The privacy debate could get 'dangerous' for the FTC

Former FTC acting chair Maureen Ohlhausen has a warning for Lina Khan.

Maureen Ohlhausen

Former FTC acting chair Maureen Ohlhausen spoke with Protocol about the current state of the agency.

Photo: Nicholas Kamm/AFP via Getty Images

There’s one debate over privacy in Congress and another at the Federal Trade Commission, but the two are tightly linked, former FTC acting chair Maureen Ohlhausen told Protocol — and not in a way that’s good for the agency’s plans.

Ohlhausen, a Republican, is now co-chair of a group that represents internet service providers, and she testified at a House hearing Tuesday on the bipartisan, bicameral privacy proposal currently under consideration. Although the measure still faces headwinds in the Senate, Ohlhausen said she thinks lawmakers are much closer to an agreement than when she left the FTC in 2018. She also said that, with some tweaks, the measure would have a lot more to offer the business sector than the status quo, despite the complaints from some powerful lobbying interests.

The conversation kept returning to the FTC, however, and for Ohlhausen, many of her concerns about where privacy rules could go revolve around the agency where she also spent more than a decade as a staffer. She sees danger in current chair Lina Khan’s push for the FTC to undertake a privacy rule-making, as much to companies that use consumer information as to the agency itself. Khan has said she’s trying to reinvigorate an FTC that’s long let consumers down and deferred to big business, but Ohlhausen repeatedly joined Khan’s critics in urging her to stick to punishing companies one at a time, bring GOP commissioners back into decision-making and address staff discontent.

This interview has been edited for length and clarity.

You've testified in Congress about privacy legislation a few times over the last couple of years. How did this hearing rate?

I think it's enormous progress. We have a lot of different people representing different aspects of the ecosystem. They are generally supporting the bill. And we also saw a lot of bipartisan agreement, bicameral agreement. We can see progress from the first time I testified on this after I left the FTC. You can see that there has been this movement of more people getting on board, more different pieces coming together.

Preemption and consumer lawsuits have been the biggest fissures for years now, but lawmakers have mostly found compromises there. What did you hear at the hearing that seemed it might be among the toughest things for lawmakers to come together on now?

You can see some of the issues involving the definitions. So [issues could arise on] the definition of “algorithm,” because that's very broad. I mean, the definition is “a computational process including” — not “limited to” — “one derived from machine learning or artificial intelligence techniques, that makes or facilitates a decision or facilitates human decision making with respect to covered data.” That's really broad, because those other things don't limit it. It says it includes them. I think that's one of the concerns, that it can be extremely burdensome if you need to do one of these [algorithmic] impact assessments for every computational process you do on data that helps a human decision.

And then the other [potential issue] was on sensitive covered data. Several members mentioned we need to preserve the business model that has allowed all these free, incredible services to be available to consumers. Targeted advertising seems to be explicitly allowed with opt-out, but some of the definitions of sensitive data make it unclear, because it seems like it would actually require opt-in. I think there was an understanding that you don't want to break a business model. You want to give additional protections there, and maybe you want to change it. But it has been a source of, I think, enormous consumer benefit and competitive benefits.

A lot of the folks who are testifying along with you were suggesting fixes. But we’re also seeing the Chamber of Commerce more or less opposing this. It kind of represents business writ large. Do you think the business community is going to try to stop it?

I think the business community really wants this to pass. The position that the Chamber put forward, I wasn't hearing that from the Republican committee members. All the witnesses represented different constituencies, some of them other business constituencies. They were generally positive on it. They weren't saying, “Oh, rip this up and start over.” They were saying, “Well, you know, watch out here, clarify that, don't go too far here.” But no sense of general opposition.

There are concerns about some of the actions the FTC has been taking, and what it might do given very open-ended authority, but I've always said the way forward is for Congress to give the FTC clear direction. This bill really does that. FTC leadership wants to engage in very broad rule-making. But I think this bill is much more: Congress makes those hard cuts, [gives] clear guidance. The FTC has the enforcement role and the more limited role of filling in some of the details under congressional direction.

[The bill] needs some tweaking, but I think it really is a good path forward. I do think there is a lot of business support for it. I think they would rather have this bill than some sort of open-ended FTC rule-making. I think the expectation from some who want to push that [rule-making] is that they will somehow be able to put all these new restrictions in there. The FTC only has the authority Congress gave it. They shouldn’t be a legislature.

Chair Khan did a bunch of media interviews last week, and when she and I talked, she seemed to be particularly interested in regulating data, maybe even if Congress goes ahead with this law.

If this bill passes, I think it would be kind of odd for the FTC to go off on its own and do some separate rule-making. I think you've gotten pretty clear direction from Congress about where the boundaries are, where Congress has made the decision on balancing consumer rights and the beneficial uses of data. I would hope the FTC wouldn't go forward. They’re going to have enough to do under this bill.

The other thing is, when I was acting chairman for about a year and a half, we did plenty of privacy enforcement. It had to be bipartisan because it was just me and Terrell McSweeny: one Republican and one Democrat. Rule-making is not the only path. The FTC can proceed through case-by-case enforcement like it has, which I think has been fairly effective.

It's also possible that there might be some limited rule-making that Republicans would support, and you've seen that already in some other consumer protection areas. It's possible that Chair Khan wants to go down this road, but there are a lot of risks and opportunity costs. If you're doing [rule-making], you're not bringing enforcement cases. We've seen a big drop-off in enforcement in her first year, and it's not because she didn't have a majority. I didn't have a majority, and enforcement did not fall off. Maybe she'll continue down that road, but I'm hopeful Congress passes this bill and then the FTC just moves forward on implementing the bill.

People talk a lot about Khan’s tenure producing an unusually partisan commission. Do you think that's right? It's not as if there have never before been party-line votes, debates or stinging dissents.

I think this is very different. [During my time,] we got a lot done. There were a few things we disagreed on. We agreed to disagree, and we moved forward. And we kept up a high level of enforcement. Staff was very happy, and that was at a time when there was a lot of anxiety: What's the Trump administration going to do? What we're seeing now is changes to reduce the ability of other commissioners to get information to participate in things. I haven't seen that before. I was at the commission for six and a half years; I was in the majority for three months. But it was always very, very functional. I didn't feel, when I was in the minority in the Obama administration, that I was cut off. The chair’s office runs things, but it was on a much more collegial basis. And I think you see that reflected also in how the staff has responded. There's lots of reports about career staff saying, “The chair doesn't talk to us. We don't get an opportunity to weigh in.” I'm not in the building, but I think that reflects a different management style than we've ever seen at the FTC previously.

I wonder if you could talk about some of the external threats that the FTC is facing. I'm thinking of the Axon case coming up to the Supreme Court. It seems like, by next year, the justices may well say that companies facing the FTC’s internal, court-like system can challenge the whole process in federal court and make the FTC go through a sort of pre-litigation litigation.

I used to say, “Avoid doing things that unite your enemies.” The FTC is a small agency with a vague statute. When it stuck generally to case-by-case enforcement on the antitrust side, and seeking redress in limited cases against fraudsters, it got a lot of support. Congress was happy. We brought cases that big companies didn't like, not saying that we didn’t. We challenged things, but the current FTC is pushing into saying, “Well, we now want to take on much more of a regulatory role. We want to do rule-making.” It's at a time also where the fundamental structure of agencies like the FTC is being re-examined. The FTC is facing a lot of headwinds in that area, and it needs to be careful. People say, “The FTC can do this, and they can do that, and all they risk is losing that case.” And I say that's absolutely not true. They gambled on disgorgement and lost big [at the Supreme Court], because it brought together enough people saying, “There aren't enough guardrails on this. It's not rooted in the statute.” That's kind of what I see here: concern about pushing against all these boundaries that will put the entire structure of the agency at risk. Pushing these aggressive theories at a time when the agency’s foundational structure is being questioned just creates a dangerous possibility that the agency loses more than just that case.


Niantic’s future hinges on mapping the metaverse

The maker of Pokémon Go is hoping the metaverse will deliver its next big break.

Niantic's new standalone messaging and social app, Campfire, is a way to get players organizing and meeting up in the real world. It launches today for select Pokémon Go players.

Image: Niantic

Pokémon Go sent Niantic to the moon. But now the San Francisco-based augmented reality developer has returned to earth, and it’s been trying to chart its way back to the stars ever since. The company yesterday announced layoffs of about 8% of its workforce (about 85 to 90 people) and canceled four projects, Bloomberg reported, signaling another disappointment for the studio that still generates about $1 billion in revenue per year from Pokémon Go.

Finding its next big hit has been Niantic’s priority for years, and the company has been coming up short. For much of the past year or so, Niantic has turned its attention to the metaverse, with hopes that its location-based mobile games, AR tech and company philosophy around fostering physical connection and outdoor exploration can help it build what it now calls the “real world metaverse.”

Keep Reading Show less
Nick Statt

Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

Every day, millions of us press the “order” button on our favorite coffee store's mobile application: Our chosen brew will be on the counter when we arrive. It’s a personalized, seamless experience that we have all come to expect. What we don’t know is what’s happening behind the scenes. The mobile application is sourcing data from a database that stores information about each customer and what their favorite coffee drinks are. It is also leveraging event-streaming data in real time to ensure the ingredients for your personal coffee are in supply at your local store.

Applications like this power our daily lives, and if they can’t access massive amounts of data stored in a database as well as stream data “in motion” instantaneously, you — and millions of customers — won’t have these in-the-moment experiences.

Keep Reading Show less
Jennifer Goforth Gregory
Jennifer Goforth Gregory has worked in the B2B technology industry for over 20 years. As a freelance writer she writes for top technology brands, including IBM, HPE, Adobe, AT&T, Verizon, Epson, Oracle, Intel and Square. She specializes in a wide range of technology, such as AI, IoT, cloud, cybersecurity, and CX. Jennifer also wrote a bestselling book The Freelance Content Marketing Writer to help other writers launch a high earning freelance business.

Supreme Court takes a sledgehammer to greenhouse gas regulations

The court ruled 6-3 that the EPA cannot use the Clean Air Act to regulate power plant greenhouse gas emissions. That leaves a patchwork of policies from states, utilities and, increasingly, tech companies to pick up the slack.

The Supreme Court struck a major blow to the federal government's ability to regulate greenhouse gases.

Eric Lee/Bloomberg via Getty Images

Striking down the right to abortion may be the Supreme Court's highest-profile decision this term. But on Thursday, the court handed down an equally massive verdict on the federal government's ability to regulate greenhouse gas emissions. In the case of West Virginia v. EPA, the court decided that the agency has no ability to regulate greenhouse gas pollution under the Clean Air Act. Weakening the federal government's powers leaves a patchwork of states, utilities and, increasingly, tech companies to pick up the slack in reducing carbon pollution.

Keep Reading Show less
Brian Kahn

Brian ( @blkahn) is Protocol's climate editor. Previously, he was the managing editor and founding senior writer at Earther, Gizmodo's climate site, where he covered everything from the weather to Big Oil's influence on politics. He also reported for Climate Central and the Wall Street Journal. In the even more distant past, he led sleigh rides to visit a herd of 7,000 elk and boat tours on the deepest lake in the U.S.


Can crypto regulate itself? The Lummis-Gillibrand bill hopes so.

Creating the equivalent of the stock markets’ FINRA for crypto is the ideal, but experts doubt that it will be easy.

The idea of creating a government-sanctioned private regulatory association has been drawing more attention in the debate over how to rein in a fast-growing industry whose technological quirks have baffled policymakers.

Illustration: Christopher T. Fong/Protocol

Regulating crypto is complicated. That’s why Sens. Cynthia Lummis and Kirsten Gillibrand want to explore the creation of a private sector group to help federal regulators do their job.

The bipartisan bill introduced by Lummis and Gillibrand would require the CFTC and the SEC to work with the crypto industry to look into setting up a self-regulatory organization to “facilitate innovative, efficient and orderly markets for digital assets.”

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.


Alperovitch: Cybersecurity defenders can’t be on high alert every day

With the continued threat of Russian cyber escalation, cybersecurity and geopolitics expert Dmitri Alperovitch says it’s not ideal for the U.S. to oscillate between moments of high alert and lesser states of cyber readiness.

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike) speaks at RSA Conference 2022.

Photo: RSA Conference

When it comes to cybersecurity vigilance, Dmitri Alperovitch wants to see more focus on resiliency of IT systems — and less on doing "surges" around particular dates or events.

For instance, whatever Russia is doing at the moment.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.

Latest Stories