CEI tells the Federal Trade Commission to be wary of regulation

[Declan McCullagh]

[I'll forward some followup comments with the same Subject: line.
--Declan]

---------- Forwarded message ----------
Date: Fri, 25 Apr 1997 19:30:35 -0400
From: Declan McCullagh <declan at well.com>
To: fight-censorship-announce at vorlon.mit.edu
Subject: FC: CEI tells the Federal Trade Commission to be wary of regulation

Julie DeFalco from the Competitive Enterprise Institute, a libertarian
think tank here in DC, today sent me what her organization filed with the
FTC earlier this month. Below CEI urges the FTC to be "extremely cautious
in regulating the free flow of consumer information" online. The FTC will
revisit the issue of online privacy regulations this June. Some excerpts
from CEI's filing:

	Despite plenty of speculation, there has
	been no demonstration of significant
	actual harm resulting from the commercial
	collection of personal data over the
	Internet. This is not to say that all data
	posted on the Internet are good.  Quite
	the contrary.  For example, the government
	has made it difficult, if not impossible,
	to live in America today without a social
	security number. Congress has mandated
	that all states use social security
	numbers as driver identification numbers.
	And Departments of Motor Vehicles have
	been rather cavalier about selling the
	data collected, including social security
	numbers. That is why the outcry against
	Lexis-Nexis, which created a database of
	publicly available government information,
	was misplaced. [...]

        There is a tension between the notion that
	all interactions on the Internet ought
	to be private, and the fact that people
	go on to the Internet to communicate in
	public.  The reality is that going on to
	the Internet is like walking on a public
	street, with each Web page like a private
	store.  Each Web page has the right to set
	up its own conditions for entry. Such
	policies could range from a free-for-all
	data collection spree, to very strict
	information collection limitations. [...]

Read on for the complete document.

-Declan

**************************

April 15, 1997

Secretary
Federal Trade Commission
Room H-159
Sixth St. and Pennsylvania Avenue, NW
Washington, D.C. 20580

   Consumer Privacy 1997
   Comment P954807 and Request to Participate P954807

Dear Sir or Madam:

The Competitive Enterprise Institute and the National
Consumer Coalition hereby files comments on and a
request to participate in Session Two of the Federal
Trade Commission's upcoming public hearing on
"Consumer Privacy Issues Posed by the Online
Marketplace."

CEI is a non-profit, non-partisan free-market research
and advocacy group.  We have long been involved with
commercial free speech issues,  and we work on privacy
and Internet issues as well.  The NCC is a coalition
of nine consumer organizations interested in expanding
consumer choice in the marketplace.   Given the fact
that few, if any, other consumer groups are presenting
this viewpoint, we believe that our participation in
these hearings would assist the Commission in its
consideration of these issues.

Introduction

There are some central issues which must be resolved
before discussing the FTC's specific questions.

What is "privacy"?

With all of the discussion of privacy of commercial
data on the Internet, it is strange that no one has
actually defined the term.  The tendency is to rely
instead on an "I-know-it-when-I-see-it" approach.
Supreme Court Justice Lewis Brandeis said that privacy
is the "The right to be left alone - the most
comprehensive of rights, and the right most valued by
a free people."   Others say privacy is a result of
living in a large society where people do not know
each other's reputations and are not able to impose
social constraints on others' behavior.  "Privacy
grows as the number of strangers grows," wrote Steven
Nock.  "Privacy is one consequence, or cost, of
growing numbers of strangers."

The confusion surrounding the term privacy leads one
to conclude that "privacy" is like a Rorschach ink
blot - different people read different things into it.
 "Whenever an invasion of privacy is claimed, there
are usually competing values at stake."   In this
sense, privacy is not a right, it is a preference.

Much of what people want in the name of "privacy" is
that which they could actually achieve through
traditionally understood conceptions of property
rights and freedom of contract.  But when "privacy"
itself is set forth as an amorphous, floating concept,
it in fact threatens property rights and freedom of
contract.  It is this substitution of an ill-defined
"privacy right" for well-defined rights that threatens
the Internet.

What is the distinction between commercial data
collection and government data collection?

The restraints placed on government actions on the
Internet are rightly and necessarily stricter than
those placed on companies and individuals.
Restraining government action underlies our entire
political system, for the government has unique powers
of coercion.   Since government may fine, imprison,
and (in capital cases), execute citizens, there must
be very strict conditions under which government may
collect information about citizens.

Unfortunately, government has been less than exemplary
in this realm, and has repeatedly pushed the
boundaries of acceptable behavior.  For example, one
bill currently before Congress (H.R. 118) requires the
Attorney General to "acquire data about all stops for
routine traffic violations by law enforcement
officers."  The data include "identifying
characteristics of the individual stopped, including
the race and or ethnicity of as well as the
approximate age of that individual."  The irony of
calling in the government to protect privacy on the
Internet when it so cavalierly ignores it in other
realms is rich.

On the other hand, companies cannot impose an agenda
on private individuals the way the government can.
When they try to, there are civil and criminal laws
there to stop them.  Despite rhetoric about the
"power" of large corporations, all marketers can
really do is try to persuade people to buy their
products.  They do this through advertising.

Why is data collection so important for the Internet?

People have repeatedly demonstrated that they are not
willing to pay for content on the Internet.
Advertising Age magazine recently reported that only
25% of people polled were willing to pay to subscribe
to online publications.   Many subscribers to content
pages freely share their passwords with others.  "If
Web sites can't figure out how to halt the
free-for-all, a promising revenue source for on-line
businesses may be threatened."

Therefore, in order to develop, web sites will
increasingly depend upon advertising for support.
Indeed, "for most [Internet search] engines,
advertising has accounted for more than 90% of total
revenues.  Advertising will continue to be the primary
source of income for Yahoo! (and other search engines)
as they set up local content ventures."   America
Online has found it necessary to put advertising in
chat rooms to raise extra revenue (which was lost when
AOL introduced its flat rate monthly user fee).

At the same time, advertisers are still very hesitant
about advertising on the Internet.  "Where are the
marketers?" asked one Advertising Age editorial.   The
editor of Out magazine's web page, now defunct, was
quoted as saying, "advertisers aren't clamoring to get
on the Web - we have to beat them up to get on the
Web" (emphasis in original).   Anything which makes it
harder for advertising to work will have direct
effects on the quality and content of the Internet, a
very serious harm to Internet users.  In addition, it
will likely raise the cost to consumers of using the
Internet.

Is the issue "privacy," or is it really marketing?

Much of the rhetoric surrounding the privacy issue
concerns the purported power of advertising.  There is
a decades-old strain of thought which declares that
advertising is coercive and makes people buy what they
do not want.  This is untrue, as examples from the
Edsel, to New Coke, even to Nissan (which has a great
ad campaign but has seen no increase in auto sales)
show.  Unfortunately, many people do not fully
recognize the very real benefits consumers derive from
advertising.

Advertising's role in a market economy is essential,
and essentially benign.  Advertising lets consumers
know about price and quality information.  It alerts
consumers to the existence of new and improved
products.  It even saves consumers time by helping
them figure out what they do not want in advance of
shopping (e.g. a new car's styling is unattractive, or
it is too expensive).   Curtailing advertising limits
the availability of consumer information.

FTC Question 2.3: What are the risks, costs and
benefits of collection, compilation, sale and use
of personal consumer information in this context?

Despite plenty of speculation, there has been no
demonstration of significant actual harm resulting
from the commercial collection of personal data over
the Internet. This is not to say that all data posted
on the Internet are good.  Quite the contrary.  For
example, the government has made it difficult, if not
impossible, to live in America today without a social
security number.  Congress has mandated that all
states use social security numbers as driver
identification numbers.  And Departments of Motor
Vehicles have been rather cavalier about selling the
data collected, including social security numbers.
That is why the outcry against Lexis-Nexis, which
created a database of publicly available government
information, was misplaced.

The allocation of costs and benefits deriving from
data collection depends upon whom you ask.  Again,
privacy is a preference, not a universal right.  While
some may not like the very idea that data are being
collected about their consumption behavior, others may
not care at all.  Indeed, some consumers may not mind
how much information about them is available, if it
means they will receive only ads targeted to their
particular interests.  "Consumers don't mind
advertising and pay attention to it, as long as it
gives them something of value."

There is a tension between the notion that all
interactions on the Internet ought to be private, and
the fact that people go on to the Internet to
communicate in public.  The reality is that going on
to the Internet is like walking on a public street,
with each Web page like a private store.  Each Web
page has the right to set up its own conditions for
entry.  Such policies could range from a free-for-all
data collection spree, to very strict information
collection limitations.

It is important to note that since advertising depends
upon customer profile information, web pages which
take extra steps to protect privacy might be
relatively more expensive, and may have to charge a
premium.  If one individual prefers more privacy than
another, this is a reasonable situation.  It behooves
Web pages to clearly define the terms of entry.  As
for chat rooms and newsgroups, their entire purpose is
for people to communicate with each other.  Therefore,
people should not be surprised when third parties
collect information which they have already placed in
the public realm.

There are some very serious problems with the notion
that consumers somehow "own" information about
themselves which they have already released publicly,
or through a contract with a company.  Away from the
virtual world, people have repeatedly shown
willingness to give up their "valuable" personal data
in return for such things as rebates or coupons.  From
product reply questionnaires to supermarket shopper
clubs, people give out information all the time, often
automatically.  Even when it comes to the sale of
magazine subscriber lists, many people know about it
and often take advantage of deals offered by other
magazines and by marketers of certain products.

Some say that consumers ought to be reimbursed for
this sale of names.  But value is subjective, and, in
a market economy, a good offered for sale is only
worth what someone else is willing to pay for it.
Companies pay for the names because it saves them the
time and expense that it would take to collect the
publicly available information themselves.
Arbitrarily assigning a price to names, rather than
having it settled by negotiation through the market,
assumes that everyone agrees upon the value of a name.
As discussed above, this is not so.  Artificially
raising the price of a good (i.e. a name) through
regulation would surely decrease demand for it.  That
outcome might please many privacy advocates, but it
would hurt consumers in unseen ways, by limiting the
availability and circulation of consumer information.

If you release information about yourself, then that
information becomes part of the public realm. For
example, suppose you place an engagement announcement
in a local newspaper.  You do not "own" that
information.  That is, other parties can pick it up
and use it for, say, creating mailing lists of
newlyweds or brides-to-be. "The power to control
information about you is the power to control the
speech of others."

Even when it comes to implicit contracts - the selling
of magazine lists, for example - there is no reason
why it is incumbent upon the magazine seller to obtain
an affirmation from every subscriber before selling
their names. Rather, sensitive consumers ought to pay
attention to the fine print of their contracts.  They
can decline to contract in the first place, or
establish a set of  acceptable conditions, such as
requesting that their names be removed from mailing
lists.  Keeping names off of lists is a preference and
not a right.  Consumers who do not like this practice
have no right to impose their preferences on everyone.
 What goes for the real world should apply to the
virtual world.

The risks of this data collection by companies are
overstated.  The one exception is when collected
information falls into the hands of the government.
For example, an ice-cream shop culled names of
eighteen-year-olds from the store's birthday club and
sold the list to the selective service.   For these
customers, going into an ice-cream shop mean induction
in the army.

The costs and benefits of data collection are
different for every consumer.   Regulation would only
institutionalize a set of preferences, rather than
uphold rights.  It might be that companies ought to be
more explicit about their information collection
policies.  However, those companies which do take
extra steps in this regard frequently tout it.  In
short, those consumers most concerned about data
collection already have one way of satisfying that
preference, without resorting to government
intervention.

FTC Question 2.16: How widespread is the practice of
sending unsolicited e-mail?  Are privacy or other
consumer interests implicated by this practice?  What
are the sources of e-mail addresses used for this
purpose?

Unsolicited e-mail is very similar to junk mail in the
context of "privacy."  Many people find it annoying,
especially since junk e-mail shifts the cost from the
sender to the recipient, who pays in time and money.
However, enough people like it and take advantage of
it that the practice continues.  E-mail marketers
often harvest names through data mining - collecting
e-mail addresses from newsgroup posts and chat rooms.
It is clear that many consumers do not like this, but
it is not clear why this practice should be made
illegal, as opposed to being simply irritating.

As previously noted, people who venture out into those
chat rooms and newsgroups are going out into public.
E-mail put out into these areas is public property,
much as an engagement announcement would be.
Therefore, someone collecting lists of names and
sending out junk e-mails is acting perfectly
legitimately.  There is no way for a data collector
(or even another participant) to know in advance who
would like to hear about something or not.  The
combination of what is wanted and what is unwanted is
different for everyone.

Many people object to the costs of paying for unwanted
e-mail (e.g. charges per e-mail received, line charges
incurred while using the e-mail function).  That is
perfectly understandable.  But if you do not wish to
be put on a list, the responsibility is yours to avoid
it.  Fortunately, there are already  options
available.  Most of the major Internet providers -
AOL, Prodigy, CompuServe - already have banned junk
mailings.   This provision of what some see as a
valuable service is perfectly legitimate as well.  In
addition, AOL also permits people who participate in
chat rooms to use up to five false names.  Along with
the ease of finding anonymizers to surf the Web,
"going incognito" has never been so easy to do.

As the Washington Post aptly noted, "Psychologically,
the more interesting question is why folks who long
since gave up the attempt to stop mass telemarketing
or ordinary delivered-to-the-door junk mail find it so
much more immediately threatening to receive mail that
can be deleted at the touch of a button."

FTC Question 2.18: What costs does unsolicited
commercial e-mail impose on consumers or others?  Are
there available means of avoiding or limiting such
costs?  If so, what are they?

The wording of the question suggests that the FTC
believes that the primary cost of unsolicited e-mail
is "privacy."  Once again, "privacy" is a preference.
Therefore, junk e-mail is a cost only to those who
personally object to data collection.  It might be
useful to look at this situation in a different way.

Restricting data collection reduces the possibility of
target marketing.  Perhaps some consumers would be
happy to receive e-mail relating only to their
particular interests. As target marketing becomes more
accurate due to data collection, it would actually
reduce the amount of unwanted e-mail.  Sailing
enthusiasts would not receive gardening catalogs,
gourmands would not receive home improvement
information.

In addition, clamping down on data collection will
hurt smaller companies and non-profits, who might find
this data collection useful in finding new customers
or members.  Well-known non-profits, for example,
receive a great deal of publicity and exposure in the
general media; how many other, smaller groups would
like to find people interested in their work via the
Internet?

One of the biggest objections to data collection is
its awesome speed.  But this is not a sufficient basis
for regulation; it is an extension of objections to
data collection in general.  Combing a phone book
manually or by computer is essentially the same; the
latter just takes less time.  Use of data collection
technology makes information cheaper and more
available to a variety of groups, from non-profits to
associations dedicated to one or another hobbies or
interests.

Conclusion

At a minimum, the FTC should insist on a real and
significant showing of harm resulting from commercial
data collection, rather than rely upon claims of
consumer irritation.  The FTC should be extremely
cautious in regulating the free flow of consumer
information.  Any regulations are bound to have
unforeseen effects.  For example, the European Privacy
Directives have made it very difficult to exchange
employee information between branches of the same
company located in different countries.   Instead, the
FTC should confine itself to policing fraud and
investigating any actual injury.  As Esther Dyson put
it, "The goal is a market in privacy practices.  That
will result in constantly improving standards rather
than rigid ones set by law, and in decentralized,
speedy enforcement" (emphasis in original).


Julie C. DeFalco on behalf of the Competitive
Enterprise Institute and for the National Consumer
Coalition



-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/


--------------------------------------------------------------------------
This list is public. To join fight-censorship-announce, send
"subscribe fight-censorship-announce" to majordomo at vorlon.mit.edu.
More information is at http://www.eff.org/~declan/fc/