[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]
DO-NOT-TRACK LEGISLATION: IS NOW THE RIGHT TIME?
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON COMMERCE, TRADE,
AND CONSUMER PROTECTION
OF THE
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED ELEVENTH CONGRESS
SECOND SESSION
__________
DECEMBER 2, 2010
__________
Serial No. 111-161
Printed for the use of the Committee on Energy and Commerce
energycommerce.house.gov
----------
U.S. GOVERNMENT PRINTING OFFICE
78-138 PDF WASHINGTON : 2013
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON ENERGY AND COMMERCE
HENRY A. WAXMAN, California, Chairman
JOHN D. DINGELL, Michigan JOE BARTON, Texas
Chairman Emeritus Ranking Member
EDWARD J. MARKEY, Massachusetts RALPH M. HALL, Texas
RICK BOUCHER, Virginia FRED UPTON, Michigan
FRANK PALLONE, Jr., New Jersey CLIFF STEARNS, Florida
BART GORDON, Tennessee NATHAN DEAL, Georgia
BOBBY L. RUSH, Illinois ED WHITFIELD, Kentucky
ANNA G. ESHOO, California JOHN SHIMKUS, Illinois
BART STUPAK, Michigan JOHN B. SHADEGG, Arizona
ELIOT L. ENGEL, New York ROY BLUNT, Missouri
GENE GREEN, Texas STEVE BUYER, Indiana
DIANA DeGETTE, Colorado GEORGE RADANOVICH, California
Vice Chairman JOSEPH R. PITTS, Pennsylvania
LOIS CAPPS, California MARY BONO MACK, California
MICHAEL F. DOYLE, Pennsylvania GREG WALDEN, Oregon
JANE HARMAN, California LEE TERRY, Nebraska
TOM ALLEN, Maine MIKE ROGERS, Michigan
JANICE D. SCHAKOWSKY, Illinois SUE WILKINS MYRICK, North Carolina
CHARLES A. GONZALEZ, Texas JOHN SULLIVAN, Oklahoma
JAY INSLEE, Washington TIM MURPHY, Pennsylvania
TAMMY BALDWIN, Wisconsin MICHAEL C. BURGESS, Texas
MIKE ROSS, Arkansas MARSHA BLACKBURN, Tennessee
ANTHONY D. WEINER, New York PHIL GINGREY, Georgia
JIM MATHESON, Utah STEVE SCALISE, Louisiana
G.K. BUTTERFIELD, North Carolina
CHARLIE MELANCON, Louisiana
JOHN BARROW, Georgia
BARON P. HILL, Indiana
DORIS O. MATSUI, California
DONNA M. CHRISTENSEN, Virgin
Islands
KATHY CASTOR, Florida
JOHN P. SARBANES, Maryland
CHRISTOPHER S. MURPHY, Connecticut
ZACHARY T. SPACE, Ohio
JERRY McNERNEY, California
BETTY SUTTON, Ohio
BRUCE L. BRALEY, Iowa
PETER WELCH, Vermont
Subcommittee on Commerce, Trade, and Consumer Protection
BOBBY L. RUSH, Illinois
Chairman
JANICE D. SCHAKOWSKY, Illinois CLIFF STEARNS, Florida
Vice Chair Ranking Member
JOHN SARBANES, Maryland RALPH M. HALL, Texas
BETTY SUTTON, Ohio ED WHITFIELD, Kentucky
FRANK PALLONE, Jr., New Jersey GEORGE RADANOVICH, California
BART GORDON, Tennessee JOSEPH R. PITTS, Pennsylvania
BART STUPAK, Michigan MARY BONO MACK, California
GENE GREEN, Texas LEE TERRY, Nebraska
CHARLES A. GONZALEZ, Texas MIKE ROGERS, Michigan
ANTHONY D. WEINER, New York SUE WILKINS MYRICK, North Carolina
JIM MATHESON, Utah MICHAEL C. BURGESS, Texas
G.K. BUTTERFIELD, North Carolina
JOHN BARROW, Georgia
DORIS O. MATSUI, California
KATHY CASTOR, Florida
ZACHARY T. SPACE, Ohio
BRUCE L. BRALEY, Iowa
DIANA DeGETTE, Colorado
JOHN D. DINGELL, Michigan (ex
officio)
C O N T E N T S
----------
Page
Hon. Bobby L. Rush, a Representative in Congress from the State
of Illinois, opening statement................................. 2
Hon. Ed Whitfield, a Representative in Congress from the
Commonwealth of Kentucky, opening statement.................... 3
Prepared statement........................................... 5
Hon. Lee Terry, a Representative in Congress from the State of
Nebraska, opening statement.................................... 10
Hon. Betty Sutton, a Representative in Congress from the State of
Ohio, prepared statement....................................... 11
Hon. Steve Scalise, a Representative in Congress from the State
of Louisiana, opening statement................................ 12
Hon. Henry A. Waxman, a Representative in Congress from the State
of California, prepared statement.............................. 125
Hon. John D. Dingell, a Representative in Congress from the State
of Michigan, prepared statement................................ 130
Hon. Joe Barton, a Representative in Congress from the State of
Texas, prepared statement...................................... 131
Hon. John Barrow, a Representative in Congress from the State of
Georgia, prepared statement.................................... 135
Hon. Mary Bono Mack, a Representative in Congress from the State
of California, prepared statement.............................. 136
Witnesses
Daniel J. Weitzner, Associate Administrator for Policy, National
Telecommunications and Information Administration, U.S.
Department of Commerce......................................... 13
Prepared statement........................................... 16
Answers to submitted questions............................... 138
David Vladeck, Director, Bureau of Consumer Protection, Federal
Trade Commission............................................... 29
Prepared statement........................................... 31
Susan Grant, Director of Consumer Protection, Consumer Federation
of America..................................................... 62
Prepared statement........................................... 66
Answers to submitted questions............................... 144
Joseph Pasqua, Vice President of Research, Symantec Corporation.. 72
Prepared statement........................................... 74
Joan Gillman, Executive Vice President and President, Media
Sales, Time Warner Cable....................................... 85
Prepared statement........................................... 87
Eben Moglen, Legal Advisor, Diaspora, Professor of Law, Columbia
University, Founding Director, Software Freedom Law Center..... 95
Prepared statement........................................... 97
Daniel Castro, Senior Analyst, Information Technology and
Innovation Foundation.......................................... 101
Prepared statement........................................... 103
Answers to submitted questions............................... 149
DO-NOT-TRACK LEGISLATION: IS NOW THE RIGHT TIME?
----------
THURSDAY, DECEMBER 2, 2010
House of Representatives,
Subcommittee on Commerce, Trade,
and Consumer Protection,
Committee on Energy and Commerce,
Washington, DC.
The subcommittee met, pursuant to call, at 11:14 a.m., in
Room 2123, Rayburn House Office Building, Hon. Bobby L. Rush
[chairman of the subcommittee] presiding.
Present: Representatives Rush, Dingell, Schakowsky, Sutton,
Green, Gonzalez, Barrow, Matsui, Space, Markey, Whitfield,
Pitts, Bono Mack, Terry, Murphy, Gingrey, Latta, and Scalise.
Staff Present: Michelle Ash, Chief Counsel; Tim Robinson,
Counsel; Felipe Mendoza, Counsel; Michael Ostheimer, Counsel;
Will Wallace, Special Assistant; Brian McCullough, Minority
Counsel; and Sam Costello, Minority Counsel.
Mr. Rush. Good morning to all who are gathered here.
And we want to convene this hearing on the Subcommittee on
Commerce, Trade, and Consumer Protection. So the hearing is now
called to order. And we will begin with opening statements,
with two announcements by the chair.
There are possibly five votes that are currently occurring
on the floor. So, at this time, we will have the opening
statements from the chair and from the ranking member. At the
conclusion of those opening statements, we will recess and go
vote, and we will reconvene probably close to around the noon
hour. And then we will leave the--we will allow Members on both
sides to continue their opening statements for a half an hour.
So, upon reconvening, the Members will be given an additional
half an hour for their opening statements.
And the purpose of that is to allow Members to deliver
their opening statements, but also to do it within a certain
specified time span so that we won't have stragglers coming in
and keeping the opening statements--keeping this phase--
prolonging this phase.
So that is how we will operate this morning.
Mr. Barrow. Mr. Chairman?
Mr. Rush. Yes?
Mr. Barrow. Mr. Chairman, some of us have conflicting
committee hours. Would this be an appropriate time to ask for
unanimous consent that all Members of the committee might have
5 legislative days within which to submit a statement for the
record?
Mr. Rush. I would think so. If there is no objection?
Hearing no objection, so ordered.
Mr. Barrow. Thank you, Mr. Chairman.
OPENING STATEMENT OF HON. BOBBY L. RUSH, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF ILLINOIS
Mr. Rush. The chair recognizes himself for 5 minutes for
the purpose of an opening statement.
Good morning. We are pleased to welcome into our midst
today seven witnesses. They have graciously offered to share
their views with this subcommittee about the feasibility of a
legislative Do Not Track mechanism and how technological
solutions to privacy perils and pitfalls could augment a
comprehensive national privacy framework.
Through such a mechanism, consumers could advise would-be
trackers unambiguously and persistently that they do not wish
to be followed by digital snoopers and spies across Web sites
and their various fixed and mobile computing devices.
More than 2 years ago, I heard testimony, as chairman of
this very same subcommittee, from Ms. Lois Greisman, the FTC's
associate director of Division of Marketing Practices. And Ms.
Greisman spoke about the FTC's successes in routing out the
excessive and abusive telemarketing acts and practices through
the Do Not Call Registry.
From fiscal years 2003 through 2007, more than 145 million
telephone numbers had been entered into the Do Not Call
Registry. Over the same period, approximately $80 million in
fees have been collected from a base of over 18,000 unique
entities who access from the registry.
As part of that opt-out and enforcement regime, the FTC
stood prepared to initiate cases under its telecommunications
sales rules to obtain temporary and permanent injunctions
against violations, secure orders for more than half a million
dollars in consumer restitution, and refer civil penalty action
to the Department of Justice.
Almost a year before Associate Director Greisman's 2010
testimony and following 2 days of FTC town-hall meetings on
online behavior tracking in the fall of 2007, the Consumer
Federation of America and other privacy groups noted that self-
regulatory initiatives devised by industry had, sadly, failed.
One of those groups, the Consumer Federation of America, which
happens to be represented today by Ms. Susan Grant, called upon
the FTC way back then to implement a one-stop opt-out for
online tracking, similar to the agency's successful Do Not Call
Registry.
At the end of this second session of the 111th Congress, it
would appear that we have come full circle with the FTC's
endorsement of a Do Not Track mechanism that was released just
yesterday as part of its preliminary staff report. The title of
that draft report is ``Protecting Consumer Privacy in an Era of
Rapid Change.''
Being the last hearing of this subcommittee that I will
chair in this Congress, please allow me to reflect briefly on
some of the major accomplishments and achievements of the CTCP
Subcommittee over the 110th and 111th Congresses.
With the assistance of my able colleagues on both sides of
the aisle, I have convened hearings, markups, and helped to
guide, under the leadership of Chairman Waxman, to guide
successfully more than a dozen bills out of the full committee,
including the Consumer Product Safety Improvement Act and the
Wall Street Reform Act.
Our subcommittee was also very active in conducting
oversight over the National Highway and Traffic Safety
Administration in the wake of massive recalls of unsafe
automobiles. We have also asked questions at hearings about the
effects of the disastrous Macondo oil well spill on the gulf-
area tourism and travel industry and the health effects of
formaldehyde on persons in post-Katrina trailers.
I am especially and I am immensely proud of the
collaboration that has existed between this subcommittee and
the CTI, the Communications, Technology, and Internet
Subcommittee, currently led by my friend, Chairman Boucher. In
working closely with CTI to conduct oversight and to draft
legislation, our two subcommittees held six joint hearings
during the 111th Congress on a range of public safety and
consumer protection topics, including texting while driving and
online and offline privacy.
And I do believe that the record will show that this
subcommittee was highly productive, very effective in
accomplishing a lot, much, in a relatively short period of
time.
With that said, I once again thank the witnesses for coming
in this morning. I thank my colleagues on both sides of the
aisle who are members of this subcommittee. And I yield back
the balance of my time.
And I recognize now the ranking member of the subcommittee,
Mr. Whitfield, for 5 minutes for the purpose of an opening
statement.
OPENING STATEMENT OF HON. ED WHITFIELD, A REPRESENTATIVE IN
CONGRESS FROM THE COMMONWEALTH OF KENTUCKY
Mr. Whitfield. Thank you, Chairman Rush.
And we appreciate your holding this hearing today on the Do
Not Track concept. I say that because I don't think we really
have any legislation, but it is an idea. And we all recognize
that consumer protection for the Internet is an important issue
and one that I am glad this subcommittee continues to address.
I believe that all of us understand that the Do Not Call
Registry, which was developed over many years of legislation
and dialogue, has been very successful because it does provide
a mechanism for consumers to stop unsolicited cold calls from
telemarketers.
However, I am concerned with taking a similar model and
applying it to the Internet by establishing a Do Not Track
system simply because we are not really comparing apples to
apples.
First, I am not sure the technology is in place to
establish such a mechanism. It is my understanding that there
are several competing technologies out there on how exactly to
create a Do Not Track list. And so the question would be, is
the government really the best entity to make that decision?
I also think we need to ask what will happen to
advertisement-supported Internet content if a Do Not Track
system is implemented. In order for Internet content to remain
largely free to consumers, it is supported by advertising.
Would an advertising model be sustainable in the absence of
marketers' ability to track?
In addition, I assume most consumers would rather see
advertisements they are interested in rather than completely
irrelevant advertising. So if a Do Not Track system was
implemented, would consumers receive less-relevant ads?
While I agree that it is important for consumers to have an
understanding of what information is being collected and how it
is used, we need to seriously discuss the Do Not Track model to
evaluate whether it accomplishes the appropriate objectives.
Some have expressed concern that a one-size-fits-all Do Not
Track model could impact consumers' choices by preventing their
access to the benefits of online advertising. Now, personally,
I believe a better approach may be to empower consumers to have
better control over their online experience. For example, why
not have disclosures which let consumers know what type of
information is being collected and how it is being used or
allow consumers to tailor their online browsing experience so
that they may promptly have the benefits of information
specific to their interests?
Lastly, I think we should be mindful about the economic
impact this proposal could have, particularly since we are in
the middle of the holiday gift-giving season and we understand
that more shoppers are buying their holiday gifts online each
year--a benefit to many consumers and businesses that never
would have reached each other before the Internet became
mainstream. We need to be mindful not to enact legislation that
would hurt a recovering economy. To that end, I am curious to
find out if there have been any economic-impact studies or
reports to see how implementing a Do Not Track system would
impact our economy.
Once again, I appreciate Chairman Rush's interest in the
issue, his strong dedication to online privacy. And I look
forward to the testimony of our witnesses today.
And one other comment that I might make on an unrelated
matter. I know that Chairman Genachowski and the FCC are
looking at issuing some new Net neutrality rules. As we know,
there have been some court decisions on that issue. And I hope
that the FCC does not move in that direction right now, and
give us an opportunity to further explore that issue here in
the Congress.
And I yield back the balance of my time. Thank you, Mr.
Chairman.
[The prepared statement of Mr. Whitfield follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rush. I think we have 5 minutes remaining--2 minutes?
Two minutes, OK.
Well, the subcommittee now stands in recess until the
conclusion of this series of five votes on the floor.
[Recess.]
Mr. Space [presiding]. The hearing will come to order.
And we were in the middle of opening statements when we
were called for a vote. And I believe the gentleman from
Nebraska, Mr. Terry is next.
OPENING STATEMENT OF HON. LEE TERRY, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF NEBRASKA
Mr. Terry. Thank you, Mr. Space.
The issue that we are here on, targeting and creating this
``do not target'' list or whatever it will be called is--I
think it is worthy of discussion and looking into. Of course,
it is going to be an issue of how we define it and how we
really help consumers here.
I was one of the eight, I think, classified the ``Do Not
Call Eight.'' There were eight of us that voted against the Do
Not Call list. And there are ways of helping consumers and not
helping consumers, and we want to make sure we do it the right
way.
I am actually more frustrated with the FCC than either two
of you sitting here today, and the actions taken by the FCC
chairman to usurp congressional power and authority in a new
proposed order of regulating the Internet. Certainly, doing
that on the eve of a new Congress is a message to us that they
want to ram it down the public's throats before an opportunity
comes for a different majority in the House of Representatives.
But the issue is very bipartisan against the FCC's power grab.
Now, the order has been circulated amongst the Members. We
don't get to see it in Congress yet. This committee, Energy and
Commerce, Telecom Subcommittee, partially this subcommittee,
have authority, jurisdiction. We are cut out of the deal. AT&T
has ostensibly agreed to something under duress, is my personal
opinion. It was, ``Either you agree to this, or we are really
going to come after you.''
And I think those type of tactics of the public not
knowing, that order of how to regulate the Internet, doing it
under duress, making parties agree to things under threat of,
``Well, it will be worse for you if you don't,'' those are the
type of tactics that the public rejected on November 2nd. And
so I would call on the FCC to stand down, don't go forward with
the proposed order on regulating the Internet.
I yield back.
Mr. Space. Thank you, Mr. Terry.
The gentlewoman from Ohio, Ms. Sutton.
Ms. Sutton. Thank you, Mr. Chairman. I will just submit my
opening statement for the record so we can move along to the
testimony. Thank you.
[The prepared statement of Ms. Sutton follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Rush. Thank you, Ms. Sutton.
The congressman from Louisiana, Mr. Scalise.
OPENING STATEMENT OF HON. STEVE SCALISE, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF LOUISIANA
Mr. Scalise. Thank you, Mr. Chairman.
We have learned at previous hearings that Web tracking can
provide valuable information to businesses and marketers, thus
enabling them to provide targeted online advertisements. And
these benefits are not just limited to businesses. Consumers
can enjoy a personalized Web experience and receive ads
tailored to their interests without having to search or sit
through a sales pitch.
And just as important, tracking and behavioral
advertisements benefit the Internet itself, because it helps
underwrite the cost of these sites that so many consumers enjoy
and with many of these services that are provided for free.
But we also recognize the growing concern over the
information that is collected on consumers, many of whom may
not even know that their online activity is being tracked, and
the potential for that personal information to be compromised
or used illegally.
That is why we must proceed prudently and find the
appropriate balance between protecting consumers and promoting
a dynamic Internet environment that continues to produce the
innovations and advancements that we have all come to enjoy.
Our first step should not be finding ways the government
can regulate the issue. We do not need more government
directives on the Internet. A surefire way to stifle innovation
would be to pass more government regulations that restrict
innovation in this dynamic industry without a proper approach.
Constructive roles for government to play would include
encouraging public-private partnerships, promoting best
practices, and encouraging investment, innovation, and
competition.
But I believe we must first look to self-regulation and
what steps the industry will take and has already taken to
protect consumers. Today we can see examples of self-
regulation, including the development of built-in opt-out
mechanisms on Internet browsers.
We must also further examine the concept of Do Not Track.
The idea itself leads to questions that must be answered as we
move forward. Will a Do Not Track mechanism adequately protect
consumers in light of developing technologies? Will it be
consistent across different industries and technologies? And
will it restrict the exchange and use of consumer data in ways
that deter innovation and growth?
As I have stated at previous hearings, the technology in
the Internet industries are among the most advanced and
competitive in our country, and they are also among the most
beneficial, both for consumers and our economy. And they have
achieved this status by advancing and growing on their own,
with little interference from the Federal Government. And some
would say that is one of the reasons that they have been so
successful in innovating.
We must continue to allow these industries to develop and
innovate, and I believe we can do this in a way that
strengthens consumer privacy. Protecting consumers and
protecting the Internet economy are not mutually exclusive
goals. We must ensure that government intervention does not
stifle innovation.
And, finally, I will chime in and concur in what my
colleague from Nebraska said. I strongly oppose the effort by
the FCC to regulate the Internet through Net neutrality and
especially in some dark-of-night attempt that didn't go through
the proper scrutiny that it deserves.
Thank you, and I yield back.
Mr. Rush. Thank you, Mr. Scalise.
And seeing no other Members present, at this point I would
like to introduce and thank our witnesses for appearing before
the committee today.
We have with us today Mr. Daniel Weitzner, associate
administrator for policy at the National Telecommunications and
Information Administration and U.S. Department of Commerce;
also Mr. David Vladeck, director of the Bureau of Consumer
Protection with the FTC.
Welcome, gentlemen. It is the practice of the subcommittee
to swear in witnesses, so I would ask that you stand and raise
your right hand.
[Witnesses sworn.]
Mr. Space. Please let the record reflect that the witnesses
have answered in the affirmative.
And, with that, I would introduce again Mr. Weitzner for
his 5-minute opening statement.
TESTIMONY OF DANIEL J. WEITZNER, ASSOCIATE ADMINISTRATOR FOR
POLICY, NATIONAL TELECOMMUNICATIONS AND INFORMATION
ADMINISTRATION, U.S. DEPARTMENT OF COMMERCE; DAVID VLADECK,
DIRECTOR, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE
COMMISSION
TESTIMONY OF DANIEL J. WEITZNER
Mr. Weitzner. Thank you, Congressman Space and Ranking
Member Whitfield and members of the subcommittee. I thank you
for the opportunity to testify on behalf of the United States
Department of Commerce and the National Telecommunications and
Information Administration. NTIA appreciates your leadership on
commercial privacy policy and thanks you for the opportunity to
engage on the question of how best to protect consumer privacy
in the rapidly evolving Internet age.
And I am especially pleased to be here with my colleague,
David Vladeck. And I hope you will allow me to congratulate the
FTC on the important privacy report that they released
yesterday. Their expert insight on privacy matters will
certainly inform the administration's thinking on the issue
going forward. I know it is a lot of work to get those out, so
thank you.
I would like to highlight three points from my written
remarks, if I could: first, the Commerce Department's approach
to privacy as part of our overall efforts to develop
innovation-sustaining Internet policy principles; second, the
urgency for the United States to reassert global leadership on
privacy policy; and, third, our view of how to approach the
goals behind the Do Not Track concepts.
We are all well-aware of the transformations enabled by the
Internet. Politics, education, scientific research, health
care, and even romance have all moved online. These powerful,
exciting, and innovative developments also feed a growing
concern among citizens about how their data is being stored,
monitored, and analyzed.
This is the policy challenge that confronts us. To harness
the full potential of the digital age, we need to establish
ground rules that promote innovative uses of information while
building a well-founded sense of trust that consumers'
legitimate expectations of privacy will be respected.
Earlier this year, in order to develop a broad policy
framework that promotes innovation in the Internet environment,
Commerce Secretary Gary Locke established the Department's
Internet Policy Task Force. The task force, which draws from a
number of bureaus in the Commerce Department, including my own,
NIST, the Patent and Trademark Office, the International Trade
Administration, and others, is developing policy
recommendations in a range of areas, including protecting
privacy, assuring cybersecurity, establishing balanced
copyright protection models, and preserving the global free
flow of information.
Consumer privacy is our first order of business. After
consulting with a wide variety of consumer and commercial
stakeholders, we have heard the unmistakable message that it is
time to shore up privacy protection in the United States and
abroad. So what needs to be done to enhance privacy protection
while encouraging ongoing innovation?
First, we need to affirm a privacy baseline regarding the
handling of consumer information. This baseline should be built
on a full set of fair information practice principles. To
paraphrase a comment we received in our notice of inquiry,
baseline FIPS are something that consumers want, companies
need, and the economy will appreciate.
Second, we realize that the government is not going to have
all the answers. With or without legislation, the centerpiece
of Internet privacy protection will have to be an increased
sense of urgency and incentives for the development of
voluntary but enforceable codes of conduct. These are what
Chairman Rush's bill calls ``choice programs and safe
harbors.'' This approach recognizes that technologists and
entrepreneurs, privacy and consumer advocates, business and the
government have to work together to develop best practices for
managing commercial data.
Best practices or a code of conduct are an indispensable
mechanism by which all companies must adopt a strategy for
implementing fair information practices. In order to be sure
that these codes of conduct reflect the perspective of all
stakeholders, all the stakeholders must be involved in the
development of these codes.
The alternative, however, is to wait for lengthy and
conceivably contentious agency rule-making procedures. This
will neither serve consumers, who need protection in today's
new services, nor businesses, which need flexibility in the
application of privacy rules. The FTC, through after-the-fact
enforcement, would provide critical legal assurance to
consumers that the companies are actually adhering to the
commitments that they make.
Finally, I want to say that there is an urgent need to
renew our commitment to leadership in the global privacy policy
debate. All around the world, including in the European Union,
policymakers are rethinking their privacy frameworks. As
leaders in the global Internet economy, it is incumbent on the
United States to develop an online privacy framework that
enhances trust and encourages innovation. Congressional
leadership, continued FTC enforcement efforts, and
administration engagement will all be important to show the
world that the U.S. has a strong privacy framework and that we
are committed to strengthening it further.
Turning to the question of Do Not Track, allow me to start
from first principles. We believe that individual choice and
control over the flow of information has always been the
foundation of Internet policy. To the extent that tools provide
effective protection for individual choices, government
properly avoids regulations that would otherwise restrict the
free flow of information.
There has been continued innovation in these tools
available to users over time, but we believe that we need to
see more rapid action by businesses in providing users with
easy-to-understand ability to control how their personal
information is used.
I just want to say in closing to all the members of the
committee that I think that we have seen, across the history of
Internet policymaking, strong bipartisan commitment to helping
the Internet to develop, to keeping it open, and to protecting
people's basic rights. We saw this with Section 230 of the
Communications Decency Act that is a foundation of our Internet
policy framework. We saw it with the notice and take-down
provisions in the Digital Millennium Copyright Act, and even in
institutions such as the Congressional Internet Caucus. They
have all benefitted from leadership of support of Democratic
and Republican Members of Congress alike.
Like these other issues, safeguarding consumer privacy, we
hope, will remain a bipartisan priority. And we look forward to
this committee's continued leadership in the next Congress.
Thanks very much.
[The prepared statement of Mr. Weitzner follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Mr. Weitzner.
And, Mr. Vladeck, you have 5 minutes for your opening
testimony.
TESTIMONY OF DAVID VLADECK
Mr. Vladeck. Thank you, Mr. Space, Ranking Member
Whitfield, members of the subcommittee. I appreciate the
opportunity to be here today to underscore the Commission's
support for Do Not Track, a view shared by four of our
commissioners. At this point, the Commission has not taken a
position on how Do Not Track should be implemented.
But before I discuss Do Not Track specifically, let me note
that it is only one aspect of a robust framework for protecting
consumer privacy. Throughout its 40-year history of enforcement
and policymaking experience, the Commission has tried to
protect consumer privacy and build consumer trust in a fast-
evolving marketplace.
Yesterday, the Commission issued a preliminary staff report
on protecting consumer privacy in the marketplace. This report
makes three main points: One, companies should adopt a privacy-
by-design approach, baking in protections like security and
accuracy throughout their business processes. Two, current
practices place too heavy a burden on consumers to safeguard
their own privacy. Companies should provide choices about data
collection and sharing in a simpler way at a time when
consumers are making decisions about their data. And consumer
decisions, once made, need to be respected. And three,
companies should improve transparency of their information
collection and use practices.
Now, Do Not Track is an important component of the second
piece of the framework because it would allow consumers to
exercise choices about online tracking in a simple, universal,
and persistent way. We believe that there is strong public
support for a new Do Not Track mechanism, that it is
technologically feasible and enforceable, and that, once
implemented, it will put consumers back in control of their own
data.
Now, we have heard three main objections to the
Commission's proposal for a Do Not Track mechanism that I would
like to discuss.
Objection number one: Do Not Track would create new privacy
problems because it would require the Federal Government to
create a registry or list of consumers who do not want to be
tracked. Our response? We are not proposing the creation of a
list, nor are we proposing a centralized system managed by the
Federal Government. While the FTC must be able to ensure
through enforcement that a Do Not Track mechanism effectively
implements consumer choice, there is no need for a Do Not Track
mechanism to be administered by the Federal Government.
Objection two: Industry already provides adequate opt-out
choices to consumers. The FTC's response? Self-regulation has
been too slow to afford consumers meaningful choice. Many
industry representatives agree with the Federal Trade
Commission that providing consumers with choices about third-
party tracking is essential to build the trust necessary for
the marketplace to grow. So, in that respect, there is no
difference between the Federal Trade Commission and industry.
And some industry members have taken important positive
steps, but existing choices are hard to find and hard to use.
Many of these mechanisms also may lead consumers to believe
that they are opting out of third-party tracking when, in fact,
they are just opting out of receiving targeted ads.
Finally, these mechanisms may not be fully effective.
Consumers may believe they have opted out of tracking if they
block third-party cookies on their browser, yet they still may
be tracked through flash cookies and other devices. A robust Do
Not Track mechanism must be clear, easy to locate and use, and
effectively implement the user's choice to opt out of third-
party tracking.
Objection number three: Do Not Track is neither feasible
nor enforceable. The FTC's response? We have learned from our
roundtables and from the technologists we have on staff that a
Do Not Track mechanism is feasible technologically. Browsers or
computers could be programmed to send a Do Not Track signal as
the consumers surf the Web. Servers run by ad networks and
other companies that engage in tracking would be programmed to
receive and honor that request.
Most importantly, this Do Not Track setting would be
designed to apply to all third-party tracking methods, thereby
putting an end to the current arms race in which some companies
subvert consumer choice by developing and using new tracking
technologies.
Compliance with tracking by companies is essential. But
tracking leaves digital footprints, and the technical means
exist that may identify parties that do not respect consumer
choice. We believe that these tools can be effective in
oversight and enforcement.
Although we are confident that Do Not Track is feasible and
can be effective, we are seeking comment on the best way to
implement this mechanism.
Let me conclude by saying that if Congress chooses to enact
legislation, the Commission requests authority to conduct APA
rulemaking and to obtain civil penalties for violations.
Rulemaking is important so that the Commission can have
flexibility in an area where technology evolves rapidly. And
the ability to find violators would provide strong incentives
for companies to comply with any legal requirements, helping to
deter future violations.
Thank you. We are happy to answer any questions you may
have.
[The prepared statement of Mr. Vladeck follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Mr. Vladeck.
And, at this time, the chair will entertain questions of
the witnesses. And our first on the list will be our chairman
emeritus, Mr. Dingell.
Mr. Dingell. Mr. Chairman, thank you very much.
The time that you have and I have is very limited, so if
you would please, gentlemen, could you give me ``yes'' or
``no'' answers to the first question here?
Do you believe the current industry efforts to regulate
itself with respect to consumer data privacy are sufficient
enough to address consumer concerns? Yes or no?
Mr. Vladeck. No.
Mr. Dingell. Sir?
Mr. Weitzner. No.
Mr. Dingell. Now, gentlemen, again, yes or no. Do you
believe that such efforts could be improved, or do you believe
that the Congress should pass comprehensive online privacy
legislation?
Mr. Vladeck. That is two questions.
Mr. Dingell. Well, all right. Then to the first half, yes
or no, and then to the second half, yes or no. And you are
perfectly right.
Mr. Vladeck. On the first half, yes, we believe that self-
regulation can improve the current system.
And with respect to the second question, the Commission has
not taken a position on whether legislation is needed.
Mr. Dingell. OK.
Sir?
Mr. Weitzner. With respect to the first question, we are
confident that the industry efforts can improve.
With respect to the second question, the administration
hasn't taken a position yet.
Mr. Dingell. Now, gentlemen, here is a problem that I think
all of us confront. Is there a single Federal agency that is
capable of implementing and enforcing Do Not Track
requirements? Is there a single agency?
Mr. Vladeck. We believe there is.
Mr. Dingell. OK. Now, then--and, sir, your comment, if you
please?
Mr. Weitzner. I think there is an agency that could.
Mr. Dingell. All right. Now, which one is it, or which one
should it be--FTC, NTIA, or the FCC?
Mr. Weitzner. You go first on that one.
Mr. Vladeck. Yes, we believe that we have both the ability
and the enforcement infrastructure. Of those agencies, the
Federal Trade Commission is the enforcement agency. And we
think that we are up to the task.
Mr. Weitzner. We have great confidence in the FTC as an
enforcement agency. And NTIA, as you know, is not a regulatory
agency.
Mr. Dingell. And I hope you don't take that as being an
unfair question to you.
Very frankly, I would make this observation. The FTC has a
rather proud record of doing these kinds of things at the
behest of the Congress and doing them well.
Now, gentlemen, again, advertising plays an essential role
in the support of free Web sites and Internet applications.
What impact would--and this can't be a yes-or-no question--what
impact would a Do Not Track proposal have on that support?
Mr. Weitzner. I think the answer is going to depend quite a
bit on what the Do Not Track mechanism is and what it means.
What we know is that there are more and more companies that
are offering users some kind of opt-out and enhanced notice
mechanism. I don't believe that we have seen dramatic falloff
of advertising revenue as a result.
I think that there are mechanisms that could be mandated
which could have a dramatic impact on advertising revenue. I
think that counsels to look at the issue very carefully so that
we don't disrupt the Internet economy.
Mr. Dingell. It is a concern, then?
Mr. Weitzner. Yes.
Mr. Dingell. Thank you.
Now, gentlemen, should a Do Not Track mechanism involve
simply no collection of information, or should it include a
prohibition on the use of such information to target consumers?
Mr. Vladeck. I will take the first stab at that.
I think that what we envision is a Do Not Track mechanism
that would permit consumers--first of all, we don't believe
that a Do Not Track mechanism is necessarily an all-or-nothing,
one-time-or-forever mechanism. We believe that the point of Do
Not Track is to give consumers control over the collection of
data, through tracking, that they do not want to have
collected.
And so, if you look at both the testimony, our report, and
the questions that the report poses for industry, we want to
explore tailored Do Not Track that would enable consumers to
permit certain kinds of tracking but to exclude other kinds of
data collection and, therefore, data use.
Mr. Dingell. Sir?
Mr. Weitzner. I would say that data collection limitations
are a very blunt instrument and tend to have unexpected
consequences and sometimes may make false promises to users. I
think that the concerns that we see, however, are split between
concerns about collection and concerns about use. It is a
difficult question.
Mr. Dingell. Gentlemen--and my time is running out here--it
seems that Do Not Track, as it is presently discussed, is all
or nothing, meaning that either a user permits his data to be
collected or he does not allow such data to be collected.
Is there a middle-of-the-road approach that could be
adopted and a regulatory structure that could be constructed
that would enable us to do this in a proper way, giving
consideration to the concerns of everybody?
Mr. Vladeck. I think the answer to your question is
``yes.'' And one of the things the Federal Trade Commission is
exploring is a Do Not Track mechanism that provides consumers
with great choice about what information they are willing to
have collected through tracking and what information they are
not.
And so, our effort is to--we have solicited comment on
this, but our effort is to devise a system that gives consumers
very broad and granular control over the tracking of their
personal information.
Mr. Dingell. Sir?
Mr. Weitzner. Congressman Dingell, I think it is very
important to recognize that this question doesn't arise in a
vacuum. For 10 or 15 years in the evolution of the Internet
advertising environment, we have had an evolution of mechanisms
that give users increasing control over how their information
is used and increasing awareness of how it is used.
We think it is very important to continue that trend and to
encourage that to continue to happen. I think that will help to
get to some of the more nuanced mechanisms that my colleague,
Mr. Vladeck, is talking about.
Mr. Dingell. Thank you, gentlemen.
Mr. Chairman, I would like to pay just a brief word of
tribute to you. You have served here well and with distinction.
I am proud to see you running the committee today. I am
grateful to you for your excellent service in this institution.
And I want to congratulate you and commend you and wish you
well on behalf of John Dingell and, I think, on behalf of the
rest of my colleagues on the committee.
Thank you.
Mr. Space. Thank you very much, Mr. Chairman.
And our next questioner is the ranking member, Mr.
Whitfield of Kentucky.
Mr. Whitfield. Well, thank you very much.
I would like to echo Mr. Dingell's comments, Mr. Space, and
tell you how much we enjoyed serving with you. And we know we
will look forward to seeing you in the future as we move along.
Thank you all for your testimony very much. We appreciate
it.
With the release of the privacy report yesterday, I believe
Chairman Leibowitz referred to a privacy deficit, and he sort
of compared that to a budget deficit. And there is no question,
we have a budget deficit.
And so that raises the question, when he is talking about a
privacy deficit--and I think both of you have indicated that
you are not advocating Do Not Track legislation at this time--
how severe do you think this privacy deficit is that Mr.
Leibowitz talked about yesterday?
Mr. Vladeck. We spent a full year developing a record that
underpins the report that we issued yesterday. And there are
two themes that I think emerged from the roundtables that we
held and from our interactions with every imaginable
stakeholder.
One is the general concern that consumers are not aware
that they are being tracked online and the extent of tracking
and what has really happened, which is there is a commodity now
in personal data. There is, you know, a data collection and use
industry. And so, I think one concern is that we need to make
this clear to the public, we need to educate the public. And I
suspect that when Chairman Leibowitz was talking about the
deficit, that was part of what he was addressing.
The other theme is that people do not feel they have
adequate control over their data when they browse. And I
recognize that industry has come up with some browser-based
options and some other efforts to try to respond to consumer
demand for greater control. Our concern is those efforts have
fallen short. And one of the reasons why we thought we needed
to issue this report is to talk about the gap, the mismatch
between consumer demand and expectation and what is presently
being offered. And we are hoping that a report will stimulate
discussions like this so we all collectively can move forward.
Mr. Whitfield. Thank you.
Mr. Weitzner. Congressman Whitfield, here is what I think
we know. I wouldn't necessarily say that we have a deficit
because that presumes it is quantifiable in some way. But I
think we have two almost disparate facts, almost contradictory
facts before us. We see people using the Internet more and more
and more. We had a very positive Cyber Monday, if that is what
it is called. So we see people embracing this technology in so
many ways, and we certainly want that to continue.
What we also know from surveys, from public comments, from
the consultations that we have done at the Commerce Department
with a very wide range of stakeholders is that there is
increasing concern on the part of the public about how privacy
is being handled. People are not sure exactly what their rights
are, they are not exactly sure how to protect them, who to go
to when they feel wronged.
I think that, if there is a gap, it is perhaps there, in
the fact that the Internet is more and more important to us but
we have increasing uncertainties. And I think it is worth
working collectively to close that gap.
Mr. Whitfield. Thank you very much. I appreciate that.
Recognizing that the advertising model is so important to
the Internet and trying to balance that versus privacy
protection, do both of you feel confident that we could come to
a solution on this issue somewhere down the road where you can
protect both of these in an adequate manner?
Mr. Weitzner. I think that what we have seen, as I alluded
to in the previous interchange, is that Internet users have
actually been given more and more control through the various
services that we all use on the Internet. We haven't seen
advertising revenue go down. If anything, we have seen it go up
and we have seen it proliferate into a whole new variety of
business models.
That is a very positive change. I think we would certainly
want to watch very carefully to make sure not to take steps
that would turn that in the other direction. But I think it is
a mistake to assume that giving people more control means a
reduction in advertising revenue.
Mr. Whitfield. OK.
Mr. Vladeck. Yes, we share that view. And let me make two
brief points. One is, you know, no one wants to interfere with
innovation and business development on the Internet. It is a
very powerful engine that drives a big part of our economy. But
we don't want to sacrifice consumer privacy at the same time.
And, in fairness to industry, industry recognizes this. I
mean, the advertisers have banded together to give consumers
opt-out rights against targeted advertising. I can't imagine
that they would want to kill the golden goose that laid the
golden egg. And so I don't think--I think that, in terms of our
aspirational goals, you know, we are not that far apart.
Mr. Whitfield. Well, thank you very much. I really
appreciate your testimony.
And my time has expired, Mr. Chairman.
Mr. Space. Thank you, Mr. Whitfield.
Mr. Green from Texas.
Mr. Green. Thank you, Mr. Chairman.
I would like to ask unanimous consent that my statement be
placed into the record.
[The information was unavailable at the time of printing.]
Mr. Green. And thank each of you for being here. This is an
issue that our committee and not only this Subcommittee on
Consumer Affairs but also our Telecom Subcommittee has dealt
with for many years. And I have always come down on the side
of, if I am using the internet, I would rather have the option
of opting in to have someone track me than opting out.
And that is my first question, is, would constructing a
framework that allowed the Internet users to actively opt in to
tracking be a more feasible approach? Now, we know, in
practicality, very few people opt in. And if you opt out, there
will be more people who just won't take the time to opt out.
What are the strengths of the opt-in? And how is Do Not
Track better? The two options, opt-in or opt-out.
Mr. Vladeck. Let me answer that question in two ways.
In terms of the strength of Do Not Track, our view is that
it would be uniform, easy-to-use, and a durable choice by
consumers, a choice they can change and a choice they can
modify. But under the existing regime, in order for consumers
to, for example, not receive delivered, targeted behavioral
advertising, they have to go to multiple sites that are hard to
use and often are confusing. So we are trying to relieve the
burden on the consumer to exercise choice. And, in our view, a
Do Not Track mechanism is the ideal solution to that problem.
Now, in terms of opt-in and in terms of opt-out, we have
requested comments on this, because we have seen both
mechanisms used by marketers in a way that are confusing to
consumers. You have seen opt-ins that simply require you to
click a button after reading through a long, you know, end-user
licensing agreement that you don't read because no one reads
them. And we have seen opt-out mechanisms that are also
confusing to use.
So what we are hoping to do here is to find a simple, easy-
to-use, easy-to-find tool that consumers can use to express
their choice about being tracked and how much they want to be
tracked, if at all. That is the goal of the Federal Trade
Commission.
Mr. Weitzner. Congressman Green, I would just echo my
colleague's views here.
Historically, as you know, the privacy debate has always
been framed as this kind of stark opt-in versus opt-out choice.
I think our goal should be to move beyond that and to create an
easy set of choices for users to have access when it makes
sense for them to have access.
I think that this opt-in/opt-out model really ignores the
fact that Internet technology can make choices much more easy
and much more accessible.
Mr. Green. OK. Will implementing a Do Not Track list create
a false sense of security for users? What can complement the Do
Not Track system to keep users informed of the remaining
potential data collections and tracking and inform them of
measures they can take to limit if they choose? Because even if
you opt out of the tracking, what is the security that you know
that you are not being tracked?
Mr. Weitzner. I think that that comes, in many ways, to a
definitional question about just what Do Not Track or Do Not
Profile or Do Not Advertise really comes to mean and the
question of who is ultimately going to be accountable to answer
the preferences that are expressed by users.
I would say that I think there is a growing agreement in
the technical community that it is not so hard to understand
how to enable a user to send out a Do Not Track signal. The
question is, who is supposed to listen to that signal? And I
think that is a hard question to answer.
As Mr. Vladeck noted, we want to give users a subtle set of
choices so that their complex preferences can be represented,
but I think we risk, if we try to draw lines too firmly, we do
risk creating a false sense of security.
Mr. Vladeck. Well, can I respond briefly?
We want to provide a sense of security. And one of the
design features that can be built into a Do Not Track mechanism
is an end to what we now see as an arms race, that many
companies are engaged in defeating consumer choice by
developing tracking devices that are not easily removed.
And so, part of our concern is we do not want to get into
an endless cycle where a browser is able to remove cookies,
tracking cookies, but isn't able to deal with flash cookies or
super cookies or the next generation of tracking devices.
Mr. Green. One of the concerns I have is--and we haven't
dealt with this before--is there authority with the FTC and
even with NTIA to do this? What is to keep it from happening in
Great Britain or, you know, somewhere else, Switzerland or
somewhere else? They just move those browsers there, and we
lose the ability to control them in our own country.
Mr. Weitzner. I think that the point that you are
underscoring, Congressman Green, is the need to have broad
agreement about just what these promises and these commitments
really mean, what should a consumer really be able to expect.
We have urged, as we have talked about this issue, the need
to come to broad voluntary agreements amongst industry groups
that spread across the globe and consumer groups that
increasingly represent different countries so that we can have
what is something closer to a global set of expectations. The
Internet is a global marketplace, and we are going to need that
more and more.
Mr. Vladeck. Well, there is another answer, as well,
Congressman, which is that, if we successfully implement a Do
Not Track regime in the United States, tracking devices, for
example, launched in another country, will not be able to track
the consumer unless the consumer starts visiting sites
somewhere else.
And that question is a question that we have explored with
our own technologists, including--and I am happy to introduce
Dr. Ed Felton, who is a Princeton University computer science
professor who will be joining the Federal Trade Commission as
our chief technologist at the first of the year.
But, I mean, there are real disadvantages to trying to end-
run a Do Not Track system simply by moving a server, you know,
into another country. And we would be glad to, at another time,
explain why that would not necessarily bypass a Do Not Track
system.
Mr. Green. Well, I think, having dealt with this for many
years, I think our committee on a bipartisan basis falls on the
side of the privacy. And my last question is, are there any
types of information that you feel shouldn't be tracked or just
hardcore shouldn't be collected at all?
Mr. Vladeck. One of the reasons why we have gravitated to a
Do Not Track option is because there are certainly categories
of information--health information, family information,
financial information, maybe information concerning not only
children but teens, geo-location data, religious information,
political information--that people probably do not want tracked
and that data collected.
And, therefore, a Do Not Track option would empower
consumers to avoid being tracked and have their data collected
in those sensitive areas.
Mr. Green. Thank you, Mr. Chairman.
Mr. Space. Thank you, Mr. Green.
I do have a couple of questions of my own before we get to
the next panel. First, I would be remiss if I didn't reference
something that I always reference in hearings having to do with
broadband and digital technology, and that is, and I know it is
a little off point, but it is important to a lot of people in
this country who don't have any access to the Internet. And I
want to commend both NTIA and the FTC for their efforts in
promoting rural broadband access universally.
That digital technology has become such a profound part of
our everyday life experience, our economies, and has happened
in just the last 10 or 15 years. And imagine where we will be
in 10 or 15 years from now.
So I mention that just because I want to underscore the
importance of making up for this rural divide that exists in
this country when it comes to access.
The fact of the matter is digital communication is
integrated very heavily into our economy and integrated very
heavily into the everyday life of consumers in all realms,
health care, education, et cetera.
One of the concerns I have on this particular issue, the
privacy issue, is the lack of sophistication of the normal
consumer vis--vis that of the normal carrier and telecom
provider. At the same time, I am cognizant of the importance of
profitability and that Do Not Track legislation may have an
adverse effect on that bottom line.
I further understand that the industry itself has attempted
several times to deal with the privacy concerns, and my
assumption from your testimony is that you feel it has
inadequately done so. My understanding is there is a coalition
in the industry with approximately 5,000 participating
companies, according to the Interactive Advertising Bureau. And
we checked just last week, I think there were 58 actual
participating companies.
I would be interested in your impression as to the level of
industry commitment to this issue and what nonlegislative means
might be available to help stimulate greater interest among
industry?
Mr. Weitzner. Thank you, Congressman Space.
And, first of all, thank you for your attention and your
leadership on the rural Internet access issues. It is a major
priority, as you know, for NTIA, and we appreciate your support
on that.
I would say that there have been ongoing industry efforts
from the very beginning of the commercial Internet environment
to help users understand how to use their services, how to
protect themselves, for example, against content that they
don't want to receive, that they don't want their children to
receive. And I would say as well there have been efforts to
help educate users about privacy protection. Those efforts, I
believe, have to be ongoing and have to be stepped up. I think
it is not fair to say that there have been no efforts, but
certainly, we think the efforts ought to be increased.
In the work that we have been doing on privacy at the
Department of Commerce, one of the things that we have learned
is that it is really critical to develop what we have called a
multi-stakeholder approach to privacy protection, to have
industry groups working together with consumer advocates,
together with regulators, together with State attorneys
general, all of whom have a significant responsibility in this
area, and we certainly hope, going forward, that it will be
possible to find ways to encourage those efforts. They clearly
have to be stepped up.
I think that consumer education on the Internet happens
very often really through the design of services, not so much
through talking to users. You think about how we have had
hundreds of millions of people learn to use the Internet. It
has been because services have been built so that they are easy
to use, so that the tools that people want are accessible, and
I think we have to apply that kind of innovation and
accessibility to the privacy area.
Mr. Vladeck. Let me just add have few thoughts, if I may.
One is, on the educational side, I agree completely with
Mr. Weitzner that we need to do more. One important
recommendation we make in our privacy report is that we start
engaging in privacy by design; we build privacy in from the
start. And we need to do a better job of doing that.
On some of the smartphones, for example, now, they will let
you know when your geolocation data is being shared. We need to
broaden those kind of technological innovations to alert
consumers about privacy issues.
Second, I think that the Federal agencies need to do a
better job as well as industry in terms of public education. We
take public education very seriously. We have distributed now
nearly 5 million copies of a booklet designed for parents and
kids to learn about Internet use, smartphone use. This is a
book called ``Net Cetera'' that has been distributed in school
districts around the country.
Finally, the second point is that with respect to your
industry stepping up to the plate question, nothing in our
report and nothing in our testimony would preclude a robust,
inclusive, enforceable, Do Not Track regime, self-administered
by industry, provided that these commitments were backed up by
an enforceable regime, such as the one that the Federal Trade
Commission administers under Section V. We need to have a
system in place in which consumers have confidence that their
choices are being respected.
There is nothing that would preclude a self-regulatory
regime, as long as, at the end of the day, there is a law
enforcement agency that would be able to single out and to go
after people who did not engage in that kind of respect.
Mr. Space. Thank you, gentlemen.
The gentleman from Massachusetts, Mr. Markey, is
recognized.
Mr. Markey. Thank you, Mr. Chairman, very much.
As cochairman of the Bipartisan Privacy Caucus with Joe
Barton and former chairman of the Telecommunications and
Internet Subcommittee, I have long believed that consumers
should have control over their own personal information.
When it comes to kids and their use of the Internet, it is
particularly important that stringent privacy protections are
applied so that children do not have their online behavior
tracked or their personal information collected or disclosed.
In 1998, I was the House author of the Children's Online
Privacy Protection Act, or COPPA, which was signed into law by
President Clinton. COPPA places parents in control over what
information is collected from their children online. My law
covers children aged 13 and under, and it requires operators of
commercial Web sites and online services directed to children
under 13 to abide by various privacy safeguards as they
collect, use, or disclose personal information about kids.
Those requirements are still on the books and are kind of
the ``constitution'' right now for the protection of children,
and those were important safeguards. But in Internet years,
1998 is so long ago. We might as well be talking about the
Peloponnesian War. The 1990s was back in the BF era, Before
Facebook, just another time and place.
Now is the time for new legislation to protect kids and to
prevent them from being tracked online. That is why next year I
plan to introduce comprehensive children's privacy legislation
that will include a Do Not Track requirement so that kids do
not have their online behavior tracked or their personal
information collected or profiled. I look forward to working
with my colleagues to move this legislation forward.
I also want to commend Commonsense Media and its CEO, Jim
Steyer, for their excellent work in this area. For many kids,
the Internet is like online oxygen. They can't live without it.
The Internet enables kids to access incredible opportunities
that were unimaginable only a few years ago. But we must also
protect children from the dangers that can lurk in this online
environment.
We thank the two of you for your longstanding commitment to
ensuring that protection is there for children.
May I ask, Mr. Vladeck, in your testimony, you indicate the
Federal Trade Commission's support for development of a Do Not
Track capability so consumers can avoid having their activities
monitored online. As you know, in its ongoing series on online
privacy, the Wall Street Journal has reported that popular
children's Web sites install more tracking technologies on
personal computers than do the top Web sites aimed at adults.
Now, I am extremely concerned about that trend.
Is that practice used by those Web sites covered by COPPA?
Mr. Vladeck. So, remember, we are talking--COPPA covers
children 12 and under, and we believe it is--that COPPA would
apply.
We have accelerated our review of COPPA in large measure
because of exactly the concerns that you have outlined. That
is, today, for many children, the Internet is a playground of
the sort that we used to play in, except they spend a lot of
time on the Internet. So we have accelerated a review of our
COPPA rule.
We just held a roundtable a few months ago to explore these
issues and other issues that are raised; online gaming sites
where children spend a fair amount of time only, the migration
of these interaction sites to smartphones. So, yes, we share
your concerns about this and we look forward to working with
you in crafting legislation.
Mr. Markey. Do you want legislation to pass that gives you
the specific authority to be able to deal with these issues?
Mr. Vladeck. I am not authorized to speak for the
commission on this issue. I will say that in beginning our
COPPA review process, one possible end of it would be
legislative recommendations. And so we may well--our interests
may well coincide here because we are hoping to make our
recommendations about COPPA within the next few months.
Mr. Markey. Well, I will be looking forward to your
comments on my legislation.
In response to the question of whether or not self-
regulation in fact works in this industry, your answer is
that----
Mr. Vladeck. It is not--in our view, self-regulatory
efforts have thus far fallen short.
Mr. Markey. And you agree with this as well?
Mr. Weitzner. We think they could be a lot more urgent and
robust, and we are looking at ways to encourage those efforts,
particularly as to children.
Mr. Space. The gentleman's time has expired.
Mr. Markey. I thank the gentleman for the time you have
given me and thank you for your excellent service to our
country as well.
Mr. Space. Thank you. At this point, the chair recognizes
the gentlewoman from the great State of Ohio, Betty Sutton.
Ms. Sutton. I thank the chairman.
And I, too, add my voice to those who thank you so very
much for your service to our country and, of course, to the
great State of Ohio. We appreciate all that you have done. You
have made the lives of the people that I represent better
through your service, and we will miss you on this committee
and in this Congress.
Thank you, gentlemen, for your testimony. The first thing I
want to talk about is, the Wall Street Journal pointed out, in
a story called ``Slow Going for Web Piracy Software,'' that it
is a challenge to get people to pay for Web privacy software.
Nonetheless, there are firms that are sprouting up that, for a
fee, will help people protect their online privacy. And the
purveyors of these companies, despite the slow going, appear
sort of optimistic about the future of this.
In fact, the head of one such firm has glowingly referred
to the emergence of a ``privacy economy'' in response to a
growing concern about the amount of information being collected
and stored about each of us and how it could potentially be
used.
This particular service, for an ongoing fee, helps people
scrub their online reputations and to remove themselves from
tracking networks. One of the ways it gets data collectors to
remove its clients information is by paying them a fee.
This notion of a privacy economy seems to be premised more
on the idea that data collectors will make their money either
by selling your information to someone else or by getting you
to pay to stop it from being used.
It also sounds like privacy is being transformed into a
commodity available to those who can afford it.
So, gentlemen, should we be concerned that if government
and industry fail to address quickly and appropriately in a
more robust baseline privacy protections, that what we might
have emerge instead is something like a privacy economy, where
some people will be able to buy privacy and others won't?
Mr. Weitzner. That is a complex question, Congresswoman
Sutton.
I would say that, first of all, it is great news that there
is innovative energy out there looking to give people more
control over their information, to shape their Internet
experience as they choose, and I think we can all hope that
those efforts succeed.
I think that some of those--it is not clear that that is
going to ever offer the whole answer to the privacy question.
There is no doubt that there is money to be made, businesses to
be developed in this increasingly complex economy of personal
information, and we welcome that.
Some of the privacy concerns that people have, however, are
not economic; they are not just about whether they get a penny
or two for the use of their information. It is about how
trustworthy they feel the online environment is. It is about
whether they are treated fairly by those who they do business
with. So I think we have to always keep in mind that there is a
non-economic component to this as well, where I think a lot of
the Federal Trade Commission's work over the last decade has
been very important.
Mr. Vladeck. Let me add one thought, which is, we want to
build confidence and trust in the Internet economy, and having
to pay a fee in order to engage in a retrospective effort to
claw back personal information doesn't seem to us the right way
to go about this.
Ms. Sutton. And as I indicated in my question, that is
actually what currently is starting to evolve. OK.
I appreciate the work that both the FTC and the Department
of Commerce have devoted thus far to developing the frameworks
for protecting consumers' privacy as indicated by your answers
here today, and how to best protect consumers' privacy is
clearly an important and complicated issue.
But both the FTC and Commerce have devoted nearly a year to
listening to and distilling stakeholders' views and
recommendations on this issue, and the idea that a more robust
and effective approach must be taken to protecting consumers'
privacy has been percolating for even longer than that. And
while the FTC report provides a proposed framework for
protecting consumers' privacy, it also raises more questions
and asks for more feedback, and I understand that, and I
understand the report from the Department of Commerce is going
to take the same approach.
So, Mr. Weitzner, do you know when we should expect
Commerce to issue its report?
Mr. Weitzner. We are hoping it will be very soon now,
Congresswoman Sutton, certainly in weeks, not months, is our
expectation.
Ms. Sutton. And will that report also raise more questions
and request more feedback?
Mr. Weitzner. It will, Congresswoman. And I will say that
our goal really is to be able to contribute to the public
dialogue in general and also to the administration, the broad
administration deliberation on privacy policy questions,
including the question of how to respond to legislative
proposals that are out there now and additional ones that will
come.
So we felt that we have had to take a--do a very broad
consultation, and we have had a chance to do that. We are
optimistic that that will contribute to the debate. We do feel
a real sense of urgency about moving forward on this issue,
both because of the domestic situation and also because of the
global situation.
Ms. Sutton. Thank you.
Mr. Space. Does the gentlewoman yield the balance of her
time?
Ms. Sutton. Do I still have time?
Mr. Space. Now your time has expired.
Ms. Sutton. I would love to ask more questions.
Mr. Space. Thank you, gentlemen, for your testimony.
In dismissing you, I would like to again extend the
committee's gratitude for the work you do and for your
testimony today.
STATEMENTS OF SUSAN GRANT, DIRECTOR OF CONSUMER PROTECTION,
CONSUMER FEDERATION OF AMERICA; JOSEPH PASQUA, VICE PRESIDENT
OF RESEARCH, SYMANTEC CORPORATION; JOAN GILLMAN, EXECUTIVE VICE
PRESIDENT AND PRESIDENT, MEDIA SALES, TIME WARNER CABLE; EBEN
MOGLEN, LEGAL ADVISOR, DIASPORA, PROFESSOR OF LAW, COLUMBIA
UNIVERSITY, FOUNDING DIRECTOR, SOFTWARE FREEDOM LAW CENTER; AND
DANIEL CASTRO, SENIOR ANALYST, INFORMATION TECHNOLOGY AND
INNOVATION FOUNDATION
Mr. Space. I would ask that the second panel step forward
to the table. While you are situating yourselves, I will
introduce you and then swear you in.
We have with us Ms. Susan Grant, director of consumer
protection of the Consumer Federation of America; Mr. Joseph
Pasqua, vice president of research, Symantec Corporation; Ms.
Joan Gillman, executive vice president and president, Media
Sales, Time Warner Cable; Dr. Eben Moglen, legal advisor,
professor of law, Columbia University, and founding director,
Software Freedom Law Center; and Mr. Daniel Castro, senior
analyst, Information Technology and Innovation Foundation.
If you could find your seat, and I would ask that you rise
so I may administer the oath.
[Witnesses sworn.]
Mr. Space. Let the record reflect that the witnesses have
all answered in the affirmative.
Ms. Grant, I will start with you. But before we begin with
the testimony, I find it necessary, Mr. Moglen, to make some
specific remarks in advance before, once again, I yield the
floor.
We as Members of Congress are never inclined to censor
testimony or to influence a witness's remarks in open
congressional forums, including this hearing.
Having said that, Congress tries mightily to preserve the
highest standards of decorum to foster the most constructive
dialogue and debate possible on important matters like consumer
privacy.
Accordingly, I would ask you to provide your oral testimony
without making any comments that could be construed as a
personal attack against any company or any company's employees.
I would also ask for unanimous consent that Mr. Moglen be
given an opportunity to revise his written remarks and submit
the same within 5 days.
Hearing no objection, it is so granted.
With that, I would introduce Ms. Susan Grant, director of
consumer protection, Consumer Federation of America, for her 5
minutes of testimony.
STATEMENT OF SUSAN GRANT
Ms. Grant. Thank you.
On behalf of Consumer Federation of America, an association
of nearly 300 consumer organizations in the United States, I am
pleased to provide our perspective on this important question,
Is now the right time for Do Not Track legislation? And our
answer is, not surprisingly, yes.
As a recent Wall Street Journal investigation series,
``What They Know,'' so clearly detailed, consumers are being
tracked on the Internet, wherever they go, whatever they do,
without their knowledge or consent. Information about their
online activities, what they search for, what they click on,
what they purchase, what they share with others, who their
friends are in social networking sites, is compiled, analyzed
and used to profile them. Sometimes information is gathered
about their offline activities to create even richer profiles.
This tracking is primarily used for marketing at this time,
but it can also be used to make assumptions about people for
employment, housing, insurance, and financial services, for
purposes of lawsuits against individuals, and for government
surveillance. There are no limits to what this type of
information can be used for, what information can be collected,
how long it can be retained, and with whom it can be shared.
As the Wall Street Journal characterized it, ``one of the
fastest growing businesses on the Internet is the business of
spying on consumers.''
If someone were following you around in the physical world,
tailing you and making note of everywhere you go, what you
read, who you talk to, what you eat, the music that you listen
to, what you buy, what you watch, you might find this
disturbing. The argument that we don't know your name, just the
make and model of your car, and we are only going to use this
information for advertising, might not assuage your concerns
about being stalked.
On the Internet, even if the tracker doesn't know your
name, you are not anonymous. As the Federal Trade Commission
and Members of Congress have recognized, your Internet protocol
address and other unique persistent identifiers are essentially
personally identifying information, and, as the Wall Street
Journal put it, the skill of data handlers is ``transforming
the Internet into a place where people are becoming anonymous
in name only.''
The ability to cross-reference data makes it easy to make
assumptions about people and treat them a certain way based on
information that has been collected about their activities,
even if you don't know their names. Furthermore, as news
reports and scholarly articles have described, it is relatively
easy to re-identify data that is supposedly anonymous.
With more and more people using the Internet as an
essential tool for communications, education, managing their
finances, researching health and other sensitive subjects,
buying goods and services, sharing information through social
networks, engaging in political and civil discourse, accessing
government programs and benefits, and storing personal and
workplace documents, it is crucial that they be able to exert
effective control over the collection and use of what is
gleaned about their online activities.
No matter what one thinks about the benefits and risks of
online tracking and behavioral advertising, and there are many
different views, the fact is that consumers have the basic
right to privacy and that right should be respected.
While online behavioral tracking and targeting is less
visible to consumers than telemarketing, surveys clearly show
that people are uncomfortable with this practice. For instance,
a 2009 survey by researchers at the University of Pennsylvania
and the University of California found that 66 percent of
respondents did not want Web sites they visit to show them
tailored ads, and when the common tracking methods were
explained to them, an even higher number rejected tailored
advertising.
More recently, a poll commissioned by the nonprofit
organization Consumer Watchdog this past July revealed that 90
percent of Americans wanted more laws to protect privacy; 86
percent favored the creation of an anonymous button that allows
you to go online without being tracked; and 80 percent wanted a
Do Not Track me list.
When the FTC announced in 2003 that it was creating the
national Do Not Call registry, it acknowledged that the
company-specific approach, which obliged consumers to inform
each company one by one that they didn't want to receive tele
marketing calls, was ``seriously inadequate to protect
consumers' privacy from an abusive pattern of calls from a
seller or telemarketer,'' and that consumers were angered and
frustrated by the telemarketing calls that they were receiving.
The FTC also said that industry's self-regulatory programs,
such as the Direct Marketing Association's telephone preference
service, fell short because they were voluntary, and to quote
them, ``to the extent that sanctions exist for noncompliance,
DMA may apply those sanctions only against its members, not
nonmembers.''
The National Do Not Call Registry is a big success because
it provides consumers who don't want to receive telemarketing
calls with an easy to use mechanism to opt out, and just as
importantly, telemarketers have to honor their opt out request.
As noted in the privacy report released by the FTC
yesterday, voluntary programs by individual companies and
industry associations through which consumers can opt out of
online tracking are not adequate. We agree with the FTC that
these programs have not been implemented widely enough; that
consumers are unaware of them; that consumers may be confused
by the lack of clarity and uniformity in the way that these
various programs work; that these programs may not--may result
in blocking personalized advertising from being delivered to
consumers but may in fact not stop tracking, which could be
used for other purposes; and that because these programs rely
on cookies, they are not necessarily effective against all
forms of tracking or persistent.
Now is the time to create an easy-to-use mechanism for
consumers who want to opt of online tracking if they wish to do
and a legal requirement to honor their decisions, and this
could be done in a way where consumers could give permission to
specific trackers for specific purposes if they wished.
Our ideas about how Do Not Track would work have evolved
over time. Again, this would not be a list like the Do Not Call
Registry, but would instead be a setting in Web browsers that
consumers could use to indicate that they don't want to be
tracked. The browsers would express the consumer's preference
to the Web sites that they visit.
I am not a technologist, but there are other experts from
the Electronic Frontier Foundation and elsewhere, and we heard
from the FTC that its experts concur that this mechanism would
be easy to implement and simple for both consumers and trackers
to use.
In our vision, all browsers would be required to include a
Do Not Track mechanism as a standard feature at no extra cost
to consumers, and, just as importantly, all trackers should be
required to honor consumers' preferences. Industry members
would obviously have to work together, as they often do, in
implementing technologies that have to be interoperable to
ensure that these mechanisms work as intended.
And we think that the FTC would have to be required to
perform audits and mystery browsing to ensure that trackers are
indeed complying with consumers' requests, since it is very
difficult for consumers to tell themselves whether they are
being tracked or how their information is being used.
Mr. Space. Ms. Grant, if I could ask that you wrap it up.
Unfortunately, we have a lot of witnesses.
Ms. Grant. I am sorry. That is why I am speaking so fast.
Let me just conclude by saying we have other concerns that
will not necessarily be eliminated by Do Not Track. But to the
extent that Do Not Track gives consumers an effective way to
control the collection and use of their personal information,
those concerns are
ameliorated. So we look forward to working with Congress on the
creation of a Do Not Track tool for consumers.
[The prepared statement of Ms. Grant follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Ms. Grant.
Our next witness, Mr. Joseph Pasqua, vice president of
research, Symantec Corporation.
STATEMENT OF JOSEPH PASQUA
Mr. Pasqua. Mr. Chairman, Ranking Member Whitfield and
members of the subcommittee, thank you for the opportunity to
be here today as you consider a National Do Not Track proposal
in an effort to protect consumer online privacy.
As the global information security leader, Symantec
supports Congress's goal to protect privacy and to enhance
consumer trust online. Today, I would like the committee to
take away three key points from my testimony.
First, online privacy is not possible without security.
Through spyware and certain harmful adware, online advertising
can and increasingly does present a critical threat to security
and therefore privacy on the Internet.
Second, while privacy legislation can help protect
Americans in the online world, we urge the committee to focus
on regulating malicious behavior rather than underlying
technologies. Privacy laws should avoid the trap of defining
good or bad technology in order to avoid undermining both
innovation and security.
Third, while online privacy and security together are a
critical foundation to trust on the Internet, the creation of a
Do Not Track registry would be unlikely to advance these goals.
Instead, Congress should focus on policies that foster an
online environment where individuals and organizations can
complete transactions with confidence, trusting each other's
identities and the infrastructure on which the transactions
run.
Symantec believes that online privacy is a cornerstone of
consumer trust. And let me just say that Do Not Track, and that
mechanism is only one piece, as an earlier witness said, of the
overall privacy question online.
Without security, however, the expense of compliance and
lost economic activity from individual privacy regulations may
not be worth it. We urge Congress to deal with security first
and not to inadvertently create impediments to security through
new privacy laws or new safeguards which will amount to closing
the barn door after the horses have left.
The advantages of doing business over the Internet are
tremendous, but only if exchanging information in cyberspace is
secure. Interaction with Web sites increasing demands personal
information, yet sharing such data requires trusting business
partners and the integrity of transaction records online so
individuals do not become victims of identity theft or fraud.
The increased prevalence and complexity of online
advertising make it a ripe target for attackers. Because an
advertisement is basically a piece of software, the potential
exists for that software to be malicious. Online behavioral
advertising is not inherently bad, but it does carry with it,
sometimes literally, collateral threats to information
security.
A whole class of threats, commonly known as spyware or
malicious adware has proliferated over the last few years.
Fortunately, the marketplace is responding to the need to
address these challenges. Cyber security companies are
investing heavily until newer generations of behavioral
detection and white-listing technologies to handle the
increasing volume and variety of spyware and malicious code
threats.
For our part, Symantec creates security programs that watch
out for the most current malicious threats, as well as unknown
software that exhibits suspicious behavior. The committee may
find it of interest that given the millions of threats that
Symantec products block every day, the detection most
frequently encountered by our Norton antivirus users is a
tracking cookie over everything else. And while many types of
cookies serve a useful purpose and are used on most Web sites,
tracking cookies are a privacy concern.
Given the prevalence malware, including harmful adware and
spyware, it is no surprise that there has been so much
discussion about preventing advertising networks from being
able to track the Web sites that consumers are visiting and
other information about those consumers.
The proposed Do Not Track list conceptually seems to be
reasonable but, in practice, would be an extremely difficult
technical task. In order to abide by an instruction not to
track, a Web site must have a way to recognize that a given
user connecting to that site has requested that they not be
tracked. Because it is analogous to using phone numbers to
identify a Do Not Call list, consideration has been given to
using IP addresses to recognize a connecting user.
This approach is problematic. As has been discussed
earlier, IP addresses aren't really analogous to phone numbers.
They change. Tracking them introduces their own security
concerns.
There is another concept, but basically a reverse, which
would be a Do Not Track registry, which has also been
discussed, and it implies advertisers would register their
domains in a Do Not Track registry and browser plug-ins would
enforce that.
Symantec believes that that scenario could cause disruption
to the user experience, significant disruption, and could
influence the habits and fluidity of users' experience on the
Internet.
We have also heard today and in previous testimony about a
proposed solution where a header, header information, is sent
from the browser, from the user's computer, to the Internet,
expressing the user's privacy preferences. That is a reasonable
approach, but we would also like to indicate that the browser
alone is not enough to support that. You have to have
enforcement on the server side, and that can make things
difficult.
In summary, I would like to just point out one other thing.
We have been talking a lot about browsers and consumers today
using Web sites, but that is just one form of tracking. In the
coming years, everything is going to be connected to the
Internet. Your DVR is connected to the Internet. Your
dishwasher is going to be connected to the Internet. Certainly
your mobile phone. Advertisers would, in theory, be able to
know how many loads of laundry you are doing a day.
So we need to think about tracking and privacy in a broader
scope than just browsers, though they are an important first
step.
[The prepared statement of Mr. Pasqua follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Mr. Pasqua.
Our next panelist is Ms. Joan Gillman, executive vice
president and president of Media Sales, Time Warner Cable.
STATEMENT OF JOAN GILLMAN
Ms. Gillman. Thank you, Mr. Chairman, Ranking Member
Whitfield, and other members of the subcommittee. I appreciate
the opportunity to appear before you today to discuss consumer
privacy, including the potential for Do Not Track legislation.
For Time Warner Cable, our relationship with our customers
is the bedrock foundation of our business. We operate in a
highly competitive marketplace, and our ability to succeed
depends on winning and retaining the trust of our customers. It
is our job to preserve and strengthen that trust while
delivering content and services to meet consumer needs as well
as introduce the benefits of innovative network technologies
and capabilities.
I will make two points today. First, Do Not Track proposals
cannot be considered in a vacuum but, rather, must be part of a
larger conversation about the appropriate role of government in
ensuring consumer privacy as more content, products and
services move online.
Second, we believe it would be premature to require Do Not
Track through legislation or regulation, given the still
conceptual nature of such a requirement.
I will address each of these in turn.
Advertising has emerged as a key driver of an incredible
array of online content services and applications available to
users at little or no cost. The more effective the advertising,
the greater the advertising revenues available to fund these
products and services. Simply put, advertising is more
effective if the message is more relevant. This makes
advertising more valuable to both the consumer and the
advertiser. Traditional advertisers have employed such
practices for decades.
We would respectfully suggest that the appropriate
framework for policy discussions is how to establish policies
that encourage innovation while protecting privacy. In the
first instance, policymakers should rely on industry best
practices to achieve this result.
Consumers have a keen interest in safeguarding their
privacy, but they also want information about products and
services, and they want access to free or reasonably priced
products and services. That is possible only with broadbased
advertiser support. It is in this context that policymakers
should review the appropriateness of a Do Not Track
requirement.
Do Not Track raises some unique questions that make it
significantly more complex than the popular Do Not Call list.
For instance, how would Do Not Track affect consumers' online
experience and expectations? Would they receive more pop-up
ads? How would it affect diversity on the Internet? Would it
negatively impact niche Web sites with small but loyal
audiences? Would it prevent new Web sites from launching?
With Do Not Track still at the conceptual stage, the next
step should be industry-led efforts to refine and test the
concept, rather than legislation and regulation.
The codification of a Do Not Track requirement could
quickly become moot in light of developing technologies. In
contrast, self-regulation and best practices can quickly evolve
to address the dynamic online environment. And while we believe
that it is premature for Congress to move forward with Do Not
Track legislation without further study, any privacy policy
generally or Do Not Track policy specifically, whether adopted
through industry best practice or government directive, should
incorporate two principles: First, it should be focused on the
kind of personally identifiable information that raises privacy
concerns; and, second, it must be applied in the same way with
respect to all entities operating in the Internet ecosystem.
Allowing some businesses to track individuals while
precluding others from doing so will lead to consumer
confusion. Consumers would be better served by a single
standard applied uniformly, based on the data being collected
and how it will be used. Regulation that disfavors one
technology or business model would also deter entry, thwart
innovation, and limit competition in the advertising
marketplace.
We at Time Warner Cable look forward to working with you on
these very important issues. Thank you, again, for the
opportunity to appear before you today. I would be happy to
answer any questions.
[The prepared statement of Ms. Gillman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Ms. Gillman.
Our next witness, Eben Moglen, legal advisor, Diaspora;
professor of law, Columbia University; and founding director,
Software Freedom Law Center.
Mr. Moglen.
STATEMENT OF EBEN MOGLEN
Mr. Moglen. Thank you, Chairman Rush, Ranking Member
Whitfield, Mr. Space, and other members of this subcommittee. I
very much appreciate the invitation to testify, and I would
like to express my particular gratitude for the committee's
strong respect for free speech in the legislative process.
I think it would be useful to begin with a technical
clarification. The receipt of advertising on the Web is already
completely optional. I receive no advertisements in my browser,
on my laptop or on my mobile devices. Any member of the
committee or any member of the listening on C-SPAN, using the
Firefox browser, could search briefly for Adblock Plus and
discover that advertising is already optional to receive
entirely, whether it is targeted advertising or nontargeted
advertising.
The apparent connection made in the course of this
discussion between the economics of the advertising business
and whether surveillance ought to be authorized or acceptable
on the Web therefore escapes me.
It is already possible for anyone wishing to receive no
advertising to do so. Civilization has not collapsed. The
distinguished businesses represented here are still in
business. And I believe there is no justification for the
conclusion that legitimate control of surveillance on the Web
in the public interest would have any effect on the economics
of the situation, since a blanket ban on receipt of advertising
by individual consumers is already fully implemented and
available at no charge.
I also believe that the concept of tracking is perhaps a
part of the general mystification in which consumers find
themselves. We should, I think, be more clear with consumers
who do not have our level of interest in or expertise in these
questions if we simply pointed out that the Internet has become
a very highly surveilled locale relative to all previous social
environments.
As Mr. Markey pointed out earlier this afternoon in his
questioning, we already have a world in which more than half a
billion people live all of their social lives online inside a
service provider structure, which puts everything they do,
everything they say to one another, every photograph they post,
every piece of information they distribute about their social
lives, in one great big database owned by a single for-profit
business which Mr. Markey named.
I think we ought therefore to conclude that the idea of Do
Not Track, which really ought to be described to the public
whose interests we are protecting as ``Do Not Surveil,'' is a
problem more serious and more comprehensive than the problem of
addressing behavioral advertising, which is merely one wrinkle
in a rapidly changing technical environment, as others have
noted.
The problem we really face is the problem of identifying
the level of surveillance of human beings in their daily
activities, the ``online oxygen'' that Mr. Markey referred to.
How much surveillance is socially tolerable?
Never mind whether it is for profit or for the protection
of people from wrongdoing of one kind or another. How much are
we prepared to abandon our traditional human understanding,
that what we do, when we read, when we speak to our friends,
when we go about our social lives, is nobody's business except
the business of the people with whom we choose to share?
Many technologies, including technologies being developed
by my client base, the client base of nonprofit entities who
make software for everyone to share, freely and at no cost,
many technologies under development would allow us to achieve
the enormous benefits of the Web we know now, along with many
other benefits of the Web we will still enjoy, with minimal
levels of surveillance.
That will undoubtedly bring significant economic change, as
the Web itself has brought economic change during the last
8,000 days, which is the total life of the Web. In the next
8,000 days, we can decide whether what we want is all the
benefits of social networking and all of the benefits of online
culture with comprehensive spying going on all the time or
without comprehensive spying going on all the time.
As public servants, all of us, I think our role is to
arrange to have as little spying as we can. I do not think that
is an obligation we can trade off against any other, because I
think it reaches directly to the heart of what constitutional
freedom is.
In my judgment, what we require is a comprehensive national
privacy policy act in which Congress does what Congress does
best: set large, general, societal goals and empower all
Federal agencies in the conduct of their activities to achieve
those goals.
The National Environmental Policy Act has within one
generation done enormous amounts to clean our water, our air
and our environment because of Congress's wisdom in the
declaration of broad general principles for the protection of
the public interest.
Privacy online is the single largest environmental issue in
the online world, and it should be addressed with the same
degree of seriousness and comprehensiveness with which the
physical environment was addressed by Congress one generation
ago.
Businesses will naturally regard such regulation as
burdensome, and that is not a big deal. We must have a clean
environment to live in, and we must have a clean online
environment that protects our freedom. Our principles
acknowledged, there will be plenty of money for everybody to
earn, but without our principles acknowledged, we will buy our
convenience with our freedom, and that is far too high a price
to pay.
Thank you for your time. I am happy to answer your
questions.
[The prepared statement of Mr. Moglen follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. Thank you, Dr. Moglen.
Our final panelist, Mr. Daniel Castro, senior analyst,
Information Technology and Innovation Foundation.
STATEMENT OF DANIEL CASTRO
Mr. Castro. Mr. Chairman and members of the committee, I
appreciate the opportunity to appear before you. I would like
to talk with you about why a government mandated Do Not Track
program would be a mistake.
If widely adopted, this type of mandate would significantly
harm the current funding mechanism for the Internet ecosystem,
resulting in less free content and fewer free services online.
In addition, it would be costly to implement, difficult to
enforce, and result in more intrusive and less relevant
advertising for consumers.
First, it is important to understand that the Internet
ecosystem is a significant source of economic activity in the
United States, accounting for approximately $300 billion, or
roughly 2 percent of GDP, and online advertising is the fuel
powering this economic dynamo.
Online advertising has grown dramatically over the past
decade. As of 2009, the online advertising market was about $23
billion in the United States, and analysts predict that, of the
$600 billion spent globally on advertising each year, an
increasingly larger share of this will go to the online sector.
Many of the Web sites that millions of Americans use daily
for work and play would not be around today without
advertising. Of the top five most popular Web sites in the
United States, Google, Facebook, Yahoo, YouTube, all of these
used advertising almost exclusively to support their products
and services, and number five on that list, Amazon.com, uses it
to supplement theirs.
Targeted ads represent a growing proportion of online ads
on these Web sites. Targeted ads are a benefit to consumers,
who get more utility from these ads. The percent of users who
actually click on an ad are as much as 670 percent higher for
targeted ads than nontargeted ads, and advertisers are willing
to pay more to reach their desired audience. Advertising rates
are almost three times higher for these targeted ads.
Targeted advertising does not involve selling data about
users. These Web sites match ads provided by advertisers to
users based on their interests, often without even using any
personally identifiable information.
I want to emphasize that the impact of policy changes For
online privacy can be profound. There is a study by professors
at MIT and the University of Toronto on the impact of EU's
privacy directive. The directive limits the ability of
advertisers to collect and use information about consumers for
targeted advertising.
The study found that, in Europe, the privacy directed
resulted in an average reduction in effectiveness of online ads
by approximately 65 percent. Similar limits on targeted
advertising in the United States, especially through a Do Not
Track proposal, would be even more harmful. Not only would it
eliminate the billions of dollars that targeted advertising
pumps into the Internet economy, it would stunt the huge
potential growth in innovation for new content and services
that would come with more of these higher value ads.
Do Not Track would also be costly to implement and
difficult to enforcement. The most popular proposal right now
on how Congress or FTC or anyone else can mandate a Do Not
Track mechanism is through a modification of the HTTP header.
Such a change would require substantial retooling of existing
Web sites, Web browsers and other related software and devices,
the cost of which, of course, would ultimately be borne by
consumers.
In addition, the proposal leaves much ambiguity about what
does or does not constitute tracking. Do Not Track may allow
sites which have large databases of user information to
continue to provide targeted advertising but would hurt the
ability of smaller publishers to rely on third party ad
networks to deliver personalized ads. It may also not apply to
other emerging forms of online advertising, such as deep packet
inspection.
Congress should be careful not to devise policies around a
particular business model that would end up hurting some
businesses while helping others. It should also not forget that
consumers today have many tools to protect their privacy
online.
Finally, Do Not Track would result in more intrusive and
less relevant advertising for consumers. Do Not Track, of
course, doesn't actually stop online advertising. It only
limits the ability of ad networks to deliver ads that the user
might actually want. Users who opt out of tracking would
receive more, not less, unwanted advertising.
In addition, advertisers would likely resort to overlay and
pop-up ads, which users may find annoying, but actually are
more effective at getting their attention. The reason for this
is that the small text-based ads are significantly less
effective unless they can be tailored to a user's interest. If
Do Not Track were widely implemented, another option, of
course, is that Web sites may simply choose to block users who
do not allow tracking.
In short, privacy is important, but it must be balanced
against competing goals, including usability, cost, future
innovation and consumer benefit. A Do Not Track requirement
would do more harm than good, and for that reason, I urge the
Federal Government to not go forward with this approach.
Thank you.
[The prepared statement of Mr. Castro follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Space. And thank you, Mr. Castro.
That is our final panelist, and now Members will be
permitted to ask questions.
And I would ask the chairman of this committee, Mr. Rush,
if he intends to use his time.
Mr. Rush. Thank you, Mr. Chairman.
And before I ask the question, let me also join with
previous commentary from those on the subcommittee in thanking
you for your outstanding service to this subcommittee. You have
been a very valuable part of this process that we are now
engaged in and have been engaged in. And I certainly have
always welcomed your friendship and your leadership, your
insight and your commitment to the affairs of the American
people. So congratulations on an outstanding job that you have
done.
And I do have just a couple of questions that I want to ask
a couple of the panelists.
On October the 4th, 2010, the Council of Better Business
Bureaus, a group of the Nation's largest media and marketing
trade organizations, announced their ``Self-Regulatory
Principles for Online Behavior Advertising.'' They also
launched an industrywide ``Advertising Option Icon,'' which was
to be displayed on Web pages that collect user information for
behavior advertising.
Now, I have to ask Ms. Grant and Ms. Gillman, Mr. Pasqua
and Mr. Castro, I am going to ask you two questions, and you
can take your time to answer these questions.
Have you had the opportunity to review the new consumer
opt-out platform? And, two--which is part of the advertising
alliance that was released on the said date?
And the second question is, in its current configuration,
what are some of the consumer opt-out platform's limitations?
What are the limitations of the opt-out platform?
Ms. Grant, I will start with you, and we will just go down
the line.
Ms. Grant. I have read the principles and the explanation
for them for this new program, actually several times because
it is extremely complicated. It was supposed to actually be
launched in July. I don't believe that it is really functioning
yet, at this point, so I don't think that we can tell much
about how it is going to work.
But one thing that troubled me was that there were many
different options that companies had for, for instance, how
they would explain to consumers what they were doing with their
information, who was responsible in the chain of companies for
doing this, where consumers would go to opt out, whether to a
central Web site that some companies but not all companies
would use or to individual companies' Web sites.
I found the whole thing very potentially burdensome for
consumers. And I don't think that it is the one-stop-shopping,
easy mechanism that we are looking for.
Mr. Rush. Ms. Gillman.
Ms. Gillman. Yes, I did read it, but it was some time ago.
I will tell you that we applaud the initiative that they took.
The issue is complex, and I think it is early days; it is too
soon to actually judge the effectiveness.
I think a lot of the complexity is that many of the
participants have very different businesses and systems, and
they are trying to figure out the best way to do this. And no
one today knows the best solution. So the fact that they are
trying, I think, is heading in the right direction.
I would also--you asked about limitations. I think it is
time, it is consumer education, and it is applying many of
these best practices and really learning from them. So it is
just time, at this point, that is the limitation.
Mr. Rush. Mr. Castro.
Mr. Castro. Thank you.
Yes, I have had a chance to review it. I would say the
limitations are that obviously it is in its nascent stages,
but, when you look at it, you know, this is certainly an
iterative process, as all technology improvements are. And if
you see the progress they have made in the past 6 months to a
year to 5 years, I think, you know, it is very good.
One thing that I think is important when you evaluate these
solutions, you know, they don't have to necessarily come up
with the best solution. They just have to have a platform that
other people can apply a good solution to. In that sense, they
are making a lot of progress.
And the other main limitation that I see is that this is
obviously only one type of advertising, display advertising on
Web sites. You know, we need to look broadly at creating a fair
platform so that all types of online advertising can be
competitive.
Mr. Rush. The CFA has said before that, quote, ``Online
opt-out should be as well-known and as easy as the Do Not Call
list,'' end quote, and that a Do Not Track list should be aimed
at preventing tracking for, quote, ``advertising purposes.''
Can you be more specific in terms of what you mean by
``advertising purposes''? Can you be more precise about it?
What of these online tracking tools and technologies would be
permitted and they don't fall into, quote/unquote,
``advertising purposes''?
Ms. Grant. Well, we have heard today that there are already
some solutions out there for consumers. It is not clear how
widely known they are. And, in some cases, there are things
that consumers have to pay for to protect their privacy.
It is a challenge whenever you are educating consumers. You
have to have very simple, central messages to give them, and
you have to have very practical, easy things for them to do.
Right now, if I was advising a consumer about how to avoid
online tracking, I wouldn't be able to give that person very
easy, practical advice about what to do, because there is not
one easy-to-do thing, as we are advocating with a Do Not Track
mechanism. There are various things out there that have their
pros and cons, all of which people have to download or take
various steps to do, not as easy as flipping the switch that we
envision on one's browser with a Do Not Track mechanism.
Mr. Rush. Ms. Gillman, would you take a stab at it from
your perspective, in terms of what is--would you more precisely
define ``advertising purposes''?
Ms. Gillman. Can you actually rephrase the question?
Because I would like to make sure----
Mr. Rush. OK, let's try to define, quote, ``advertising
purposes'' with a little bit more precision. What other uses of
these online tracking tools and technologies would be permitted
as not falling into, quote, ``advertising purposes''?
Ms. Gillman. Oh, you are asking what would not be
considered advertising use?
Mr. Rush. A more precise definition of what an advertising
purpose would be.
Ms. Gillman. I am not a lawyer, so trying to actually draft
that language is challenging. I think it is worth a deep
discussion. Today, the advertising industry is a large
industry, $250 billion. It encompasses communication with
consumers through direct mail, through advertising in terms of
display advertising. And the information that is often used to
inform those campaigns is information that, you know, can cover
purchase information and it can cover interests that they know
about that individual, publicly available information about
their college education, their level of education, their
income.
So, to me, the information that might be needed to be used
is broad. But most, if not all, major advertising initiatives
today do not actually need to use personally identifiable
information to deliver marketing messages on the Web. So I
don't know if that addresses it, but it is a lot of blended
information, depending on the business.
Mr. Rush. Ms. Grant.
Ms. Grant. Can I take a stab? Because I may not have
understood your question properly.
Beyond the demographic information that is often used in
advertising to target it to certain markets, increasingly we
are seeing more sensitive kinds of information used--health
information, other information--to do exactly what we have
heard described, to personalize the advertising.
And there are great concerns about that. There may be some
people who are not troubled by that, but we know that there are
a lot of other people who are, and that those people need an
easy-to-use tool to prevent that kind of information from being
collected if they don't wish it to be.
Mr. Moglen. Mr. Chairman, may I comment?
The purpose of advertisers is to collect information
concerning the capabilities and intentions of the potential
buyer and to affect that buyer's behavior. Oddly enough, those
three points--collection of information about capabilities and
intentions for the purpose of affecting behavior--is also the
definition of what intelligence services do. There is, in fact,
no practicable distinction between the public activity we call
``collecting intelligence'' and the private activity we call
``targeting advertising.'' They are both spying.
The purpose of spying has got to be one which the public
would find in its advantage and not merely in the advantage of
the institution performing the spying. We do that with respect
to public intelligence services because they are under
democratic control. We don't do that with respect to
advertisers. They are under nobody's control but their own,
unless they are regulated.
Thank you.
Mr. Rush. Well, thank you.
I yield back.
Mr. Space. Thank you, Mr. Chairman.
Thank you, also, for allowing me the opportunity to chair
this hearing. This seat is much more comfortable than I
imagined.
The chair recognizes Ranking Member Whitfield from
Kentucky.
Mr. Whitfield. Mr. Castro, you just heard Dr. Moglen's
comment about advertising. And I was just curious, would you
have any comment to what he just said?
Mr. Castro. Sure, absolutely. I mean, I think it is
actually inaccurate. Spying is very different. Spying, you know
what somebody is doing very specifically; it is identifiable.
It is implied that it is harmful.
In this case, what is happening for most targeted
advertising, most of the collection and use of information
online--you know, when we are talking about this problem, 95
percent of everything that we talk about is things that most
people are comfortable with. It is this, kind of, 5 percent
gray area that is the exception.
But, you know, overall there are a lot of good things that
are being done with this data and good things that are helpful
to consumers. You know, data is collected and used so that Web
sites are more accessible, more usable, they are displaying
more accurate information. Information is collected so that
search engine rankings can be improved. Data is collected, you
know, of course, to do targeted advertising. And all of these
things help users, and I don't think most consumers would
consider that they are spied on when they are given something
that they want.
Mr. Whitfield. Would you like to respond to that in any
way, Mr. Moglen?
Mr. Moglen. Well, it seems to me that it heightens, again,
the point that thinking about targeted advertising in isolation
is probably not a good idea. But if Mr. Castro is correct, we
could test it with a very simple regulatory approach which
would simply require businesses to disclose to consumers on
request everything the business knows about them and what they
have done with it. Then we will find out whether people are
comfortable with what actually happens as opposed to what they
can see.
Online advertising firms are very secretive in their
nature. I don't compare them lightly to intelligence services.
They both protect very jealously their methods of collection of
information and analysis, and they both protect very jealously
what they do with the information that they have.
I think, if Mr. Castro is correct that what is actually
going on would be acceptable to consumers, then there ought to
be no objection to regulation that would require consumers to
have the power to get exact information about what is known
about them and what is done with what is known.
Mr. Whitfield. Yes.
Mr. Castro. Sir, I would like to respond to that.
Of course, the issue that we are talking about today and
the broader issue with online tracking and implementing Do Not
Track is there are lots of costs involved. So the question is
always, is the cost necessary and appropriate?
I do absolutely agree that, you know, broadly speaking, we
do want government to look out for consumers' privacy rights.
One way of doing this is looking specifically at harms--what
harms are out there and how can we prevent harms from
occurring. Because it doesn't matter to the consumer how
somebody got data about them. They care if something bad
happens to them. They care if somebody is discriminating
against them or their information is being used in a harmful
way. And so I think that is a very appropriate way that
Congress can address these kinds of privacy concerns that are
out there.
Mr. Space. OK. And the ranking member had to step out, so I
will reserve his 2 minutes and 13 seconds.
And that leaves me. I do have some questions I would like
to ask.
Dr. Moglen, actually, you said something during your
response to one of the questions I think asked by Chairman
Rush--and while you equated the act of surveillance or tracking
to spying, I am not sure I would agree with that. But you did
say something that I think really gets to the heart of matter,
and that is, who benefits from it?
And I have heard testimony today from various people that
not only does the advertiser or the digital company that is
engaging in the tracking benefit, but there is some suggestion
that consumers benefit, as well, specifically not just in terms
of convenience but it allows, for example, low-income consumers
easier access because of cheaper costs. Perhaps the argument
could be made that it could allow telecommunication companies
the flexibility of extending or expanding their networks to
serve underserved and unserved areas.
And I am curious--I am going to ask Mr. Castro--whether you
have any qualifiable, measurable data that would provide us
with details on how tracking legislation or an overall blanket
prohibition would affect the business model within the
industry.
And then I am going to ask you, Ms. Grant, the extent to
which you are concerned about the economic consequences of
legislative action that might prohibit this kind of activity as
it relates to the business model of the telecom companies and
their ability, then, to reach and provide services to low-
income and rural--or unserved customers.
Mr. Castro. Yes, so, you know, would this affect the
industry? Certainly, when you look at the numbers, there are
two numbers you have to look at. One is how much is being spent
now and then what the trends are, so how much will be spent in
the future.
There have been studies on, of course, the effectiveness of
online advertising and the impact of regulations. And I point
to the study by Tucker and Goldfarb from MIT and University of
Toronto that looked at the impact of the European privacy
directive. And that study did find a loss in effectiveness.
And what they did as the next step was they said, you know,
what would that impact be if advertisers changed their spending
in direct correlation to the effectiveness of the ad, which is,
you know, a very logical thing. So they could either increase
their spending, you know, and double the number of ads and get
the same effectiveness or decrease it in line.
So if they decrease it--and I think this was applied to the
U.S. economy--if it was decreased, it would be something like a
loss of revenue of about $5 billion.
Mr. Space. Five billion dollars?
Mr. Castro. Five billion dollars. It was from around--I can
pull out the number in a minute, if you would like the exact--
it was over $5 billion.
Mr. Space. Whose estimate was that?
Mr. Castro. This was Tucker and Goldfarb from the
University of Toronto and MIT.
Mr. Space. Who commissioned this study, or was it an
academic----
Mr. Castro. It was an academic study.
Mr. Space. All right.
Ms. Grant, having heard those numbers, $5 billion is a lot
of money and, not just conceivably but in all probability,
might affect the ability of low- to middle-income consumers to
obtain access and, again, underserved or unserved consumers to
obtain access.
What is your response to those monetary concerns?
Ms. Grant. Well, first of all, if I understand correctly,
this was a study of the EU privacy directive. So I don't think
that it is exactly on point.
I don't know what the impact of Do Not Track would be on
telecom companies. But I would like to say a few things that I
think would be helpful here.
One is that we are not talking about no advertising. There
are consumers who might not avail themselves of Do Not Track so
would continue to receive tailored advertising. There are
consumers who now and in the future will continue to get
contextual advertising, which is based on what they are looking
at at the time on the Internet and doesn't involve following
them around and compiling a dossier of what they do and who
they talk to.
And consumers find information on the Internet about the
products and services that they want in other ways, as well.
They do it using search engines. They do it using price-
comparison Web sites.
So there are lots of ways that people find what they are
looking for online. And behavioral advertising is one part of
this, but it is certainly not the main or only part. And I
don't think that doing away with it will have a--or not doing
away with it, but giving consumers control over whether they
want to be tracked or not will create a great economic upheaval
or turn the Internet dark overnight.
I am sure that the Federal Trade Commission wouldn't be
supporting the concept of a Do Not Track mechanism if it felt
that it would have that effect either. We are all very
concerned about the economy and making sure that it is strong
and that e-commerce continues to grow, but we don't want to
sacrifice consumers' privacy.
We don't let companies do whatever they want just because
it is profitable. I am sure that bombarding consumers with
telemarketing calls was probably effective even though a lot of
people didn't like it. It made money. But we drew the line. We
drew the line in terms of time of day that telemarketers could
call consumers, that they couldn't call with annoying
frequency. And then we gave consumers a tool to actually use to
reduce unwanted telemarketing if they chose. And that is the
kind of thing that we are talking about here.
Mr. Space. Thank you, Ms. Grant.
Mr. Moglen. May I comment, Mr. Space?
Mr. Space. Yes, in one moment, Dr. Moglen. I am going to
call on you to comment.
But I would like to know from Ms. Gillman whether Time
Warner, for example, can quantify and give us some indication
as to how this affects your business model and your ability to
provide cable services to consumers at current pricing. Have
you done studies? Is there any measurable data that we can look
at?
Ms. Gillman. We have not done a study that looked at that
specifically. But I can speak to the fact that we need to
innovate every day to adapt to consumer interests, consumer
needs. They look to us to make improvements to our service
every day. And this debate being a very important debate, the
risk one runs is that there are unintended consequences of a Do
Not Track policy, in that it prevents companies like ours from
innovating.
I would also like to add, though, that the vibrancy of the
Internet is extremely important, as well. And what should be
explored around this debate and discussion is really the
unintended consequences for the smaller content providers and
service providers, the small businesses in and around this
ecosystem. The smaller the Web site, the smaller the audience,
the more challenging times they have selling contextual
advertising. So they do not have a large enough audience.
So we really want to encourage innovation in the Internet
ecosystem, and we want new players entering. And we want to
make sure that any discussion around this debate does not
prevent that from happening.
Mr. Space. OK.
Dr. Moglen, you have the last word.
Mr. Moglen. I very much doubt, Mr. Chairman, that there is
any person in this room whose life has not been altered by
Wikipedia, which has provided opportunities for underserved
populations of the kinds that you were talking about to conduct
research and to learn at a level which is otherwise
inaccessible to them.
Wikipedia is unsupported by advertising. And of the 100
most visited sites on the Net studies by the Wall Street
Journal in the series previously referred to, it was the only
one of the 100 not in any way surveilling or tracking its
users.
I think, once again, that the attempt to connect the
advertising business model to the importance of vibrant content
on the Net or life-changing possibilities of expansion of
access to underserved populations is poppycock.
Mr. Space. OK. With that, does the chairman have any
additional questions?
Mr. Rush. Mr. Chairman, in the interest of time, I am going
to just pass, because I think that you and the other members of
this panel have been here for quite some time. And I would be
taking advantage of my freshness, my first legs if I were to
ask another question, so I am going to pass.
Mr. Space. Thank you, Mr. Chairman.
And Ranking Member Whitfield?
Mr. Whitfield. How do you spell ``poppycock''?
Mr. Space. Yes, how do you spell ``poppycock''?
Mr. Moglen. I will modify my remarks to spell it out. Thank
you.
Mr. Space. All right. With that, this hearing is adjourned.
[Whereupon, at 2:34 p.m., the subcommittee was adjourned.]
[Material submitted for inclusion in the record follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�