News > i3

Insights from the FTC

At CES 2018, CTA President and CEO Gary Shapiro joined Acting Federal Trade Commission (FTC) Chairman Maureen Ohlhausen for a candid conversation. They discussed the role of the FTC as the U.S. regulatory agency that covers a broad range of activities, from occupational licensing to consumer privacy. Few other agencies have as diverse a portfolio. Acting Chairman Ohlhausen created the term “regulatory humility,” or “recognizing the inherent limitations of regulation and acting in accordance with those limits.” Acting Chairman Ohlhausen was sworn in as a Commissioner of the Federal Trade Commission in April 2012, and was designated to serve as Acting FTC Chairman by President Donald Trump in January 2017.

Let’s start with net neutrality. Can you talk about the FTC role and how it has changed in the last month?

Absolutely. The Federal Trade Commission has a dual mission to promote competition and to protect consumers. Net neutrality and some of these issues are about if the consumer is getting what was promised to them in their internet service. When I was head of the Office of Policy Planning at the commission, I headed up the internet access taskforce. I have been working on these issues since 2006, and in 2007 we issued a unanimous bipartisan report from the FTC talking about how the FTC, with our consumer protection powers and our anti-trust powers, can help ensure that consumers have competition and that promises are met.

The FTC also has a common carrier exemption in our statute. And when the FCC reclassiffied broadband as a Title II service — that’s a common carrier service — it divested the FTC of authority. From the advent of the internet until 2015, the FTC played an active role in enforcement of this area and policy thinking. Now that the Open Internet Order has been put out, this authority is going to come back to the FTC. One of the things that the Open Internet Order has that is really important is this requirement of transparency. That ISPs are going to need to provide information about how they manage traffic and if they don’t meet those promises, the FTC can bring in enforcement action. The FTC and FCC signed a memorandum of understanding in December to talk about how we’re going to divide up these obligations.

We have essentially four telecom companies. Is there anything we can do with the FTC or otherwise to get more competition in broadband?

Federal Trade Commission (FTC) Chairman Maureen Ohlhausen

I’ve really seen this incredible explosion in broadband speeds. When we go back to looking at the FTC report that came out in 2007, the speed that people considered broadband is the speed wireless providers are providing today. As we see, broadband is not just available through fixed wired broadband, but wireless is really coming in. The introduction of 5G, as well. We’re going to see a lot more availability of broadband but also technology becoming better at using the spectrum — the broadband that’s available. So one of the things we’ve seen is that we are creating new services too so there is increasing need for it. When you talk about broadband competition in the U.S. you need to include all these sources of useful broadband for consumers. So the wireless companies need to be part of that. The wired companies, and there might be new innovations down the road which some of your members are going to provide us with new ways to get broadband.

Are cars communicating with each other using the internet to avoid a collision considered more important in terms of prioritization than perhaps downloading something from Netflix?

I would certainly consider it more important. I also think that transmitting real time health data — can be a very, very important use so you can see all these health and safety uses that we certainly would want to have priority for them to be delivered. The FTC did a workshop in 2017 about autonomous and connected cars and we had NHTSA as part of it because the security and the safety of it is going to be a very big part of moving into this future, as is privacy. At the FTC, we are looking at the privacy and the consumer privacy area but the security and the safety role is very important as well.

We’ve been talking about privacy. Can you talk about the FTC’s role and what’s happening there?

The FTC is the nation’s privacy protection agency. Between privacy and data security cases, we have brought more than 500 cases, including one just yesterday involving connected toys. This was an enforcement action and a settlement we reached with VTech, a connected toy company, where we alleged they hadn’t provided the protections to the data that they said would be provided and they also didn’t comply with the Children’s Online Privacy Protection Act. So we brought in an enforcement action — we have a robust settlement with them, the steps they are going to have to take, and we also got a civil penalty of $650,000 that will be paid to the U.S. Treasury. So that is the kind of case the FTC is very good at investigating and bringing those kind of enforcement actions.

What about the Internet of Things security? How do you work with other agencies and focus on privacy in that context?

Obviously, some of these connected toys are part of that — everything is getting an internet connection these days, but it is much broader than play things or even consumer level things that you may have in your home. I mentioned the connected cars workshop that we did with NHTSA. We also did some stuff with the Food and Drug Administration about health apps and allowing apps to be used but also clarifying what kind of privacy and security obligations they have. We also work with the FDA with hearing aids. That was a wonderful development for people who have those kind of needs. We did a workshop in 2017 called “Now Hear This” and we had the FDA and CDC and other parts of the government who work on health issues to get the consumer issues, the privacy issues and the availability issues addressed. Because there are a lot of consumer needs out there that technology can help meet.

Can you talk about botnets and how you balance the benefits of connectivity against the challenges of cyber criminals?

We are aware of the Moray DDoS attack and the vulnerabilities we see taking place. It is a shared obligation of industry, law enforcement and government, to take the right steps and put the right frameworks in place to help stop these problems. The FTC doesn’t have criminal enforcement authority, so if there’s a criminal use we’re not going to bring in criminal enforcement action. But we do try to help industry make sure they are taking the proper precautions so that their technology and their products are not misused by criminals trying to do these kind of activities. Our cases often look at, are there obvious vulnerabilities that the entities should have taken into account? Also enforcement is a big obligation but it is not the only way we address consumer issues. We do a lot of education of business and consumers, and we also do workshops and work with other parts of the government. The botnet issue is going to require efforts from all stakeholders to make progress.

What should industry be doing and what should consumers be looking for?

There are several things the industry should be doing including educating themselves about these vulnerabilities and taking the appropriate steps. If you look at some of the enforcement actions the FTC has brought, we look at different steps in the development and the lifecycle of a product. If you have a product, have you developed it appropriately? Have you run the right tests? Are you patching it appropriately? We have brought cases against companies who have neglected to patch obvious flaws once they became aware of them. Are you doing updates? Are you informing consumers in a way they know how to take steps to protect problems with products they have already purchased? Do consumers understand, going forward about how long a certain product is going to be supported with these kind of patches and updates?

There’s been a lot of discussion, especially in Europe, about how big American platforms are terrible and should pay billions of dollars. I know that’s an argument of antitrust. Is big bad?

Antitrust is a very fact-specific inquiry, and you can’t say ‘big is bad, and small is good’ across the board. You have to look at why a company is big. Because it’s innovating? Because it’s providing products that consumers want at a good price point? Is it because it’s thinking way down the road and getting new products to market that consumers want to use? That’s wonderful, that’s good for consumers. We want that kind of dynamism and innovation. Sometimes companies are big because there are big economies of scale and scope. There’s a lot of efficiencies in big companies. But, is a company getting big merely because it’s buying up its competitors, and it’s not really competing on its merits? Certainly antitrust has an important role to play in reviewing transactions and mergers, and that’s a lot of my work at the FTC is looking at these kind of mergers. I’ve had an active enforcement agenda — we’ve challenged a number of mergers, some in the technology space.

The other thing is, once a company has gotten market power, we may look at whether it’s using distribution chain or vertical restraints in a way that is fencing out competitors, that is not competition on its merits. We have brought enforcement actions in that area as well. We’re always looking for whether companies are colluding with even small competitors. If they’re getting together and saying ‘We’re not going to compete on these terms’ or ‘We’re going to fix prices’ or ‘I take this area, and you get that area’ — that’s a very traditional area of antitrust.

This interview was edited for length and clarity. The full interview can be found here:

Julie Kearney