Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  December 18, 2013 11:00pm-1:01am EST

11:00 pm
to allow consumers to ,pt out, totally or selectively from any cookies used to track their browsing activity across unaffiliated websites. that icon is a little triangle with an eye. >> usa the industry is trying to and find a way because you recognize this is a problem. >> i am a tech savvy guy and i never heard of this peer that is problematic to me. i am in fair -- i am very engaged in tech. so the industry is trying to correct what they know is a problem. >> you give consumers a choice,
11:01 pm
absolutely. >> ok. i am curious. there is so much positive year. the opportunity for big data to enrich our lives gets me excited about the future. these businesses have a wonderful public purpose but i worry about the darker side in the way my chairman is discussing. as sayingas simple chance heresy. this is -- transparency. how were you planning on using act tothority under ftc study and stay abreast of the industry and see if there are needs and opportunities like in this one where the industry is or selfecting regulating where we can get them to the point where we are balancing all of these
11:02 pm
incredible positives of big data with obvious downsides? >> we think about this every positives but the also protecting consumers. in this case, i think the first step is pretty simple. there is very little transparency about data brokers. transparency, it is pretty basic. it is not a technological issue. circumstances, the way we balance is we engage in a constant learning process and we do workshops and are always learning about industry and we meet with consumer groups and business groups. we areything we do, always trying to develop flexible standards. we are thinking about, what about 20 years from now,
11:03 pm
especially with the orders we get, will this last and will this be able to grow with innovation? we make a lot of effort in that regard. i want to bring it back. we have got basic steps to bring about some transparency that should not undermine the data- driven economy and, there is nothing in that study, that how privacy would undermine the data-driven economy. >> so much of what i am doing for free on the internet is made free. you are saying there is a chairman this and larger degree of transparency that needs to be given to the public. >> and we think, transparency, and we were talking about this a few minutes ago, is completely consistent with the growing economy. consumers are increasingly
11:04 pm
demanding more information about how their data is being used. when you give them information, they often develop more trust. we think it is in both consumer and business interest to provide more information. >> i would love to see -- to hear if they have any resistance to the increased transparency. i am the new kid on the block. i will yield. >> you are always on the good side of the chairman. you can charge right ahead. you would love that opportunity. we will go to senator johnson, >> thank you, mr. chairman. an excellent discussion. a very good hearing. i appreciate senator booker's good questioning. up ont -- i want to pick transparency. i want to know exactly what the ftc wants to do in terms of, what is your fix and what is
11:05 pm
transparency to you? context, we recommended the data brokers allow consumers to access to the kind of information they maintained. >> how? >> we recommended in a privacy report last year, possibly through some centralized website, where consumers can go. dma has something like that. daa has developed a centralized website for online tracking and we have recommended that. >> will be on the information plaything? what would be on their? >> the names of data brokers. and then he would be able to find out what kinds of information they collect and would be able to potentially opt out of the use of their data. >> can you tell me what that sounds like to you and what
11:06 pm
problems you have with that and how restrictive that would be e >> first, we want to be responsive and be more transparent. we are trying to figure out more of what that means in a meaningful way to consumers. regarding an opt out website, here is the problem as i see it. datanot know how to define broker. i have never seen a definition of data broker that would not sweep in tens of thousands of companies. everyone exchanges data and shares data and sells data with in the echo system. that is how the business model of the echo system is. would we have a website with an entire industry on it? be would that really meaningful to a consumer? if you throw the those companies up? of course it would be on that but so would 10,000 other companies. it is not a meaningful way of
11:07 pm
providing transparency. what we are trying to ask for is, how can we make the exchange and sharing of information responsibly, more meaningful to consumers. we think one of those steps .ould be working with the users >> let me stop because i have limited time. get aailing lists, you one-time use. i was following what you are talking about. it sounds like you have a system where you are making sure this material is not misused because that is the real problem. of misuse and improper use that information. for every time you sell data, is that restricted to a one-time use that you have already determined is not a misuse? or do you sell the data and they can use it for years? a it is sold pursuant to contract in some cases one time and in some cases as a license
11:08 pm
over numerous times, but we always have procedures in those situations so we know how they're using the data and what they are it for. it is strictly limited to marketing purposes. >> information, you were saying it is from public records, sometimes, surveys. is it also from cookies and are you also getting it from the other internet applications and you have agreements with different people who gather all of these cookies? much larger data gathering than what we were talking about earlier? >> we collect information online in that realm. aggregated and anonymous data. there is no personally identifiable information attached. where might -- we might be able to know what type of consumer is visiting x website versus another website, so we can share that for the industry. macy's might want to know what
11:09 pm
nordstrom's shoppers look like. so that they can compete against one another and vice versa. >> there are incredible benefits by people using the internet. we take a look at, do you agree to look at the website? most people agree and they do not really read 300 pages of all of the information saying, hey, we will share this information. if you want to use this phenomenal free application, you subject yourself to a certain lack of privacy. is there anyway to get around it? >> there is. i think the icon i was says to add choices and click on and it tells you what is happening following red there is ad then
11:10 pm
link about ads and info. a website where you can opt out. is how we are looking at mobile apps and small screen and how do you let people know what type of information you're collecting. list, one not call time, and you are covered? or is this application after application. >> it is one time and you are covered and it 96% ofy affects about targeted ads. we have that many people who have signed up for it. >> the icon is located where? >> usually right around the ad targeted. we have contracts with canada and eu. australia,ing on starting with latin america, to try to make that worldwide.
11:11 pm
>> thank you. good questioning. senator blumenthal? >> thank you, mr. chairman. thank you for having this meeting. thank you for pursuing this issue withimportant such a far ranging consequences for both good and ill in our society. staff for thise truly remarkable study for to define doubts how a data broker. i recommend the report. a review of the data broker industry, collection use, and sale of consumer data for marketing purposes. there is now an industry in this very far- reaching and far ranging collection use and marketing of data. one is almost every day, in the news, we, and in the
11:12 pm
read about what the nsa is doing in the collection and use of data about citizens in this country protected by the fourth amendment. one of our justices once defined the right of imc as the right to be let alone. that samedo not have right against this industry because it is not the government. privacy interests may be just as as theyrisk and abused are by the government and that is what brings us here today. not only the vast potential for good, but also the downside and the dark side and the danger of collection and use. i did not expect anybody to come here today and say, we are using this data to exploit people. i am not that naïve. but i think you need to recognize that others could use it for that purpose. all you need to do is turn to page 24 of this report and see
11:13 pm
the categories sometimes used for marketing purposes. let me give you two very concrete examples of why i think people ought not to be compelled to surrender privacy as the price of admission for the use of the internet. that is what we are talking about. as therifice of privacy price of admission to the internet. in december 2012, the wall street journal ran a story entitled, "websites, very prices and deals taste on the users information." it stated in part, "websites art adopting techniques to glean information about visitors to their sites in real time and then deliver different versions of the web to different people. prices change. products get swapped. wording gets modified and there is little way for the typical
11:14 pm
website user to spot it when it happens. ,o, if you prefer hilton hotels and the wrong company gets its hands on the information, you could be charged more for staying at one hotel then another then a person walking in off the street. i assume, mr. hadley, that you such join me in feeling marketing practices and pricing practices would be offensive and should be made illegal, perhaps? >> i would agree that should not be happening. >> i am not asking about experience and i'm not expecting you to tell us that is involved in these kinds. >> dynamic pricing does exist. you have to look at the hotel and airline industry. they have variable pricing. we do not provide products and services to allow them to undertake dynamic pricing. it is their choice because they are marketing their product or service. >> do you think it is fair to
11:15 pm
the consumer? wouldi would not it -- i not want it to happen to me but i know it does. >> the fact it does is why we are here today. >> i am not sure it is illegal. >> i'm not asking for -- i am not asking for your legal opinion. what do you think about the practice? >> dynamic pricing, changes in price all the time. frequent flyers get different prices. grocery stores. people have different prices. part of where we are today, i think if it is his crematory and so forth, it goes back to what i said. you want to look at use and not the data itself or the collection of it, but use. if there is improper use. >> you would agree with me discriminatory pricing that charges people more because they are regarded as more vulnerable, and without their knowing it, would be, at best, unethical.
11:16 pm
>> yes. i believe there are laws on that. >> i am rushed for time and i will use my last four seconds to about aa question second area where i think discrimination, the prospect of discrimination, and exploitation, is raised. postingsn terms of job and screening of job applicants. i do not mean to tell anybody in about theing devastating impact of long-term unemployment in this country. i have joined senator warren in a bill that would prohibit the use of credit scores of job seekers in a discriminatory way during the hiring process. let me ask you whether an employer could buy information from your company, for example,
11:17 pm
postingit to target job in a way that discriminates against certain job applicants, using the information that might be attainable from your company. >> marketing data cannot be used for employment screening and job eligibility. under the fair credit reporting act. they would have to obtain a credit report and all of the consumer rights would accrue to that marketing. >> what would prevent an from asking for information from your company, and then, on its own, using it in a discriminatory way. ? leslie would know who they are and why they were asking and we would know what they are going to use it for and we would forbid them in our contract with
11:18 pm
them for using it for any purpose under the fair credit reporting act, including employment purposes. what if is a violation, they said to you, it is not a violation? class we would disagree with them. -- >> we would disagree with them. it is a standard practice among those who practice good standards. i cannot vouch for all of them. we know the bright line between those. >> what your company does, but from the information provided to my office, not all companies do. class than it is a violation of law and the ftc should take action. our guidelines. >> it is unethical, but maybe the law would be clarified so everybody understands it is illegal. i apologize for exceeding my time. i tried to move quickly.
11:19 pm
i want to apologize the witnesses for perhaps interrupting you, mike senator booker. i am still a new guy on the block. i did not say at the outset i would show -- stop when i should've. i know i am on your bad side now. >> you are clearly just sort of settling into this role of being a licensed lawyer. [laughter] from --ttorney general attorney general. lawyer.a recovering i apologize. thank you. >> senator booker can learn from you. >> thank you. bottom line is digital dossier or is being collected on every american right now. companies represented at the table, and, there is a lot of promise on that.
11:20 pm
compromise, families can go on sale across the country and across the world. companiese is no should be allowed to do that if the individual does not want the compromise. they should have a right to control the data. no company should be allowed to cap -- play fast and loose with the information they have gathered. i had a caucus meeting in congress on the house side this year and we had some of the gentlemen here today over there for that. we began to talk about propensity scores. oft is the practice attaching a propensity score to individuals, hundreds of thousands and millions of americans. the scores are created without the consumer's knowledge and without the consumers consent. for then become the basis
11:21 pm
targeting offers, benefits, products to certain consumers. high prep -- high- value products may receive discounts,etails and while others may not. they may be dismissed as low value. dangers attached to? millionst upon tens of of americans. >> the real problem with propensity scores is that, unlike a credit score told. these scores are not covered under the act. if they are healthy scores, they are not covered under it the and not being held under the
11:22 pm
provider. you can be tagged with these characteristics in these characteristics are not under any regulation. there is no law that says there is an employer to determine jobs eligibility. orlaw that says an employer an insurer cannot use these scores to determine rates. these are not regulated scores. the propensity scores are of great concern. do not have the opportunity to learn about these scores. they are secret scores. the consumers do not have the opportunity to opt out, as they would if the scores were recovered under the act. >> we have got to do something about that. we are entering language about, that might not be illegal. we can actually pass a law and make it illegal. that is what this committee is all about. now, let me go back to you again. thank you for that.
11:23 pm
we know data brokers categorize people into market segments. seniors, suffering burdened by debt singles, credit crunch city families, and these are the real labels that actual data brokers used to describe who they will be talking to. that categorization can cause harm, including racial discrimination. the fact is, actually a term not just redlining, but web lining. we use the web for the wrong income and racial group and , whatever. -- sex there are enough laws on the books to protect people. can you talk about that and what the need is to fill in that document as well? >> there is an interesting situation going on. the dma report came to the
11:24 pm
conclusion off-line information and online information are now thoroughly merged. as a result, web lining is real life lining as well. what happens on the web now happens in real life. if there is a discriminatory problem, we will experience it elsewhere. it is a circular process. we cannot just go online and block our cookies. any reasonable consumer shredding social security number and blocking cookies and surfing the web responsibly, they can aill not evade being put on list of data brokers according to their health condition. >> let's go to the blurry line that has been allowed to create -- be created and what is responsible for consumers. let's go to a line between credit reporting agencies and data brokers that market financial products. an atmosphere of ambiguity and what some fraudsters could do real harm to
11:25 pm
people. alk about that a little bit. >> the pseudo-score, they are made up of about 1500 factors. -- noncredit file factors. they do not fall under the act. they could include factors that could be prohibited under the equal credit opportunity act. this is deeply troubling. we do not know everything that goes into these scores. we need to. we need to know how the scores are being used and we do not want them being used to target underserved americans with predatory offers. >> let's just move on to the next category. sale of talk about the people with particular diseases. listsst circulate those so market its -- marketers know who not to get anywhere near. we will get all the different people with these different diseases we were able to compile and just make a list of it and
11:26 pm
make sure they are over here. talk a little bit about that and what it means for our country. >> i was stunned when i found lists of people who were rape sufferers, people who were people aziz sufferers, who were victims of domestic violence. it was deeply troubling to me and i was shocked. happening is through survey instruments operated online and other methods typically consumer generated, people will volunteer this information to websites, thinking they are getting help from a website. they will volunteer and they have no idea this information is going to be attached to not just a cookie, but their name, their home addressed, and the phone number. lawyer, but i never had any clients. i will be careful on how i rule here. it seems to me it is kind of on
11:27 pm
its face a violation of the federal trade commission act. over there at the federal trade commission, what can you do about it? i think, for all of these scenarios you describe, especially the particular disturbing ones involving discrimination, we would obviously, if we had specific targets, we were looking at taking a close look to see if it violated the credit reporting act, we would not give up on that. , ourhing i want to say laws are limited, as i mentioned in my opening statement. for the reporting act, the data has to be collected and used and the ftc act has to allow us to go after deceptive practices.
11:28 pm
there is nothing in our laws that would require the entities .massing that is the limitations of our laws. >> thank you. nothing like a little section five action. , weare saying beyond that have got a real issue here. a real invitation for us to act. we have put on the books the language. >> i have stretched it to a point where we are very unhappy but she will be more unhappy , -- i call on the senator >> it is terrific to have the senator on this committee. he has obviously worked on this issue in the house.
11:29 pm
we will benefit from the amount of time and effort. i want to hone in on a couple of things. , you purchased the company, court ventures. in the spring of 2012. for more than a year after the time you purchased the company that had all this data, you are wire transfers from singapore. your company did nothing. transfersut the wired were coming from a man in vietnam specialized in identity theft and was marketing the toormation you owned criminals, to ruining people's lives. so my first question to you is
11:30 pm
you recorded it saying we would know who was buying this. you were getting wire transfers from sing of war on a monthly basis and no one bothered to check to see that was? >> now our, i want to be clear that this was not extreme marketing data. this was experion identification data so it's under it different use. i wanted to know that. >> i don't understand that's ancient. it's a distinction without a difference. i believe it was dated that experion on. you purchase this data and they had in fact sold it to someone else. >> let me clarify that for you because we provided a full response to that question to the committee and it's part of the eight submissions we have given. i do have to say that it's an unfortunate situation and the incident is still under investigation by law enforcement agencies. i am extremely limited in what i
11:31 pm
can say publicly about it but i do want to say this. the suspect in this case obtained data controlled by a third party. that was u.s. info search. that was not an experion company through a company we bought court ventures. prior to the time that we acquired that company and to be clear no experion data was ever accessed. >> i understand what you are saying. here's what happened. you had the u.s. info search. u.s. info search existed and court ventures existed. they decided for commercial reasons to make our money to combine their information. so they had a sharing agreement those two companies, correct? so these two companies had a sharing agreement. then you watch one of those companies. >> court ventures. >> correct so now you stood it and you ought --
11:32 pm
owned it and stood in their place. are you a lawyer? are there any lawyers on the panel? that mia. now you are there. you stand in your earlier testimony we would know who was buying this to you now are part of their transactions. and you are receiving the benefit of these monthly wires. >> during the due diligence process we didn't have to allow access to all the information we needed in order to completely adapt bad that and by the time we learned about the malfeasance i think nine months had expired. the secret service came to us and told us of the incident -- incident and we immediately began cooperating to bring this person to justice and we are continuing to cooperate with law enforcement in that round. we were a victim and scammed by this person. >> i would say the person you had their identity. >> we know who they aren't we will make sure they are they are
11:33 pm
protected. there has been no allegation that any harm has come thankfully in this scam and we have closed that down and we have modified our process. >> lets talk about that process. this person got this man who they lured to arrest and is now facing criminal charges in new hampshire. they were -- they posed as an american based private investigator. what is your vetting process? >> court ventures would have fêted that. >> i'm talking about you. what is your vetting process? >> right now before -- first let me say that person would not have and ask us to experion had they gone to her vetting process prior to the acquisition. >> what would have stopped them? >> we would have known to the company is and we would have a physical on-site inspection of the company. we would have known who the is this isn't what the this is his
11:34 pm
record isn't exactly why they wanted that data and for what purposes and that would have been enshrined in our contract. we would have known the kinds of systems they have in place to protect the data that they gain. those are all incumbent upon us under the gramm-leach-bliley act and the scr eight. >> listen, i understand that this was not a crime that began under your watch but you did buy the company and you did keep the wire transfers from singapore and the only reason you question them was because the secret service knocked on your door. i don't know how long those wire transfers from singapore what it gone on until you caught them. i don't have confidence it would have stopped at all so i guess what my point is here i do not feel as strongly as others on the panel that hager marketing is evil. i believe he hager marketing is a reality and the only reason we have everything we have on the internet for free is because the hager marketing. i don't see behavioral marketing
11:35 pm
as evil into itself. what i do see is in desperate need for congress to look at how consumers can get this information. what kind of transparency is there and whether or not companies that allow monthly wire transfers into their coffers from singapore from a criminal trying to ripoff identity out whether or not they should be held liable for no due diligence in checking those wire transfers from singapore. that is what we need to be looking at. i know some of my friends on the other side of the aisle say try lawyers and they break out in a sweat but the truth is that there is was a liability in this area it would be amazing how fast people could clean up their act. unfortunately in too many instances there is not clear liability because we have not set the rules of the road. i didn't mean to pick on you mr. hadley but this is a great example. you are not a fly by night company.
11:36 pm
if this is happening under your watch, you imagine what's going on with companies that are not as established as yours? >> security is a huge problem. >> it's serious and significant and we need to look at it. thank you very much. >> thank you senator mccaskill. center thune to be followed by senator fisher. >> mr. hadley one of the big users of your service is the federal government. can you give us scenarios in which you can identify how the federal government uses your service is? >> certainly. the biggest users of experion data in government are the department of health and human services. right now we operate on health care.to two authenticate the identities of individuals signing up for health care to make sure that fraud is eliminated, to make sure that tony is getting an account and establishing an account and not an imposter with his name. we also have a contract with the
11:37 pm
social security administration and as they move persons on line for on line accounts from paper-based accounts -- we all get her social security statement in the mail. we authenticate individuals to have on line accounts with the social security administration. we too elite hhs could be a user of our marketing data particularly in the lower economic echelons to reach out to people to see if they are eligible for health care and try to determine how to market that process to them. they haven't done that yet but the state agencies are far ahead of them in that way. in using these economic segments to reach out and inform consumers of benefits that are available to them. >> so for the purposes of obamacare is mentation using to authenticate people who are applying but not at this moment to market. >> that is in fact state to
11:38 pm
state exchanges are. >> some have concerns about the profiles that data brokers compile on consumers that they will have a long-lasting impact and put these consumers at a disadvantage especially if the information is correct and i would like to have you respond to that incorrect information issue or concern. >> our data is highly accurate. it comes from very reputable sources. we know what sources they are and we check those sources to make sure of the integrity of that data. marketing profiles are not static. this is very important. they change. when i was a young man with young children i used to get a lot of ads for diapers. then my sons grew up and i got solicitations and they got solicitations for college. soon, i got solicitations for home-equity loans because they knew i might want to finance my
11:39 pm
son's college education. now i am getting solicitations for retirement planning and for vacations. so my marketing profile has changed with my age and my family status and my interests that i have expressed to data brokers. i want to make one point that is very clear with health information. experion has health information from consumers but only, only on an opt in basis. if they have said and clearly opted into telling us what their ill meds are insane, i am an arthritis sufferer. i want to know about new products and services coming into the market to help me or i suffer from migraines. these are not used so, never use for health care eligibility. they are used so consumer
11:40 pm
product companies can offer her solicitations and coupons for over-the-counter drugs for the most part. so it's always opt-in withheld for experion, clear and conspicuous opt in. >> mr. cerasale their big concerns marketers have the ability to correct it i'm wondering what your thoughts are on that? >> on the first look that sounds like a great idea however as you delve deeper into it, as you look at access and then correction for marketing data, this is data that tony has said and mr. hadley has said is not used for eligibility purposes but as you look into access to marketing data it requires you to authenticate who is coming in in other words is it brill or is
11:41 pm
it an imposter and in order to have that data, in order to be able to authenticate you need more data, so when the essence of access and the correction is going to require more data, more accurate data because you can have a knack or sees in marketing data. tony says it's great that it's not as precise as fair credit reporting data because it's not for eligibility. it determines what ads i will receive, what type of offer i will receive and if a marketer is soft it's 95% correct that's okay because it's not worth the expense to go to 100% whereas if you are a credit report you need it. so having access in correction requires more data and of course it's therefore more expensive as well. i think it goes against the idea
11:42 pm
you are worried about the data because you are going to create more data on the marketing side and requiring it to be more precise and therefore that's an issue. you need to have one bit of information more than the imposter in order to prevent the kind of fraud in that area. so it raises that problem. >> ms. rich the report on consumer privacy in 2012 recommended in a quote company should divide reasonable access to consumer data they maintain to the extent of access proportionate to the sensitivity of the data in the nature of its use end quote. for marketing data the commission believes the cost provided an individual access to consumers would likely outweigh the benefits. can you comment on that statement and expand on what the costs and benefits would need to have individualized access to marketing data? >> what we say in the port is that and obviously the report was a prelude to further
11:43 pm
discussion and potentially congress acting because at the time we were recommending legislation but we said a number of port that we saw difference between marketing data and for example fraud mitigation and identity verification products and for marketing data it might be appropriate to not only give consumers access to the categories of data that is collected to allow them to sub press use of the data but not necessarily to give them individualized access. we did say there -- did not say there shouldn't be access at all. we did say access to categories of data and abilities to sub press use of data and it may be appropriate to give individualized information about the data. >> that the calculation you made is that the individualized access to consumers would likely outweigh the benefits. >> yes, but for further
11:44 pm
consideration also by congress but yes we did see a difference. we did see a distinction between marketing uses and other uses. >> mr. chairman, thank you. >> thank you. senator fisher. >> thank you mr. chairman and ranking member. ms. rich in your testimony reference the commission's activities with regard to enforcement. can you describe to me what you think the focus of the enforcement activity should be? >> well, we always in our enforcement focus on uses of data that have potential to harm consumers and most of our enforcement actions have been in the area of the fair credit reporting act because that is where we have our strongest tools. when data is used for purposes covered by the fcra it can be used to deny consumers important benefits like employment or credit. >> do you think that the ftc has
11:45 pm
done a good job with its existing authority to address what has been the number one consumer complaint? for the past 13 years running and that is fighting identity theft? >> we are trying our hardest. we don't have the authority to go after the perpetrators of identity that's but one of the main reasons we are so strong in our data security enforcement is we do believe it's the responsibility of companies to protect sensitive information and maintain and protect it i'm getting into the hands of identity thieves. >> are you to identify the fees themselves and what have them send how does that work? >> many of the thieves are overseas. we do work with criminal authorities and sometimes they are investigating the fees while we are investigating the company to protect the data. often the thieves are never caught because they are in russia or china, but if a
11:46 pm
company does not maintain reasonable procedures to protect data we have some good tools to hold them liable although we continue to recommend passage of a strong data security law that we give civil authority and strengthen those tools to. >> have you brought those forward to the committee. i'm a new member of the committee. >> senator rockefeller would read -- chairmen rockefeller would be very familiar with their advocacy for david breach legislation. >> thank you very much. mr. turow when we talk about the data broker and you had a definition of the data broker as somebody who connects the dots for marketers. is that correct? >> they can do that created one
11:47 pm
thing i would like to point out it's not just discrete bits of information that is going on more and more. it's not just the everyday. really what's happening is the industry and so much of our world is turning into an actuarial activity. it really is predictive analytics that are changing the ballgame. a person can be giving out the most benign sounding piece of data and that could turn against him or her in an instant if he gets put into an algorithm that comes up with an accurate or inaccurate sense of whom the person is. we have no way to deal with this at this point. i've been told in the industry that the word soccer mom and i have told pete will -- had people to me they don't know necessarily how a person is
11:48 pm
tagged a soccer mom. a number of data points that are involved in designating a soccer mom the person said to me was such that they couldn't tell me where they got that designation. if it's true that is very complicated and if it's not chew that is the robber myself. i was always trying to figure out why it is companies can't tell people where particular labels come from. now i'm being told more and more they algorithm. it's the predictability. >> with your definition or an expanded definition how many private companies do you think can be classified just in the united states? >> i haven't seen a definition that i would agree that more and more we are dealing with companies of all sorts. >> it could be like any small business? >> i wouldn't worry about a
11:49 pm
small business but i'd worry about big supermarkets. i would worry about that box stores. i would worry about a whole lot of companies. we haven't talked about retail outlets in the fact that the internet inside a store and the connecting of on line is taking place increasingly as people walk through looking at products. the so-called moment of truth and how that relates to the algorithms i've been discussing. what does it mean to predictive analytics staring you in the face while you are designing diapers. the notion notion that maybe experion doesn't deal with over-the-counter drugs but there are companies that in one way or another tape with people purchased over-the-counter and solicit opinions about their health activities amp purchases and sell them. >> what i hear you saying is what i believe that really almost any retailer could be
11:50 pm
classified. >> if they share data. >> how then do you believe the government should become involved in private business in this country? >> it's much more complicated and that is why i have a gun to believe that at least as a start there may be some useful public discussion in asking how many data points firms are allowed to buy and sell about us at a time and how it merges two of the data path point so we won't have continual flows of data being appended appended to her lies. it's an interesting difficulty that you bring up. aside from the fact for example if you go to kroger's web site and look at their privacy policy i couldn't figure out head nor tail how they sell that stuff because they use words like affiliates and subsidiaries and it's done in such a way that it's extremely difficult to tell.
11:51 pm
i know of one company that sells bracelets for health. i looked at their web site and a secret one point after they say what data they can get out of the race live they say some of these data might indicate poor health on your part. another issue is what did they do with it and we don't know. you can't tell. >> thank you. mr. chairman could i ask ms. rich if she wanted to say something? i was trying to stay within my time limit, seriously. thank you mr. chairman. >> i just wanted to add something to the point you are making about the number of date of brokers. one of the things, the way we think about it at the ftc to make it more manageable is to focus on the nonconsumer facing data brokers because after all it issue is really about transparency at least that is where the concerns are the greatest. the consumers don't even know
11:52 pm
who those those invisible behind-the-scenes companies are. although i think there has been a lot of discussion about how the definition is so broad, you know we can work on that. and i think it's proof of the album not that there isn't a solution because the fact that pam says there are thousands of data roker's and the committee rep ports has hundreds and industry says hundreds i think that's part of the problem. you don't know who those entities are and that's part of the group that there really is in transparency in this industry. >> would you say that just about any web site that a person goes to ,-com,-com ma they are in danger of having information gathered that they may not want to have either private companies or the government know about? >> as i was saying for talking about the data broker issue we would prefer to focus on the nonconsumer sites where they are truly not transparent. we have other recommendations
11:53 pm
for consumer racing web sites. we think there should the choices and pop doubts they are so consumers have ability to prevent a sales to third parties if they so choose. but for this data broker problem we have the ftc would really like to focus on the nonconsumer facing sites. >> thank you very much. thank you mr. cherry. >> thank you senator fisher. we have a boat at 4:30. i would like to ask another question and this is coming right at you.or turow. you have been taking all kinds of notes. i would like to further load the notion that data brokers are selling to target a specific interests and of consumers. let's take a product called relying on aid. this is a grouping of consumers at the reduced --
11:54 pm
defined as follows. the single retirees are limited means and meager retirement savings are just barely able to make ends meet. the description goes on to say with only a high school education at best it's been hard to get ahead. poorly insured and medicare medicaid dependent they are generally pessimistic about the economic situation and incidentally about themselves. my question to you professor turow in your testimony you highlight of the ways companies may be using such consumer list that don't necessarily involve product pitches such as deciding who should have to wait longer for customer service and who should he rejected as a valued customer for what should be offered -- who should be offered coupons for nonnutritious food. what thoughts come to your mind when you heard data roker's and marketing descriptions like relying on aid to potential
11:55 pm
consumers? speak it is not unpredictable. it's been going on for years. it isn't problem i agree that it's going to get worse as the baby boomers get older. i think we are beginning to see the tip of the iceberg here that i think one of the issues is also that as we get more individual. >> what do you mean tip of the iceberg? >> we are going to have this huge generation of altered landscape teen years that are going to be divebombed with these kinds of offers and as i'm beginning to say it's going to be more to take your. the thing about that category chairmen rockefelrockefel ler is that it's a category. more and more that's going to become anachronistic and what it's going to be as a particular person who can't be maybe even more persuaded because of other characteristics that predict that. that category --.
11:56 pm
>> you low self-esteem. >> yes, and what kind of car they drive the need for them to be this, that in the other thing. he won't be able to point to a category anymore. it will be something you won't be able to easily track down and yet they will be targeted easily because of the situations. >> the same category only divided up into millions of people in personalized. >> so what would you do about it? >> as i said, these are social questions and i believe we have to worry about the kinds and the amount of data they get combined. i don't have an answer for that. i think is a very important social discussion. at this point in time we have and have that social discussion. don't even know this stuff is going on. our studies have shown that the know they are being tracks but when you ask people basic questions of how this stuff works and how they think it
11:57 pm
works we did a it 2005 study in which the clear majority of americans said that they think price discrimination is illegal. we continually find that people see the word privacy policy on a web site. they think it means and we have done this lifetimes type times in national surveys they think the word privacy policy means the site can't share information about you without your permission. the ad add icon is a great idea but it does not work. the studies have shown including one that we did a couple of years ago that americans like senator booker have no clue that it exists most of the time. i suggested that is how i got into the algorithm thing, the idea for the icon that i had originally before this came out when you clicked on an ad tailored to you you could find out who gave you the ad, what were the elements of the ad, a
11:58 pm
idea to get that particular ad just at that moment? those data are too proprietary and people tell me the algorithm does not help. at this point in time there is nobody who wants to volunteer to give that information. >> keep will use our coding, don't they? i have gotten names and addresses and other stuff. >> even if you are anonymous. a short example that happened to me. is it quite a data company but it shows the direction. i was at o'hare and i had to switch planes planes in what of my planes was canceled so i went to the customer service place of the affiliated airline. they asked me to put my bar code in and they gave me a number. .. tunately, had a lot of points. i was served pretty quickly. some people were just sitting there. that meant they did not get the flight that they could have gotten.
11:59 pm
that is why take american. they preferred it to what will happen to them by virtue of the circumstances. although research has been done to put them in that situation so they can control how they maximize their product. >> i have something i want to say. >> go ahead. to --ant to come back before 9/11, i was on the intelligence committee. i would wake up to seven newspapers with nothing but nsa headlines. i'm here to tell you, as one of the offers of fisa, the patriot act, and all the rest of it, the nsa is so secure in its protection of privacy that he has been compared to this group
12:00 am
that we are talking to, these data brokers. it is not even close. anybody, everybody. the nsa knows. they are only likely to interact .000001% for at a people to conclude need further observation. this is everybody, anybody. it is divided into race, economic activities, education. there is something i cannot prove this wrong, but there's something illegal about it. it is unfair -- illegal --
12:01 am
lethal about it. it is unfair. if somebody is poor or uneducated -- i come from west virginia and a lot of people face these problems. stigmatized and they have to live with it. the system is stacked against them. a lot of people are making a lot of money. .'m not asking for an argument the belgians went off. i'm here to say that this is a very serious situation. everyone here agrees that it has not been talked about. we have looked at it. you all have looked at it. we have to continue on this thing. the slogan of one of the companies that we reviewed in this investigation, they live by the following words. just because you can, doesn't mean you should. unfortunately, i have been
12:02 am
thinking about this because today's testimony and the inquiries show that the industry as a whole is falling short of that and are. it appears to be following fall short of that standard. brokers saydata .hat we can and we will they are full of optimism. we heard about the lists generated by data brokers about disease sufferers, products that seem tailored to businesses seeking to take advantage, i hate that. i personally am are bolted by that. i have seen it in the treatment of coal miners. i have seen it in every aspect of life in the state i come from and elsewhere. i do not like it. i think it is our job as government to minimize that possibility and to bring out
12:03 am
into sunlight what is going on. senator booker does not know this is happening to him. he does now. and he doesn't like it. senator mccaskill really nailed something that could not be responded to. we are going to continue on to that track. it is serious and it is a dark underside of american life which people make a lot of money and causing a lot of people to suffer even more. and then they have even lower self-esteem. that is not the america we want. this hearing is adjourned.
12:04 am
[inaudible conversations] a white house task force
12:05 am
recommended changes to the national security agency surveillance program. white house spokesman, jay carnie, spoke about the report which was released wednesday. you can read it at c-span.org. here is jay carr knee. the review board, the review group on intelligence and communications technologies finished their report, as you know, and this morning the president met with the members of the review group to discuss that report. which they submitted last friday. we will have a read out of that meeting for you later today. for now, i just note that the president is grateful to the group, richard clark, michael morrell, jeffrey stone, c.a.t, and peter, for devoting themselves to the effort over the past several months and providing input for the administration to consider as we conclude the ongoing interagency review of signal intelligence collection being lead by the
12:06 am
white house. now over the next several weeks, we will be reviewing the review group's report. and the 46 recommendations as we consider the path forward, including sorting through which rights we will implement, which might require further study. and which we will choose not pursue. it's a substantiative, less than think report. it merits serious review and assessment. when we finish the internal review, the overall internal review in january, the president will deliver remarks to outline the outcomes of our work. anticipating this question, i'll go right to the answer. while we had intended to e release the review group's full report in january, as i said earlier, give inaccurate and incomplete report in the press about the report's cob tent. we felt it was important for people to see the full report
12:07 am
draw their own conclusion. we'll be doing that this afternoon. releasing the full report. >> reporter: is the president going to speak on that at all today? >> i wouldn't expect that. i don't have any scheduling announcements to make of that nature. and i can tell you -- not to expect he would speak. because as i was saying earlier, this is a serious document, which the president is grately appreciative. a lot of work went in to it. it is long and contains a number of recommendations. more than 40, 46, i believe, is the total. and he wants to, and his team, wants to take time to assess it to be review it. that is why in january, when the overall internal review is completed, the president will make remarks about the work that he has undertaken and the outcomes of his review. you can read the nsa review
12:08 am
which was released just dais after the federal judge questioned the constitutionality of the nsa surveillance program. go to our website, c-span.org. senate judiciary committee patrick leahy talked about the nsa wednesday on the senate floor.nator >> mr. president, the white- house released a report that prepared by the president's review group on intelligence. te the message is very clear. from every corner of and a quarter pigs. nsa you have gone too far. the bulk collection of americans data by the u.s. government has -- review group came to the same conclusion i have about the utility of the section 215 phone records program. the same conclusion that justice leon found the other day calling it unconstitutional.
12:09 am
they said section 215 was not essential to preventing attacks. many of us have been saying just because we can collect massive amounts of data doesn't mean we should do so. quote, altogether we might be safer if the government had a ready access to a massive storehouse of information about every detail of our live. the impact of such a program on the quality of life of the individual freedom would be too great. so we have legislation to curtail this, i think, for the sake of our nation and the sake of our constitution we should. data protection and internet privacy in a moment on c-span2.
12:10 am
she was everyone's soul sister. everybody felt they knew her. and they did, pretty much. because she laid her life out for everybody to see. she told us about what life was like in cush ya for women in the 1960 through the 1990s. one of the wonderful things about her, you know, she wrote mainly humor, and it was humor that was assessable to everyone. it happened in everybody's lives. but they might not recognize it until they saw it written down. funny things happen to us all the time, but we have to be on the lookout for them. she was the one that focused our attention on the funny things
12:11 am
that happened in a family. things that at the moment seemed like craziness and driving you nuts, but when you look back at them, you think it was really funny. that's a real gift. it's a literary gift. the life and times of urma. this weekend as booktv and american history tv look at the history and literary of life of dayton, ohio. saturday at noon on c-span2. and sunday at 5:00 p.m. on c-span 3. now a look at data protection and internet privacy. we'll hear from federal trade commission who talks about u.s. and european union efforts to enhance data security. from the council on foreign relations inspect is an hour and fifteen minutes. >> ready to get started. >> hello. we are delighted to welcome you to this round table with ftc federal trade commission
12:12 am
commissioner. this is part of our digital policy series, which is made possible by a generous grant from the foundation. i'm instructed to ask you to please turn off your cell phones, and if you haven't figure out from this gentleman in the corner, this is on the record and, in fact, we are on c-span. i'm karen a senior fellow here at the fellow here at the council for dig that policy. julia organized this round table series and we're grateful to her. this meeting is happening at an incredibly, timely moment. the leading tech companies are meeting with the president at white house today. there's a hearing in the senate tomorrow on data brokers in the trade negotiations with europe, the u.s. is expected to table something on e commerce, cyber framework draft has been recently released. and of course, the e.u.
12:13 am
published, on november 27th, some recommendation on the safe harbor. we're just thrilled to be having the meeting today. we know it will be fantastic conversation. i'm going kick off with brief comments. i recently served as ambassador to paris. when i was there, we convened a group of business leaders, government, technologists, and ng os. chris was there, and came up with a first set of global internet policy principles. these principles and the privacy gliends affirmed two ideas i think are sometimes missing from the debate, and that are very important for us to remember or not in conflict. and those are that the free flow of information -- that the free flow of information is essential to an open internet. and of course, an open center has become an essential platform for innovation, exfretion, and
12:14 am
commerce. object other hand, there's a need for individual countries to make rules protecting their citizens whether it's on privacy, cyber, fraud. these two things, i think, sometimes the debate forgets they're both essential. and so we're still lucky to have julie here to talk specifically in the area of privacy where she's become a leading voice. julie, just to give you some background on her. i'm sure you're familiar with it. i'm take you through her story advertising financial fraud, and competition especially in high technology and health care. before she came to the ftc she was the senior deputy attorney general and chief of consumer protection for the north carolina department of the justice. before that she was an assistant
12:15 am
attorney general for consumer protection antitrust for the state of vermont for over 20 years. from 1988 to 2009. commissioner brill served as a vice chair of the consumer protection committee. the american bar association, i'm just halfway through. [laughter] prior to her current law enforcement she was an associate in new york. she clerked for vermont federal district court judge. she graduated from principle ton and nyu where she has a citizenship for a commitment to public service. commissioner brill has been a lecture in law at columbia university. she received national award. she's testified before congress, published numerous orals. served on many panels.
12:16 am
she's looking at the cutting-edge issues. figuring out the right policy to balance the equity. she's finding a we to speak it that satisfies the academic, the advocate, and average consumers. have to believe part that have is the fact she doesn't spend all of her time in washington. she's based in vermont. [laughter] her family is there. and i've seen her there. i can testify to that fact she does her grocery shopping there. she's also getting out around the country and the world. i think that gives her, really, fabulous perspective and we're so lucky to have her at the commission. >> thank you, karen. i'm pleased to be here. i wish i had your résume to read. yours is pretty impressive too. [laughter] if not longer. i'm going ask a few questions
12:17 am
and she's going set the stage for us and open it up. you are all exports. we don't think of you as an audience. it's a round stable. we want a discussion. you returned from ten days in europe. you were speaking about privacy issues. can you tell us about a mood there. of course, we're aware of the fact with the nsa surveillance revelation, the line between commercial privacy and government privacy has been completely blurred. there's been a real change. >> yes. so it's been interesting. and a number of people who are here were there with me. we're also in europe and so we'll be able to comment on this when we goat q & a period. we should start by saying the u.s. and the e.u. and europe have a long history of cooperation. i mean, you know that better than anybody from your perch at the oecd. i think we need to remember that and keep in mind as we're thinking about and trying to work through some of the latest areas of a troubled --
12:18 am
of so. latest areas causing tension in relationship that is basically very, very sound. the nsa revelations have created tension. there's no question about that. and, you know, it's gotten as much press as it's gotten here in the united states, i think it's actually probably gotten much more in europe. i find, though my overarching perspective especially seeing the change from september through now is there is an increase willingness to try to cooperate. and try to figure out a way to resolve the problems that exist. in other words, so i think in the last six months i've been to europe three or four times. both prior to this snowden nsa revelation and then in september when they were still very, very fresh and then i just got back from a long trip.
12:19 am
i, you know, think that between september and now, there has been a recognition that we need try to work through the problems. , you know, there have been extensive government groups as well as private groups focused deeply on trying to address these issues just here in the united states. you know, how should we be balancing a national security and individual citizens' privacy rights. there have been a number of working groups underway. some of the results are starting to get discussed. there will be much more of that in the coming months. and there have been working groups between the e.u. and the united states. so that some, you know,s in -- folks in the working group that are european policy makers and whatnot have been to be interface with our policy leaders to try to talk through the issues as well. i think all of that has lead to -- well, perhaps not complete agreement on the way in which
12:20 am
we're doing things, at least in understanding to a certain extent of why certain things have been done. and maybe the areas we need address going forward. so, you know, i -- one of the things you asked about, and maybe we should talk through is this issue of, you know, should commercial privacy and government surveillance be treated together or separately? that's one of the things i spent quite a bit of time talking about in europe. so should we -- [coughing] >> focus on that? >> sure. so, you know, i have told my european counter parts and european audiences and whatnot, frankly, i have done the same thing here in the united states, that the government surveillance issues are incredibly important. it's a conversation that is long overdue. i'm glad that it's happening here in the united states and in europe and the transatlantic discussion.
12:21 am
the discussion around commercial use of data, i think, is a very important conversation. it needs to happen here in the united states. but it is a separate conversation. it should be happening separately from the national security issues. and i say this for a number of reasons. i think that, you know, if you look at the 1995 e.u. data protection directive, you know, it has national security exceptions. if you look at the ways in which data flows between the united states and the e.u. whether it's through corporate rules or safe harbor. any of the other mechanisms, there are national security exceptions. let's talk about commercial privacy. let's talk about commercial privacy.
12:22 am
tell us about your thought and the e.u. privacy regulations and the privacy right outlined in the regulation. and concept. >> sure. so the e.u. regulation actually, i think, mirrors a number of things we've been talking about. whether at the ftc, the federal trade commission, which is the nation's leading privacy regulator. the kind of policies pushed forward in the e.u. regulation you see things like desire to get parental consent for information about children. you see references and provisions dealing with data breach information to. you see privacy by design, which
12:23 am
is a concept we have tried to urge on industry here in the united states. you see a focus on enhancing consumer's control over the data. increasing transparency, improving data accuracy, strengthening data security, and encouraging accountability. these are all concepts that whether embedded in law in the united states or are being discussed at the federal trade commission and elsewhere in terms of developing best practices for industry here in the united states. these are automatic concepts that, frankly, i think we embrace certainly i embrace as a federal trade commissioner. i know, many of my counter parts also embrace. so we have a law in the united states daling with children's privacy. requiring prarnt tal consent for about kids under 13. we have data breach information to law. it's at the state level not the
12:24 am
federal level. it's nice to have data breach nowftion law and data security law at the federal level. but we have some provisions dealing with the issue at the state level. in our privacy report, the federal trade commission we issued a big privacy report last year. we talk abouted a lot of other concepts. privacy by design, that is the need to build privacy in to products and services. and not to kind of push everything on to the consumers. overwhelming them with choices they need to make about the privacy. is deeply important. having said that, i think there are areas where we definitely need improvement in the united states. i don't think -- i think we have a ways to go.
12:25 am
especially around transparency issues. so i've spent a lot of my time talking about the need for entities that renner gauged in big data an lettic. profiling of consumers, especially when it's focused on consumers at the individual level rather than trying to deal with the identified information. what we're talking about profiles created about consumers used whether for marketing purposes or eligibility decisions or other decisions, i think we need more transparency in that area. connect the cars, medical devices finance bands or anything else that is a design that connects to the internet. i think we need more transparency and need to think about the tools that we can make available to consumers so they understand what is going to happen with that information. we'll be collecting it and what
12:26 am
they will do with it. i think online tracking through "do not track" -- through developing some tools for consumers is very important so consumers can control the extent to which they are trapped online. "do not track" is an issue that some folks have been dealing with very dreeply and developed tools. some of the browsers developed tools. some trade groups have go oned tools. and some standard-setting organizations are working on developing tools around tracking online. i would like to see more progress made there. it's more in term of developing best practices and providing better tools to consumers so they understand how the data is being collected and used for what purposes, et. cetera. but we can really use some more laws in the united states.
12:27 am
baseline privacy legislation, i think would help. i think it would help level the playing field. i think it would clarify for businesses what they ought to do and don't need to worry about. and would make clear to consumers you know what their rights are and what can happen to the data tap ping -- i think particularized law around data brokers and data profiling is also helpful. i've already mentioned data security. so again, taking a step back and look at the big transatlantic picture, i mean, i do think there are clear similarities between what europe is pushing in its proposed or some folks in europe is pushing. i think that here in the united states we share many of those ideas and values and have been pushing them forward. here in the united states, i think there is room for improvement. and, you know, i've certainly
12:28 am
spent a lot of time talking about that. >>let me ask you two quick things. one of the things we often tell europeans when i was over there is while they think europeans care more about privacy than we do. we would say you may have more rule on the book. we have more enforcement. i want to ask you about that. you're at the enforcement agency. and also, just where you see the safe harbor going and you know what are you -- you think are optimistic about it. the report did come out with recommendations. i would love to hear you talk about that. >> so it's true. we have good privacy enforcement in the united states. that's with respect to the laws that we do have on the books. and i have spent lot of time trying to educate not only folks here in the united states, for instance the app community, that, you know, nay need to make sure they understand the laws that apply. so for instance, if they're
12:29 am
engaged in activity that might touch on credit reporting or, you know, a tenant list. a tool for hr departments to use to screen perspective employees. our credit reporting laws applies. i spend a lot of time trying to educate entities in the united about the breadth of our privacy laws. and similarly, i spent some time talking about to our european counter part about the breadth of our privacy law. we don't have baseline privacy legislation. in sensitive areas, whether it's health information -- although we can talk about that. there are some gaps there. whether health information, financial information, children's information, or credit reporting information we do have good laws. and the ftc is definitely the -- we are joined by the state ag and do great enforcement. i've heard my european counterparts say that they wish they could combine their
12:30 am
regulation with the ftc's enforcement prowess. i know, for more some businesses it might be more frightening. i think question say there was a general grown in the room. >> i thought it was a chuckle. [laughter] >> okay. but no, we have had some trouble though communicating how we do privacy enforcement. one of the tools we use in addition to the specialized laws i talk about is the federal trade commission act. federal trade commission act generally prohibits unfair practice is. it doesn't focus in particular on privacy. it doesn't focus on financial fraud or on substantiatuation. in fact it applies in all of those areas. it was written at the height of the depression joining up with the law that created us in 1914 at the height of the progressive era. and it's designed to be very broad and very remedial. and we use it in just that way.
12:31 am
so in the privacy context, we've used our unfair deceptive act of practice law. not only to focus on some of the biggest consumer-facing companies. some of whom are represented in this room. google, facebook, myspace, and twitter are all under 20 year orders as a result of our belief they violated our federal trade commission act -- but we have also focused on much smaller players that aren't household names but key whether it's the mobile or internet or, frankly, now even we had a case on the internet of things we focus on app developers, an -- analytic firm. ad networking. you name it. we have looked at the practice
12:32 am
when brought to our attention. if we felt they were violating either the deception principle or unfairness we go after them. how do we deal with the safe harbor? the u.s. about how our privacy rules work in practice. how can we safe guard the safe harbor important to the data between them. as a result of the nsa and snowden revelations, in started to be a growing conversation in europe. the reason why european citizens data was being looked at was being examined by government for national security purposes was
12:33 am
because of the tool. and the safe harbor is one of several mechanisms that is by -- in existence that allows on a company basis. between europe and the united states.
12:34 am
and whether it's happening through companies that have signed up for safe harbor, or whether governments surveillance is happening through a harris county -- or adequate sei determination or any other mechanism for cross-border transfers. you know, that's where the conversation should happen around the appropriate scope of government surveillance. i think the conversation i'm engaged in. as well as others. but it seems to have gained residence. and if you read the european commission's latest report on building trust, as they call it, between the u.s. and the e.u. they talk about the importance of safe harbor. they talk about the importance of maintaining it because of the important ties and the level of business that is transactive
12:35 am
between the e.u. and the u.s. now having said all of that, you know, it's been -- safe harbor in existence for 15 years. a lot has changed in 15 years. you know, just, you know, it's even, you know, i could ramble facts and statistics. but the number of smart phones people have, the collection of location information, you know, just the internet of things. all of these things did not exist or were in existed in perhaps nobody else's. ic what we need to do is take a look and say are there ways question improve it? and the e.u. commission has made 13 proposed recommendations for improving it. some of which i think we ought to decide if the atlantic take a serious look at.
12:36 am
i talked about it last week. i said there are ways i think we can -- without doing too much work, i mean, these aren't a heavy lift. but it would help get rid of some of the irritant in term of how safe harbor operates. so for instance, creating better link between company, privacy policy, and the department of commerce's website. so it's clear, you know, who is in safe harbor, and who is out. and what alternative dispute recognition each is using. it's required for every company that signs up for safe harbor. of some kind or another. the vast bulk of companies use an alternative resolution mechanism like trustee or bbb or something comp is free. it's free to european citizens. if the european citizens has complained about a company, they go either to their european data protection authority, kind of like, you know, the country specific regulator.
12:37 am
or go one of these companies and can have their complaint heard for free. 20% of the companies that have signed up for safe harbor are using an alternative dispute heck name charge the consumer money. and as long time consumer advocate. i have to say that i don't think that's the right direction here. i think that we should work very hard to try to get those alternative dispute resolution mechanism fee down to zero. we need increase transparency on the website with the links. and i think, again, those are things done easily. so people can understand what companies are in safe harbor. which companies are out. what the privacy policies are and things like that. finally, i think we, you know, we ought to be looking at the other cross-border data flow
12:38 am
frameworks that we have been talking about globally. and apeck, the asia-pacific cross-border framework being developed and being pushed forward has an interesting concept built in around accountability mechanisms. so before a company ever reaches someone like me. a regulator who says you violated the law. they have nut place mechanisms for self-assessment for checks so there's an entity, a private entity that can help make sure they're in compliance. i think that's a really good concept that can be very helpful to companies. i think we ought to be thinking about whether or not there's room within safe harbor framework for appropriate, you know, accountability heck niches that are basically kind of a self-regulatory mechanism. before you ever get to -- so those are the ways in which i
12:39 am
think safe harbor can be improved. i think the e.u. has all the things i've talked about, you know, they have in some fashion or another, mentioned. i talk about a number of other proposed changes. some of which, i think, would be tough. some of which, i think, are again need to be focused on, you know, need to be a discussion within the national security community. but some of them, again, are, i think, relatively easy lists if are the united states. we need to take a serious look at them. >> this is a great tour of what is going on between us and europe, and really detailed and i think there's a lot around the table for people to chew on. we'll have a great discussion. i want to open it up to peoples' questions. please identify yourself. if you want to, you can turn your name tag on its side and i will know that i should call on
12:40 am
you. as the gentleman in the back has done. [inaudible] >> alan. great. the question i have for you. in the enforcement you have prefer to were adequate sei and that safe harbor for the united states is almost in congress.
12:41 am
as you said. i think it's important in the united states as well. an that when i they as a almost a conversation say they don't account, apparently one of two fundamental right that i are balanced along with other -- right to freedom of expression itself. the system are not that different. to treat us differently nay be more political than objective. >> it's an interesting point. let me start with the first question. you raise a bunch of questions there. do i think we are adequate within the european framework? i think given the other countries that have seen that have been deemed adequate. i think we are, especially
12:42 am
because of our strong enforcement. however, i understand why from a european perspective as opposed to perhaps either a global perspective or our perspective, they're having trouble getting their arms around it. i think it's because of the continental view, at least. i'll leave aside the common law great britain and ireland, and the common law countries. let see the black and white law that is on the books and let's see what it says. it provides for. and while here we have, as i said, some very strong law. you have to look at place for them. they're not all in one place. it's hard, i mean, when i remember going to munich for a meeting with a bunch of businesses and regulators in germany. at that time, it was a couple of years ago. maybe a year and a half or two years ago. they said, you know, they
12:43 am
thought all privacy enforcement in the united states was done through self-regulation. and i said, well, mcgee, no really, that's not true. let me explain to you all we do in the united states. but it's not a sentence. it's a paragraph. or two paragraphs. i think what probably makes the most sense for us right now in the united states is to recognize the e.u. has not determined that we are currently adequate. and to try to focus on interoperability. that is to try focus on how it works. the e.u. has said, okay, even if you're not adequate we'll allow the data transfer through the mechanism.
12:44 am
and make sure there's a trust level in the mechanism so we still have those to support the incrediblability amount of trade and consumer benefit on both sides of the atlantic. so interesting provocative question. but that would be my perspective on it. >> we have some twitchy over there. we've done a lot of work looking at the impact -- one of the big changes we're seeing especially internationally is the growth of --
12:45 am
the problem we see here for the disclosure are voluntary disclosure for additional privacy and security threats. there's a lot that companies it. they can put in place the term of service. from the private sector any response to give the data to a foreign company. the government will mandate the use of clothing. there's so that's why the national such a problem right now. the question is, you know, aside from, you know, geneva convention. how can you address the issue? it seems like that's --
12:46 am
it's a very important issue. i think, you know, as i said in my opening diagnose we had. the issue around government access to information. whether it's information that private companies hold or information elsewhere within government or state level or local level. all of this -- there's a huge, in my view, a robust discussion under way in the united states about the appropriate level of surveillance and how it's taking place. i think it's great that conversation is going on. i have personal views about it. i'm sure everybody in this room has personal views about it. my job as federal trade commissioners is focus on commercial use of information. and there in that sphere of commercial use of information, again, i think i disagree with you there's nothing companies
12:47 am
can do to better protect information. i understand where you're coming from. which is when someone tapses in their data. whether it's a government entity or whatnot. there's they can't really stop it in the current framework. and therefore they're very involved in that conversation. the first conversation i talked about is how is government doing that. but having said that, and i know you want to jump in. but having said that, i think there is a lot that companies can do to improve privacy protection. again with nows can on privacy i did design. data minimummization. deidentifying data as much as possible. we have tons of rights about what businesses can do enhance privacy. and what is so special about this moment in light of the revelation while, again, i think commercial use of data and government use of data is separate and needs to be
12:48 am
separate cfghtses. it's a moment in time when our seat as well as the global community is really focused on data flows. what is happening with data. i think now is a really good time for companies to step up to the plate and say we get it. whaipt to see is focus how they're using data and data is flowing to data brokers, to big data analytic firm and others who are creating profile about consumers for commercial use.
12:49 am
[inaudible] if you could talk about how we -- [inaudible] bridging the view. things that must be done to safe harbor to after you put it thing we should look at carefully. [inaudible] much more difficult. >> great question.
12:50 am
and i think we in the united need to take that list of 13 items very seriously. i think we are taking it very seriously. i'm sure there will be an intergovernmental group focusing on developing a formal response to it. you know, i've had conversations with my counter part in the e.u. and folks at the commission level about my personal thoughts about them. including those which i thought were relatively appropriate. not necessarily easy lists. i didn't focus on it in that way. but they should be done. and then those that i thought will present a more difficult -- have a more difficult road. for good reasons. and i describe to describe the
12:51 am
reasons. i think it's important move -- we meaning, you know, move relatively quickly. because i do -- i'm pleased to hear you -- i think we would -- i would like to keep the momentum going in the current direction. the conversation going in the correct direction which it's now heading. i think it's important. one of the ways we can do that is be clear to our european counter part that we're -- we recognize the issues they have raised. and we think there is serious issues. we want to work with them. so i'm hopeful that, you know, we will soon have a position and sit down with them and talk through each of the points.
12:52 am
i think we should be looking at january, which is a couple of weeks away to begin the conversation in a robust way. i think there are events that take place in europe that they identified for me. which will race the political focus on this issue even more. so i think we just need to in order to build the trust that the europeans are asking us to build. i think we need to do our part in that building. enforcement of privacy. i completely agree with you from my limited experience. not much there. [inaudible] if anybody had -- [inaudible]
12:53 am
i think most americans would be fairly concerned if the government kept -- [inaudible] [inaudible] the fbi and alaska. there's one check and -- [inaudible] or the meter reader or such in so some base. tell me how you product the privacy. i think a lot more work needs to
12:54 am
be done with respect to profile and data brokers. you were referencing one particular company in arkansas and another large tech company with respect to the entities that are engaged in profiling consumers that is the commercial entities. they are creating profiles that are being used for marketing purposes for el jinlt decisions not currently covered by law. and some of the profiles have very sensitive information including health conditions, like and very detailed information about health conditions. sexual orientation, ethnicity. and other, i think most of us in this room and in society would believe is highly sensitive information.
12:55 am
i would like that see with respect to data brokers that -- providing much greater transparency tools to consumers. they are a portal and provide some information about some of the data they have on consumers used for marketing. there are other large data brokers, i believe could easily provide similar transparency tools. it's not just important to let consumers know what data you have about them.
12:56 am
but also to the extent it's used for marketing purposes. i think the data should be the consumer should have the ability to suppress it. say i don't want to be marketed based on the fact i have diabetes. i don't want to be marketed based on the fact i'm whatever of ethnicity or whatever. and consumers should be able to correct information if they want to. information used for important decisions like are you who you say you are? and can we do business with you. ebl jibility need govern by current law. i think they need to see it and correct it if it's wrong. otherwise decisions will be made about them based on inaccurate information. so i think there's room for
12:57 am
improvement particularly in the area you have identified. thank you. you made the point that the way things have changed in the last 15 years with respect to safe harbor. wasn't transactional. now today the internet is one to many. there's a lot of unstructured data and certainly transactional in 40 or 50 different layers.
12:58 am
those were obviously -- [inaudible] so how do you how we adapt the guideline of the 2021st century and transformality technology like the and data you. talked about transparency sort in the context of dpa that brokers. but what would how we adapt those. there's a lot of ways question adapt to some of the principles to technology. age great starting point for that conversation is the report that the federal trade commission did in 2012.
12:59 am
the phreic is not do they apply but how we're going apply them to new technologies. so we talk about implementing three or four techniques, if you will, or getting businesses and industries to focus on three or four ways in which they can -- so consumers have notice and chase and there's accountability. and there's transparency and accuracy and security and all of those other information privacy principles. we talked about the need for privacy by design. it's one issue. i touched on it briefly before. that was the concept where we're don't place so much burden on consumers to make a million
1:00 am
choices about privacy. it's too hard. we read them. but no consume actually reads them. to have it at the end of the day is more helpful. it's more important on smartphones when you think about the limited real estate available there to have quick messages to consumers. we're about to collect your location. we wanted download your contact
1:35 am
followed by senator blumenthal.

34 Views

info Stream Only

Uploaded by TV Archive on