Comments Off

FCC overlooks the word proprietary

The Federal Communications Commission refers to customer data as “proprietary” in its privacy order set for vote this coming Thursday. Webster’s New World Dictionary defines proprietary as something belonging to an owner like a patent, trademark, or copyright. By placing the qualifier “proprietary” on customer data, the Commission gives the impression that the data is compiled by the consumer for possible placement into the stream of commerce and by transferring this data can receive something in return. Is the consumer doing this; getting something in return for putting her data out there?

The relationship between a consumer and her broadband internet access service is one where she provides certain personal information along with a network access fee to her broadband provider and in exchange receives access to the internet. An informed consumer is aware that sharing some personal data is part of her total cost for receiving access to the internet via her broadband provider. The best way to ensure privacy of her data is to not buy access service to begin with but public and social policy currently promotes universal deployment of and access to broadband so discouraging her purchase is not a policy option.

In my view, the consumer has created a negative externality by providing property, in this case her personal information, for free. The rate the consumer pays for broadband access overcompensates the service provider given the value the broadband service provider receives. What the Commission should encourage is a pricing regime where consumers can charge for the use of their proprietary information. This way, the prices paid for access provide a better reflection of what is actually being exchanged.

The Commission may find that with this market solution concerns of privacy will be abated as the consumer exercises more control over her market relationship with the broadband service provider. Allowing for consumers compensation for providing data may create a ripple effect in the internet eco-system. Go onto Facebook and you see consumers sharing a lot of personal information for free. Advocates for consumer empowerment should like this approach but these so called advocates would lose too much control of the consumer protection debate if consumers were to enjoy this type of market freedom over compensation for their data.

Bottom line, if the Commission is truly concerned about protecting proprietary consumer information, it should give the consumer the front line tools to protect her data and in a market system, that front line tool is the ability to be compensated for one’s property.

Comments Off

On March 31st, the FCC will immerse itself further into information markets

Posted March 28th, 2016 in Broadband, edge providers, Federal Communications Commission, privacy and tagged , , by Alton Drew

The Federal Communications Commission will issue a notice of proposed rulemaking on 31 March 2016 providing requirements that internet service providers should follow in order to protect personal information of consumers. Commission chairman, Tom Wheeler, describes the proposed rules as an initiative that gives consumers the “tools they need to make informed choices about how and whether their data is used and shared by broadband providers. Mr. Wheeler has constructed his rules within a framework of three principles: 1. Consumer choice, where consumers exercise meaningful choice over what data an ISP can use and how it can be shared; 2. Transparency, where consumers are made aware of what types of information an ISP is collecting and how that information is being used; and 3. Security, where ISPs have an obligation to protect information where ever it is carried over a network and stored. While consumers can “opt-out” from having their personal information used by ISPs in order to market additional services to the consumer, the consumer must opt-in to the use of their information for any other purposes. Anyone following the Commission since Mr. Wheeler’s ascent to the chairmanship acknowledges that this is a partisan commission and leading the opposition on this notice of proposed ruling is Commissioner Mike O’Rielly. Mr. O’Rielly refers to the proposed rules as “troubling and conflicting” given that these rules may not apply to other internet companies like Google and Facebook.  Mr. O’Rielly also takes issue with the Commission flirting with issues such as data security and data breach, issues, he argues, that are not covered by the Communications Act. And Mr. O’Rielly is correct. Data breach and security are not covered by the Communications Act. Nor does the Communications Act describe broadband access providers as telecommunications companies. In addition, ISP access to consumer proprietary information is limited, according to research conducted by Peter Swire, Justin Hemmings, and Alana Kirkland. Also, other companies have access to more information and a wider use of personal information than ISPs. Mr. Wheeler is playing with judicial uncertainty betting that the U.S. Court of Appeals-District of Columbia will uphold the Commission’s reclassification of broadband services as telecommunications services thus extending the 20th century protections of Section 222 of the Act for telephone customer personal information to consumers subscribing to 21st century broadband access services as well. Will Mr. Wheeler’s rules lead to an increase in deployment of broadband facilities? I don’t see it. Ironically, Mr. Wheeler’s rules may cause a conflict between sections 1302 and 222 of the Communications Act.  Why would ISPs, pursuant to the Commission’s directive under section 1302 of the Act, want to increase deployment of broadband access platforms if their ability to gather, package, and sell consumer information is going to be heavily regulated by rules, supported by section 202 of the Act, that don’t apply to social media networks that are increasingly gathering more consumer data than ISPs?

Comments Off

Will the information and delivery services industry like data minimization?

Posted January 27th, 2015 in knowledge economy, knowledge market, privacy and tagged , by Alton Drew

Today the Federal Trade Commission released a report on the Internet of Things and the best practices companies could put in place to protect consumer privacy.  The scope of the report was limited to IoT devices that consumers use to access other devices via the internet.  In addition, one of the best practices for securing consumer privacy mentioned in the report was the concept of data minimization.

How would data minimization impact firms within the information and delivery services industry who rely on large amounts of data in order to analyze consumption behavior?  The FTC defines data minimization as limiting the collection of consumer data, and retaining that information only for a set period of time and not indefinitely.  By minimizing collected data, tyhe FTC believes that larger data storers may make themselves less attractive to thieves and that the risk that data will be used in a way departing from consumer expectations will be reduced.

What the report overlooks are firms that consumers may not have face-to-face exposure to.  Take for example Broadridge Financial Solutions.  Broadridge processes and transfers sensitive personal information provided to them by their clients.  These clients include financial institutions, public companies, and mutual funds.  Under certain circumstances Broadridge’s own vendors may have access to the personal information Broadridge receives.  According to the company, they maintain systems and procedures to protect consumer data including encryption, authentication technology, data loss technology, and the transmission of data over private networks.

Even with their own protections in place, would information and delivery services firms like Broadridge see a decrease in volume if their clients are forced via additonal best practices to collect a limited field of data?  I’ve read nothing in the financials of a number of companies that tell me that they are concerned about additional regulations from the FTC indirectly impacting them.  Bear in mind that the clients for these information firms are other business firms, but since the information they analyze is collected by firms with direct exposure to consumers, information and delivery services firms and their investors should be aware of these developments in the regulation of the internet of things.

Comments Off

Facebook Investors Take Heed

Posted June 26th, 2012 in Federal Trade Commission, Internet, privacy and tagged , , by Alton Drew

The U.S. Senate Committee on Commerce, Science, and Transportation has scheduled a hearing on how well the online industry is self-regulating consumer privacy concerns. The committee’s chairman, Senator John Rockefeller, said the following:

“In our prior hearing on consumer privacy, both the Obama Administration and the FTC commended recent industry efforts to provide consumers with more privacy protections,” said Chairman Rockefeller. “However, their reports also stated that industry can do more and that federal legislation is necessary. In this follow-up hearing, I intend to closely examine how industry intends to fulfill its recent pledge to not collect consumers’ personal information when they utilize the self-regulatory ad icon or make “do-not-track” requests in their web browsers.”

The hearing is scheduled for 28 June 2012.

Comments Off

FTC Signals Some Policy Preferences

Posted March 30th, 2012 in Broadband, Federal Trade Commission, privacy and tagged , by Alton Drew

Federal Trade Commission Chairman Jon Leibowitz yesterday signaled the FTC’s preferences for future online privacy policies before the House Sub-Committee on Commerce, Manufacturing, and Trade. Chairman Leibowitz would like to see a best practices for protecting consumer online privacy; an acceleration of self-regulation within the online industry; a consumer privacy bill of rights which is heavily endorsed by the Obama Administration, and further developments in a do not track mechanism that would protect consumers visiting certain websites.

Chairman Leibowitz also recommended that Congress enact general privacy legislation. The legislation should require that companies implement reasonable measures and notify consumers of certain security breaches while providing consumers access to information maintained on them by information data brokers.

I can understand consumer concerns about the leakage of certain pieces of information, i.e., financial and medical information. Unfortunately sensitive information can be used against consumers during job searches or legal proceedings. Consumers should have this assurance especially if we want to promote broadband adoption among 100 million households over the next decade.

Investors and businesses should not be too overly concerned that the best practices proposed by the FTC are overly intrusive. The FTC appears to be saying before the consumer goes past Checkpoint Charlie, agree on the information that he is going to share and assure him of how it is being used and who else may be seeing it. Once he passes Checkpoint Charlie, however, the flow of commerce should be left uninterrupted. Delays in information flow will only drive up business costs by creating a false scarcity of information and added uncertainty in decision making.