These days, FTC Commissioner Terrell McSweeny is thinking a lot about data — How it can be delivered to consumers without gatekeepers, how it is safeguarded from hacks in the explosion of connected devices, and how tech companies collect and sell it.
Why she matters: In its proposal to unwind the 2015 net neutrality rules, the FCC wants to shift the responsibility of policing internet service provider behavior to the FTC. McSweeny's also keeping a close eye on the data security implications of the fast-growing Internet of Things ecosystem, including connected cars. Here are excerpts from our conversation:
What's your reaction to the FCC's proposal to dismantle key parts of the 2015 net neutrality rules?
I'm concerned that, on balance, it favors incumbent, enormous business interests that already have a huge amount of power and are the gatekeepers, at the expense of the little guy and the entrepreneur and the consumer. It's not clear to me what rights entrepreneurs would have if they're concerned about discriminatory practices. That's a big gap.
The FCC suggests the FTC can police ISP behavior and privacy practices through its power to act against unfair and deceptive practices. Would that work?
It's not clear to me how consumers will detect whether the promises being made to them to not block content, not throttle content to not discriminate against content are actually being adhered to. It's even hard for competitors to know what's going on on their networks.
There's an additional problem with relying on an enforcement-only approach: Enforcement takes time. It can take years to detect, investigate and prosecute a harmful practice. If you've got the next YouTube and you're trying to scale that platform by connecting consumers to content, but you can't ever get to the consumers because you can't pay the gatekeepers — at the end of the day, there isn't really a remedy for that kind of harm...especially after a long period of time has passed. That's the concern underpinning why the FCC enacted open internet rules to begin with.
Regarding broadband privacy, what's next?
The ball is in Congress's court. They took the step, wrongly in my view, to use the CRA to take the FCC out of the privacy business, without giving the FTC the jurisdiction to pick up the slack. Right now, we can't even hold the ISPs to the same standards that we're holding the Googles and Facebooks and Amazons and other platforms of the world. And consumers are the ones who are standing in the yawning chasm of no privacy.
What worries you the most about the fast-expanding Internet of Things market?
Consumer trust is essential for adoption, which is essential for demand, and demand drives innovation....I worry that because IoT expansion is happening so quickly, relying on an enforcement-based approach, especially on data security, is not going to yield enough good data practices. Companies selling devices are under a lot of pressure to deliver cool gadgets inexpensively, and there isn't a lot of information about their security practices. That's why you see these very insecure IoT devices being exploited in ways that are increasingly dramatic.
I worry consumers are going to see nuisance ransomware attacks on their IoT, where they're going to get [a message demanding that they] pay $50 in bitcoin in order to turn on "Game of Thrones." Those kinds of attacks are going to feel very intimate to people in a way that will shake consumers' trust. I keep hoping for comprehensive data security legislation. In the absence of it, we are bound to have some pretty nerve-wracking incidents affecting peoples' daily lives.
Are you concerned about companies like Google, Facebook and Amazon becoming too dominant, especially with the amount of consumer data they have access to?
I have concerns about concentration, full stop. The mere existence of very large player isn't in necessarily regarded by competition enforcers as harmful. What we get concerned about is if the power of those monopolies is foreclosing competition in other markets or is in other ways harming consumers and competition.
As a competition enforcer, I also appreciate that it's important to not lose sight of the microeconomics of markets, and markets can be very different depending on the products and competitors within them. I eschew generalizations when it comes to data because data are not monolithic. It is one element of a digital economy and needs to be understood properly by competition enforcers and regulators, but is impossible to generalize.