Archives For consumer protection

Today the Federal Trade Commission (FTC) missed the mark in authorizing release of a staff report calling for legislation and regulation of the “Internet of Things.”

The Internet of Things is already affecting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars and household appliances, among other applications.  Such devices offer the potential for improved health-monitoring, safer highways, and more efficient home energy use, and a myriad of other potential benefits.  The rapidly increasing use of such devices, which transfer data electronically, also raises privacy and security concerns.  In November 2014 the FTC convened a one-day workshop to study the rapidly changing Internet of Things.

On January 27, 2015, the FTC staff released a report based on the record established by the workshop and follow-on comments from the public.  Unfortunately, the report went far beyond describing the state of play and setting forth the views of interested parties.  In particular, the FTC staff recommended detailed approaches businesses should follow to promote security and privacy in the Internet of Things, and repeated its prior call for strong data security and breach notification legislation.  The FTC voted 4-1 to issue the staff report, with Commissioner Joshua Wright dissenting and Commissioner Maureen Ohlhausen concurring but expressing opposition to two of the report’s recommendations (calling for privacy legislation and for companies to delete “excessive” but valuable data).

Commissioner Wright’s thoughtful dissent centers on the report’s failure to apply cost-benefit analysis to its recommendations, without which it is not possible to determine whether the recommendations are socially beneficial or harmful.  As Wright points out (footnotes omitted):

“Acknowledging in passing, as the Workshop Report does, that various courses of actions related to the Internet of Things may well have some potential costs and benefits does not come close to passing muster as cost-benefit analysis. The Workshop Report does not perform any actual analysis whatsoever to ensure that, or even to give a rough sense of the likelihood that the benefits of the staff’s various proposals exceed their attendant costs. Instead, the Workshop Report merely relies upon its own assertions and various surveys that are not necessarily representative and, in any event, do not shed much light on actual consumer preferences as revealed by conduct in the marketplace. This is simply not good enough; there is too much at stake for consumers as the Digital Revolution begins to transform their homes, vehicles, and other aspects of daily life.”

More specifically, Wright critiques the FTC’s proposal that companies limit the scope of data retention (“data minimization”) to protect consumers’ “reasonable expectations” and deter data thieves – as he explains, this proposal fails to discuss the magnitude of such costs to consumers and supplies no evidence demonstrating that the benefits of data minimization will outweigh its costs to consumers.  In a similar vein, Wright opposes the report’s proposal that companies adopt specific “security by design” measures, noting that:

“Relying upon the application of these concepts and the Fair Information Practice Principles to the Internet of Things can instead substitute for the sort of rigorous economic analysis required to understand the tradeoffs facing firms and consumers. An economic and evidence-based approach sensitive to those tradeoffs is much more likely to result in consumer-welfare enhancing consumer protection regulation. To the extent concepts such as security by design or data minimization are endorsed at any cost – or without regard to whether the marginal cost of a particular decision exceeds its marginal benefits – then application of these principles will result in greater compliance costs without countervailing benefit. Such costs will be passed on to consumers in the form of higher prices or less useful products, as well as potentially deter competition and innovation among firms participating in the Internet of Things.”

In sum, Wright concludes:

“Before setting forth industry best practices and recommendations for broad-based privacy legislation relating to the Internet of Things – proposals that could have a profound impact upon consumers – the Commission and its staff should, at a minimum, undertake the necessary work not only to identify the potential costs and benefits of implementing such best practices and recommendations, but also to perform analysis sufficient to establish with reasonable confidence that such benefits are not outweighed by their costs at the margin of policy intervention.”

The FTC does best when it rigorously evaluates the costs and benefits of its regulatory recommendations and proposed enforcement actions.  Unfortunately, in recent years it has lost sight of this common sense principle (particularly in the consumer protection area) in imposing highly burdensome advertising substantiation and data security enforcement requirements through litigation and consent decrees.  The detailed recommendations in the Internet of Things report suggest that the FTC may be eyeing public reports as a new source of “friendly persuasion.”  Because many firms may choose to adopt costly FTC business practice “suggestions” so as to avoid costly investigations and litigation, the actual harm in foregone business innovation and consumer welfare losses may not be readily apparent.  The competitive process and American consumers, however, are the losers – as are smaller companies that can less afford to absorb the costs of FTC micromanagement than their larger rivals.

In my just published Heritage Foundation Legal Memorandum, I argue that the U.S. Federal Trade Commission (FTC) should substantially scale back its overly aggressive “advertising substantiation” program, which disincentivizes firms from providing the public with valuable information about the products they sell.  As I explain:

“The . . . [FTC] has a long history of vigorously combating false and deceptive advertising under its statutory authorities, but recent efforts by the FTC to impose excessive ‘advertising substantiation’ requirements on companies go far beyond what is needed to combat false advertising. Such actions threaten to discourage companies from providing useful information that consumers value and that improves the workings of the marketplace. They also are in tension with constitutional protection for commercial speech. The FTC should reform its advertising substantiation policy and allow businesses greater flexibility to tailor their advertising practices, which would further the interests of both consumers and businesses. It should also decline to seek ‘disgorgement’ of allegedly ‘ill-gotten gains’ in cases involving advertising substantiation.”

In particular, I recommend that the FTC issue a revised policy statement explaining that it will seek to restrict commercial speech to the minimum extent possible, consistent with fraud prevention, and will not require onerous clinical studies to substantiate non-fraudulent advertising claims.  I also urge that the FTC clarify that it will only seek equitable remedies (including injunctions and financial exactions) in court for cases of clear fraud.

Recently I highlighted problems with the FTC’s enforcement actions targeting companies’ data security protection policies, and recommended that the FTC adopt a cost-benefit approach to regulation in this area.  Yesterday the Heritage Foundation released a more detailed paper by me on this topic, replete with recommendations for new FTC guidance and specific reforms aimed at maintaining appropriate FTC oversight while reducing excessive burdens.  Happy reading!

The U.S. Federal Trade Commission (FTC) continues to expand its presence in online data regulation.  On August 13 the FTC announced a forthcoming workshop to explore appropriate policies toward “big data,” a term used to refer to advancing technologies that are dramatically expanding the commercial collection, analysis, use, and storage of data.  This initiative follows on the heels of the FTC’s May 2014 data broker report, which recommended that Congress impose a variety of requirements on companies that legally collect and sell consumers’ personal information.  (Among other requirements, companies would be required to create consumer data “portals” and implement business procedures that allow consumers to edit and suppress use of their data.)  The FTC also is calling for legislation that would enhance its authority over data security standards and empower it to issue rules requiring companies to inform consumers of security breaches.

These recent regulatory initiatives are in addition to the Commission’s active consumer data enforcement efforts.  Some of these efforts are pursuant to three targeted statutory authorizations – the FTC’s Safeguards Rule (promulgated pursuant to the Gramm-Leach-Bliley Act and directed at non-bank financial institutions), the Fair Credit Reporting Act (directed at consumer protecting agencies), and the Children’s Online Privacy Protection Act (directed at children’s information collected online).

The bulk of the FTC’s enforcement efforts, however, stem from its general authority to proscribe unfair or deceptive practices under Section 5(a)(1) of the FTC ActSince 2002, pursuant to its Section 5 powers, the FTC has filed and settled over 50 cases alleging that private companies used deceptive or ineffective (and thus unfair) practices in storing their data.  (Twitter, LexisNexis, ChoicePoint, GMR Transcription Services, GeneLink, Inc., and mobile device provider HTC are just a few of the firms that have agreed to settle.)  Settlements have involved consent decrees under which the company in question agreed to take a wide variety of “corrective measures” to avoid future harm.

As a matter of first principles, one may question the desirability of FTC data security investigations under Section 5.  Firms have every incentive to avoid data protection breaches that harm their customers, in order to avoid the harm to reputation and business values that stem from such lapses.  At the same time, firms must weigh the costs of alternative data protection systems in determining what the appropriate degree of protection should be.  Economic logic indicates that the optimal business policy is not one that focuses solely on implementing the strongest data protection system program without regard to cost.  Rather, the optimal policy is to invest in enhancing corporate data security up to the point where the marginal benefits of additional security equal the marginal costs, and no further.  Although individual businesses can only roughly approximate this outcome, one may expect that market forces will tend toward the optimal result, as firms that underinvest in data security lose customers and firms that overinvest in security find themselves priced out of the market.  There is no obvious “market failure” that suggests the market should not work adequately in the data security area.  Indeed, there is a large (and growing) amount of information on security systems available to business, and a thriving labor market for IT security specialists to whom companies can turn in designing their security programs.   Nevertheless, it would be naive in the extreme to believe that the FTC will choose to abandon its efforts to apply Section 5 to this area.  With that in mind, let us examine more closely the problems with existing FTC Section 5 data security settlements, with an eye to determining what improvements the Commission might beneficially make if it is so inclined.

The HTC settlement illustrates the breadth of decree-specific obligations the FTC has imposed.  HTC was required to “establish a comprehensive security program, undergo independent security assessments for 20 years, and develop and release software patches to fix security vulnerabilities.”  HTC also agreed to detailed security protocols that would be monitored by a third party.  The FTC did not cite specific harmful security breaches to justify these sanctions; HTC was merely charged with a failure to “take reasonable steps” to secure smartphone software.  Nor did the FTC explain what specific steps short of the decree requirements would have been deemed “reasonable.”

The HTC settlement exemplifies the FTC’s “security by design” approach to data security, under which the agency informs firms after the fact what they should have done, without exploring what they might have done to pass muster.  Although some academics view the FTC settlements as contributing usefully to a developing “common law” of data privacy, supporters of this approach ignore its inherent ex ante vagueness and the costs decree-specific mandates impose on companies.

Another serious problem stems from the enormous investigative and litigation costs associated with challenging an FTC complaint in this area – costs that incentivize most firms to quickly accede to consent decree terms even if they are onerous.  The sad case of LabMD, a small cancer detection lab, serves as warning to businesses that choose to engage in long-term administrative litigation against the FTC.  Due to the cost burden of the FTC’s multi-year litigation against it (which is still ongoing as of this writing), LabMD was forced to wind down its operations, and it stopped accepting new patients in January 2014.

The LabMD case suggests that FTC data security initiatives, carried out without regard to the scale or resources of the affected companies, have the potential to harm competition.  Relatively large companies are much better able to absorb FTC litigation and investigation costs.  Thus, it may be in the large firms’ interests to encourage the FTC to support intrusive and burdensome new FTC data security initiatives, as part of a “raising rivals’ costs” strategy to cripple or eliminate smaller rivals.  As a competition and consumer welfare watchdog, the FTC should keep this risk in mind when weighing the merits of expanding data security regulations or launching new data security investigations.

A common thread runs through the FTC’s myriad activities in data privacy “space” – the FTC’s failure to address whether its actions are cost-beneficial.  There is little doubt that the FTC’s enforcement actions impose substantial costs, both on businesses subject to decree and investigation, and on other firms possessing data that must contemplate business system redesigns to forestall potential future liability.  As a result, business innovation suffers.  Furthermore, those costs are passed on at least in part to consumers, in the form of higher prices and a reduction in the quality and quantity of new products and services.  The FTC should, consistent with its consumer welfare mandate, carefully weigh these costs against the presumed benefits flowing from a reduction in future data breaches.  A failure to carry out a cost-benefit appraisal, even a rudimentary one, makes it impossible to determine whether the FTC’s much touted data privacy projects are enhancing or reducing consumer welfare.

FTC Commissioner Josh Wright recently gave voice to the importance of cost benefit analysis in commenting on the FTC’s data brokerage report – a comment that applies equally well to all of the FTC’s data protection and privacy initiatives:

“I would . . . like to see evidence of the incidence and scope of consumer harms rather than just speculative hypotheticals about how consumers might be harmed before regulation aimed at reducing those harms is implemented.  Accordingly, the FTC would need to quantify more definitively the incidence or value of data broker practices to consumers before taking or endorsing regulatory or legislative action. . . .  We have no idea what the costs for businesses would be to implement consumer control over any and all data shared by data brokers and to what extent these costs would ultimately be passed on to consumers.  Once again, a critical safeguard to insure against the risk that our recommendations and actions do more harm than good for consumers is to require appropriate and thorough cost-benefit analysis before acting.  This failure could be especially important where the costs to businesses from complying with any recommendations are high, but where the ultimate benefit generated for consumers is minimal. . . .  If consumers have minimal concerns about the sharing of certain types of information – perhaps information that is already publicly available – I think we should know that before requiring data brokers to alter their practices and expend resources and incur costs that will be passed on to consumers.”

The FTC could take several actions to improve its data enforcement policies.  First and foremost, it could issue Data Security Guidelines that (1) clarify the FTC’s enforcement actions regarding data security will be rooted in cost-benefit analysis, and (2) will take into account investigative costs as well as (3) reasonable industry self-regulatory efforts.  (Such Guidelines should be framed solely as limiting principles that tie the FTC’s hands to avoid enforcement excesses.  They should studiously avoid dictating to industry the data security principles that firms should adopt.)  Second, it could establish an FTC website portal that features continuously updated information on the Guidelines and other sources of guidance on data security. Third, it could employ cost-benefit analysis before pursuing any new regulatory initiatives, legislative recommendations, or investigations related to other areas of data protection.  Fourth, it could urge its foreign counterpart agencies to adopt similar cost-benefit approaches to data security regulation.

Congress could also improve the situation by enacting a narrowly tailored statute that preempts all state regulation related to data protection.  Forty-seven states now have legislation in this area, which adds additional burdens to those already imposed by federal law.  Furthermore, differences among state laws render the data protection efforts of merchants who may have to safeguard data from across the country enormously complex and onerous.  Given the inherently interstate nature of electronic commerce and associated data breaches, preemption of state regulation in this area would comport with federalism principles.  (Consistent with public choice realities, there is always the risk, of course, that Congress might be tempted to go beyond narrow preemption and create new and unnecessary federal powers in this area.  I believe, however, that such a risk is worth running, given the potential magnitude of excessive regulatory burdens, and the ability to articulate a persuasive public policy case for narrow preemptive legislation.)

Stay tuned for a more fulsome discussion of these issues by me.

“Operation Choke Point” (OCP) is an interdepartmental initiative by the U.S. Department of Justice (DOJ) and federal financial services regulators to discourage financial intermediaries from dealing with consumer fraud-plagued industries.  In an August 4 Heritage Foundation Legal Memorandum, I discuss the misapplication of this potentially beneficial project and recommend possible measures to reform OCP.

If OCP properly focused on helping financial intermediaries better identify indicia of fraud, it would be a laudable initiative.  A recent report by the House Committee on Government Oversight and Government Reform, however, reveals that financial services agencies, such as the Federal Deposit Insurance Corporation, have under the aegis of OCP created lists of disfavored but lawful industries.  Payday lenders are on the list, but so are such business categories as firearms sales, ammunition sales, and credit repair services, to name just a few.  Apparently third party financial intermediaries may have been “encouraged” by federal regulators not to deal with firms in “disfavored” sectors.  To the extent this is happening, it raises serious rule of law concerns.  Regulators have no legal authority to direct private financial services away from government-disfavored but fully legal activity – such actions promote unfair legally disparate treatment of commercial actors.  Moreover, financial intermediaries and the firms they are pressured into “choking off” suffer welfare losses from such conduct, as do the consumers who are denied access to (or pay higher prices for) desired goods and services supplied by the “choked off” merchants.

Another problem associated with OCP is the Federal Trade Commission’s recent litigation against lawful payment processors and other financial intermediaries for dealing with businesses allegedly engaged in fraud.  The FTC has taken these actions without proof that the intermediaries knew that their clients were engaging in fraud.  The FTC’s actions also may be undermining the usefulness of private sector self-regulatory efforts – embodied, for example, in April 2014 guidelines by the Electronic Transactions Association providing underwriting and monitoring standards that could help payment processors better spot fraud.

My Heritage Legal Memorandum suggests the following measures could reorient OCP in a socially beneficial direction:

  • DOJ and all Financial Fraud Enforcement Task Force agencies (federal regulators) should inform the bank and non-bank financial intermediaries they regulate that they are rescinding all lists of “problematic” industries engaging in lawful activities (for example, legal gun sellers) that may trigger federal enforcement concern.
  • In implementing OCP, the federal regulators should state publicly that they oppose all discrimination against companies on grounds that are not directly related to a proven propensity for engaging in fraud or other serious illegal conduct.
  • In implementing OCP, if backed by empirical evidence, federal regulators should issue very specific red-flag indicia of fraud by merchants which, if discovered by financial intermediaries, may justify termination of the intermediaries’ relationships with those merchants, as well as informing the appropriate regulatory agencies. This guidance should clarify that the onus is not being placed on the intermediaries to uncover the indicia and that the intermediaries will not be subject to federal investigation or sanction if fraud by the merchants subsequently is revealed so long as the merchants acted with reasonable prudence, consistent with sound business practices.
  • The FTC should issue a policy statement providing that it will not sue payment processors based on alleged fraud by merchants unless there is evidence that the processors knowingly participated in fraud. Further, the statement should express a preference for deferring in the first place and whenever reasonable to industry self-regulation.

Adoption by federal regulators of recommendations along these lines would protect consumers from financial fraud without hobbling legitimate business interests and depriving consumers of full access to the legal products and services they desire.

The Federal Trade Commission’s recent enforcement actions against Amazon and Apple raise important questions about the FTC’s consumer protection practices, especially its use of economics. How does the Commission weigh the costs and benefits of its enforcement decisions? How does the agency employ economic analysis in digital consumer protection cases generally?

Join the International Center for Law and Economics and TechFreedom on Thursday, July 31 at the Woolly Mammoth Theatre Company for a lunch and panel discussion on these important issues, featuring FTC Commissioner Joshua Wright, Director of the FTC’s Bureau of Economics Martin Gaynor, and several former FTC officials. RSVP here.

Commissioner Wright will present a keynote address discussing his dissent in Apple and his approach to applying economics in consumer protection cases generally.

Geoffrey Manne, Executive Director of ICLE, will briefly discuss his recent paper on the role of economics in the FTC’s consumer protection enforcement. Berin Szoka, TechFreedom President, will moderate a panel discussion featuring:

  • Martin Gaynor, Director, FTC Bureau of Economics
  • David Balto, Fmr. Deputy Assistant Director for Policy & Coordination, FTC Bureau of Competition
  • Howard Beales, Fmr. Director, FTC Bureau of Consumer Protection
  • James Cooper, Fmr. Acting Director & Fmr. Deputy Director, FTC Office of Policy Planning
  • Pauline Ippolito, Fmr. Acting Director & Fmr. Deputy Director, FTC Bureau of Economics

Background

The FTC recently issued a complaint and consent order against Apple, alleging its in-app purchasing design doesn’t meet the Commission’s standards of fairness. The action and resulting settlement drew a forceful dissent from Commissioner Wright, and sparked a discussion among the Commissioners about balancing economic harms and benefits in Section 5 unfairness jurisprudence. More recently, the FTC brought a similar action against Amazon, which is now pending in federal district court because Amazon refused to settle.

Event Info

The “FTC: Technology and Reform” project brings together a unique collection of experts on the law, economics, and technology of competition and consumer protection to consider challenges facing the FTC in general, and especially regarding its regulation of technology. The Project’s initial report, released in December 2013, identified critical questions facing the agency, Congress, and the courts about the FTC’s future, and proposed a framework for addressing them.

The event will be live streamed here beginning at 12:15pm. Join the conversation on Twitter with the #FTCReform hashtag.

When:

Thursday, July 31
11:45 am – 12:15 pm — Lunch and registration
12:15 pm – 2:00 pm — Keynote address, paper presentation & panel discussion

Where:

Woolly Mammoth Theatre Company – Rehearsal Hall
641 D St NW
Washington, DC 20004

Questions? – Email mail@techfreedom.orgRSVP here.

See ICLE’s and TechFreedom’s other work on FTC reform, including:

  • Geoffrey Manne’s Congressional testimony on the the FTC@100
  • Op-ed by Berin Szoka and Geoffrey Manne, “The Second Century of the Federal Trade Commission”
  • Two posts by Geoffrey Manne on the FTC’s Amazon Complaint, here and here.

About The International Center for Law and Economics:

The International Center for Law and Economics is a non-profit, non-partisan research center aimed at fostering rigorous policy analysis and evidence-based regulation.

About TechFreedom:

TechFreedom is a non-profit, non-partisan technology policy think tank. We work to chart a path forward for policymakers towards a bright future where technology enhances freedom, and freedom enhances technology.

Today the FTC filed its complaint in federal district court in Washington against Amazon, alleging that the company’s in-app purchasing system permits children to make in-app purchases without parental “informed consent” constituting an “unfair practice” under Section 5 of the FTC Act.

As I noted in my previous post on the case, in bringing this case the Commission is doubling down on the rule it introduced in Apple that effectively converts the balancing of harms and benefits required under Section 5 of the FTC Act to a per se rule that deems certain practices to be unfair regardless of countervailing benefits. Similarly, it is attempting to extend the informed consent standard it created in Apple that essentially maintains that only specific, identified practices (essentially, distinct notification at the time of purchase or opening of purchase window, requiring entry of a password to proceed) are permissible under the Act.

Such a standard is inconsistent with the statute, however. The FTC’s approach forecloses the ability of companies like Amazon to engage in meaningful design decisions and disregards their judgment about which user interface designs will, on balance, benefit consumers. The FTC Act does not empower the Commission to disregard the consumer benefits of practices that simply fail to mimic the FTC’s preconceived design preferences. While that sort of approach might be defensible in the face of manifestly harmful practices like cramming, it is wholly inappropriate in the context of app stores like Amazon’s that spend considerable resources to design every aspect of their interaction with consumers—and that seek to attract, not to defraud, consumers.

Today’s complaint occasions a few more observations:

  1. Amazon has a very strong case. Under Section 5 of the FTC Act, the Commission will have to prevail on all three elements required to prove unfairness under Section 5: that there is substantial injury, that consumers can’t reasonably avoid the injury and that any countervailing benefits don’t outweigh the injury. But, consistent with its complaint and consent order in Apple, the Amazon complaint focuses almost entirely on only the first of these. While that may have been enough to induce Apple to settle out of court, the FTC will actually have to make out a case on reasonable avoidance and countervailing benefits at trial. It’s not at all clear that the agency will be able to do so on the facts alleged here.
  2. On reasonable avoidance, over and above Amazon’s general procedures that limit unwanted in-app purchases, the FTC will have a tough time showing that Amazon’s Kindle Free Time doesn’t provide parents with more than enough ability to avoid injury. In fact, the complaint doesn’t mention Free Time at all.
  3. Among other things, the complaint asserts that Amazon knew about issues with in-app purchasing by December of 2011 and claims that “[n]ot until June 2014 did Amazon change its in-app charge framework to obtain account holders’ informed consent for in-app charges on its newer mobile devices.” But Kindle Free Time was introduced in September of 2012. While four FTC Commissioners may believe that Free Time isn’t a sufficient response to the alleged problem, it is clearly a readily available, free and effective (read: reasonable) mechanism for parents to avoid the alleged harms. It may not be what the design mavens at the FTC would have chosen to do, but it seems certain that avoiding unauthorized in-app purchases by children was part of what motivated Amazon’s decision to create and offer Free Time.
  4. On countervailing benefits, as Commissioner Wright discussed in detail in his dissent from the Apple consent order, the Commission seems to think that it can simply assert that there are no countervailing benefits to Amazon’s design choices around in-app purchases. Here the complaint doesn’t mention 1-Click at all, which is core to Amazon’s user interface design and essential to evaluating the balance of harms and benefits required by the statute.
  5. Even if it can show that Amazon’s in-app purchase practices caused harm, the Commission will still have to demonstrate that Amazon’s conscious efforts to minimize the steps required to make purchases doesn’t benefit consumers on balance. In Apple, the FTC majority essentially (and improperly) valued these sorts of user-interface benefits at zero. It implicitly does so again here, but a court will require more than such an assertion.
  6. Given these lapses, there is even a chance that the complaint will be thrown out on a motion to dismiss. It’s a high bar, but if the court agrees that there are insufficient facts in the complaint to make out a plausible case on all three elements, Amazon could well prevail on a motion to dismiss. The FTC’s approach in the Apple consent order effectively maintains that the agency can disregard reasonable avoidance and countervailing benefits in contravention of the statute. By following the same approach here in actual litigation, the FTC may well meet resistance from the courts, which have not yet so cavalierly dispensed with the statute’s requirements.

The Wall Street Journal reports this morning that Amazon is getting — and fighting — the “Apple treatment” from the FTC for its design of its in-app purchases:

Amazon.com Inc. is bucking a request from the Federal Trade Commission that it tighten its policies for purchases made by children while using mobile applications.

In a letter to the FTC Tuesday, Amazon said it was prepared to “defend our approach in court,” rather than agree to fines and additional record keeping and disclosure requirements over the next 20 years, according to documents reviewed by The Wall Street Journal.

According to the documents, Amazon is facing a potential lawsuit by the FTC, which wants the Seattle retailer to accept terms similar to those that Apple Inc. agreed to earlier this year regarding so-called in-app purchases.

From what I can tell, the Commission has voted to issue a complaint, and Amazon has informed the Commission that it will not accept its proposed settlement.

I am thrilled that Amazon seems to have decided to fight the latest effort by a majority of the FTC to bring every large tech company under 20-year consent decree. I should say: I’m disappointed in the FTC, sorry for Amazon, but thrilled for consumers and the free marketplace that Amazon is choosing to fight rather than acquiesce.

As I wrote earlier this year about the FTC’s case against Apple in testimony before the House Commerce Committee:

What’s particularly notable about the Apple case – and presumably will be in future technology enforcement actions predicated on unfairness – is the unique relevance of the attributes of the conduct at issue to its product. Unlike past, allegedly similar, cases, Apple’s conduct was not aimed at deceiving consumers, nor was it incidental to its product offering. But by challenging the practice, particularly without the balancing of harms required by Section 5, the FTC majority failed to act with restraint and substituted its own judgment, not about some manifestly despicable conduct, but about the very design of Apple’s products. This is the sort of area where regulatory humility is more — not less — important.

In failing to observe common sense limits in Apple, the FTC set a dangerous precedent that, given the agency’s enormous regulatory scope and the nature of technologically advanced products, could cause significant harm to consumers.

Here that failure is even more egregious. Amazon has built its entire business around the “1-click” concept — which consumers love — and implemented a host of notification and security processes hewing as much as possible to that design choice, but nevertheless taking account of the sorts of issues raised by in-app purchases. Moreover — and perhaps most significantly — it has implemented an innovative and comprehensive parental control regime (including the ability to turn off all in-app purchases) — Kindle Free Time — that arguably goes well beyond anything the FTC required in its Apple consent order. I use Kindle Free Time with my kids and have repeatedly claimed to anyone who will listen that it is the greatest thing since sliced bread. Other consumers must feel similarly. Finally, regardless of all of that, Amazon has nevertheless voluntarily implemented additional notification procedures intended to comply with the Apple settlement, even though it didn’t apply to Amazon.

If the FTC asserts, in the face of all of that, that it’s own vision of what “appropriate” in-app purchase protections must look like is the only one that suffices to meet the standard required by Section 5’s Unfairness language, it is either being egregiously disingenuous, horrifically vain, just plain obtuse, or some combination of the three.

As I wrote in my testimony:

The application of Section 5’s “unfair acts and practices” prong (the statute at issue in Apple) is circumscribed by Section 45(n) of the FTC Act, which, among other things, proscribes enforcement where injury is “not outweighed by countervailing benefits to consumers or to competition.”

And as Commissioner Wright noted in his dissent in the Apple case,

[T]he Commission effectively rejects an analysis of tradeoffs between the benefits of additional guidance and potential harm to some consumers or to competition from mandating guidance…. I respectfully disagree. These assumptions adopt too cramped a view of consumer benefits under the Unfairness Statement and, without more rigorous analysis to justify their application, are insufficient to establish the Commission’s burden.

We won’t know until we see the complaint whether the FTC has failed to undertake the balancing it neglected to perform in Apple and that it is required to perform under the statute. But it’s hard to believe that it could mount a case against Amazon in light of the facts if it did perform such a balancing. There’s no question that Amazon has implemented conscious and consumer-welfare-enhancing design choices here. The FTC’s effort to nevertheless mandate a different design (and put Amazon under a 20 year consent decree) based on a claim that Amazon’s choices impose greater harms than benefits on consumers seems manifestly unsupportable.

Such a claim almost certainly represents an abuse of the agency’s discretion, and I expect Amazon to trounce the FTC if this case goes to trial.

As it begins its hundredth year, the FTC is increasingly becoming the Federal Technology Commission. The agency’s role in regulating data security, privacy, the Internet of Things, high-tech antitrust and patents, among other things, has once again brought to the forefront the question of the agency’s discretion and the sources of the limits on its power.Please join us this Monday, December 16th, for a half-day conference launching the year-long “FTC: Technology & Reform Project,” which will assess both process and substance at the FTC and recommend concrete reforms to help ensure that the FTC continues to make consumers better off.

FTC Commissioner Josh Wright will give a keynote luncheon address titled, “The Need for Limits on Agency Discretion and the Case for Section 5 UMC Guidelines.” Project members will discuss the themes raised in our inaugural report and how they might inform some of the most pressing issues of FTC process and substance confronting the FTC, Congress and the courts. The afternoon will conclude with a Fireside Chat with former FTC Chairmen Tim Muris and Bill Kovacic, followed by a cocktail reception.

Full Agenda:

  • Lunch and Keynote Address (12:00-1:00)
    • FTC Commissioner Joshua Wright
  • Introduction to the Project and the “Questions & Frameworks” Report (1:00-1:15)
    • Gus Hurwitz, Geoffrey Manne and Berin Szoka
  • Panel 1: Limits on FTC Discretion: Institutional Structure & Economics (1:15-2:30)
    • Jeffrey Eisenach (AEI | Former Economist, BE)
    • Todd Zywicki (GMU Law | Former Director, OPP)
    • Tad Lipsky (Latham & Watkins)
    • Geoffrey Manne (ICLE) (moderator)
  • Panel 2: Section 5 and the Future of the FTC (2:45-4:00)
    • Paul Rubin (Emory University Law and Economics | Former Director of Advertising Economics, BE)
    • James Cooper (GMU Law | Former Acting Director, OPP)
    • Gus Hurwitz (University of Nebraska Law)
    • Berin Szoka (TechFreedom) (moderator)
  • A Fireside Chat with Former FTC Chairmen (4:15-5:30)
    • Tim Muris (Former FTC Chairman | George Mason University) & Bill Kovacic (Former FTC Chairman | George Washington University)
  • Reception (5:30-6:30)
Our conference is a “widely-attended event.” Registration is $75 but free for nonprofit, media and government attendees. Space is limited, so RSVP today!

Working Group Members:
Howard Beales
Terry Calvani
James Cooper
Jeffrey Eisenach
Gus Hurwitz
Thom Lambert
Tad Lipsky
Geoffrey Manne
Timothy Muris
Paul Rubin
Joanna Shepherd-Bailey
Joe Sims
Berin Szoka
Sasha Volokh
Todd Zywicki

image

Please join us at the Willard Hotel in Washington, DC on December 16th for a conference launching the year-long project, “FTC: Technology and Reform.” With complex technological issues increasingly on the FTC’s docket, we will consider what it means that the FTC is fast becoming the Federal Technology Commission.

The FTC: Technology & Reform Project brings together a unique collection of experts on the law, economics, and technology of competition and consumer protection to consider challenges facing the FTC in general, and especially regarding its regulation of technology.

For many, new technologies represent “challenges” to the agency, a continuous stream of complex threats to consumers that can be mitigated only by ongoing regulatory vigilance. We view technology differently, as an overwhelmingly positive force for consumers. To us, the FTC’s role is to promote the consumer benefits of new technology — not to “tame the beast” but to intervene only with caution, when the likely consumer benefits of regulation outweigh the risk of regulatory error. This conference is the start of a year-long project that will recommend concrete reforms to ensure that the FTC’s treatment of technology works to make consumers better off. Continue Reading…