Archives For privacy

Federalist Society and AALS talks this week

Geoffrey Manne —  2 January 2013

I’ll be headed to New Orleans tomorrow to participate in the Federalist Society Faculty Conference and the AALS Annual Meeting.

For those attending and interested, I’ll be speaking at the Fed Soc on privacy and antitrust, and at AALS on Google and antitrust.  Details below.  I hope to see you there!

Federalist Society:

Seven-Minute Presentations of Works in Progress – Part I
Friday, January 4, 5:00 p.m. – 6:00 p.m.
Location: Bacchus Room, Wyndham Riverfront Hotel

  • Prof. Geoffrey Manne, Lewis & Clark School of Law, “Is There a Place for Privacy in Antitrust?”
  • Prof. Zvi Rosen, New York University School of Law, “Discharging Fiduciary Debts in Bankruptcy”
  • Prof. Erin Sheley, George Washington University School of Law, “The Body, the Self, and the Legal Account of Harm”
  • Prof. Scott Shepard, John Marshall Law School, “A Negative Externality by Any Other Name: Using Emissions Caps as Models for Constraining Dead-Weight Costs of Regulation”
  • ModeratorProf. David Olson, Boston College Law School

AALS:

Google and Antitrust
Saturday, January 5, 10:30 a.m. – 12:15 p.m.
Location: Newberry, Third Floor, Hilton New Orleans Riverside

  • Moderator: Michael A. Carrier, Rutgers School of Law – Camden
  • Marina L. Lao, Seton Hall University School of Law
  • Geoffrey A. Manne, Lewis & Clark Law School
  • Frank A. Pasquale, Seton Hall University School of Law
  • Mark R. Patterson, Fordham University School of Law
  • Pamela Samuelson, University of California, Berkeley, School of Law
In administrative, announcements, antitrust, google, privacy ,
permalink

FTC sacrifices the rule of law for more flexibility; Commissioner Ohlhausen wisely dissents

Geoffrey Manne —  1 August 2012

On July 31 the FTC voted to withdraw its 2003 Policy Statement on Monetary Remedies in Competition Cases.  Commissioner Ohlhausen issued her first dissent since joining the Commission, and points out the folly and the danger in the Commission’s withdrawal of its Policy Statement.

The Commission supports its action by citing “legal thinking” in favor of heightened monetary penalties and the Policy Statement’s role in dissuading the Commission from following this thinking:

It has been our experience that the Policy Statement has chilled the pursuit of monetary remedies in the years since the statement’s issuance. At a time when Supreme Court jurisprudence has increased burdens on plaintiffs, and legal thinking has begun to encourage greater seeking of disgorgement, the FTC has sought monetary equitable remedies in only two competition cases since we issued the Policy Statement in 2003.

In this case, “legal thinking” apparently amounts to a single 2009 article by Einer Elhague.  But it turns out Einer doesn’t represent the entire current of legal thinking on this issue.  As it happens, Josh Wright and Judge Ginsburg looked at the evidence in 2010 and found no evidence of increased deterrence (of price fixing) from larger fines:

If the best way to deter price-fixing is to increase fines, then we should expect the number of cartel cases to decrease as fines increase. At this point, however, we do not have any evidence that a still-higher corporate fine would deter price-fixing more effectively. It may simply be that corporate fines are misdirected, so that increasing the severity of sanctions along this margin is at best irrelevant and might counter-productively impose costs upon consumers in the form of higher prices as firms pass on increased monitoring and compliance expenditures.

Commissioner Ohlhausen points out in her dissent that there is no support for the claim that the Policy Statement has led to sub-optimal deterrence and quite sensibly finds no reason for the Commission to withdraw the Policy Statement.  But even more importantly Commissioner Ohlhausen worries about what the Commission’s decision here might portend:

The guidance in the Policy Statement will be replaced by this view: “[T]he Commission withdraws the Policy Statement and will rely instead upon existing law, which provides sufficient guidance on the use of monetary equitable remedies.”  This position could be used to justify a decision to refrain from issuing any guidance whatsoever about how this agency will interpret and exercise its statutory authority on any issue. It also runs counter to the goal of transparency, which is an important factor in ensuring ongoing support for the agency’s mission and activities. In essence, we are moving from clear guidance on disgorgement to virtually no guidance on this important policy issue.

An excellent point.  If the standard for the FTC issuing policy statements is the sufficiency of the guidance provided by existing law, then arguably the FTC need not offer any guidance whatever.

But as we careen toward a more and more active role on the part of the FTC in regulating the collection, use and dissemination of data (i.e., “privacy”), this sets an ominous precedent.  Already the Commission has managed to side-step the courts in establishing its policies on this issue by, well, never going to court.  As Berin Szoka noted in recent Congressional testimony:

The problem with the unfairness doctrine is that the FTC has never had to defend its application to privacy in court, nor been forced to prove harm is substantial and outweighs benefits.

This has lead Berin and others to suggest — and the chorus will only grow louder — that the FTC clarify the basis for its enforcement decisions and offer clear guidance on its interpretation of the unfairness and deception standards it applies under the rubric of protecting privacy.  Unfortunately, the Commission’s reasoning in this action suggests it might well not see fit to offer any such guidance.

In antitrust, consumer protection, federal trade commission, privacy , , , , ,
permalink

New Technology in Europe

Paul H. Rubin —  21 May 2012

Last week the New York Times ran an article, “Building the Next Facebook a Tough Task in Europe“, by Eric Pfanner, discussing the lack of major high tech innovation in Europe.  Eric Pfanner discusses the importance of such investment, and then speculates on the reason for the lack of such innovation.  The ultimate conclusion is that there is a lack of venture capital in Europe for various cultural and historical reasons.  This explanation of course makes no sense.  Capital is geographically mobile and if European tech start ups were a profitable investment that Europeans were afraid to bankroll, American investors would be on the next plane.

Here is a better explanation.  In the name of “privacy,” the EU greatly restricts the use of consumer online  information.  Josh Lerner has a recent paper, “The Impact of Privacy Policy Changes on Venture Capital Investment in Online Advertising Companies” (based in part on the work of Avi Goldfarb and Catherine E. Tucker, “Privacy Regulation and Online Advertising“) finding that this restriction on the use of information is a large part of the explanation for the lack of tech investment in Europe.  Tom Lenard and I have written extensively about the costs of privacy regulation (for example, here) and this is just another example of these costs, although the costs are much greater in Europe than they are here (so far.)

In advertising, consumer protection, intellectual property, privacy, regulation, technology
permalink

I Will be Participating Today on the Live Webcast “This Week in Law”

Geoffrey Manne —  6 April 2012

Today at 11AM PT I will be participating on the live webcast “This Week in Law” along with TechFreedom Senior Adjunct Fellow Larry Downes. Denise Howell will be hosting and we will also be joined by fellow participant Evan Brown. This week we will be discussing various topics in tech policy including Senator Al Franken’s lambast of Facebook and Google, the newly opened antitrust investigation of Motorola Mobility by the European Commission, and the continued problem of spectrum crunch.

This Week in Law is recorded live every Friday at 11:00am PT/2:00pm ET and covers topics primarily in law, technology, and public policy. You do not have to register, just follow this link at 11:00am PT/2:00pm ET to watch.

In antitrust, general, net neutrality, politics, privacy
permalink

Privacy Interview

Paul H. Rubin —  27 January 2012

I was recently interview about privacy on the BBC Online Magazine by Kate Dailey.  Here is the interview:

26 January 2012 Last updated at 13:11 ET

Could Google’s data hoarding be good for you?

By Kate Dailey BBC News Magazine

Google’s announcement that is now tracking users’ web movements has upset privacy advocates. But consider what you get in return for the information.

With the news that Google is to merge data collected from its many platforms – including YouTube, Gmail and Blogger – privacy advocates say the company will have more information than it should. Even before this change, web users had too little control over their online information, they say.

“Your data is out there,” says Jeff Blevins, an associate professor of communications law and policy at Iowa State University.

“It’s really blind to us. We don’t know what information they have and how they’re using it, and we have no right to access it.”

Web companies use browsing behaviour to paint consumers into boxes, making assumptions about their identities and targeting ads at them. Sometimes users can opt out. But often they are tracked without even knowing it.

Risk and rewardBut one economist says concerns about privacy are misguided – and that having more online is better than having less.

Users are richly compensated for their personal information, says Paul Rubin, a professor of economics at Emory University in Atlanta. In exchange for it, he says, they receive a free and useful internet.

“It makes the internet work much better, in many dimensions.

“If you and I search on the same topic, we may have different interests, if the results are tailored to me and tailored to you, that’s a better experience.”

When the data is used to sell ads, the ads we get are tailored to things we might like, and the profits can work in our favour.

“Sure, Google makes some money, but they use that money to give away all kinds of stuff, like Gmail,” says Mr Rubin.

“My life is on Google,” he says, referring to the calendars, documents and other services Google provides. “It needs to be funded somehow.”

Avoiding fraud

Counterintuitively, having more information available online could better protect consumers from fraud, Mr Rubin says.

A consumer seeking a new credit agreement, for example, currently has to provide information found in the public record, such as current and previous addresses.

Thieves with only an incomplete set of information – say, your name and social security number – can often access those answers.

But with more information online, a clearer picture of who that social security number really belongs to emerges, making it easier for online verification systems to ask more relevant questions, such as recent purchase history.

“The other thing people worry about is ID theft and fraud, but with more information that’s available, it’s easy to verify someone’s identity,” he says.

The information companies collect does not form a personal dossier so much as a collection of data points and assumptions about each user based on their web history. It is kept separate from a name, face, or address.

And as Business Insider pointed out, those Google assumptions can often miss the mark – incorrectly classifying users based on the data available.

That is in part because only computers are handling the sensitive information collected online, Mr Rubin notes.

“People have a notion that if something is known about them somebody knows it,” he says. “In fact, there’s a huge amount of stuff that’s only known by computers.”

He says reputable companies do a good job of making sure that data stays on the servers and out of human reach.

A data stereotype of an individual’s online shopping behaviour can make it easier to flag when that behaviour is out of the ordinary, for instance.

‘No protections’

Privacy experts worry that the risks of having too much personal information online far exceed the potential rewards.

“At the moment in the US, there are almost no protections,” says Lorrie Cranor, associate professor of computer science and engineering and public policy at Carnegie Mellon University.

“It would be good to have some baselines established – certain types of data uses that can’t be done. To really make it illegal for companies to go and sell this info to your employer or your insurance company, for instance,” she says.

Social media records can be subpoenaed in legal cases, she said. In 2010, Google sacked an engineer accused of inappropriately accessing Gmail accounts to spy on people.

Currently, it is difficult to determine whether Europe’s strong privacy laws are being enforced, says Jonathan Mayer, fellow at the Center for Internet and Society at Stanford University.

He is part of the World Wide Web Consortium Tracking Protection Working Group, which is drafting rules for what data can be collected, and how, across the web.

“The harm for the moment does not seem to be some particular economic injury that people are out in the wild suffering, but the principal of ‘would you hand your web browsing to a stranger’,” he says.

When it comes to privacy protection, he says he would prefer to err on the side of caution.

“It doesn’t seem to me that we should have to wait for the very bad things that could happen before we let users take control of their data,” he says.

In privacy
permalink

Privacy in Europe

Paul H. Rubin —  24 January 2012

The EU is apparently thinking of adopting common and highly restrictive privacy standards which would make use of information by firms much more difficult and would require, for example, that data be retained only as long as necessary.  This is touted as pro-consumer legislation.  However, the effects would be profoundly anti-consumer.  For one thing, ads would be much less targeted, and so consumers would get less valuable ads and would not learn as much about valuable prodcts and services aimed at their interests.  For another effect, fraud and identity theft would become more common as sellers could not use stored information to verify identity.  Finally, costs of doing buisness would increase, and so we would expect to see fewer innovations aimed at the European market, and some sellers might avoid that market entirely.

In privacy
permalink

Carrier IQ: Another Silly Privacy Panic

Paul H. Rubin —  2 December 2011

By now everyone is probably aware of the “tracking” of certain cellphones (Sprint, iPhone, T-Mobile, AT&T perhaps others) by a company called Carrier IQ.  There are lots of discussions available; a good summary is on one of my favorite websites, Lifehacker;  also here from CNET. Apparently the program gathers lots of anonymous data mainly for the purpose of helping carriers improve their service. Nonetheless, there are lawsuits and calls for the FTC to investigate.

Aside from the fact that the data is used only to improve service, it is also useful to ask just what people are afraid of.  Clearly the phone companies already have access to SMS messages if they want it since these go through the phone system anyway.  Moreover, of course, no person would see the data even if it were somehow collected.  The fear is perhaps that “… marketers can use that data to sell you more stuff or send targeted ads…” (from the Lifehacker site) but even if so, so what?  If apps are using data to try to sell you stuff that they think that you want, what is the harm? If you do want it, then the app has done you a service.  If you don’t want it, then you don’t buy it.  Ads tailored to your behavior are likely to be more useful than ads randomly assigned.

The Lifehacker story does use phrases like “freak people out” and “scary” and “creepy.”  But except for the possibility of being sold stuff, the story never explains what is harmful about the behavior.  As I have said before, I think the basic problem is that people cannot understand the notion that something is known but no person knows it.  If some server somewhere knows where your phone has been, so what?

The end result of this episode will probably be somewhat worse phone service.

In advertising, consumer protection, privacy, regulation, technology, telecommunications, wireless
permalink

Privacy Again

Paul H. Rubin —  15 November 2011

Today’s Wall Street Journal has a long article-debate on privacy.  The strongest pro-privacy is Christopher Soghoian of the Open Society Institute.  He confuses commercial privacy with government privacy:

“The dirty secret of the Web is that the “free” content and services that consumers enjoy come with a hidden price: their own private data. Many of the major online advertising companies are not interested in the data that we knowingly and willingly share. Instead, these parasitic firms covertly track our web-browsing activities, search behavior and geolocation information. Once collected, this mountain of data is analyzed to build digital dossiers on millions of consumers, in some cases identifying us by name, gender, age as well as the medical conditions and political issues we have researched online.”

When asked “Why is that a problem” he replies

“Many of the dangers posed by digital dossiers do not occur regularly, but are incredibly destructive to people’s lives when they do. An unlucky few will be stalked, fired, surveilled, arrested, deported or even tortured, all as a result of the data kept about them by companies and governments. Much more common are the harms of identity theft or public embarrassment. Even when companies follow best practices—and few do—it is impossible to be completely secure.”

Note that “parasitic firms” are collecting the data which is then used for arrest, deportation, and torture.  A bit of a disconnect. Identity theft is a problem, but the risk is decreasing and the costs are almost always low.  Moreover, identity thieves are crooks, not firms.

What is particularly interesting about the article is the survey data reported.  It demonstrates peoples’ confusion about the issues.  92% of the adults surveyed  “Think that there should be a law that requires websites and advertising companies to delete all stored information about an individual” but between 32% and 47% would like websites to provide information of some sort (ads: 32%, discounts: 47%, or news: 40%) “tailored to their interests.”  But of course these numbers are totally inconsistent.  If websites cannot keep any information about an individual, then they cannot provide tailored information since there will be nothing on which to base the tailoring.  The relevant questions are tradeoff questions, but the reported survey does not address these.

In advertising, privacy
permalink

Amazon and Internet Commerce

Paul H. Rubin —  2 October 2011

Stewart Baker at the Volokh Conspiracy has a very interesting post on the new Amazon browser.  He thinks it might revolutionize doing business on the Web, with a tremendous increase in security.  This increase in security will entail a loss in privacy, so let’s hope the privacy guys don’t stop it.

In business, Internet search, markets, privacy
permalink

Fretting over privacy

Larry Ribstein —  28 March 2011

Gordon Crovitz, writing in today’s WSJ, notes that news that more than half of Americans over 12 have Facebook accounts powerfully suggests that people don’t care that much about “trading personal information for other benefits.”  He asks, “why is Washington so focused on new privacy laws?”  He’s referring, e.g., to the Obama administration’s call for a “privacy bill of rights.”

Crovitz notes that “[i]n exchange for passively letting advertisers know enough about us to deliver more relevant marketing messages, we get many otherwise free services on the Web. If we have to see advertisements, at least they’re not completely irrelevant or inappropriate.” There’s also “the unintended consequences of regulation.” 

Indeed, as Kobayashi and I wrote several years ago in State Regulation of Electronic Commerce:

Regulators’ estimates of [privacy] values higher than those reflected in market transactions might be wrong. If so, they might reduce rather than increase individual autonomy, as by preventing people from effectuating their shopping preferences through cookies. This suggests that government should move carefully in second-guessing market decisions.  One way it could do so is by maximizing exit through an emphasis on state, rather than federal, regulation.

My blogging colleague Paul Rubin more recently called for a more careful cost-benefit analysis of privacy regulation, here and here. In the latter post he noted:

We do not understand that we can be “tracked” but that no one is tracking us.  That is, data on our searches may exist on a server somewhere so that the server “knows” it, but no human knows it.  We don’t intuitively grasp this concept because it it entirely alien to our evolved intelligence.

In other words, the whole concern may be based on a cognitive error.

So how do we know how far to go?  We don’t.  Which is why any regulation here should be careful and incremental, with appropriate opt-ins, opt-outs, sunsets and limitations.  As Kobayashi and I argued in the above article, we might even consider leaving this to state competition, made practicable even for the global internet by sophisticated tracking and blocking technology.

In privacy
permalink