very familiar in 2017 as a set of concerns.”
Despite this, McSweeny feels that the FTC’s use of a “harm based but technologically neutral” approach, and support for the evolution of frameworks requiring opt-in consent, has worked well. Mc Sweeny describes this approach as “pro innovation, because it lowers the cost and burdens on new entrants and maximises the incentives to innovate”, yet strives to strike a balance between benefits to consumers from new technologies and identification of the harms and risks to avoid.
Net neutrality and Data Privacy
Some of those harms and risks have been a prominent part of public discourse in the United States recently, in debate around open internet access and the principle of net neutrality. In 2015 President Obama supported the legal enshrinement of net neutrality, by recommending that the Federal Communications (FCC) Commission implement an Open Internet Order to reclassify internet service providers as public utilities.
Those laws have since been rescinded under President Trump, a decision that Commissioner McSweeny has described as “inherently anti-consumer.”
The Trump administration has also moved quickly to dismantle data privacy regulations which obliged broadband providers to secure express consent before collecting information about user search histories, social media postings and more. Writing in the LA Times on the matter in March, Commissioner McSweeny warned of the dangers of such a move.
“As we connect more things in our homes, your broadband provider can infer a lot of things about you just by looking at the data traffic flowing from these devices – things like when you’re home, when you’re awake, when you’re cooking or whether you have children.”
In this context, during her address at the IIEA, Commissioner McSweeny made clear her view that there are “certainly” situations in which “clear ex ante rules are justified”, and in particular, “where you’re dealing with situations of market failure, [free] speech…and non-discrimination on the internet.”
Notice and Choice
Addressing the issue of privacy and consent more generally, Commissioner McSweeny went on to argue that protection of the notice and choice framework must be paramount as technology continues to evolve and get smarter.
The issue at hand, suggested McSweeny, is “how and when do we protect human agency and decision-making?”, and ensure that the technology is honouring that choice. She cited the FTC’s recent case involving InMobi, a company that provides advertisements in apps.
“We looked at the fact that, although you might have shut off the geo location tracking for the app, InMobi’s technology was still tracking your geo location…by triangulating off of your Wi-Fi connection. It was a clever technical workaround that allowed them to continue to serve ads, [but] we said if a consumer asserts a privacy choice that says ‘don’t track me’, you have to honour that choice.”
Privacy Threats from Device Tracking
Commissioner McSweeny also talked about the need for vigilance and, occasionally, for warnings to be given ahead of time.
In this regard she highlighted the recent case of SilverPush, a software company that writes code designed to gather data through the use of televisual ‘audio beacons’ which can be detected by the software but are inaudible to the human ear. The FTC issued a written warning to SilverPush in March 2016, advising it and app developers using its code, that they could be in violation of Section 5 of the FTC Act.
Public attention was recently drawn to the growing problem of ultrasonic ad beacons with the publication of a paper by researchers at the Technical University of Braunschweig, estimating that the technology is now in use in 234 Android apps, up from five in 2015.
Ethics by Design
Commissioner McSweeny closed her address at the IIEA by drawing attention to recent electoral events in the E.U. and the U.S., and warning against the broader set of dangers raised by technologies that go beyond issues of the economy or privacy. She suggested that solving this would require nothing less than an evolution in design thinking to include ethical concerns.
“I think if we can evolve [privacy by design] into governance by design, and ultimately ethics by design, we can create governance structures within organisations using this technology that are more responsive to some of the public interest values that we all care about.”
Autonomous Technology and AI
Looking ahead, Commissioner McSweeny said one of the biggest challenges facing regulators like the FTC is autonomous technology, and the need to find a way to explain the decision-making processes behind it.
“There’s a whole host of frontiers here around the level of intelligence of the technology that is running algorithms. Ultimately, as we get into autonomous technology, it’s going to require human minders who can explain what the technology is doing, because I can certainly imagine problems in the future where some regulator or enforcer like the FTC say ‘well why did it do that’, and the humans say ‘I don’t know’.
I don’t think that is going to be a satisfying answer for anybody.”