A. I’m not particularly worried about my credit card getting ripped off in the transmission. As everyone says, it’s more likely to get ripped off at a restaurant or in a phone transaction. I think the bigger problem with credit cards is very sophisticated hackers who can break into databases, and take out a thousand credit card numbers, and use them simultaneously. I don’t think the danger is so much with individual credit cards; it’s really the databases. Q. Last year you organized an “Internet Pyramid Surf Day.”
A. Oh yeah, that was my baby. We got all our state attorney generals, and our staff here in Washington. We identified a day and time and said, “Okay, everybody online now! Go!” There were probably a hundred of us, and we all spent four or five hours surfing the net, looking for scams.
Q. What did you do when you found them?
A. When we found something that looked suspicious, we sent an electronic message that said, “You may not be aware of it, but there are a whole series of rules that govern enterprises that are involved with multilevel distribution. And the Web site you have does not appear to comport with these rules.” So we gave them notice. We didn’t say, “You’re busted. Stop.” And we didn’t undertake huge investigations. We just surfed and visited places that on their face did not appear to comport with the multilevel distribution rules that apply on the state or federal level.
Q. How many did you identify?
A. About five hundred sites. Then we went back a couple of weeks later, and about half of them were down.
Q. And the rest?
A. Of the half that were still up, we started doing a little investigation, and probably some cases will come out of that.
Q. What did you learn from that exercise?
A. That there are a lot of fools on the Internet who don’t think they’re going to get caught.
Q. What are the biggest categories of Internet fraud?
A. Let’s see: there are travel scams, investment opportunity scams, business opportunity scams, and old fashioned pyramid schemes: send us $5 and we’ll send you $20.
Q. I think I got one of those in my email box this morning.
A. Send it to us. We’ll take a look at it.
Q. Trust is a big issue on the Web: am I the person I say I am. Is that one of the FTC’s concerns?
A. The Clinton administration is very interested in promoting commerce on the Internet, electronic commerce. And I have said, many times, that there are four elements that are necessary for Internet commerce to really take off:
Authenticity –that you are who you say you are.
Security –nothing’s going to happen to your credit card.
Privacy –you know what information is being collected about you, and what’s being done with it. Recourse –if you’re unhappy with the transaction, you know you can get your money back. All of these include some level of trust. And until the Internet evolves to the point where those four can be assured, I don’t think electronic commerce is going to take off.
Q. Is it the government’s role to make those things happen? A. That’s the big question: what is the appropriate level of government in any of those. Right now everybody says, “Government stay out. Because if you get involved, you’ll only muck it up.” But at some point, I think that dialogue is going to change. For example, banks will be coming to the government and saying, “You’re going to have to set some floors for doing business on the Internet, because we’re getting killed by shady operators.” We may see the National Retail Federation coming to the FTC or to Congress and saying, “You need to set some floors for recourse and redress on the Internet. Because some people are going out of business the second they sell everything, and people are left holding the bag. And it’s really discouraging commerce on the Internet.”
So right now the view is: Do nothing. Stay out of the way. I suspect that that view will evolve over time to a point where the various sectors of the economy that want to be active on the Internet, will identify the need for the government to come in and set some floors.
Q. But you want to give those sectors the opportunity to come up with an industry-based solution first? A. Absolutely. Because technological solutions, which we can’t even imagine yet, will be viable on the Internet. And government solutions may retard technical innovation. Q. Does everything change when you’re talking about kids? A. For me it does. Because I don’t think there’s any such thing as valid consent from a 10-year-old. To the extent that blocking software really works, I think that can be a great help to parents. But what do you do about those sites that spring up before they can get blocked, that collect enormous amounts of information from children about their families and then sell it? That’s where the FTC might get involved.
Q. What are your favorite search phrases? A. “Get Rich Quick,” “Free Travel,” “Fast Money.” I just put in any words like that that come into my head. In fact I think there’s an area in Yahoo! Business and Economy called “Get Rich Quick.” It’s really very funny. Q. Going from trust to anti-trust, what are the biggest issues in that arena, in your opinion? A. Well I don’t think they’re specifically Internet-related, but they are high tech related–bio high tech and electronic high tech. When you’re in a high tech field, you’re usually dealing with high degrees of R&D. And when you see companies either merging, joint-venturing, or entering into other kinds of strategic alliances–it’s sometimes, in high tech, very hard to figure out where there might be anti-competitive consequences. Because you can’t figure out whether vertical integration is simply more efficient, or whether it’s choking competition.
For example, you’ll see that Microsoft integrates its Internet Explorer browser into its operating system, and Netscape creates an operating system. Now what you’re seeing is what we had previously thought of as two product markets collapsing into one market–the browser market and the operating system market are now one market.
Say, for example, that we never thought of Microsoft as being in the browser market at all. Under traditional anti-trust theory, there would be no problem with them acquiring Netscape. It would not be considered anti-competitive. Now you and I know in our souls that that would be incredibly anti-competitive. But there aren’t traditional anti-trust models that would have predicted that. So it’s a very difficult problem to figure out when innovation is being enhanced–because you’re concentrating resources, you’re getting synergies, you’re increasing efficiency–when innovation and competition are being stifled.
Q. So how do you proceed? A. Very carefully. You tread very carefully. And you pay very close attention to what industry leaders are saying. Q. What’s your view on Congress’ role concerning these issues? If regulatory bodies like the FTC are slow, Congress is slower and more reactive to public opinion. A. Well, I think that privacy is breaking through as an issue on the Hill. In the last two-year session of Congress I think there were something like seven thousand bills, and one thousand of them had some sort of privacy provision. And about one hundred had some real significant level of privacy in them. So I think that the privacy issue is going to come up; I think that Congress is going to get pulled into encryption one way of the other. Probably kicking and screaming. There are also a lot of copyright issues, and Congress may have to get involved in those. But I think the legislative process will be very, very slow. To the extent that Congress sees immediate harm, or immediate political gain, then they’ll enact legislation quickly. But I’m not sure that they see that in any of the areas I’ve identified.
Q. What does that mean for the FTC?
A. I think it means that Congress is looking to us to point out areas where we think they need to legislate. And they are also looking to us to provide some solutions. One of the models we’ve talked about is that we have issued “agency guidelines,” which don’t have the force of law, in the context of environmental advertising–they are called “Green Guides.” So if a company is going to make a claim about being “environmental,” we wrote guidelines–at the industry’s request–that now have the force of law. And most of the mainstream players abide by those laws. To the extent that we see advertising that’s not consistent with those rules, we often prosecute it as either deceptive, or fraudulent, or unfair. What it does, in effect, is create a safe harbor. It says, “If you play within these confines, you’re okay.” If you get outside of them, you’re outside of them at your own peril. We could conceivably do the same thing regarding kids’ information collection practices, kids’ advertising practices. But if we did it, we’d do it with the industry. We’d sit down at the table with who we consider to be the legitimate players, who are concerned about these issues, and try and help craft rules that make sense. The advantage is that the rules will be much more flexible than regulation, because you can change them constantly.
The other way we could go was something that happened a few years ago. Congress passed a law called the Telemarketing Fraud Act. And the act is like two paragraphs: it says telemarketing fraud is fraud. It costs us $40 million a year, it’s illegal, it’s prohibited, and the FTC should go write regulations. What we did, based on that law, was we sat down with the legitimate telemarketers–and there are some–and said, “Okay. What do you currently do?” And then we wrote rules that really reflected their practices. So we weren’t putting an additional burden on Time Warner, which is a legitimate telemarketer trying to sell Time Magazine , but we created a framework that reflected the current best practices in legitimate industry. And the industry was very supportive.
Now we were able to do that because Congress told us to. It’s very hard for us to enact regulation in the absence of a directive from Congress. We can do it, but it’s burdensome, it’s cumbersome, and it’s lengthy. So presumably Congress can write a law that says, “Collection of information from children without their parents’ knowledge or consent is reprehensible and shouldn’t be done. FTC go write rules.”
Q. Those are two very flexible approaches. A. The latter is less flexible because, although it’s stronger, it clearly outlines what’s legal and what’s illegal. That may be a good thing. The former is more flexible, and you could probably get it done quicker. And we may end up doing both. Q. It sounds like you’re trying to use the power of the FTC without having to go through the long, arduous law-making process. A. Well, I wouldn’t put it that way. I’d say we’re extremely respectful of what’s an appropriate role for Congress, and what’s an appropriate role for the court, and what’s an appropriate role for the regulatory agencies. And I think that sometimes a Federal Regulatory agency can step up to the plate and provide industry guidance with what the regulatory agency thinks is the best practice–maybe before it’s right for the Congress to legislate it. Or maybe it will never be right for Congress to legislate it. Because maybe there won’t be a problem. Q. You’ve been on the FTC since 1994. What’s the most dramatic change in your own thinking? A. I guess I thought, back in 1994, that we should focus all our energy in the policy arena, and not much in law enforcement. Because I thought everybody on the Internet was sophisticated and smart, and I didn’t think there would be that much garden-variety fraud. But I’ve been really astounded by the amount of fraud. Guess what: it’s not only wizards on the Internet anymore.  The images of Christine Varney you see in the hardcopy version of this issue were taken from a QuickTime movie, courtesy of Return to text