From the trust that forms the basis of Web commerce to the anti-trust concerns of smaller Web-based businesses, many of the current up-in-the-air issues on the Web will find their way to the Federal Trade Commission in Washington, D.C. And Commissioner Christine Varney is already preparing to deal with them.  Appointed to the FTC in late 1994, Varney, 41, has always taken a special interest in Internet-related commerce issues. Recently, for example, she helped organize a public workshop on Consumer Information Privacy.  In fact, conference preparations were in full swing when she stopped long enough to chat with D.C. Denison about some of the pressing issues facing the FTC and the World Wide Web.
Q. From reading your speeches, I get the feeling your approach to Internet fraud is: “A swindle is a swindle is a swindle, no matter where it happens.”
A. And if it sounds too good to be true, it probably is. Yes, that’s my view: when you’re talking about your garden-variety fraud, it’s a scam whether it’s through the mail, on the phone, or on the Internet. Although sometimes on the Internet, it can be a little more difficult to figure out that you’re getting scammed.
Q. Can you think of an example?
A. Let’s say that someone in your family comes down with cancer. You go all around the Web, and you’re looking for everything you can find on that form of cancer. Then you happen into what looks like a pretty good discussion group on the topic. And someone in the group is saying, “You know there’s this tree bark in Mexico, and it’s administered by this clinic. And it saved my husband’s life.” Then someone else says, “Yeah, we went too, and it saved our life as well.” So you say, “Tell me more about it. And you get into some long discussion over the next few days or weeks, and you never find out, because it’s never disclosed to you, that the person putting up this posting owns the trees, and the bark, and the charter company which is the only way to get there, and the institute that you have to stay in while you’re there. So it’s never disclosed to you that the people you’re chatting with have a pecuniary interest in any decision you may make. If you have that knowledge, it may influence your decision making.
Internet Privacy Developments at FTC Hearings
A recent FTC Public Workshop on Consumer Online Privacy, held in Washington from June 10-13 1997, and hosted by Commissioner Christine Varney, generated a surprising number of developments. Among them:
The announcement of a W3C Platform for Privacy Preferences (P3) Project, which allows Web sites to easily describe their privacy practices, as well as set policies about the collection and use of their personal data. Between the Web site’s practices and the user’s preferences, a flexible “negotiation” allows services to offer the preferred level of service and data protection to the user. If there is a match, access to the site is seamless; otherwise the user is notified of the difference and is offered other access options to proceed.
Microsoft announced that it will collaborate with Netscape, Firefly, and VeriSign on the creation of an Open Profiling Standard (OPS). OPS is designed to control how information collected by Web-based companies is used. The standard will be developed under the auspices of the W3C’s Privacy Working Group.
A group of eight database companies announced practices and guidelines for collecting personal information online. The participating companies include Lexis-Nexis, ChoicePoint, Database Technologies, Experian, First Data InfoSource/Donnelly Marketing, IRSC, Metromail, and Information America.
TRUSTe, backed by companies such as Oracle, Netscape, CyberCash, and IBM, unveiled a set of logos that will inform visitors to Web sites how the information collected on the site will be used.
Lucent Technologies demonstrated a “personal Web assistant” that is designed to protect the privacy of Web users. The Web assistant allows users to register at sites under a new identity, and continue to use that identity on future visits.
The Direct Marketing Association announced that it has drafted disclosure standards for its members. Although its policy is not mandatory, DMA president Robert Wientzen promised that eighty percent of DMA member Web sites would employ the standards within a year.
These proposals, and others offered at the FTC workshop, appear to confirm Commissioner Varney’s strategy of encouraging “market-based” privacy solutions over government regulation. But the FTC, and Congress, will no doubt be watching the follow-though over the next year, as they decide where and when government regulators will get involved with the Internet.
Q. So there are special cases on the Internet.
A. Right. The wonderful thing about the Web and the Internet is that you’re able to go and get information from any variety of sources, unfiltered, uncensored. But at the same time, you don’t always have the ability to judge if there are any other motivations from the people who are offering the opinions.
Q. You appear to support the view that the government should resist the impulse to create laws regarding Internet commerce.
A. Well, that kind of behavior that I just mentioned could be prosecuted under our existing laws under either our deception authority or our fraud authority. So we don’t need new law to prosecute that.
Q. And some of these issues aren’t new to the FTC. They’ve already come up in connection with credit cards, 900 numbers, and credit reporting bureaus.
A. Absolutely. In my view, there may not be a lot of new law that’s needed in order to prosecute abuses that occur on the Internet. But there are exceptions–for example, junk mail spamming. There is a cost to receiving unsolicited junk mail–it’s the cost of the time it takes to get online, open your mail, and trash it. It may be a minimal cost, but it’s a cost.
The same thing happened with unsolicited faxes. And Congress passed a law prohibiting that. We may have to do the same with regard to the Internet. You always have to balance First Amendment rights, free speech, and commercial speech. But unsolicited junk mail has some costs associated with it, so we’ll see where that one goes.
Q. Do you support the creation of an industry-based, market-based privacy solution?
A. I think that privacy has many facets; there may be a marketplace for privacy in some instances. When individuals go on the Internet and they are dealing one-on-one with interactions or transactions, there’s a true marketplace for privacy. If the individuals demand to know the privacy practices of the sites they are visiting, and refuse to go to sites that don’t disclose their privacy practices, then there’s a marketplace for privacy. Perhaps there will be technological solutions, and people will be able to make money by providing higher and lower levels of privacy, and figuring out disclosure codes and all kinds of stuff. There are arenas where I don’t think there is a marketplace for privacy. One is children. The other is for the collection of data about you when you’re not involved in the interaction or the transaction with the entity that’s doing the data collection.
It’s almost analogous to credit bureaus. There has arisen an industry whose sole purpose and product is to collect information about you, without your knowledge or consent, and then sell it. Sometimes that’s a valuable function in society. One of the companies that does this stuff was engaged in the search for the alleged Oklahoma bomber. And they found him within five minutes. It also turns out that the guy who originally got the license to distribute RU-486 in the United States was a convicted felon. The way they eventually found this out was by using one of these services.
So there can be legitimate societal uses for this information. But there can also be wild and rampant abuses. Individuals have no knowledge about what’s being collected on them, and what’s being used, what’s being done with it. And that’s an area where the government could get involved.
Q. In the past you’ve suggested that the W3C’s PICS (Platform for Internet Content) protocol could be useful in this area.