Consumer Electronics Daily was a Warren News publication.
Edge 'Responsibility' Also Cited

Administration Concerned About GDPR Impact on Access to Whois Data, Say Redl, Slater

May 8, 2018 by David Kaut|Top News

WILLIAMSBURG, Va. -- The U.S. is worried about fallout from EU's General Data Protection Regulation taking effect May 25, said Trump administration officials at the FCBA retreat Saturday. "It will have a sweeping impact on many, many sectors of the U.S. economy," said NTIA Administrator David Redl. He voiced particular concern about possible disruption to parties needing access to the Whois database of online domain name ownership, which is used by law enforcement and others.

GDPR has "huge" implications for U.S. companies, said Abigail Slater, special assistant to President Donald Trump for tech, telecom and cyber policy at the National Economic Council. The regulation exposes companies to potential fines of up to 4 percent of global revenue or $20 million per violation, whichever is more. She also cited the importance of Whois to cybersecurity efforts: "We are, within the building, quite concerned about this." She also suggested U.S. edge providers must take more responsibility for their actions, and backed a stronger FTC privacy enforcement role.

Redl called GDPR his agency's "most pressing" international issue. He said Whois is a "very important tool" for intellectual property holders, law enforcement and cybersecurity researchers. NTIA is worried online registries, to comply with GDPR, will either "mask data in Whois" or "take Whois down altogether," he said. "The administration has made it clear that that's an unacceptable outcome, that this information is important, that we need to ensure it continues to be available for lawful purposes, for the security and the stability of the internet." He said NTIA and others in the administration are working with the EU, seeking to ensure Whois isn't disrupted on May 25.

Slater said there's "a lot of uncertainty" about GDPR, including the potential impact on Whois. She said the U.S. government and others use "the phonebook of the internet" to track down parties in distributed denial of service attacks. She said she wishes ICANN had better guidance on complying with GDPR, so parties aren't faced with choosing between defending legitimate cyber interests and complying with European privacy law. "We are in the process of herding cats" and "trying to pull together" various entities to convey U.S. concerns to EU authorities before May 25, she said.

Congressional hearings on Facebook privacy were "very important and very timely," said Slater, formerly general counsel of the Internet Association, which includes Facebook. She cited a confluence of issues, including edge provider privacy, online sex trafficking and Russian interference in U.S. elections. "What that all adds up to is we're seeing a general consensus" on Capitol Hill and elsewhere that online provider "responsibilities in the world are growing," she said. "With great power comes great responsibility." She hopes not just one company but the online industry in general will assume more responsibility on public policy. Her other reactions to the Facebook hearings were that the controversy has major implications for Google, and lawmakers back innovation and are "naturally inclined to be supportive of these companies."

Slater said the U.S. will continue to do privacy differently than the Europeans. "This is not the administration that's going to set up the Federal Internet Commission. It's just not," she said. She sees merit in the FTC regulating both ISPs and edge providers after the FCC net neutrality repeal restored FTC broadband authority that was taken away under a common-carrier exemption triggered by the previous Title II Communications Act broadband classification. The FTC may not have all the tools it needs and she suggested there's a "good case" for strengthening its authority, but "it could look at a lot of these issues." Noting international issues, she "would love to see the see the FTC become a force to be reckoned with on the Privacy Shield. It's such an important part of the U.S. economy ... $1 trillion in commerce, and they are the backstop enforcer on that."

FTC Commissioner Maureen Ohlhausen repeated the agency is investigating Facebook. She said the FTC would like Congress to eliminate the common-carrier exemption and give it certain rulemaking power and new authority to impose civil penalties on parties that break the law without violating specific rules or pre-existing orders, or where the dollar value of injuries can't be assessed. She said her agency can use its existing authority to protect broadband customers and competition, including by working with the FCC and its ISP transparency rules to ensure consumers get the service they're promised. She said the trade commission is being "very aggressive" in cracking down on illegal robocalls, having brought 134 lawsuits against 789 parties for alleged violations, resulting in $1.5 billion in judgments and $120 million in collections.

Ohlhausen voiced confidence her nomination to be a judge on the U.S. Court of Federal Claims was heading toward Senate confirmation soon, which will allow her replacement, Christine Wilson, who has already been confirmed, to take her FTC seat. Ohlhausen's nomination hearing is Wednesday.

NTIA is preparing for the ITU's meeting in Dubai this fall. Some in the ITU are pushing for the organization to become a more active internet regulator, which the U.S. will continue to resist, Redl said.

For other FCBA news, on 5G: 1805060001 and 1805040058.