Consumer Electronics Daily was a Warren News publication.
Plugging Privacy Threats

McSweeny: FTC Not Strong Enough to Police Online Consumer Beat Alone

The FTC isn't strong enough to be the only consumer protection cop policing online platforms, Commissioner Terrell McSweeny said Thursday, while blasting as unjustified Congress’ 2017 decision to repeal FCC broadband privacy rules. Speaking at a New America event, McSweeny said it’s “100 percent the right question to ask” how Cambridge Analytica could have allegedly abused private data of 87 million Facebook (see 1804050024) users in spite of a 2011 FTC consent decree that the social network agreed to following privacy concerns.

David Vladeck, who served as FTC Consumer Protection Bureau director 2009-12, said the consent decree was designed precisely to avoid what has surfaced with Cambridge Analytica, and it’s clear Facebook violated the agreement. Facebook promised to identify and plug privacy threats, the Georgetown law professor said.

Facebook CEO Mark Zuckerberg Wednesday said the platform “didn’t focus enough on preventing abuse and thinking through how people could use these tools to do harm as well.” Vladeck said the issue is that the platform performed zero due diligence on third-party application developers, which was a focus in the consent decree. “Given how complex Facebook is and how many systems there are, we need to rethink our relationship with people and our responsibility there across every single part of what we do,” Zuckerberg said.

Michelle De Mooy, Center for Democracy & Technology director-privacy and data, said that while Facebook portrays itself as a user-friendly platform, there has been a chipping away at the public’s trust for years. Mozilla Foundation Fellow Caroline Holland hopes the spotlight remains on Facebook. Though policymakers need to insist on consumer protections, they need to be wary of overcompensation and be sure to maintain openness and competition, she added. Upturn Executive Director Harlan Yu said it’s obvious that Facebook’s business model is susceptible to abuse and the key question is how transparent that company is with its response to ad-targeting abuses. It seems like Facebook is willing to make changes, but it’s going to require ongoing conversation with advocates, he said.

McSweeny argued it’s “demonstrably false” that Americans don’t care about privacy abuse and what platforms do with their data. When asked if Cambridge Analytica is an Edward “Snowden moment” or a fleeting news item, McSweeny hoped it’s a moment of change. The FTC isn't strong enough to address the issue on its own, she said, because the agency has been flat-funded for years, has antiquated authority and has inadequate institutional design. She suggested the creation of a bureau of technology devoted to the issue.

Facebook is seeking user feedback as it looks to update its terms of service and data policy, and the platform also plans to restrict data access, with various application programming interface updates. “We’re not asking for new rights to collect, use or share your data on Facebook. We’re also not changing any of the privacy choices you’ve made in the past,” company officials blogged. Zuckerberg said he’s “quite confident” that the scandal affected no more than 87 million users. “It very well could be less, but we wanted to put out the maximum we felt that it could be as that analysis says,” he said. He said that Facebook wasn't the source for the original estimate that about 50 million users had been affected.

Electronic Frontier Foundation Legal Director Corynne McSherry meanwhile outlined recommendations for Facebook. She said the platform should ensure users the right to expect a high-level of transparency concerning how data is used; the right to opt in and out of data-sharing practices; the right to leave the platform and remove all data history; the right to swift notification of data abuse; and the right to pursue legal recourse if the platform is potentially at fault. Facebook and the FTC didn't comment.