Court Decision Gives FTC Sweeping Discretion to Second-Guess Web Design
WASHINGTON D.C. — Yesterday, a federal district court granted the FTC’s motion for summary judgment against Amazon in a lawsuit over the design of apps on the Kindle Fire. The FTC alleged that Amazon had committed an unfair trade practice by enabling children to make in-app purchases not authorized by their parents. This echoes the FTC’s settlement with Apple of similar charges in 2014 over the dissent of Commissioner Josh Wright. Conversely, the court blocked the FTC’s requests for an injunction to govern Amazon going forward, since Amazon had already changed its apps interface apps.
“If this decision stands, the web’s going to get a lot less user-friendly and a lot more ugly,” said Berin Szóka, President of TechFreedom. “Good user-interface design has been no less critical than technical innovation and business model experimentation in making the Internet awesome. Amazon led the way by launching 1-click ordering in the late 1990s. That feature launched a thousand imitators across the web, all guided by the principle that Dieter Rams, guru of industrial design, famously summarized with his mantra: ‘As little design as possible.’”
“But today’s decision gives the FTC sweeping powers as a nanny-state censor of interface design decisions,” continued Szóka. “Of course, companies can harm consumers with sloppy interface design, and the FTC must indeed protect consumers from things like unauthorized purchases. But the FTC’s also supposed to weigh tradeoffs carefully — not just in economic terms, but in convenience for users, too. Here, the FTC invoked the hassle that a tiny percentage of parents experienced in requesting refunds, which Amazon readily granted. But the FTC refused to acknowledge that its preferred designs might also reduce the benefits of simple, elegant UI design for everyone else. The new mantra for Silicon Valley is ‘As little design as the lawyers tell you might be necessary to satisfy the FTC.’”
“The courts have once again abdicated their responsibility to check the FTC’s discretion,” warned Szóka. “Back in 1980, the FTC held onto its sweeping ‘unfairness’ power only because it promised Congress that it would give rigor to its three-part weighing test. It’s failed to do that on a wide range of consumer protection matters. There’s no such thing as perfect design, just as there’s no such thing as perfect data security, but the FTC’s overall approach to the Internet has become ‘Everyone’s guilty. But trust us, we’ll only go after the really bad guys.’”
“The real problem here is not letting this case go to trial,” explained Szóka. “If these questions can’t even get that far, there’s little hope that other companies will stand up to the FTC. The agency will get away with building a ‘common law of consent decrees’ on user interface that has as little analytical substance as its ‘soft law’ of privacy and data security. Designers everywhere better pray that Amazon has the courage to fight on, and that an appeals court actually weighs the FTC’s claims. If not, only Congress can keep the FTC in check, lest it plaster the web with the kind of ‘accept here’ pop-up clutter that Europe’s overzealous privacy regulators have required.”
“At least the court blocked some of the FTC’s heavy-handed approach to enforcement,” concluded Szóka. “Because Amazon had already changed its user interface to address the FTC’s concerns, the court refused to grant the FTC the permanent injunction it sought, which would have put Amazon’s future UI design decisions under even stricter scrutiny. That should somewhat reduce the FTC’s leverage in extracting settlements that push unfairness beyond the careful weighing required by Congress. But the court also ignored Amazon’s complaints about how the FTC calculated damages. So the FTC can still wield a huge sledgehammer in trying to convince companies to settle, and thus avoid judicial review of its increasingly zealous legal claims.”
###
We can be reached for comment at [email protected]. See more of our work on consumer protection and FTC reform, including:
A white paper on the FTC’s questionable application of its enforcement authority against Nomi Technologies over deceptive statements
Our statement on the FTC’s attempts to meddle in user experience decisions
Our statement on the FTC’s failure to prove likely injury in its case against LabMD
FCC Privacy Regulation Should Follow FTC’s Consumer Protection Standards
WASHINGTON, DC — Today, a broad coalition of tech companies and trade associations, including broadband providers as well as edge and device companies, urged Federal Communications Commission (FCC) Chairman Tom Wheeler to regulate broadband privacy under the same unfairness and deceptive (UDAP) standards as the Federal Trade Commission. See the letter here.
When the FCC reclassified broadband providers as common carriers last year, it robbed the FTC of jurisdiction, because Section 5 of the FTC Act covers nearly all companies other than common carriers. Thus, the FCC claimed it needed to fill a regulatory vacuum — of its own creation. While the FCC acknowledged that the Consumer Proprietary Network Information (CPNI) rules developed for analog telephony, concerning anti-competitive uses of marketing data, were a poor fit for Internet services, it promised to begin an inquiry about how to replace them. The FCC is expected to issue that Notice of Proposed Rulemaking in the coming months.
“All tech companies should be held to the same standards on consumer privacy, whether they offer Internet access, online services, or devices,” said Berin Szoka, President of TechFreedom. “Even if the FCC somehow prevails on Title II reclassification, there’s no reason that should result in more heavy-handed or arbitrary regulation of broadband privacy. The FTC’s standards are the bedrock of American consumer protection law, forged as a careful balance between over- and under-regulation. These flexible standards are fully capable of guiding the FCC as it grapples with technological change. Stealing the FTC’s jurisdictional lunch money was bad enough — the FCC shouldn’t be able to toss out its legal standards, too.”
“The FCC should adopt the FTC’s standards for unfairness and deception across the board,” proposed Szoka. “Unfortunately, the FCC has been moving to do just the opposite: to claim essentially unfettered discretion to second-guess how the companies it regulates can innovate. Essentially, the FCC is trying to reinvent the FTC’s unfairness and deception standards in name only, stripped of their underlying analytical rigor.”
In its October 2014 prosecution of Terracom, the FCC reinterpreted Section 222(a) and Section 201(b) as a broad duty to provide “reasonable data security.” This is essentially equivalent to the FTC’s approach to data security — except that it completely omits the underlying statutory elements of unfairness: (1) causing, or likely causing, substantial injury, (2) that is not reasonably avoidable by consumers and (3) that is not outweighed by countervailing benefit. This key difference means that it would be difficult to challenge an FCC data security or privacy enforcement action — as in the LabMD case, where the FTC’s own administrative law judge recently ruled that the FTC had failed to satisfy the first prong of unfairness. Similarly, Terracom interpreted Section 201(b) as a kind of deception authority — minus the materiality requirement central to the FTC’s 1983 Deception Statement. In addition, the FCC has hinted that it may use the power it claimed in 2010 under Section 706 to regulate privacy and data security as loosely related to broadband deployment.
“It’s not enough for the FCC to pay lip service to the FTC’s standards, while ditching their underlying legal substance,” concluded Szoka. “The FTC has already drifted far away from its own UDAP standards by avoiding litigation and building what it calls a ‘common law of consent decrees,’ thus avoiding judicial enforcement of its UDAP standards. But at least the courts could still rein in the FTC and the agency can generally be shamed into some degree of self-restraint. But if the FCC simply copies the FTC’s current, mostly-lawless approach, the result will be completely lawless, arbitrary and political regulation of the Internet — even if it claims to be using the same standards.”
TechFreedom is leading a group Silicon Valley innovators and entrepreneurs as an intervenor challenging the FCC’s 2015 Open Internet Order. TechFreedom also runs, with the International Center for Law & Economics, the FTC: Technology & Reform Project.
###
We can be reached for comment at [email protected]. See our other work on FCC Process and FTC Reform, including:
Out of the Frying Pan & into the Fire: The FCC Takes over Privacy Regulation, TechFreedom working paper
The FTC’s Data Security Cases: What LabMD & Wyndham Mean for Internet Regulation (Event September 2013)
Wyndham Settlement Reinforces Need for Congressional Overhaul of FTC
The Second Century Of The Federal Trade Commission, TechDirt
FTC’s Big Data Report Offers Little Analysis, Zero Economics
WASHINGTON D.C. — Today, the FTC reiterated its age-old formula: there are benefits, there are risks, and here are some recommendations on what we regard as best practices. The report summarizes the workshop the agency held in October 2014, “Big Data: A Tool for Inclusion or Exclusion?”
Commissioner Ohlhausen issued a separate statement, saying the report gave “undue credence to hypothetical harms” and failed to “consider the powerful forces of economics and free-market competition,” which might avoid some of the hypothetical harms in the report.
“The FTC is essentially saying, ‘there are clear benefits to Big Data and there may also be risks, but we have no idea how large they are,’” said Berin Szoka. “That’s not surprising, given that not a single economist participated in the FTC’s Big Data workshop. The report repeats a litany of ‘mights,’ ‘concerns’ and ‘worries’ but few concrete examples of harm from Big Data analysis — and no actual analysis. Thus, it does little to advance understanding of how to address real Big Data harms without inadvertently chilling forms of ‘discrimination’ that actually help underserved and minority populations.”
“Most notably,” continued Szoka, “the report makes much of a single news piece suggesting that Staples charged higher prices online to customers who lived farther away from a Staples store — which was cherry-picked precisely because it’s so hard to find examples where price discrimination results in higher prices for poor consumers. The report does not mention the obvious response: if consumers are shopping online anyway, comparison shopping is easy. So why would we think this would be an effective strategy for profit-maximizing firms?”
“The FTC can do a lot better than this,” concluded Szoka. “The agency has an entire Bureau of Economics, which the Bureau of Consumer Protection stubbornly refuses to involve in its work — presumably out of the misguided notion that economic analysis is somehow anti-consumer. That’s dead wrong. As with previous FTC reports since 2009, this one’s ‘recommendations’ will have essentially regulatory effect. Moreover, the report announces that the FTC will bring Section 5 enforcement actions against Big Data companies that have ‘reason to know’ that their customers will use their analysis tools ‘for discriminatory purposes.’ That sounds uncontroversial, but all Big Data involves ‘discrimination’; the real issue is harmful discrimination, and that’s not going to be easy for Big Data platforms to assess. This kind of vague intermediary liability will likely deter Big Data innovations that could actually help consumers — like more flexible credit scoring.”
###
Szoka is co-author, along with Geoffrey Manne and Gus Hurwitz, of the FTC: Technology & Reform Project’s initial report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission,” which critiques the FTC’s processes and suggests areas where the FTC, the courts and Congress could improve how the FTC applies its sweeping unfairness and deception powers in data security, privacy and other cases, especially related to technology.
We are available for comment at [email protected]. See our other work on FTC Reform, including::
Comments filed by TechFreedom and ICLE in response to the FTC’s workshop, Big Data: A Tool for Inclusion or Exclusion?
Comments filed by TechFreedom urging the White House to apply economic thinking to its inquiry into “Big Data”
Comments filed by TechFreedom and ICLE urging Congress to establish a commission to audit America’s privacy laws
Wyndham Settlement Reinforces Need for Congressional Overhaul of FTC
WASHINGTON D.C. — Today, the Federal Trade Commission announced that it had reached a settlement with Wyndham Hotels over charges that the company had “unreasonable” data security. In 2009, Russian hackers stole customer information, including credit card numbers, from Wyndham hotel systems. The company initially refused to settle an FTC enforcement action, becoming the first to challenge the FTC’s approach to data security in federal court. The FTC has used a decade of settlements with dozens of companies to establish fuzzy de facto standards for data security. In August, the Third Circuit denied Wyndham’s appeal of the district court’s decision to let the case proceed.
“The FTC has, once again, avoided having a federal court definitively answer fundamental questions about the constitutionality of the FTC’s approach to data security,” said Berin Szoka, President of TechFreedom, which joined an amicus brief in the case. “The FTC will no doubt claim the Third Circuit vindicated its approach, but all the court really said was that Wyndham’s specific practices may have been unfair. Indeed, the appeals court agreed with Wyndham that the FTC’s so-called ‘common law of consent decrees’ cannot provide the ‘fair notice’ required by the Constitution’s Due Process clause. This implied that the FTC needs to do much more to guide companies on what ‘reasonable’ data security would be. By settling the case, the FTC avoided having the district court resolve those questions.”
“It’ll take years for another case to work its way through the courts,” explained Szoka. “LabMD’s recent victory before the FTC’s chief administrative law judge is encouraging, and may allow a federal court to weigh in on the requirements of Section 5’s amorphous unfairness standard, if the full Commission overrules the ALJ. But that case focuses more on how the FTC weighs costs and benefits in each enforcement action than on the issue of how much guidance it provides guidance to industry.”
“It’s high time Congress reasserted itself here,” concluded Szoka. “The FTC has demonstrated little willingness to change from within, and we can’t wait for the courts to address these questions. Congress needs to put the FTC on sounder footing across the board — from data security to privacy and other consumer protection issues. Far from hamstringing the agency, requiring better explanation of what the law requires and weighing of costs and benefits would actually help consumers — both by promoting better business practices and by avoiding FTC actions that end up harming consumers. Such common sense reforms should be bipartisan, just as they were back in 1980, the last time Congress really checked the FTC’s vast discretion.”
Szoka is co-author, along with Geoffrey Manne and Gus Hurwitz, of the FTC: Technology & Reform Project’s initial report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission,” which critiques the FTC’s processes and suggests areas where the FTC, the courts and Congress could improve how the FTC applies its sweeping unfairness and deception powers in data security, privacy and other cases, especially related to technology.
###
We are available for comment at [email protected]. See our other work on FTC Reform and Wyndham, including:
“Wyndham Decision Unsurprising but Misses the Point,” a statement from TechFreedom
“What LabMD & Wyndham Mean for Internet Regulation,” a luncheon discussion co-hosted by TechFreedom and Cause of Action
“FTC’s Competition Policy Statement is Long Overdue,” a statement from TechFreedom
Amici curiae brief in the federal District Court of New Jersey arguing that the FTC’s unfairness claim against Wyndham Hotels is unconstitutionally vague and inadequately pleaded
FTC’s Competition Policy Statement is Long Overdue
WASHINGTON D.C. — Today, the Federal Trade Commission released a policy statement defining the FTC’s Unfair Methods of Competition (UMC) authority, paralleling the policy statements issued by the Commission regarding its consumer protection authority over unfair (1980) and deceptive (1983) acts and practices (UDAP).
The 1-page document reportedly promises that the FTC will only use its UMC authority regarding conduct not covered by the antitrust laws This would end the FTC’s recent trend of making vague claims of unfairness on top of the antitrust laws, which are well-defined by case law and guidelines issued by the FTC and the Department of Justice. The new policy statement also apparently clarifies that, when the FTC does make UMC claims, it will weigh harm to consumers against other benefits — as required by the 1980 Unfairness Policy Statement in consumer protection cases. These are the key limits Commissioner Joshua Wright proposed over two years ago.
“Today’s decision statement is a victory for the rule of law, sound economics, and regulatory humility,” said TechFreedom President Berin Szoka. “In the 1970s, the FTC so abused the amorphous concept of unfairness in consumer protection matters that Congress briefly closed the agency and forced it to issue limiting principles. The Commission avoided addressing the meaning of its UMC authority simply by focusing on pure antitrust enforcement. But in recent years, the FTC has revived UMC in a disturbing line of cases, mostly involving high-tech companies. Unmoored from sound antitrust principles and economic analysis, the Commission strayed into arbitrary, undemocratic and unaccountable policy-making. Today’s policy statement should mean an end to this knight-errancy.”
“Commissioner Wright was right: the only way to limit the FTC’s abuse of UMC is to draw a clear, bright line between UMC and the antitrust laws,” continued Szoka. “So long as the Commission continues to apply its UMC authority over conduct covered by the antitrust laws, UMC will remain a source of regulatory mischief. Commissioner Ohlhausen’s six proposed limiting principles are laudable in theory but the FTC has already shown its willingness to ignore the very sensible limiting principles in its UDAP policy statements — despite Congress codifying the Unfairness statement. The more discretion the Commission has, the more its decisions will be essentially political — especially if companies prove unwilling to litigate even legally shaky UMC cases in court, just as they have proven all too willing to settle UDAP actions. So the key question is just how clearly the new statement limits the FTC to using UMC for conduct beyond what the antitrust laws cover.”
“But Commissioner Ohlhausen is certainly right about process: the Commission should have sought public comment on a draft proposal before voting on it,” concluded Szoka. “In 2012, the Commission summarily revoked its 2003 policy statement on disgorgement of ill-gotten gains in competition cases — reminding everyone that it can withdraw or change a policy statement overnight, as Ohlhausen warned in a scathing dissent. Issuing today’s statement with no public comment process only reinforces this precedent, thus undermining the value of all the FTC’s policy statements as reliable predictors of future enforcement.”
###
We are available for comment at [email protected]. See our other work on FTC reform, especially:
Comments objecting to the FTC’s settlement of charges brought against Nomi Technologies regarding tracking of customers’ movements in-store
FTC Reform Report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission”
TF and ICLE Event on FTC Reform and the agency’s use of economics in digital consumer protection cases
“The Second Century of the Federal Trade Commission,” Berin Szoka and Geoffrey Manney in Techdirt
“The FTC Should Help Unshackle the Sharing Economy,” a statement summarizing TechFreedom and ICLE’s comments on the agency’s workshop on the sharing economy
TF’s comments on the Office of Science and Technology Policy’s “Big Data” inquiry
Yesterday, TechFreedom and the International Center for Law & Economics (ICLE) filed comments to be considered at the Federal Trade Commission’s (FTC) upcoming workshop: The “Sharing” Economy: Issues Facing Platforms, Participants, and Regulators. The comments urge the FTC to establish a permanent advocacy program, serving as a counterweight to entrenched incumbents who typically seek local and state government policies that prevent their markets from being disrupted by “sharing economy” services.
“There will always be counter-productive state and local laws that restrict new ways of serving consumers, yet the FTC spends only a tiny fraction of its resources on competition advocacy,” said Berin Szoka, President of TechFreedom, noting that, while the FTC does not clearly break out its advocacy budget, it could account for less than 1% of the agency’s total budget. “For years, Uber, Lyft, and other sharing-economy companies have been grappling with regulators doing the bidding of established industries. But the FTC’s been asleep at the wheel — too busy harassing tech companies over their use of customer data.”
“The FTC needs to make advocacy an institutional priority — starting with reviving its 2001-2004 ecommerce advocacy program,” urged Szoka, referring to the Internet Task Force, which counseled state and local regulators against red tape that stopped consumers from buying goods and services online, from contact lenses to wine and legal services. “The FTC also needs to become proactive: it can’t keep waiting for other regulators to ask for its opinion, because those who need it most have no incentive to ask — they’ve been captured by taxis, hotels and other incumbents.”
“Establishing a permanent, expanded advocacy program is easily the best investment the FTC could make, but it does come with risks,” warned Ben Sperry, ICLE Associate Director. “The FTC’s recent history is clear: the more it studies, the more it regulates. Last year’s FTC data broker report is just the latest example. The FTC should resist the tendency to regulate Uber, AirBnB and other sharing economy companies the same way it’s regulated privacy and data security — by bringing major players under consent decrees that force the companies to start vetting product innovations with the FTC. But forcing innovators to ‘play it safe’ will sap the disruptive spirit that has made these companies so successful. So any stepped-up advocacy program needs to be matched with an institutional commitment to regulatory humility.”
On Tuesday, the two organizations expressed concerns about the FTC’s so-called “common law of consent decrees” as de facto regulation created outside the legal system in comments objecting to the FTC’s settlement of charges brought against Nomi Technologies regarding tracking of customers’ movements in-store. The comments urge the FTC to reform its enforcement practices and hold workshops to assess whether its settlements have been consistent with its bedrock policy statements on deception and unfairness.
Szoka and Sperry are available for comment at [email protected], and see our other work on FTC reform, especially:
FTC Reform Report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission”
TF and ICLE Event on FTC Reform and the agency’s use of economics in digital consumer protection cases
“The Second Century of the Federal Trade Commission,” Berin Szoka and Geoffrey Manney in Techdirt
TF’s comments on the Office of Science and Technology Policy’s “Big Data” inquiry
FTC Issues Stealth Regulations over Internet of Things
WASHINGTON D.C. — Today, the FTC released a report recommending “best practices” around privacy and data security for the “Internet of Things” — connected smart home devices, smart cars and the like. The report echoes so-called “recommendations” made by the FTC in other reports since 2010. Commissioner Josh Wright dissented, lamenting that “‘security by design’ and other privacy-related catchphrases … do not appear to contain any meaningful analytical content.” Commissioner Ohlhausen concurred but objected to the report’s call for baseline privacy legislation and embrace of data minimization, which she called a “precautionary principle.”
“This report pays only lip service to meaningful cost-benefit analysis,” said Geoffrey Manne, Executive Director of the International Center for Law & Economics. “The Internet of Things is a nascent and fast-evolving area. To make specific recommendations on the basis of little more than staff impressions of cherry-picked comments about theoretical harms from a one-day workshop — without undertaking any real analysis of any meaningful data — amounts to regulatory malpractice. The FTC has a wealth of economics expertise in-house, which the Bureau of Consumer Protection willfully ignores. Before recommending anything, the FTC needs to consider not only the enormous benefits of the Internet of Things, but, more importantly, whether the consumer benefits of any ‘recommendation’ outweigh its costs on the margin. That’s regulatory economics 101.”
“Since 2010, we’ve seen a radical change: The purpose of FTC workshop reports is no longer to produce a better understanding of complex consumer protection issues,” concluded Szoka. “Instead, the Chairman and a small number of FTC staffers now seek to use workshop reports to put the agency’s institutional weight behind their own agenda, which is driven more by a neo-Naderite ideology than rigorous analysis.”
Background
In the 1970s, the FTC ran amuck, trying to ban advertising to kids and micromanage everything from funeral homes to labor practices.
In 1980, a heavily Democratic Congress required the FTC to build a rigorous record before regulating, and to constrain its vast ‘unfairness’ authority through cost-benefit analysis.
Since 2010, the FTC has increasingly tried to convert its ‘recommendations’ into regulations in two ways:
Baking them into the consent decrees the FTC extracts from companies that don’t want to undergo the ordeal of fighting the agency.
Claiming that violations of recommendations made in a workshop report can trigger liability under Section 5 of the FTC Act: most notably, its complaint against LabMD rests in part on the FTC’s 2005 staff report about peer-to-peer file sharing.
Until 2010, FTC reports attempted to synthesize a complex record, which helped inform everyone’s understanding of evolving technologies and business practices, their benefits, and the consumer protection concerns they raise. Occasionally, an FTC report would recommend legislation — but never the kinds of sweeping ‘recommendations’ to private companies that have become commonplace since the FTC’s 2010 staff privacy report.
For example, a 2005 staff report on peer-to-peer file-sharing made only short, high-level suggestions to industry.
In May 2014, in a series of footnotes, Commissioner Wright objected to the FTC’s Data Broker Report making a series of legislative recommendations without adequate basis.
Szoka and Manne are available for comment at [email protected], and see our other work on Big Data and FTC reform, especially:
FTC Reform Report, “Consumer Protection & Competition Regulation in a High-Tech World: Discussing the Future of the Federal Trade Commission”
TF and ICLE Event on FTC Reform and the agency’s use of economics in digital consumer protection cases
“The Second Century of the Federal Trade Commission,” Berin Szoka and Geoffrey Manney in Techdirt
TF’s comments on the Office of Science and Technology Policy’s “Big Data” inquiry
Cost-benefit analysis is supposed to be at the heart of the FTC’s unfairness powers. But the FTC doesn’t really bother with CBA in privacy cases, as FTC Commissioner Josh Wright lamented in an interview last summer with Chris Wolf for IAPP about the FTC’s report on data brokers:
We have a lot of work to do on the cost side of the ledger as well. We have no idea what the costs for businesses would be to implement consumer control over any and all data shared by data brokers and to what extent these costs would ultimately be passed on to consumers. This could be especially problematic in areas where the costs to businesses are high but where the ultimate benefit to consumers is minimal. For example, the costs to effectuate opt-out mechanisms might be high in certain circumstances and may not offer consumers any real benefit. If consumers have minimal concerns about the sharing of certain types of information—perhaps information that is already publicly available—I think we should know that before requiring data brokers to alter their practices and expend resources.