Ctrl + N
The Federal Trade Commission is woefully behind other nations' data protection authorities when it comes to the manpower it has dedicated to privacy issues.
And now it’s asking Congress to help it catch up.
FTC Chairman Joseph Simons said in a letter to the House Committee on Energy and Commerce shared with The Technology 202 that the agency has only 40 employees focused full time on privacy and five full-time technologists.
He made the case for more resources and greater authority so he can bring more privacy cases against companies as data breaches are increasingly in the spotlight.
The FTC's privacy staff is far smaller than similar agencies in Europe, such as the United Kingdom Information Commissioner's’ office, which has more than 500 people on its staff, according to its website. Ireland's Data Protection Commissioner had about 110 employees, according to a December 2018 report from the agency.
“Although these entities have somewhat different mandates, the contrast is stark,” he wrote. “The FTC, a federal entity responsible for protecting consumers’ privacy and data security in the United States (a much larger jurisdiction), should have more employees devoted to this effort.”
The FTC's ability to take on Big Tech is under greater scrutiny as repeated data security incidents raise questions about Silicon Valley companies' handling of consumers' data. Just yesterday, a security firm revealed that more than 540 million Facebook records — including users’ comments and account names — were left exposed on an Amazon cloud-computing server.
In his letter, Simons told Congress that if the agency were given 100 new attorneys focused on data security and privacy, the FTC would not only be able to devote more resources to opening new cases and enforcement, but it could also spend more time studying new technologies and privacy concerns, through workshops, reports and industry studies. He also requested funding for 10 to 15 more technologists, who could conduct additional research and serve on case teams.
Justin Brookman, a former policy director of the FTC's Office of Technology Research and Investigation, said agency resources dedicated to privacy are “too slim.” He also said there’s growing demand for internal technologists because each case increasingly has technical elements.
“The technologists they have are stretched; they’re supporting multiple cases,” said Brookman, who now serves as the director of consumer privacy and technology policy at Consumer Reports. “With five, it’s really hard to meaningfully support the cases they should be doing.”
The FTC’s request comes as there is a push to pass a federal privacy law in Congress. Several of the proposals under consideration would give the FTC greater resources and authority, but it's unclear whether lawmakers can agree on legislation.
“It’s shocking that a nation of over 320 million people only has 40 people dedicated to privacy and data security at the FTC,” Rep. Frank Pallone Jr. (D-N.J.), the House Energy and Commerce chairman, said in a statement. “We will look at giving the FTC more responsibilities in a comprehensive privacy law, but in the meantime we need to ensure that it has the resources necessary to effectively protect consumers.”
The sharp contrast between the FTC and European resources highlights the divergent approach global policymakers have taken to addressing data security. In the United States, the FTC currently has very limited authorities to bring fines against companies for first-time offenses, with the exception of certain instances such as when they involve young children's data. Europe, on the other hand, has the General Data Protection Regulation, which allows the European Union to bring hefty penalties against companies for mishandling users' data. Since the law took effect last year, Europe has been one of the most active sheriff's of Silicon Valley's data practices, and some U.S. lawmakers are looking to GDPR as a model as they develop their own frameworks.
As my colleague Tony Romm has noted, a major test of the FTC's capabilities is its ongoing investigation into Facebook's Cambridge Analytica scandal. The agency is negotiating a multibillion-dollar fine against the company as it probes whether the social network broke an 8-year-old agreement with the FTC to better steward people's data.
Calls for more technical resources at the FTC aren't new, even though they're getting more attention at a time when Silicon Valley giants are under greater scrutiny. Efforts to increase tech talent at the agency date back to the Obama administration, when the position of chief technologist was first created. However the position has been empty for about a year. That vacancy has attracted criticism about the current administration's commitment to tech talent.
From former FTC chief technologist Ashkan Soltani:
Note, this is the longest @FTC has gone w/o a Chief Technologist since first creating the role and hiring @EdFelten in 2010.— ashkan soltani (@ashk4n) March 20, 2019
In my opinion, its incredibly shortsighted to not have a this role filled as @FTC considers technical injunctions to include in @Facebook settlement https://t.co/ROQJAXgIZv
Some who served in the Obama administration were encouraged to see that Simons requested more technology resources and supported his request.
“At the end of the Obama administration, there was recognition that FTC needed additional resources to support its important competition and consumer protection mission," Terrell McSweeny, a former FTC commissioner, told me. "It’s encouraging to see the new leadership at the FTC embrace that position."
BITS: People 65 and older play an outsize role in civic life. But they also disproportionately fall prey to misinformation online and struggle more with digital literacy than other demographics, Buzzfeed's Craig Silverman reports.
But as technology companies and governments increasingly invest in news literacy projects, they're generally focusing on younger people.
"This means the very people who struggle the most with digital information and technology risk being left to fend for themselves in an environment where they’re being targeted and exploited precisely because of their vulnerabilities," Silverman writes.
As the 65 and older demographic rapidly comes online, they're more likely to vote and participate politically in other ways, such as through political donations.
"With more and more older people going online, and future 65-plus generations already there, the online behavior of older people, as well as their rising power, is incredibly important — yet often ignored," Silverman writes.
NIBBLES: House Democrats will hold a hearing with Google and Facebook next week on their efforts to crackdown on the spead of white nationalism and hate speech, my colleague Tony Romm reports. The hearing, scheduled for April 9 by the House Judiciary Committee, follows a mass shooting last month in New Zealand and other recent racially motivated attacks.
The hearing seeks to probe “the impact white nationalist groups have on American communities and the spread of white identity ideology,” the lawmakers announced yesterday, along with “what social media companies can do” to quell the proliferation of extremist content online.
"Facebook, Google and other tech giants long have faced criticism from Congress for failing to crack down on a wide array of abusive posts, photos and videos that attack people on the basis of race, gender or other traits," Tony writes. "These companies and their peers, including Twitter, explicitly bar such attacks. But their heightened attention to the issue and investments in more content reviewers —along with more potent artificial intelligence tools — still haven’t thwarted the proliferation of troubling content."
The proliferation of the New Zealand shooting videos on social media services put this issue front and center most recently. But as Tony notes, the problem is even worse on lesser-known services, such as Gab.ai and 8chan. Those services were used by the suspect in the Pittsburgh synagogue shootings last fall.
BYTES: Proto, the company that Whatsapp partnered with to launch a tip line, revealed that its primary goal is to collect research -- not necessarily to immediately address misinformation on the service, Buzzfeed's Ryan Mac and Pranav Dixit report. (We covered the new service and what it means for WhatsApp parent company's Facebook global battle against disinformation in yesterday's Technology 202).
WhatsApp unveiled the service on Tuesday as a way people could report suspicious messages and receive a response letting them know if they were confirmed or debunked. But Proto, the Indian startup partnering with Whatsapp on the initiative, had a different message.
"But when BuzzFeed News inquired about the tip line’s effectiveness after submitting several tips and receiving no responses, Proto, the Indian-based company that partnered with WhatsApp, posted an FAQ website that notes the project is “not a helpline” and isn’t primarily designed to provide feedback," Mac and Dixit report. "Proto uses the tip line 'only as a means to collect information that is otherwise inaccessible given the nature of private messaging.'"
Proto also said the tip line is "not a helpline that will be able to provide a response to every user." Proto stated there is a 24-hour window after users submit a tip in which they should get a message fact-checking it or stating it is "out of scope."
A WhatsApp spokesperson told the Buzzfeed reporters that Tuesday's message wasn't intended to imply that every user would receive a response to their tip during the Indian election.