[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
ALGORITHMS: HOW COMPANIES' DECISIONS ABOUT DATA AND CONTENT IMPACT
CONSUMERS
=======================================================================
JOINT HEARING
BEFORE THE
SUBCOMMITTEE ON COMMUNICATIONS AND TECHNOLOGY
AND THE
SUBCOMMITTEE ON DIGITAL COMMERCE AND CONSUMER PROTECTION
OF THE
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
NOVEMBER 29, 2017
__________
Serial No. 115-80
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Printed for the use of the Committee on Energy and Commerce
energycommerce.house.gov
______
U.S. GOVERNMENT PUBLISHING OFFICE
28-578 PDF WASHINGTON : 2018
COMMITTEE ON ENERGY AND COMMERCE
GREG WALDEN, Oregon
Chairman
JOE BARTON, Texas FRANK PALLONE, Jr., New Jersey
Vice Chairman Ranking Member
FRED UPTON, Michigan BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois ANNA G. ESHOO, California
MICHAEL C. BURGESS, Texas ELIOT L. ENGEL, New York
MARSHA BLACKBURN, Tennessee GENE GREEN, Texas
STEVE SCALISE, Louisiana DIANA DeGETTE, Colorado
ROBERT E. LATTA, Ohio MICHAEL F. DOYLE, Pennsylvania
CATHY McMORRIS RODGERS, Washington JANICE D. SCHAKOWSKY, Illinois
GREGG HARPER, Mississippi G.K. BUTTERFIELD, North Carolina
LEONARD LANCE, New Jersey DORIS O. MATSUI, California
BRETT GUTHRIE, Kentucky KATHY CASTOR, Florida
PETE OLSON, Texas JOHN P. SARBANES, Maryland
DAVID B. McKINLEY, West Virginia JERRY McNERNEY, California
ADAM KINZINGER, Illinois PETER WELCH, Vermont
H. MORGAN GRIFFITH, Virginia BEN RAY LUJAN, New Mexico
GUS M. BILIRAKIS, Florida PAUL TONKO, New York
BILL JOHNSON, Ohio YVETTE D. CLARKE, New York
BILLY LONG, Missouri DAVID LOEBSACK, Iowa
LARRY BUCSHON, Indiana KURT SCHRADER, Oregon
BILL FLORES, Texas JOSEPH P. KENNEDY, III,
SUSAN W. BROOKS, Indiana Massachusetts
MARKWAYNE MULLIN, Oklahoma TONY CARDENAS, California
RICHARD HUDSON, North Carolina RAUL RUIZ, California
CHRIS COLLINS, New York SCOTT H. PETERS, California
KEVIN CRAMER, North Dakota DEBBIE DINGELL, Michigan
TIM WALBERG, Michigan
MIMI WALTERS, California
RYAN A. COSTELLO, Pennsylvania
EARL L. ``BUDDY'' CARTER, Georgia
JEFF DUNCAN, South Carolina
(ii)
Subcommittee on Communications and Technology
MARSHA BLACKBURN, Tennessee
Chairman
LEONARD LANCE, New Jersey MICHAEL F. DOYLE, Pennsylvania
Vice Chairman Ranking Member
JOHN SHIMKUS, Illinois PETER WELCH, Vermont
STEVE SCALISE, Louisiana YVETTE D. CLARKE, New York
ROBERT E. LATTA, Ohio DAVID LOEBSACK, Iowa
BRETT GUTHRIE, Kentucky RAUL RUIZ, California
PETE OLSON, Texas DEBBIE DINGELL, Michigan
ADAM KINZINGER, Illinois BOBBY L. RUSH, Illinois
GUS M. BILIRAKIS, Florida ANNA G. ESHOO, California
BILL JOHNSON, Ohio ELIOT L. ENGEL, New York
BILLY LONG, Missouri G.K. BUTTERFIELD, North Carolina
BILL FLORES, Texas DORIS O. MATSUI, California
SUSAN W. BROOKS, Tennessee JERRY McNERNEY, California
CHRIS COLLINS, New York FRANK PALLONE, Jr., New Jersey (ex
KEVIN CRAMER, North Dakota officio)
MIMI WALTERS, California
RYAN A. COSTELLO, Pennsylvania
GREG WALDEN, Oregon (ex officio)
------
Subcommittee on Digital Commerce and Consumer Protection
ROBERT E. LATTA, Ohio
Chairman
ADAM KINZINGER, Illinois JANICE D. SCHAKOWSKY, Illinois
Vice Chairman Ranking Member
FRED UPTON, Michigan BEN RAY LUJAN, New Mexico
MICHAEL C. BURGESS, Texas YVETTE D. CLARKE, New York
LEONARD LANCE, New Jersey TONY CARDENAS, California
BRETT GUTHRIE, Kentucky DEBBIE DINGELL, Michigan
DAVID B. McKINLEY, West Virgina DORIS O. MATSUI, California
ADAM KINZINGER, Illinois PETER WELCH, Vermont
GUS M. BILIRAKIS, Florida JOSEPH P. KENNEDY, III,
LARRY BUCSHON, Indiana Massachusetts
MARKWAYNE MULLIN, Oklahoma GENE GREEN, Texas
MIMI WALTERS, California FRANK PALLONE, Jr., New Jersey (ex
RYAN A. COSTELLO, Pennsylvania officio)
GREG WALDEN, Oregon (ex officio)
C O N T E N T S
----------
Page
Hon. Robert E. Latta, a Representative in Congress from the State
of Ohio, opening statement..................................... 2
Prepared statement........................................... 3
Hon. Janice D. Schakowsky, a Representative in Congress from the
State of Illinois, opening statement........................... 4
Hon. Marsha Blackburn, a Representative in Congress from the
State of Tennessee, opening statement.......................... 5
Prepared statement........................................... 7
Hon. Michael F. Doyle, a Representative in Congress from the
Commonwealth of Pennsylvania, opening statement................ 7
Hon. Greg Walden, a Representative in Congress from the State of
Oregon, opening statement...................................... 9
Prepared statement........................................... 11
Hon. Frank Pallone, Jr., a Representative in Congress from the
State of New Jersey, opening statement......................... 12
Prepared statement........................................... 13
Witnesses
Omri Ben-Shahar, Ph.D., Leo Herzel Professor in Law, University
of Chicago Law School.......................................... 15
Prepared statement........................................... 18
Answers to submitted questions............................... 154
Kate Klonick, Resident Fellow, Information Society Project, Yale
Law School..................................................... 23
Prepared statement........................................... 25
Answers to submitted questions \1\........................... 157
Laura Moy, Deputy Director, Center on Privacy & Technology at
Georgetown Law................................................. 33
Prepared statement........................................... 35
Answers to submitted questions............................... 159
Catherine Tucker, Ph.D., Sloane Distinguished Professor of
Management Science, MIT Sloane School of Management............ 57
Prepared statement........................................... 59
Answers to submitted questions............................... 164
Frank Pasquale, Professor of Law, University of Maryland......... 67
Prepared statement........................................... 69
Answers to submitted questions............................... 169
Michael Kearns, Ph.D., Computer and Information Science
Professor, University of Pennsylvania.......................... 93
Prepared statement........................................... 95
Answers to submitted questions............................... 183
Submitted Material
Letter of November 1, 2016, from Hon. Robin L. Kelly, et al., to
Mark Zuckerberg, Chairman and Chief Executive Officer,
Facebook, submitted by Ms. Clarke.............................. 130
Statement of Frank Pasquale, Professor of Law, University of
Maryland, before the United States Senate, September 12, 2017,
submitted by Ms. Matsui........................................ 131
----------
\1\ Ms. Klonick did not answer submitted questions for the record
by the time of printing.
Tweets of November 22, 2017, Cloudflare, submitted by Mr.
Costello....................................................... 149
Report of May 2016, ``Online Privacy and ISPs,'' The Institute
for Information Security & Privacy,\1\ submitted by Mr. Lance
Letter of November 28, 2017, from Marc Rotenberg, President, and
Caitriona Fitzgerald, Policy Director, Electronic Privacy
Information Center, to Mr. Latta, et al., submitted by Mr.
Lance.......................................................... 150
----------
\1\ The information has been retained in committee files and also
is available at http://docs.house.gov/meetings/IF/IF17/
20171129/106659/HHRG-115-IF17-20171129-SD004-U4.pdf.
ALGORITHMS: HOW COMPANIES' DECISIONS ABOUT DATA AND CONTENT IMPACT
CONSUMERS
----------
WEDNESDAY, NOVEMBER 29, 2017
House of Representatives,
Subcommittee on Communications and Technology
joint with the
Subcommittee on Digital Commerce and Consumer
Protection,
Committee on Energy and Commerce,
Washington, DC.
The subcommittee met, pursuant to call, at 10:07 a.m., in
room 2123, Rayburn House Office Building, Hon. Robert E. Latta
(chairman of the Subcommittee on Digital Commerce and Consumer
Protection) presiding.
Members present: Representatives Latta, Blackburn, Harper,
Lance, Shimkus, Burgess, Guthrie, Olson, Kinzinger, Bilirakis,
Johnson, Bucshon, Flores, Brooks, Mullin, Collins, Cramer,
Walters, Costello, Walden (ex officio), Doyle, Schakowsky,
Eshoo, Engel, Green, Matsui, McNerney, Welch, Clarke, Loebsack,
Ruiz, Dingell, and Pallone (ex officio).
Staff present: Mike Bloomquist, Deputy Staff Director;
Samantha Bopp, Staff Assistant; Kelly Collins, Staff Assistant;
Robin Colwell, Chief Counsel, Communications and Technology;
Sean Farrell, Professional Staff Member, Communications and
Technology; Margaret T. Fogarty, Staff Assistant; Melissa
Froelich, Chief Counsel, Digital Commerce and Consumer
Protection; Adam Fromm, Director of Outreach and Coalitions;
Gene Fullano, Detailee, Communications and Technology; Ali
Fulling, Legislative Clerk, Oversight and Investigations,
Digital Commerce and Consumer Protection; Theresa Gambo, Human
Resources and Office Administrator; Elena Hernandez, Press
Secretary; Paul Jackson, Professional Staff Member, Digital
Commerce and Consumer Protection; Bijan Koohmaraie, Counsel,
Digital Commerce and Consumer Protection; Tim Kurth, Senior
Professional Staff, Communications and Technology; Lauren
McCarty, Counsel, Communications and Technology; Katie McKeogh,
Press Assistant; Alex Miller, Video Production Aide and Press
Assistant; Mark Ratner, Policy Coordinator; Madeline Vey,
Policy Coordinator, Digital Commerce and Consumer Protection;
Evan Viau, Legislative Clerk, Communications and Technology;
Hamlin Wade, Special Advisor for External Affairs; Everett
Winnick, Director of Information Technology; Greg Zerzan,
Counsel, Digital Commerce and Consumer Protection; Michelle
Ash, Minority Chief Counsel, Digital Commerce and Consumer
Protection; Jeff Carroll, Minority Staff Director; David
Goldman, Minority Chief Counsel, Communications and Technology;
Lisa Goldman, Minority Counsel; Lori Maarbjerg, Minority FCC
Detailee; Dan Miller, Minority Policy Analyst; Caroline Paris-
Behr, Minority Policy Analyst; and C.J. Young, Minority Press
Secretary.
OPENING STATEMENT OF HON. ROBERT E. LATTA, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF OHIO
Mr. Latta. Well, good morning. I would like to call our
joint subcommittee meeting to order, and the Chair recognizes
himself for 5 minutes for an opening statement.
And good morning again. I would like to welcome everyone
back from Thanksgiving holiday to our joint subcommittee
hearing. I would like to thank our witnesses for being here
today. I would venture to guess many people were able to get a
jumpstart on their holiday shopping and seeing some of the
earlier reports showing that online shopping rose 17 percent
from last year, which makes our hearing this morning even more
timely.
When Chairman Walden became chairman of the Energy and
Commerce Committee, we agreed that keeping our focus on the
consumer was a priority for the committee. And everything that
the Digital Commerce and Consumer Protection Subcommittee has
done, whether it has been exploring new technologies through
our Disrupter Series or the bipartisan work that went into the
SELF DRIVE Act, our goal has always been to act in the best
interest of the consumer, the American people.
Earlier this fall, the Equifax data breach compromised the
personal information of over 145 million Americans. This
troubling incident raised many questions about credit industry
practices with respect to the collection of consumer
information. Many Americans, some of whom never heard of
Equifax, were confused as to how their sensitive personal
information could have been compromised by a company they had
never interacted with.
Just last week, Uber announced their systems were hacked,
exposing data of over 57 million users. Rather than alert
authorities and make the breach known to their users and
drivers, Uber kept the hack secret for a year. Disregard of law
and disregard of consumers' and drivers' trust all require
close scrutiny. The Digital Commerce and Consumer Protection
Subcommittee will continue our work to protect consumers and
make sure those who disregard the law are held accountable.
As investigations continue, the importance of this hearing
cannot be understated. Polls show Americans both feel that
technology has had a positive effect on our society but are
also skeptical about how their information is used by major
technology companies. As policymakers, it is our obligation to
ask the tough questions and make sure consumers understand how
their information is being used in our digitally driven
economy.
That is why we explore today how personal information about
consumers is collected online and, importantly, how companies
use that information to make decisions about the content
consumers see. Right now, there are more than 224 million smart
phone users in America, and U.S. consumers spend about 5 hours
a day on their mobile devices. As we continue to see the number
of connected devices increase and our digital economy expand,
Americans are only going to spend more and more time online
browsing the web, shopping, or checking social media, with more
information about them being collected.
Although there are legitimate reasons and benefits of the
collection and use of information online, we want to ensure
that Americans understand how their information is being used.
Specifically, how do companies use algorithms to make decisions
and deliver content to consumers? What information goes into
these complex algorithms, and how do they control the
information that comes out? How important are human decisions
in creating the algorithms and interpreting the results? Are
the results of the researches we conduct online objective, or
are companies controlling the information we get?
These are all fair, legitimate questions that we intend to
explore. It is our job to make sure consumers have the
information they need to make informed decisions, especially
when it comes to the flow of their personal information online.
With that said, it is also important to understand how
effective privacy policy disclosures are. Although some
scholars believe such disclosures empower the consumers, others
contend they are only there for the lawyers and are impossible
to read. For that reason, we must consider whether there are
more effective ways to empower the consumer.
I would like to thank Chairman Blackburn for her commitment
to these issues, and I look forward to exploring these complex
but important issues with all stakeholders. Again, I want to
thank our witnesses for being here today, and at this time I
would like to recognize the gentlelady from Illinois, the
ranking member of the subcommittee, for 5 minutes.
[The prepared statement of Mr. Latta follows:]
Prepared statement of Hon. Robert E. Latta
Good morning, I'd like to welcome everyone back from the
Thanksgiving holiday to our joint subcommittee hearing. I'd
like to thank our witnesses for being here today. I would
venture to guess many people were able to get a jump start on
their holiday shopping. Early reports show online shopping
revenues rose over 17 percent from last year, which makes our
hearing this morning so timely.
When Chairman Walden became chair of the Energy and
Commerce Committee, we agreed that keeping our focus on the
consumer was a priority for the committee. In everything the
Digital Commerce and Consumer Protection subcommittee has
done--whether it has been exploring new technologies through
our Disrupter Series or the bipartisan work that went into the
SELF DRIVE Act--our goal has always been to act in the best
interest of the consumer and the American people.
Earlier this fall, the Equifax data breach compromised the
personal information of over 145 million Americans. This
troubling incident raised many questions about credit industry
practices with respect to the collection of consumer
information. Many Americans--some of who had never heard of
Equifax--were confused as to how their sensitive personal
information could have been compromised by a company they had
never interacted with.
Just last week, Uber announced their systems were hacked
exposing data on over 57 million users. Rather than alert
authorities and make the breach known to their users and
drivers--Uber kept the hack secret for a year. Disregard of the
law and disregard of consumers and drivers trust all require
close scrutiny. The Digital Commerce and Consumer Protection
subcommittee will continue our work to protect consumers and
make sure those who disregard the law are held accountable.
As investigations continue, the importance of this hearing
cannot be understated. Polls shows Americans both feel that
technology has had a positive effect on our society, but are
also skeptical about how their personal information is used by
major technology companies. As policymakers, it is our
obligation to ask the tough questions and make sure consumers
understand how their information is being used in our digitally
driven economy.
That is why we will explore today how personal information
about consumers is collected online and--importantly--how
companies use that information to make decisions about the
content consumers see.
Right now, there are more than 224 million smartphone users
in America and U.S. consumers spend about 5 hours a day on
their mobile devices. As we continue to see the number of
connected devices increase and our digital economy expand,
Americans are only going to spend more and more time online--
browsing the web, shopping, or checking social media--with more
information about them being collected.
Although there are legitimate reasons and benefits to the
collection and use of information online, we want to ensure
that Americans understand how their information is being used.
Specifically, how do companies use algorithms to make
decisions and deliver content to consumers? What information
goes into these complex algorithms and how do they control the
information that comes out? How important are human decisions
in creating the algorithms and interpreting their results? Are
the results of the searches we conduct online objective or are
companies controlling the information we get? These are all
fair, legitimate questions that we intend to explore.
It is our job to make sure consumers have the information
they need to make informed decisions--especially when it comes
to the flow of their personal information online. With that
said, it is also important to understand how effective privacy
policy disclosures are. Although some scholars believe such
disclosures empower the consumer, others contend that they are
only there for the lawyers and are impossible to read. For that
reason, we must consider whether there are more effective ways
to empower the consumer.
I would like to thank Chairman Blackburn for her commitment
to these issues, and I look forward to exploring these complex,
but important issues with all stakeholders.
Thank you again to our witnesses for being here today.
OPENING STATEMENT OF HON. JANICE D. SCHAKOWSKY, A
REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS
Ms. Schakowsky. Thank you, Mr. Chairman. We like to think
of the internet as an open marketplace and forum for the
exchange of ideas. In reality, the information that consumers
see is determined in part by tech companies. Today, algorithms
determine what appears in web ads, search results, and your
customized news feed. Some of the content you are presented may
be based on personal information such as your gender, race, and
location. It may also depend on how much companies have paid to
get that content in front of you.
The internet and social media have changed how Americans
consume news, information, and advertising. According to an
August 2017 survey by the Pew Research Center, two-thirds of
Americans get at least some of their news through social media.
Consumers rely on a handful of popular platforms, making the
algorithms of those platforms tremendously powerful.
On a sinister level, organizations and even nation-states
can exploit algorithms to spread disinformation, as we saw with
Russian interference in the 2016 elections. In addition,
platforms profit by selling ads targeted to specific groups
based on their demographics and inferences made through their
engagement with content on the platform. This may have some
benefit: Consumers see ads that they are actually interested
in. But the line between tailoring advertising and facilitating
discrimination can get murky.
As we grapple with algorithms on the internet, the Federal
Communications Commission is considering big changes that would
allow corporations to further shape what content consumers
access. On December 14th, the FCC will vote on whether to undo
the Open Internet Order, which protects net neutrality. If that
proposal is adopted, internet service providers will be able to
control consumers' access to content. They can make a website
load faster or slower depending on whether the content provider
pays for the better speed, or an ISP can block content
altogether.
Destroying that neutrality would change the internet as we
know it, and how does a small business compete online if it now
has to pay every ISP in the country for its website to load as
fast as big corporation competitors? What happens to the
exchange of ideas when access to some content is restricted?
This is a disturbing amount of power that the FCC might cede to
for-profit broadband providers.
We already have examples of what broadband providers do
when empowered to block content. Verizon blocked text messages
from reproductive rights group NARAL, calling them, quote,
controversial, unquote. AT&T limited use of FaceTime to
incentivize its customers to purchase more expensive data
plans. TELUS, another telecom company, blocked the website of a
union with which it had a labor dispute. No wonder millions of
internet users have filed comments in support of maintaining
the Open Internet Order. Just since last Monday, my office has
received about 500 calls from net neutrality supporters.
Americans are watching the FCC's next move. The FCC under
Chairman Pai is also encouraging consolidation and media
ownership. It has bent over backward to clear the way for
Sinclair Broadcast Group's acquisition of Tribune Media.
Congress established a 39 percent cap on the national audience
one broadcaster can cover, but Chairman Pai moved to reinstate
the outdated UHF discount so that Sinclair can potentially
cover 70 percent of the national audience. This media
consolidation is a threat to local journalism, especially as
Sinclair forces its stations to run nationally produced, quote,
must-air, unquote, content.
Big corporations are being given more and more influence
over the information that Americans receive, from news feeds to
websites, from smart phone to TVs. Congress and Federal
watchdogs like the FCC have a responsibility to push back on
corporate power when it threatens fair competition and free
expression. I look forward to our witnesses' insights on how we
fulfill that responsibility, and I yield back. Thank you.
Mr. Latta. Thank you. The gentlelady yields back, and at
this time the Chair recognizes the gentlelady from Tennessee,
the chairman of the Communications and Technology Subcommittee,
for 5 minutes.
OPENING STATEMENT OF HON. MARSHA BLACKBURN, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF TENNESSEE
Mrs. Blackburn. Good morning, and welcome to all of our
witnesses. I want to thank my colleague Mr. Latta for working
closely with me and our committee to put together this stellar
panel so that we can talk about all things virtual.
Although we often refer to the world on the other side of
the screen as the virtual world, we are seeing that, when
things go wrong, the real-world impacts on our privacy,
finances, knowledge base, and even freedom of expression are
anything but virtual. They are very, very real. As so many of
these issues overlap between our two subcommittees, I am
pleased we are able to kick off our exploration of these issues
as a team.
On a number of fronts, we are seeing the pressure turned up
on the tech companies that often serve as the new town squares
for public discourse as governments and users are demanding
that certain speech be shut down. Some of the responses have
perhaps been a disappointment from the perspective of free
speech. Companies that began as start-ups in Silicon Valley
garages have fundamentally changed the way we communicate with
one another about everything from the song we want to hear, to
what stock to buy, to what is the best way to change our
healthcare delivery system.
These multinational corporations now respond to pressures
that do not necessarily align with American values, so we need
to examine how and why content is being blocked, filtered, or
prioritized. This may all sound faintly similar to another
topic, net neutrality. Exercise caution here, as it is
important to note the FCC's current rules only apply to ISPs,
not social media or search platforms.
In some very concrete ways, the open internet is being
threatened by certain content management practices. These 2-
year-old FCC rules have not and cannot address these threats,
so it is disheartening to see Title II regulatory advocates
happily conflating the two to divert attention from who is
actually blocking content. The current FCC proposal to return
internet regulation back to the bipartisan light-touch norm
also reminds us that we are simply shifting authority back to
the FTC to handle privacy matters.
The previous head of the FCC swiped jurisdiction from the
FTC, a 100-plus-year-old institution established by a
Democratic President to act against trusts. As discussed at our
previous hearings on the limits of the FCC, its authority can
only touch one part of the internet ecosystem, and thus it
ignores edge provider services that collect arguably more data
than ISPs.
As you may have heard, in order for consumers to be able to
protect their virtual you, I introduced a bill that would
create a level and fair privacy playing field by bringing all
entities that collect and sell personal data of individuals
under the same unified rules. Given the witnesses' testimony
today, let me also plug another bipartisan initiative we have
addressed: data security. Given the implications and risk
associated with transferring all of this data, it is imperative
that we address data security. It is a timely issue.
I look forward to working with my friends across the aisle
on this, data security, and on privacy, the BROWSER Act, and
all of these topics so that we can settle our differences right
here with legislative authority in these hearing rooms rather
than relinquishing that authority to regulators in power. I
thank the chairman for his collaboration and work on this
issue, and I yield back the balance of my time.
[The prepared statement of Mrs. Blackburn follows:]
Prepared statement of Hon. Marsha Blackburn
Good afternoon, and welcome to our witnesses. Let me also
thank my colleague Mr. Latta for working closely with me to put
together this all-star panel to discuss all things virtual.
Although we often refer to the world on the other side of our
screens as the virtual world, we are seeing that when things go
wrong, the real world impacts on our privacy, finances,
knowledge base, and even freedom of expression are anything but
virtual. As so many of these issues overlap between our two
subcommittees, I am pleased that we are able to kick off our
exploration of them as a team.
On a number of fronts, we are seeing the pressure turned up
on the tech companies that often serve as the new town squares
for our public discourse. As governments and users are
demanding that certain speech be shut down, some of the
responses have perhaps been a disappointment from the
perspective of free speech. Companies that began as start-ups
in Silicon Valley garages have fundamentally changed the way we
communicate with each other about everything from what song we
want to hear, to what stock we want to buy or sell, to what is
the best way to change our health care system. These
multinational corporations now respond to pressures that do not
necessarily line up with American values, so we need to examine
how and why content is being blocked, filtered, or prioritized.
This may all sound faintly similar to another hot topic--
net neutrality. Exercise caution here as it is important that
we note: the FCC's current rules only apply to ISPs, not social
media or search platforms. In some very concrete ways, the open
internet is being threatened by certain content management
practices. These 2-year-old FCC rules have not and cannot
address these threats, so it is disheartening to see Title 2
regulatory advocates happily conflating the two to divert
attention from who is actually blocking content.
The current FCC proposal to return internet regulation back
to the bipartisan light-touch norm also reminds us that we are
simply shifting authority back to the FTC to handle privacy
matters. The previous head of the FCC swiped jurisdiction from
the FTC, a 100-plus-year-old institution established by a
Democratic president to act against trusts. As discussed at our
previous hearings on the limits of the FCC, its authority can
only touch one part of the internet, ecosystem and thus it
ignores edge provider services that collect arguably more data
than ISPs. As you may have heard, I introduced a bill that
would create a level and fair privacy playing field by bringing
all entities that collect and sell the personal data of
individuals under the same rules.
Given the witnesses testimony today, let me also plug
another bipartisan initiative I have worked on in the past--
data security. Given the implications and risks associated with
transferring all of this data, it feels rather timely. I look
forward to working with my friends across the aisle on this and
all of these topics so we settle differences in this hearing
room as opposed to relinquishing our authority to regulators in
power.
Mr. Latta. Thank you. The gentlelady yields back. And,
before I recognize our next Member, I just want to mention to
our witnesses we have another subcommittee that is going on
right now, so you will have Members coming in and out of
subcommittee today. And at this time, the Chair recognizes the
gentleman from Pennsylvania, the ranking member on C&T, for 5
minutes.
OPENING STATEMENT OF HON. MICHAEL F. DOYLE, A REPRESENTATIVE IN
CONGRESS FROM THE COMMONWEALTH OF PENNSYLVANIA
Mr. Doyle. Thank you, Mr. Chairman, for holding this joint
hearing, and thank you to the witnesses who have come before us
today.
Machine learning and artificial intelligence are powerful
tools that are reshaping our country and our economy. In places
like my hometown of Pittsburgh, our leadership in artificial
intelligence is leading to new technologies and new advances
that have the potential for revolutionary changes. I hope this
committee can continue to investigate and understand this
important technology and the impacts that it will have.
That being said, troubling recent events such as the hack
of Equifax continue to show light on the dark world of data
brokers and data mining. Credit rating agencies play a central
role in many Americans' lives whether you are buying a home, a
car, or even a new phone. Your ability to demonstrate good
credit in the eyes of these institutions is tantamount to being
allowed to make a purchase or being told that you do not pass
Go. Americans have little recourse, and our Government provides
little oversight of these institutions and their practices.
They are increasingly using big data and machine learning to
make judgments about individuals and their ability to access
and use credit.
Data breaches at these companies pose grave threats to
nearly every American, and I think this warrants further
investigation. However, today I am deeply concerned that this
hearing is happening in the shadow of the FCC's efforts to end
network neutrality and this Congress' own decision to use the
Congressional Review Act on the FCC's broadband privacy rules.
These policies are and were robust protections for consumers
that are at the heart of our discussions here today.
In addition, Ms. Moy's testimony refers in numerous places
to the CRA against rules requiring mandatory arbitration by
financial institutions. The majority does not seem content to
merely strip Americans of their legal and regulatory
protections. They are going even further now and working to
deny them their access to the courts, as well. The majority
seems willing only to give lip service to these real consumer
protections that they have already cast aside.
The FCC's current efforts to repeal the Open Internet Order
and end network neutrality are a perfect case in point. The
need for net neutrality was borne out of a long history of
anti-consumer and anti-competitive behavior that limited
consumers' access to content and information, new technologies,
and competitive choices. ISPs have blocked consumer access to
services that compete with their own services, new services,
and transformative services more times than I can count. The
FCC's privacy rules themselves were a reaction to bad behavior
by the ISPs.
For years, ISPs have taken actions to track user behavior
online using deep packet inspection, undeletable supercookies,
and even force consumers to pay them on top of the sky-high
fees they already charge to retain their privacy. Consumers
were protected from these abusive practices until Congress and
President Trump recklessly acted to nullify these rules.
I cannot reiterate to my colleagues enough that when you
own the pipe to the home, you own access to the consumer, as
ISPs have demonstrated so many times. Repealing these rules
will have grave consequences on consumers and the vibrance of
the online ecosystem. I continue to urge Chairman Pai to end
his quixotic misadventure, and with that being said, I will
yield the remainder of my time to Mr. McNerney.
Mr. McNerney. I thank the ranking member. While I am glad
we are holding today's hearing about protecting online
consumers, I am disappointed that the Republicans on this
committee and at the Federal Communications Commission are
doing just the opposite. Earlier this year, Republicans passed
the privacy CRA, eliminating broadband privacy protections for
consumers' personal information.
In response, I introduced the MY DATA Act. This legislation
would give the Federal Trade Commission rulemaking and
enforcement authority so that consumers can have strong privacy
and data security protections across the internet. Not a single
Republican agreed to cosponsor this bill. In addition, this
December, the FCC is expected to adopt Chairman Pai's proposal
to dismantle net neutrality.
Thousands of constituents have reached out to my office
this year to express concerns about eliminating broadband
privacy and net neutrality protections. I urge my Republican
colleagues to take actions to actually protect consumers
instead of talking about protecting consumers while exposing
consumers to online mischief. I yield back.
Mr. Latta. Thank you very much. The gentleman yields back.
And at this time, the Chair now recognizes the gentleman from
Oregon, the chairman of the full committee, for 5 minutes.
OPENING STATEMENT OF HON. GREG WALDEN, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF OREGON
Mr. Walden. Thank you, Mr. Latta, and good morning,
everyone. Thanks for being here, especially thanks to our
witnesses.
And today we begin a critical discussion about the
evolution of consumers' online environment. We will dive into
many of the important questions surrounding the future of data
access and content management in a marketplace driven by
algorithms. Just in the past decade, the internet economy has
grown, thrived, and evolved, as you all know, substantially. It
is amazing what is happening there.
The smart phones we carry with us everywhere, the tablets
we log on to, the smart home devices in our kitchens, all
represent a transformational shift in how Americans gather
information, receive their news and content, and how they
connect with friends and with family. These services are
convenient, efficient, and provide valuable and tangible
benefits to American consumers.
The companies behind the services have created thousands
and thousands of jobs and brought the U.S. into the forefront
of technology and innovation. In exchange for using certain
websites or platforms, consumers are willing to share personal
details about themselves--names, locations, interests, and
more. The context of the relationship drives that exchange.
Now, depending on the service, tech companies and online
platforms make their money because they know who you are, where
you are, what you like, what photos and videos you take and
watch, and what news you read. The depth and power of data will
be supercharged with the proliferation of connected and
embedded devices in the Internet of Things. Billions of IoT
devices will surely be deployed, linking machines to other
machines and transmitting massive amounts of data and
information to connect Americans to even more services,
conveniences, and benefits from all around the globe.
So what is behind these services and activities? Algorithms
and data. Algorithms are a sequence of instructions to solve a
problem or complete a task. These instructions help devices and
apps predict user preferences as well as provide the content
and advertising you see in your social media feed. Data serve
as inputs or signals to those algorithms. Well-intentioned
algorithms can lead to unanticipated consequences. For example,
algorithmic bots are being profusely designed to steal or to
cheat in online gambling and ticket sales.
Humans remain a critical part of the creation and
monitoring of these systems. In recent months, reports of data
breaches and algorithms gone awry have demonstrated the
potentially negative influences of digital technology on
Americans' lives. This committee has done extensive work on
issues surrounding consumer protection and data breaches. We
brought in the former CEO of Equifax for a hearing, and we
continue to push for answers on behalf of American consumers.
At the same time, there have been some high-profile
instances of major social media platforms blocking content for
questionable reasons using opaque processes. As a result of all
of this, consumers are concerned about whether they can trust
online firms with the integrity of news and information they
disseminate, the welfare of its users, and on a much larger
scale the preservation of our own democratic institutions. All
these are part of the big public discussion going on right now.
As we all know net neutrality is the issue of the moment,
but regardless of where you stand on that policy, the recent
attacks on Chairman Pai and particularly his children are
completely unacceptable and have no place in this debate.
Period. I condemn it in the strongest terms, and I call on the
entire tech community and my colleagues on both sides of the
aisle to condemn it, as well.
In light of the current controversy surrounding net
neutrality rules for ISPs, it is important to examine how
content is actually being blocked or promoted or throttled
every day on the internet and not by the ISPs. Net neutrality
rules do not address the threats to the open internet that we
will discuss today.
Now, the goal for today's hearing is to help provide all
Americans with a better understanding of how their data flows
online, how online platforms and online media sources determine
what they see or don't see, and the extent of and methods by
which their information is collected and used by online firms.
Americans should be able to feel confident that their well-
being, freedom of expression, and access to the content of
their choice are not being wholly sacrificed for profit.
Americans should have vibrant, competitive markets both
offline and online where consumers know their rights and
options and have the freedom to choose what is best for their
circumstances. It is undeniable the internet has created
millions of new jobs, tremendous opportunities, access in ways
unimaginable just a few years ago, but it has also created
these new risks and challenges.
So, in the name of convenience, is there a potential for
online firms to undermine America's privacy and security in a
way that they don't expect or know about? Are the current
policies regarding the collection and use of personal data
working? Are consumers harmed by this hyperpersonalization? And
finally, are firms' content management practices constraining
America's ability to speak and to listen freely on an open
internet?
Consumers should remain as safe from unfair, deceptive, and
malicious practices by online firms and their algorithms on the
internet as they do in the real world. And we are here today to
dig into these tough questions, and we appreciate your advice
and counsel from our witnesses today. And with that, Mr. Chair,
I yield back.
[The prepared statement of Mr. Walden follows:]
Prepared statement of Hon. Greg Walden
Good morning. Today we begin a critical discussion about
the evolution of consumers' online environment. We will dive
into many important questions surrounding the future of data
access and content management in a marketplace driven by
algorithms.
Just in the past decade, the internet economy has grown,
thrived, and evolved substantially. The smartphones we carry
with us everywhere, the tablets we log on to, and the smart
home devices in our kitchens all represent a transformational
shift in how Americans gather information, receive news and
content, and connect with friends and family.
These services are convenient, efficient, and provide value
and tangible benefits to American consumers. The companies
behind the services have created jobs, and brought the U.S.
into the forefront of technological innovation.
In exchange for using certain websites or platforms,
consumers are willing to share personal details about
themselves--names, locations, interests, and more. The context
of the relationship drives that exchange.
Depending on the service, tech companies and online
platforms make their money because they know who you are, where
you are, what you like, what photos and videos you take and
watch, and what news you read.
The depth and power of data will be supercharged with the
proliferation of connected and embedded devices in the Internet
of Things.
Billions of IoT devices will surely be deployed, linking
machines to other machines, and transmitting massive amounts of
data and information to connect Americans to even more
services, conveniences and benefits from all around the globe.
What's behind these services and activities? Algorithms and
data.
Algorithms are a sequence of instructions to solve a
problem or complete a task. These instructions help devices and
apps predict user preferences as well as provide the content
and advertising you see in your social media feed. Data serve
as inputs or signals to the algorithms.
Well-intentioned algorithms can lead to unanticipated
consequences. For example, algorithmic bots are being
purposefully designed to steal or to cheat in online gambling
and tickets sales. Humans remain a critical part of the
creation and monitoring of these systems.
In recent months, reports of data breaches and algorithms
gone awry have demonstrated the potentially negative influences
of digital technology on Americans' lives.
This committee has done extensive work on issues
surrounding consumer protection and data breaches--we brought
in the former CEO of Equifax for a hearing--and we continue to
push for answers on behalf of consumers.
At the same time, there have been some high-profile
instances of major social media platforms blocking content for
questionable reasons, using opaque processes.
As a result of all this, consumers are concerned whether
they can trust online firms with the integrity of the news and
information they disseminate, the welfare of its users, and, on
a much larger scale, the preservation of our democratic
institutions.
As we all know, net neutrality is the issue of the moment,
but regardless of your position on the policy, the recent
attacks on Chairman Pai and particularly his children, are
completely unacceptable and have no place in this debate. I
condemn it in the strongest terms and I call on the entire tech
community and my colleagues on both sides of the aisle to
condemn it as well.
In light of the current controversy surrounding net
neutrality rules for ISPs, it's important to examine how
content is actually being blocked and throttled every day on
the internet--and not by the ISPs.
While I will continue to pursue legislation on net
neutrality rules, the fact is, they do not and cannot address
the threats to the open internet that we will discuss today.
The goal for today's hearing is to help provide all
Americans with a better understanding of how their data flows
online, how online platforms and online media sources determine
what they see or don't see, and the extent of and methods by
which their information is collected and used by online firms.
Americans should be able to feel confident that their well-
being, freedom of expression, and access to the content of
their choice are not being wholly sacrificed for profit.
Americans should have vibrant, competitive markets both
offline and online, where consumers know their rights and
options, and have the freedom to choose what is best for their
circumstances.
It is undeniable the internet has created new jobs,
tremendous opportunity, and access in ways unimaginable just a
few years ago. But it has also created new risks and
challenges.
In the name of convenience, is there the potential for
online firms to undermine Americans' privacy and security in a
way that they don't expect?
Are the current policies regarding the collection and use
of personal data working? Are consumers harmed by this hyper-
personalization?
And finally, how are firms' content management practices
constraining Americans' ability to speak and to listen freely
on an open internet?
Mr. Latta. Thank you very much. The gentleman yields back,
and at this time the Chair recognizes the gentleman from New
Jersey, the ranking member of the full committee, for 5
minutes.
OPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE
IN CONGRESS FROM THE STATE OF NEW JERSEY
Mr. Pallone. Thank you, Mr. Chairman. The internet is home
to some of the most important conversations taking place today.
As internet companies find ways for Americans to communicate,
our democracy should be stronger than ever, but as you all know
something else is going on. Our national dialogue is being
curated by companies policing content, and the number of
websites handling this traffic has consolidated to just a few
key players.
The aim of internet platforms is monetizing web traffic,
not public policy. Algorithms created for the purpose of
increasing ad clicks is what ends up shaping what we see
online, and too often this content is not an accurate
reflection of the real world. Structural flaws built into the
algorithms used to sort online content may result in racial and
other bias in our news feeds.
As diverse voices are squeezed out, bias increases even
further, and this is simply not acceptable, and I look forward
to hearing more today about what we can do about it.
Unfortunately, forces are at work here in Washington that make
this problem worse. At every turn, we see efforts to give more
power to gatekeepers, either by eviscerating net neutrality and
privacy or by picking favorite voices for preferred regulatory
treatment.
Even now, as we hold a hearing to talk about mitigating
bias on the internet, FCC Chairman Pai is planning to introduce
more bias into the system. The net neutrality rules that he
plans to destroy are the protections that ensure that we the
people can decide for ourselves what we do and say online, and
Chairman Pai's plan will fundamentally change the free and open
internet as we know it. Independent voices, those outside the
mainstream, may be most at risk simply because they don't have
an affiliation with the companies that run the internet.
Unfortunately, broadband companies have more than just
financial reasons to obstruct access to independent content, it
can also be political. Under Chairman Pai's plan, nothing stops
those in power from pushing broadband companies to censor
dissenting voices or unpopular opinions or to promote views
that they support. We are seeing more and more often how this
administration is using its political might to pressure even
large companies.
And this is not a partisan point or even a political one.
Jeopardizing the national dialogue should concern all of us.
The dialogue that happens online is critical for our democracy.
Chairman Pai's move comes after this Congress acted earlier
this year to wipe out privacy and data security online. Under
President Obama, the FCC adopted fair rules to protect the
little guy: ask before collecting information, don't share it
without consent, and take reasonable measures to safeguard it.
But that was too much for congressional Republicans who voted
to take away these protections and hand over consumers' data to
big business.
Sadly, there is still more to come. Over this past year,
the FCC has taken every step possible to ensure that Sinclair
broadcasting, already the largest owner of broadcast stations
in the country, becomes even bigger. And these steps by the FCC
fly in the face of laws Congress put in place to protect local
voices. We understand that diverse perspectives are critical
for our communities and strengthen our democracy. Instead, the
FCC is doing everything it can to allow one company to control
what people hear no matter where they are in the country and
that is simply not what we intended.
So I look forward to discussing ways to eliminate bias in
our communication systems. We need to figure out how to wrest
power over information from corporations and return it back to
the people. And I yield the remainder of my time to the
gentlewoman from New York, Ms. Clarke.
[The prepared statement of Mr. Pallone follows:]
Prepared statement of Hon. Frank Pallone, Jr.
The internet is home to some of the most important
conversations taking place today. As internet companies find
ways for Americans to communicate, our democracy should be
stronger than ever. But as we all know, something else is going
on. Our national dialogue is being curated by companies
policing content, and the number of websites handling this
traffic has consolidated to just a few key players.
The aim of internet platforms is monetizing web traffic,
not public policy. Algorithms created for the purpose of
increasing ad clicks is what ends up shaping what we see online
and too often, this content is not an accurate reflection of
the real world. Structural flaws built into the algorithms used
to sort online content may result in racial and other bias in
our news feeds. As diverse voices are squeezed out, bias
increases even further. This is simply not acceptable and I
look forward to hearing more today about what we can do about
it.
Unfortunately, forces are at work here in Washington to
make this problem worse. At every turn, we see efforts to give
more power to gatekeepers either by eviscerating net neutrality
and privacy or by picking favorite voices for preferred
regulatory treatment.
Even now, as we hold a hearing to talk about mitigating
bias on the internet, FCC Chairman Pai is planning to introduce
more bias into the system. The net neutrality rules that he
plans to destroy are the protections that ensure that we, the
people, can decide for ourselves what we do and say online.
Chairman Pai's plan will fundamentally change the free and open
internet as we know it.
Independent voices--those outside the mainstream--may be
most at risk simply because they don't have an affiliation with
the companies that run the internet.
Unfortunately, broadband companies have more than just
financial reasons to obstruct access to independent content--it
can also be political. Under Chairman Pai's plan, nothing stops
those in power from pushing broadband companies to censor
dissenting voices or unpopular opinions or to promote views
they support. We are seeing more and more often how this
administration is using its political might to pressure even
large companies.
This is not a partisan point or even a political one.
Jeopardizing the national dialogue should concern all of us.
The dialogue that happens online is critical for our democracy.
Chairman Pai's move comes after this Congress acted earlier
this year to wipe out our privacy and data security online.
Under President Obama, the FCC adopted fair rules to protect
the little guy--ask before collecting information, don't share
it without consent, and take reasonable measures to safeguard
it. But that was too much for Congressional Republicans, who
voted to take away these protections and hand over consumers'
data to big business.
Sadly, there is still more to come. Over this past year,
the FCC has taken every step possible to ensure that Sinclair
Broadcasting--already the largest owner of broadcast stations
in the country--becomes even bigger.
These steps by the FCC fly in the face of the laws Congress
put in place to protect local voices. We understand that
diverse perspectives are critical for our communities and
strengthen our democracy. Instead, the FCC is doing everything
it can to allow one company to control what people hear no
matter where they are in the country. That is simply not what
we intended.
So I look forward to discussing ways to eliminate bias in
our communications systems. We need to figure out how to wrest
power over information from corporations and return it back to
the people.
Thank you, I yield back.
Ms. Clarke. I thank you, Mr. Ranking Member Pallone, for
yielding me time. Today's hearing is of great importance to me
for various reasons, both as a congresswoman and as a consumer.
You see, technology continues to touch all areas of our lives.
and its reach will continue to grow in the coming days, weeks,
months, and years.
With greater reach comes greater responsibility. Companies
must ensure that the algorithms used for their services and
products are free from all biases. including racial, ethnic,
gender, sexual orientation biases. That includes making sure
there is a diverse employee base behind the scenes ensuring
these algorithms accurately represent American consumers.
As a member of the Congressional Black Caucus, I would like
to highlight the great work of the CBC Diversity Task Force and
the CBC TECH 2020 initiative, two entities that have been doing
a substantive deep-dive analysis into the progress of the
American tech sector in accomplishing meaningful diversity and
inclusion in the technology space.
Additionally, I would like unanimous consent to submit for
the record a letter my colleagues, Representatives Butterfield,
Cleaver, and Kelly, and myself sent to Facebook regarding their
site's use of ethnic affinity search criteria, which allow
users to violate the Fair Housing Act. This is just an example
of abuse within the algorithm space that really needs to be
monitored and addressed, and I hope that we will get some
recommendations from you here today.
It is my understanding that this is being addressed in the
short term through Facebook. I just want to go on the record
that this is a concern to my colleagues and I. These issues are
vitally important, and I look forward to today's testimony. Mr.
Chairman, I yield back.
Mr. Latta. And without objection, the letter is accepted
for the record.
[The information appears at the conclusion of the hearing.]
Mr. Latta. And the gentlelady yields back. This concludes
the Member opening statements. The Chair reminds Members that,
pursuant to the committee rules, all Members' opening
statements will be made part of the record. Additionally, I ask
unanimous consent that Energy and Commerce members not on the
Subcommittee on Digital Commerce and Consumer Protection or the
Subcommittee on Communications and Technology be permitted to
participate in today's hearing. Without objection, so ordered.
Again, I want to thank our witnesses for being with us
today, because it is very important for us to hear from you and
being here to testify before the subcommittee. Today's
witnesses will have the opportunity to give 5-minute opening
statements followed by a round of questions from our Members.
Our witness panel for today's hearing will include Dr. Omri
Ben-Shahar, the Leo and Eileen Herzel Professor of Law at the
University Chicago of Law; Ms. Kate Klonick, the resident
fellow for the Information Society Project at Yale Law School;
Ms. Laura Moy, the deputy director of the Georgetown Law Center
on Privacy and Technology; Dr. Catherine Tucker, the Sloane
Distinguished Professor of Management and Science and Professor
of Marketing at the MIT Sloane School of Management; Mr. Frank
Pasquale, the Professor of Law at the University of Maryland,
Francis King Carey School of Law; and Dr. Michael Kearns, the
Professor and National Center Chair of the Department of
Computer and Information Science at the University of
Pennsylvania.
Again I want to thank all of our witnesses for being with
us today, and again you each have 5 minutes. If you will, just
pull that mic up close and turn on the button. We look forward
to hearing your testimony.
And Doctor, we will start with you this morning. Thank you.
STATEMENTS OF OMRI BEN-SHAHAR, PH.D., LEO HERZEL PROFESSOR IN
LAW, UNIVERSITY OF CHICAGO LAW SCHOOL; KATE KLONICK, RESIDENT
FELLOW, INFORMATION SOCIETY PROJECT, YALE LAW SCHOOL; LAURA
MOY, DEPUTY DIRECTOR, CENTER ON PRIVACY & TECHNOLOGY AT
GEORGETOWN LAW; CATHERINE TUCKER, PH.D., SLOANE DISTINGUISHED
PROFESSOR OF MANAGEMENT SCIENCE, MIT SLOANE SCHOOL OF
MANAGEMENT; FRANK PASQUALE, PROFESSOR OF LAW, UNIVERSITY OF
MARYLAND; AND, MICHAEL KEARNS, PH.D., COMPUTER AND INFORMATION
SCIENCE PROFESSOR, UNIVERSITY OF PENNSYLVANIA
STATEMENT OF OMRI BEN-SHAHAR
Dr. Ben-Shahar. Thank you, Chairman Latta. Thank you,
Chairman Blackburn, for inviting me, Ranking Members Schakowsky
and Doyle and members of the subcommittee, I cherish this
opportunity to participate in the conversation.
I am a law professor at the University of Chicago, and I
specialize in consumer law and consumer protection. You will
hear today a lot about the dangers of big data enterprise, how
websites know our locations, how smart alarms know and predict
our vacations, how employers and insurers know our medications,
and even Fitbit records our dedication.
We of course all know the data-driven economy delivers
enormous convenience and benefits too by offering personalized
experience to consumers, but concerns about discrimination,
manipulation, data security, and market power and the potential
harms they might cause ought to be taken seriously. Still, it
is important throughout this inquiry that the basic question--
What is the consumer injury?--be answered before we begin
thinking about what the solution ought to be.
You will probably hear today other speakers call for more
transparency on how data is used and secured so as to give
consumers more control over their data and allow them to make
more informed decisions. Chairman Walden invited such noble
proposals of transparency, writing eloquently in an op-ed,
quote, ``It is our job to shine the light on these practices
for consumers and ensure transparency in the marketplace so
that they can make informed choices.''
I would like to spend my remaining 4 minutes or so to try
to talk you out of this transparency instinct. It is not that I
don't like transparency or informed decision, it is just that
this technique has never worked in any area, and it is
decisively unlikely to yield any benefit here. I co-authored a
book titled ``More Than You Wanted To Know,'' in which I looked
at the effect of transparency laws. These are the numerous laws
that require companies to give consumers full disclosures to
help consumers make informed choices.
Mandated disclosure is probably the most common and for
sure the least successful regulatory technique in American law.
Disclosure requirements, we sometimes call them sunshine laws,
have been used for decades as the primary tool for consumer
protection to protect borrowers, investors, medical patients,
internet users, insurance buyers, home buyers, in every area of
the law, and the record confirmed by mountains of empirical
evidence is abysmal--transparency doesn't make a difference.
Transparency requires that companies give consumers
disclosures, but consumers are not cooperating. They are not
reading or using the disclosures. How could they? The texts are
too long and cluttered.
[Photo shown.]
Here is a picture of a typical artifact of transparency,
Apple's terms and conditions that include their privacy policy,
which I printed out and assembled into a 30-foot scroll, 8-
point font, mind you, and hung from the top of the atrium at
the University of Chicago Law School.
Shoving this monstrosity in front of consumers: Is that
what consumer protection ought to do? If consumers tried to
read the disclosures, they would of course not understand them
and would not be able to put them to profitable use. To use
complex information, one needs experience and expertise which
people simply do not have. Transparency is defeated not because
it is a bad idea but because it is so overused.
When you close a mortgage, you receive at least 50
different disclosures so that you, quote, ``know before you
owe.'' When you walk into a clinic or buy a product or enter a
website or download an app or eat at a restaurant or check your
bank balance, you receive disclosures, all in the name of
transparency. Consumers have long become numb and indifferent.
Any transparency effort in the area of data protection
would meet the same consumer apathy. Do you really want to be
the authors of an irrelevant policy? Can transparency be done
more effectively? If disclosures are defeated by complexity,
can simplicity save them? Simplification seems like an obvious
solution: If disclosures are too long, shorten them; if too
technical, use plain language; if poorly presented, improve the
formatting. Unfortunately, simplification strategies have been
tried for as long as disclosures have failed.
In my research, I tested whether people who are sharing
deeply private information with websites that engage in nasty
data practices can be prompted to act more prudently by well-
designed privacy warnings. I discovered that no matter how
simple, conspicuous, and alarming the warning the consumers
receive, their behavior is entirely unchanged. Consumers don't
pay attention to any of the transparency tools lavished upon
them.
To conclude, if Members of Congress believe that collection
of consumers' data poses risks that require regulatory
intervention, I advise that they look for solutions that are
outside the popular but unsuccessful repertoire of mandated
disclosure and transparency. Thank you.
[The prepared statement of Dr. Ben-Shahar follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. Thank you very much for your testimony this
morning.
And, Ms. Klonick, you are recognized for 5 minutes.
STATEMENT OF KATE KLONICK
Ms. Klonick. Thank you. Chairmen Blackburn and Latta,
Ranking Members Doyle and Schakowsky, and members of the
subcommittees, thank you for having me here to discuss this
important topic.
Every day millions of people around the world post videos,
pictures, and text to online speech platforms, but not
everything that is posted remains there. Sites like Facebook,
Twitter, and YouTube actively curate the content that is posted
by their users through a mix of algorithmic and human processes
broadly termed content moderation. Until recently, how and why
these platforms made these decisions on users' speech was
largely opaque.
Over the last 2 years, I have interviewed dozens of former
and current executives at these platforms as well as content
moderation workers at these companies working abroad in an
effort to better understand how and why these platforms
regulate content. A summary of that research and my conclusions
are the subject of my paper, ``The New Governors: The People,
Rules, and Processes Governing Online Speech,'' forthcoming in
the Harvard Law Review. My testimony today draws from that
expertise and knowledge that I gained in researching and
writing that article.
As a threshold matter, when I refer to content moderation I
am referring specifically and exclusively to the experience of
the user in posting speech to a platform and what happens to
that posted content in terms of removal or nonremoval. I am not
speaking to the algorithm that configures the prioritization,
promotion, order, or frequency of how content later appears in
users' news feeds or Twitter feeds.
And in that context, content moderation happens at many
levels. It can happen before content is actually published on
the site, and when a user uploads a photo, a message appears:
``Upload completed. The video in your post is being processed.
We will send you a note when it is ready for review.'' And the
moderation process that happens in this moment between upload
and publication largely runs through an algorithm screening
that checks for matches in pixel fingerprints between illegal
or banned content and the uploaded content. Examples of this
include photo DNA for child pornography and content ID for
copyrighted information.
Only a very small amount of material is removed through
these types of processes, and most is published, and once
published it can be removed in two ways. The first is by
platforms proactively using their own moderators, but because
of the absolutely enormous amount of posts, this is not a
feasible method for all but a very select area of moderation,
such as extremist and terrorist content.
The second way content is removed after publication is also
how the vast majority of content is removed, through being
flagged as violating community standards by other users on the
site. After a piece of content is flagged, it will stay up, but
a crop screen grab of the content is placed in a database
queue, where it is eventually reviewed by trained human
decision makers. They will look at the offending content and
see if it actually violates the terms of service.
With that background, I would like to use my brief time to
clarify four major misconceptions about content moderation.
First, that, contrary to this hearing's title, the vast
majority of content moderation of user content is done by
trained human decision makers who review content only after it
has been flagged by other users and not by algorithms or AI or
photo recognition.
Second, while users who use sites like Facebook are given a
public set of community standards guiding what kinds of content
is posted by the site, a separate and much more detailed and
much more regularly updated set of internal rules is used by
human moderators in making their decisions. These internal
rules at these companies are not currently known to the public.
Third, Facebook and most platforms use one global set of
rules with exceptions to comply with the laws of a given
jurisdiction to curate content. This means, for example, the
definitions of inappropriate sexual activity are the same for
users in Canada as they are for users in India as they are for
users in France.
Finally, it is critical to note that the ability for these
platforms to create this intricate system of governance to
regulate content stems from incentives put in place by
Communications Decency Act Section 230 which granted platforms
immunity from intermediary liability in an effort to encourage
sites to remove offensive content while also protecting against
collateral censorship of users' speech.
In many ways these platforms' self-regulation have very
well met the goals of Section 230, but as access to online
speech platforms has increasingly become an essential public
right, new concerns about regulating platforms are being
raised. While these and other concerns are undoubtedly present,
changes to Section 230 or new regulations that might affect it
should be considered with extreme caution and with a full
appreciation of the potential damage that could be caused to
consumer rights and to free speech. Thank you.
[The prepared statement of Ms. Klonick follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. And, again, thank you for your testimony.
Ms. Moy, you are recognized for 5 minutes.
STATEMENT OF LAURA MOY
Ms. Moy. Thank you. Good morning, Chairmen Blackburn and
Latta, Ranking Members Doyle and Schakowsky, and distinguished
members of the subcommittees.
Consumers are frustrated. Ninety-one percent of adults feel
that consumers have lost control of their personal information
and nearly 70 percent think the law should do a better job of
protecting their information. The law can do better, and it
should do better. Consumers are in greatest need of greater
control when they do not have a choice about whether to share
the information in the first place. This is one reason that we
have specific privacy laws that protect things like the
information students share with educational institutions or the
information patients share with doctors.
In these contexts and others, it is not permissible for
companies to simply do what they wish with consumer information
as long as they are transparent about it, something we see all
too often online; rather, strong privacy protections apply by
default. We need similar protection by default in other
situations where information sharing is unavoidable, as well--
for example, when consumer information is shared with a credit
agency like Equifax or when consumer information is shared with
the provider of an essential communication service like a
broadband provider. We may also need protection by default for
other types of online actors such as content platforms as they
become bigger and more powerful and consumers increasingly find
it unavoidable to share their information with those actors, as
well. This is certainly a conversation worth having.
But whatever specific information-sharing problem or
problems Congress decides to address, it should keep a few
things in mind. First, Congress should not eliminate existing
protections for consumers' information. This really should go
without saying, but unfortunately, in an incredibly unpopular
move earlier this year, Congress voted to eliminate strong
Federal privacy rules that would have applied to broadband
access providers.
Similarly, Congress has occasionally considered legislative
proposals on data security and breach notification that would
eliminate stronger State laws, but consumers want more
protection for their information, not less. If Congress wishes
to improve on the privacy and data security status quo, it
should start by preserving the protections we already have. And
just to touch for a second on net neutrality, the same applies
in that context, as well.
Today's hearing is surfacing some concerns about the power
platforms have to editorialize the things internet users read
and say, but at the same time the FCC is considering wholesale
elimination of rules that prevent broadband providers from
doing that. Just imagine how much worse things could get if we
start allowing broadband providers to muck with content. Again,
consumers in this area need more protection, not less.
Second, prospective rulemaking authority is an incredibly
important consumer protection tool. After-the-fact enforcement
can be helpful, but an enforcement-only regime does not always
create clarity, and because it comes only after a problem has
occurred, it does not necessarily protect consumers from the
problem in the first place.
Granting rulemaking authority to an expert agency also
fosters much-needed regulatory flexibility. We do not always
know what the next privacy or data security threat will be, but
unfortunately we all know that there will be one. An agency
with rulemaking authority can respond to shifting threats more
quickly than Congress.
Third, consumer protections are only as good as their
enforcement, so any protections Congress creates on privacy or
data security must be accompanied by strong enforcement
authority. Right now, the FTC does substantial work on privacy
and data security, but with few exceptions it does not have the
ability to seek civil penalties for privacy and data security
violations. In fact, FTC staff and commissioners have appeared
before Congress requesting civil penalty authority to buttress
their ability to enforce. Agencies that are tasked with
protecting consumers' private information cannot do it without
the proper tools. Civil penalty authority is needed.
Fourth, Congress should avoid the temptation to address
complex challenges with a one-size-fits-all approach. There are
different types of actors on the internet with different roles
to play, different relationships with and commitments to
consumers, different competition environments, and different
abilities to solve problems. If we adopt a uniform regulatory
approach to the entire internet, we are going to be left with
the lowest common denominator, something like transparency with
enforcement that just prohibits deceptive practices. That is
not good enough. Consumers are asking for more.
I appreciate your commitment to this issue. I thank you,
and I look forward to your questions.
[The prepared statement of Ms. Moy follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. And again, thank you for your testimony this
morning.
And Dr. Tucker, you are recognized for 5 minutes.
STATEMENT OF CATHERINE TUCKER
Dr. Tucker. So, first of all, I would just like to say what
a huge honor it is to be invited here today. Thank you very
much for the invitation. What I want to do in my 5 minutes is,
first of all, talk about some research I did into an apparent
algorithmic bias and then talk about three implications for
policy.
Now, this particular research topic--what we did was we ran
a field test on Facebook where we placed an ad which advertised
job opportunities in science and technology. And we placed that
ad, we also replicated it on Google and Twitter, and we found
that the advertising algorithm ended up showing this ad for job
opportunities in science to 40 percent more men than women. And
on the face of it, this seems really quite concerning because
obviously this is an area where we would like parity of gender
opportunity.
Now, I say on the face of it, it sounds concerning, because
our research didn't stop there, which is usually how research
stops, but instead we actually delved into the reasons why this
apparent discrimination had happened. And we ruled out the
usual leading explanations, which is either that humans are
biased, absorb cultural prejudice, or the idea that somehow
women have self-inflicted not seeing the ad on themselves by
not reacting to it. Instead, if women ever saw the ad, they
loved it. They clicked on it.
Instead, what actually was going on is all in terms of
understanding how the algorithm works, which is that an
advertising algorithm basically runs an auction in real time
where advertisers bid for eyeballs, and there were some
advertisers out there that liked to show ads just to women, and
as a result they pay more to show the ad to women. And because
we had set up our ad to be gender-neutral, the algorithm
thought it was doing us a favor by trying to minimize our costs
and not show our ad to those expensive female eyeballs, but
instead prioritize those cheaper male ones.
Now, that takes us, you know, to show that actually
economic forces actually shape a lot, you know, how we see
algorithms work. And I want to just highlight three
implications of policy. The first implication is that about
algorithmic transparency. Now, algorithmic transparency just
sounds wonderful, right? Who could ever argue with
transparency?
But, in this case, let's suppose we could ever decode the
pages and pages of algorithms which underlie this ad auction.
All we would find is an innocent algorithm trying to save
advertisers money. It wouldn't give us really any insight into
the potential for bias, and I think that is another argument to
build on what we have heard earlier, why transparency, though
just so beautifully sounding, is probably not a solution here.
The second thing I want to emphasize is, it may be
tempting, and we sort of, you know, we have heard a little bit
of this idea that maybe the problem is not the algorithms, it
is the data that feeds them. And I do want to caution the
committee surrounding just simply restricting data flows in
this economy. I have done some research. I have testified it
into the past about the really quite hideous effects that
attempts to regulate privacy in online advertising have had on
the health and strength of the technology industry in Europe.
We show that they had a 66 percent drop in efficiency after
passing regulation, and you just have to sort of fast forward
10 years, look at the strength of the American tech industry
relative to Europe to see where that has led. I have also done
some research in the U.S. We should emphasize that just
restricting data in the health arena has actually led to some
really quite negative consequences, such as hospitals failing
to adopt potentially lifesaving neonatal technology saving
babies.
Now, the last--so that is why I am worried about
restricting data as a solution--the last thing I just want to
say is, look, in some sense you could write a headline saying
``MIT professor finds ad algorithm doesn't show job ads to
women,'' but imagine if I had found that for toothpaste. Would
we be that worried? No, we might think, well, maybe men should
see toothpaste ads, not that worried about it. So I do want to
emphasize again the idea that it really matters, the outcome
really matters. Thank you.
[The prepared statement of Dr. Tucker follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. Thank you very much for your testimony.
And Dr. Pasquale, you are recognized for 5 minutes.
STATEMENT OF FRANK PASQUALE
Mr. Pasquale. Thank you very much, Chairmen Walden,
Blackburn, and Latta and to Ranking Members Schakowsky and
Doyle. It is a great honor to be here today.
My testimony is based on my book, ``The Black Box
Society,'' in which I distilled about 10 years of research into
the role of data and algorithms and argued for the importance
of transparency, and I am happy to do that today. I want to
argue that the use of data and algorithms by large corporations
will be at the core of civil rights, consumer protection, and
competition policy for the 21st century. And I will go over
each of those and then talk about how this committee can play a
role in advancing all three of those goals.
First, with respect to civil rights, I was very glad to
hear from Congresswoman Clarke about the letter to Facebook
with respect to discriminatory ad profiling. That was
discovered last year by ProPublica. There were promises it
would be addressed. It was not addressed. And I think that
shows some of the failures of self-regulation in the area.
Also in my testimony I talk about racial disparities with
respect to ad delivery and disparities with respect to
disability status or a health condition. For example, a credit
card company deciding to raise the interest rate on someone
once they know that the person went for marriage counseling. I
think that is a very troubling sort of thing, and we should be
able to look into that to get transparency about whether it is
happening and to stop it.
Secondly, with respect to consumer protection, Ariel
Ezrachi and Maurice Stucke are great antitrust law scholars and
they say that, given the information asymmetry between large
corporations and consumers, consumers now really exist in a
Truman Show. It is like a Truman Show online. They know so much
about us, we often know so little about their practices, and
they show how consumers can be manipulated by data that they
don't know about.
So, you know, we may hear a lot about good personalization
online, you see things that you want, et cetera, but there is
always a dark side to that. There are things, for example, like
vulnerability-based marketing, where the marketing could be
based on picking out people who are at particularly insecure
times in their life or particularly insecure times of day for
individuals. And I think this sort of vulnerability-based
marketing, predatory loan targeting, all those things are
troubling, and not just for traditionally protected groups but
also for people, say, in rural areas that might be subject to
price discrimination that I discuss in my testimony.
I would also say that with respect to competition, the
combination of the power of data in terms of enabling very
large digital platforms to decide what consumers see, when they
see it, what types of things that they are offered and not
offered, that that leads to what I call a self-reinforcing data
advantage. What I mean by that is to say that, if you are a
large platform, you tend to have more data. When you have more
data, you are able to target your things better to consumers.
When you are better able to target to consumers, more consumers
come on board.
It is a virtuous cycle in a way, but on the other hand it
does risk getting out of hand and creating the types of
asymmetries that really you can't overcome as a competitor. And
we have seen that, for example, with respect to European action
against Google in their antitrust judgment against Google,
where they talked about Google potentially privileging its own
services over rivals in search results in ways that were opaque
to consumers.
And I think that we have got to look at those sorts of
dynamics and start to address them. It will be hard, though.
And, by the way, I would say that one reason maybe why the U.S.
tech scene is doing better than the European one, you know, we
have to look at these sort of competitive dynamics, as well,
not just regulation. I would also talk about the black box
effect here. I would say that it is very hard for us to know
exactly what is going on, and we may have only seen the tip of
the iceberg here. We may have only scratched the surface.
Now, I have painted a very bleak picture of big data and
algorithms in this testimony, but there is good news on the
horizon. Over the past decade, a number of visionaries have
developed a movement for accountability by users of algorithms.
It took a combination of computational, legal, and social
scientific skills to unearth each of the examples that I have
discussed: troubling collection, bad or biased analysis, or
discriminatory use of data. And I hope we talk about all three
of those things today.
Empiricists may be frustrated by the black box nature of
algorithmic decision making, but they can work with legal
scholars and activists if we have freedom of information laws
and if we enable people to understand better how data is being
collected, how it is being used, how it can lead to
discrimination. Journalists also have been teaming up with
computer programmers and social scientists to expose new
privacy-violating technologies of data collection analysis and
use, and they have pushed regulators to crack down on the worst
offenders.
I would conclude today by saying that U.S. lawmakers can
really help by requiring the openness of algorithms used in
many governmental contexts and moving on to empower people to
have knowledge of what is going on and how their online lives
are being ordered. With that, thank you very much.
[The prepared statement of Mr. Pasquale follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. Thank you for your testimony this morning.
And Dr. Kearns, you are recognized for 5 minutes.
STATEMENT OF MICHAEL KEARNS
Dr. Kearns. Thank you. Chairmen Blackburn and Latta,
Ranking Members Doyle and Schakowsky, and other distinguished
members of the subcommittees, thank you for the opportunity to
testify at this important hearing. My name is Michael Kearns,
and I am a computer and information science professor at the
University of Pennsylvania. I am an active researcher in the
field of machine learning, and I have consulted extensively on
the use of machine learning in the technology and finance
industries.
The fields of machine learning and artificial intelligence
now play a central role in virtually every sector in which
large data sets are present. The number of instances in which
the use of machine learning has provided tangible societal
benefits, such as in medical diagnosis, is large and growing.
Machine learning also increasingly plays a central role in the
data collection and use practices of consumer-facing technology
companies.
Today I want to discuss data intimacy, which is the notion
that machine learning enables companies to routinely draw
predictions and inferences about users that go far deeper than
the apparent face value of the data collected as part of online
activities. It is not simply a question of whether consumer-
facing tech companies are collecting large volumes of data,
such companies are collecting information that provides or
allows inferences regarding intimate details about our personal
lives.
Search engine queries permit inferences about our physical,
financial, and psychological conditions. Social media users
routinely reveal intimate opinions, beliefs, or affiliations.
For example, a recent study showed that using machine learning,
anonymous social relationship data permitted accurate
identification of romantic partners for over 55 percent of
users. Another study concluded that Facebook's algorithms and
models are capable of identifying social relationships of which
its users are themselves unaware. And religious and political
beliefs can be accurately predicted from apparently unrelated
social search and shopping activity.
Consumer-facing tech companies in the United States have
amassed an almost unimaginable set of data about consumers,
which enables machine learning and artificial intelligence to
make predictions and inferences about consumer behavior and
preferences. These large and diverse data sets are the
foundation for effective algorithms and models, and companies
compete vigorously to amass or acquire these data sets. For
example, search engines provide vast amounts of data about
consumers' interests in the manner in which they conduct
searches. Similarly, mobile operating system data provides a
treasure trove of information regarding virtually everything a
consumer does on a mobile device as well as their physical
location.
In addition to knowing with whom a consumer affiliates
directly, social media platforms are able to accumulate
information about who a consumer follows or what he or she
likes. However, while the quantity of data is critical to
develop accurate algorithms and models, the quality and
intimacy of such data is equally or more important in
discerning consumer preferences and behaviors. Increasingly,
machine-learning-based algorithms are utilized not only to
determine consumer purchasing habits, but also to infer a
consumer's emotions, moods, and mental states.
While machine learning is employed most commonly and
pervasively to target advertising as we have seen in the media
recently, algorithms can also be utilized to generate or incite
certain emotional responses. From a privacy perspective,
perhaps the most important overarching conclusion is that the
intimacy of consumer data cannot be measured by metrics that
fail to account for the nature, diversity, and content of the
data and, most importantly, its potential uses for modeling and
inferences.
It is both common and possible that the highest-volume data
sources can reveal little about the consumers who generate that
traffic, whereas more specialized data can directly and
indirectly reveal the most private and personal details about
consumers. In fact, the widespread application of machine
learning to specialized consumer data sources is deliberately
designed to extract personal and actionable insights about both
individual users and collective behavior.
It would thus be wrong to formulate privacy policy based
only on the amount or apparent source of data. One must
evaluate the sensitivity of the data as well as anticipate how
private or intimate the inferences and predictions that could
be made from the data might be. This challenge argues for a
privacy framework that comprehensively covers the diverse range
of data being used commercially and applies consistent
technology-neutral privacy requirements.
Thank you again for the opportunity to testify before you.
Machine learning and AI present significant challenges for
policymakers because of the rapidly evolving nature of the
technology as well as its pervasive use among consumer-facing
tech companies in predicting consumer preferences and drawing
inferences about their lives. While policymakers should be
mindful that machine learning and AI also produce many of the
sizeable benefits inherent in consumers' online experiences,
such technology enables companies also to both model and shape
user behavior. Thank you.
[The prepared statement of Dr. Kearns follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. Thank you very much for your testimony. We
really appreciate it. And this ends that portion of our hearing
this morning. We will now be going to the questions from the
Members, and I will begin the questioning and recognize myself
for 5 minutes. And again I apologize for my 4 weeks of
allergies, and I hope I get better in the next 4 weeks.
Professor Kearns, if I could start with you. Algorithms are
used to produce the results that we see on the internet such as
when we do a search or see an advertisement. As policymakers,
what are the key benefits and risks for consumers associated
with these algorithms that we should be focused on as
legislators?
Dr. Kearns. Well, I think the benefits are, you know,
pretty obvious to anyone who is a regular user of modern
internet technology. The personalization in social media sites,
in search engines, and in many other aspects and apps that we
use, we all enjoy the benefits of that. I think to me, I think
the greatest risks are the kinds of things I talked about,
which is, you know, there is sort of a distinction about facts
about you and things that can be inferred about you from those
facts.
And so it is one thing to, for instance, ask about
disclosure or discuss what is actually, literally, in the data
that is being collected, but that is kind of where the game is
being played, as far as I am concerned. The use of machine
learning allows one to make many inferences that are
statistically quite accurate about consumers that aren't
written down anywhere in the data about that consumer.
So, you know, to give a personal example, the fact that I
am an academic and, you know, use a Mac and drive a Subaru
probably lets you guess my political affiliation quite
accurately already, and if you knew a bunch of other facts
about my online behavior, you could probably infer a great deal
more. And there are many, many studies these days that sort of
establish that fact, and this is a valuable thing to technology
companies to be able to do that, to do this kind of--I think in
one of the other testimonies here--this kind of
microsegmentation.
And I think this is the kind of thing that is hard for
people to understand, and it is even hard for the scientists at
these companies to understand the sort of power of this, this
sort of predictive power that they have. You know, when these
models are built they don't really know a priori and maybe even
afterwards exactly what properties of consumers or inferences
they are making about them that aren't--you know, they go well
beyond the latent data itself.
Mr. Latta. Thank you.
Dr. Tucker, your research shows the tension between how
much we say we value privacy and in reality how much data we
are willing to share online to connect with friends or get
personalized recommendations and coupons. What accounts for
that disconnect, and how important is the context in what
consumers are willing to share online?
Dr. Tucker. Well, I am really thrilled to be able to talk a
little bit about this because I didn't get to mention it in my
testimony. And this is a so-called privacy paradox that so many
people say they care about privacy but then act in ways which
doesn't sort of live up to that.
And one thing, we did a little study at MIT where we showed
that undergraduates were willing to share really very personal
data in exchange for a slice of cheese pizza. And that was even
the ones--and what was slightly disconcerting about it was even
the people who said that they really cared about privacy, they
usually behave in accordance with those norms, but the moment
they saw the cheese pizza was the moment they are willing to
share the most personal information.
Now I wish I could tell you that I found any group of
consumers out there who were not--or any group of
undergraduates who were not willing to share data for cheese
pizza, but I didn't. So as of yet, answering your question is
hard just because we do see this inconsistency between the way
that consumers say they talk about their privacy and actually
act out there in the online world.
Mr. Latta. Thank you.
Professor Ben-Shahar, your research indicates that
consumers often view privacy policies as confusing and often
ignore them, especially from your photograph. At the same time,
mandated disclosure has been embraced in many laws and by many
regulators. How should we balance the desire for transparency
with the results of your research?
Dr. Ben-Shahar. I think we should recognize that our desire
for transparency, while well-intentioned and makes sense--very
alluring, consistent with all American ideologies--all these
transparency laws and mandated disclosure laws pass without
opposition in this chambers or in any State chambers. This is
the one unifying American law. I think we should also recognize
that there is a good reason probably why it is so easy to enact
these laws: There is nothing to them.
And therefore I think that it is important to set them,
cast them aside, and then that would enable us to actually get
into the--I think in my book I give the example of medicine in
the 19th century. Almost every disease was addressed by blood-
letting. It took the ability or, you know, from the medical
profession to recognize that this is, you know, that panaceas
don't work. You cannot use that to start figuring out solutions
for each individual problem.
And today you are talking, you know, I am invited to talk
to you about data policy. I was invited by the FTC and before
other agencies to talk about consumer lending, other contexts
in which transparency and disclosure is the key regulatory
technique, and I keep suggesting to them that it is in your
area. You have to first ask yourself what the problem is.
I think it is striking to hear what Dr. Tucker and others
are finding, that statements about the magnitude of the
problems are not matched by the behavior and economic reality.
Data privacy is a nice kind of buzzword and data security we
are really worried about, we can brandish the number of people
that were hurt by the different--were implicated by the
different breaches that occurred, security breaches.
But what is the evidence about actual consumer harm? Most
of the lawsuits that followed, you know, the lawsuits that have
followed the Target breach and the Equifax breach were by
merchants, credit card companies, banks, they are suffering a
lot of the--because our laws largely protect consumers from
these incidents. So I think I do not want to suggest that there
is no harm in these areas, but it is critically important to
understand its magnitude before we begin to think about
solutions.
Mr. Latta. Thank you very much. And, since I ran over, I
will recognize the gentlelady from Illinois, the ranking member
of the subcommittee, and also give you a little more time on
your questions.
Ms. Schakowsky. Thank you. You know, it is hard to decide
who to really focus on because we only have 5 minutes. You
know, when it comes to transparency, not only don't I take the
time to read it, but in order to get to my goal if I don't hit
Accept, I Agree, then I can't finish the transaction. So most
of the time, for both reasons, I just accept and move on.
But I do want to talk about enforcement, and therefore I
want to ask Ms. Moy some questions. In Chairman Blackburn's
opening statement she talked about shifting privacy from the
FCC, the Federal Communications Commission, to the Federal
Trade Commission, so I think it is important to understand how
the FCC and FTC differ, you alluded to that. But so, Ms. Moy,
can you briefly describe the FTC's authority, if any, to issue
regulations?
Ms. Moy. The FCC or--I am sorry, the FTC really doesn't
have authority to issue regulations. It can issue rules under--
it can issue Mag-Moss rules, but it is extremely difficult to
do that, and as a practical matter nearly impossible. It can
issue rules under the Children's Online Privacy Protection Act
and has done that rather effectively, and the Safeguards Rule
under GLBA.
But when it comes to general privacy and data security
obligations, the FTC is unable to issue regulations.
Ms. Schakowsky. So the FTC can't use the typical notice and
comment rulemaking process to issue regulations about what
personal information platforms can collect from users or how
those platforms can use that personal information to determine
what content it shows to users, correct?
Ms. Moy. That is right.
Ms. Schakowsky. So which means the Commission is limited to
bringing enforcement actions after unfair, deceptive practices
have been committed, and often after consumers have been harmed
already, right?
Ms. Moy. Yes.
Ms. Schakowsky. So let's talk about the FTC enforcement
tools. In your written testimony you wrote that, quote, ``the
FTC generally can only take enforcement action against entities
that use consumer information in ways that violate their own
consumer-facing commitments.'' Can you describe what do you
mean exactly by consumer-facing commitments, and are you
referring to policies like the terms of services and privacy
policies?
Ms. Moy. That is right. The bulk of the FTC's privacy and
data security authority comes from Section 5 of the Federal
Trade Commission Act which authorizes it to prohibit unfair and
deceptive trade practices. As a practical matter, the FTC
almost never enforces unless it determines that there is
deception that has occurred, and it evaluates a possible
deception based on something that a company has said perhaps in
a privacy policy and then trying to figure out whether or not
it has violated that.
Ms. Schakowsky. Even when a platform does violate its own
policies, the FTC's remedies are limited. As you noted in your
written testimony, the FTC cannot impose a fine against that
platform. What are the remedies available to the FTC?
Ms. Moy. Exactly. Yes, you know, and as I mention in my
comments, I think the authority of an agency is only as good as
its enforcement is. And when it comes to the FTC, although it
can bring actions for deception when as it relates to privacy
and data security, with few exceptions it cannot levy civil
penalties against companies that violate privacy and data
security commitments. And as a result there is very little in
way of teeth when it comes to the FTC's authority.
Ms. Schakowsky. So I know that both Acting Chairman
Ohlhausen and Commissioner McSweeny support giving the FTC
civil penalties authority, and I believe you do, too, as well.
Is that right?
Ms. Moy. That is right.
Ms. Schakowsky. And do you think it would benefit consumers
if the FTC had authority then to issue regulations under the
normal notice and comment process?
Ms. Moy. I do. I think that the fact that the vast majority
of consumers are asking for greater consumer privacy protection
and for the law to be stronger in this area suggests that we
would benefit greatly from greater authority for the FTC or
another agency.
Ms. Schakowsky. Well, so are there other things that
Congress can do? I mean, you alluded maybe to other agencies to
help strengthen the FTC's ability or some other agency to
protect consumers.
Ms. Moy. Well, in addition, as of right now the Federal
Trade Commission can't actually regulate the actions of common
carriers, and that is a major problem that, particularly with a
recent case or a case that is currently pending in the Ninth
Circuit, it is unclear whether the FTC has any authority at all
to enforce the privacy and data security obligations and
activities of companies that have any common carrier practice
at all. So internet service providers that offer--whether
broadband is classified under Title II or not, the FTC may well
not be able to.
Ms. Schakowsky. So in the short term what should we be
considering?
Ms. Moy. In the short term I think that we do need strong
protection, privacy by default, ideally, for entities where
consumers have no choice but to share information. And I also
think that we need to preserve existing protections. We need to
preserve existing protections at State law as well as existing
protections under regulations like net neutrality.
Ms. Schakowsky. Thank you. I yield back.
Mr. Latta. Thank you. The gentlelady yields back.
The Chair now recognizes the chairman of the Communications
and Technology Subcommittee for 5 minutes.
Mrs. Blackburn. Thank you, Mr. Chairman, and thank you all
for your testimony. It is so enlightening, and we appreciate
it.
And Dr. Kearns, I am going to come to you first. Thanks for
the work you are doing on privacy and around those elements,
and we have had a lot of focus on privacy here. And earlier
this year I had introduced the BROWSER Act, and basically it
has two guiding principles, things that many of us think are
very important. One is that we have to find a better balance on
privacy moving toward giving the consumer more information and
more control over, as I term it, their virtual you, their
information that is being collected and used and sometimes
distributed; and then, secondly, that consumers have the very
same privacy expectations across the entire ecosystem. They are
not distinguishing between the ISPs and the edge providers, so
when we are setting the ground rules on privacy, they should
reflect that.
So I would like to hear what your thoughts are on those two
points. And when we are talking about online privacy, do you
think that people make that distinction? When we are talking
about appropriate balance, where is that appropriate balance
within opt-in where the consumer owns that information or
either opt-out? So I would love for you to talk about that for
a minute.
Dr. Kearns. Yes. These are good questions, hard questions.
First of all, to preface, I don't have specific policy
recommendations on these issues. But as a scientist, when I
think about the landscape for consumer privacy, the first thing
I think about is kind of how actionable the data being
collected is and sort of at what level of abstraction it is.
And furthermore, there is a phrase I like to use, which is
``data triangulation,'' which refers to the incredible power
you can get from having multiple sources of data about the same
individual.
So to me, you know, when I think about privacy, the things
I worry most about are cases in which there are parties that
are collecting sort of very private, intimate data on the one
hand and also many different sources of it. So, to give an
example, you know, by seeing what you buy I can know a lot
about you. By seeing, you know, what you search for I can know
much more about you. By knowing not only those things but where
you are, that gives me a great deal of more information. And if
you, for instance, let me also maintain your calendar for you,
then I also know where you will be in the future.
And I think that the, you know, greatest privacy concerns I
have are at that level, at the level where people are very
directly expressing, you know, things that might be quite
private, things that they wouldn't express in public forums, or
that they are expressing in a public forum like a social
networking service but are completely unaware how strong the
correlations are between their own behaviors and their friends'
behaviors and their other online behavior.
And so I think in terms of helping consumers understand the
privacy landscape it is important not to ignore any source of
data. I am not claiming that ISPs, for instance, aren't also
collecting very large amounts of data, but to me, I personally
am much more concerned about the data I kind of willingly give
away using a search engine, and then also letting my operating
system track my location online or the presence of beacons in
retail stores that kind of correlate my online and my offline
behavior.
Mrs. Blackburn. Great.
Ms. Klonick, I want to come to you on economic incentives
and the economic incentives that the platforms have to use
algorithms to curate selective content. And I think Dr. Kearns
used the term ``microsegmentation'' as they are looking at that
for users, you know, based on this online activity. Would you
agree that the platforms are being paid to prioritize certain
content over other content? And touch on the free speech
implications there.
Ms. Klonick. Yes. Insomuch as advertised content is paid
content over their user content, I think that these, you can
absolutely prioritize certain types of content. I am not
familiar with the algorithmic processes that would prioritize
one user's content over the content of another and that they
are being paid to do so right now, but the free speech
implications of the vast power of these platforms to self-
regulate is, they are twofold.
One, it has a lot of implications for the user's speech
rights in how these private platforms can unilaterally control
at what goes up and what stays or goes down on their sites. But
also these platforms have free speech rights, arguably, free
speech rights, themselves. So their right to create the
community at Facebook or at Twitter, for example, is arguably
their own First Amendment right.
Mrs. Blackburn. Dr. Tucker, on the economic incentives, do
you think that some of these platforms should be willing to pay
consumers or users more than a free slice of cheese pizza?
Dr. Tucker. Wonderful question. Now, this is a very
interesting question. So the slice-of-cheese-pizza example was
really about the consistency between what people say about
their privacy and then how they act.
Now, in terms of paying for data, there have been many
experiments, some of them launched from Cambridge,
Massachusetts, where various startups have helped devise, have
tried to actually set up markets for data. And the reason that
is so attractive is, from an economics point of view, one way
of thinking about privacy is, really, there is a lack of
clarity about property rights. So a market for data is an
attractive notion.
Now, in all of the instances, though I have been really
excited at the beginning because of the idea of actually
setting up a market for data and paying consumers, all of these
platforms have failed for the simple fact that the kind of
consumers they attract who want to exchange their data in these
markets tend to be, how can I say it, the less commercially
exciting consumers. And we have had this problem of actually
just setting it up, making these markets work just because we
haven't been able to get the right set of consumers.
So I think it is a wonderful idea. I hope one day we will
get it to work. We haven't yet.
Mrs. Blackburn. Yield back.
Mr. Latta. Thank you very much. The Chair recognizes the
gentleman from Pennsylvania, the ranking member on C&T, and I
also yield you the long time, too.
Mr. Doyle. Well, Mr. Chairman, this terrible precedent that
you have started by allowing everybody to go 2 minutes over, I
am going to try to get us back on track and just use my 5
minutes.
You know, when you think about all this technology--social
media, the internet, artificial intelligence--you know, the
most wonderful, horrible invention in the world, and as
consumers we tend to look at the bright side of all this
technology without understanding the dark side. If anybody
thinks they have privacy, the only way you have privacy today
is, I call it to go Flintstone, to have the old flip phone, to
not be on Facebook or Twitter or any of these social media
sites.
But, you know, the reality is, for most Americans over 80
percent of the land mass of country, most Americans have only
one ISP provider. They don't even have choice when it comes to
that. And so they go on their ISP, and it is the only one they
have, and they tell you how they are going to use your data,
and it is about 20 pages long of a bunch of legal jargon that
most attorneys probably couldn't understand. And if you don't
click I Agree, that is it, you don't have access to any of
this.
So you don't even need a cheese pizza to get people to give
up their information. They want to go online to do whatever it
is they want to do online, and the only way they can get there,
especially if they only have one ISP, is to do that. Now,
search engines, you have some choice and you can read
different, you know, policies on search engines of how they use
your data, and it varies online, whether you are on Google or
whether you are on DuckDuckGo or these various sites, at least
you have some choice. With your ISP, most Americans don't have
choice. They have one place to go.
And it is kind of ironic that we are here today to discuss
concerns about algorithms used by these social media companies
to curate content on the internet, but as we speak, over at the
FCC the Chairman is getting ready to allow broadband providers
to block and edit speech on the internet at their discretion,
relying on public commitment from these providers that they are
going to behave.
And, given the Ninth Circuit case casting doubt on whether
the FTC may even police these broadband companies, it is sort
of creating a situation where broadband companies are just free
to reign over consumers with impunity, and the FTC for all
intents and purposes is a toothless tiger. We talk about
shifting all this watchdog function over to the FCC----
Ms. Schakowsky. FTC.
Mr. Doyle [continuing]. And they don't really have the
ability to do anything on behalf of consumers. Right now, if
this law passes on net neutrality next month, basically there
is no law of the land, we are just trusting people to behave.
They are saying they are going to behave, and we are going to
take them at their word that they are going to behave.
Professor Moy, I wonder if you can give us some examples of
how broadband providers behaved prior to the enactment of
strong bright line rules that were put in place by the FCC in
2015?
Ms. Moy. Thank you, Representative. That is a great
question. Right, because before we had rules we did see
broadband providers, internet service providers, blocking
things like Voice over IP, blocking tethering applications, so
they could extract more from consumers in monthly fees,
blocking peer-to-peer sharing applications. AT&T threatened, I
think, to block FaceTime unless consumers agreed to pay more
for the ability to use that.
So, you know, we certainly have seen examples in the past
of ISPs using their power as gatekeepers to prevent consumers
from using services that may well want to----
Mr. Doyle. So tell me what recourse would consumers have if
the FCC Chairman gets his way and removes these protections?
Ms. Moy. It is hard to see how they would have any recourse
at all. I mean the FCC plans to rely on the consumer-facing
commitments again of ISPs, but it is unclear whether ISPs would
actually be required to commit to not prioritizing content, not
blocking content. And even if they did make those commitments
and then violated them, the FTC--you know, you mentioned the
Ninth Circuit case--may not be able to enforce against them.
You know, their enforcement authority against ISPs is going to
be questionable at best or nonexistent at worse. And even if
they could enforce, again, they don't have civil penalty
authority.
Mr. Doyle. Thank you.
Mr. Chairman, in the spirit of staying within 5 minutes, I
have 5 seconds left, and I will yield them back to you.
Mr. Latta. Thank you very much. The gentleman yields back.
And at this time the Chair recognizes the gentleman of the full
committee for 5 minutes. The chairman, the chairman of the full
committee.
Mr. Walden. OK, thank you all, I appreciate it. And thanks
for our witnesses. My apologies for having to come and go a bit
today, but we do appreciate your written testimony and the
answers to our committees' questions.
I guess, Dr. Moy, the question I have because we are
concerned about misbehavior by ISPs, I am also concerned about
misbehavior by others in the ecosystem of the internet. And it
strikes me that on these information platforms we have seen
foreign actors try to affect our elections with paid
advertisement that is targeted.
We know that there is, in effect, paid prioritization on
some of these platforms, right, because you buy advertising,
and it strikes me that at least Google--it is an amazing
American company, it does incredible work but has about 77
percent market share of search, and I have had consumers
complain to me about what they believe to be the use of
algorithms that have disproportionately affected them.
So what--and maybe this can go to everybody on the panel,
but so if, who governs the edge providers when there are
questions about use of private data or--nothing is private
anymore, but your data and how that gets--and I don't mean this
in a negative way, but manipulated use through the algorithms,
which we are all trying to get a better handle on, so who
governs their activities and what enforcement protocols are in
place for those?
And I will start with you, Ms. Moy.
Ms. Moy. Great. Thank you so much for the question. So yes,
right now those practices are, in theory, governed or regulated
by the Federal Trade Commission, enforced by the Federal Trade
Commission, again under this idea that they can enforce
consumer-facing commitments. But, you know, I think you raise a
really good point, which is that the growing power of these
platforms to editorialize on content is potentially
problematic, and we should explore possible solutions to that.
But in the meantime, the last thing that we should be doing
is eliminating protections that consumers have against paid
prioritization at the network level, where there is very little
transparency.
Mr. Walden. Right. But in terms of other enforcement in the
overall ecosystem, if I have a complaint against a search
engine or I have a complaint against my social media, I go to
the--my only recourse is the Federal Trade Commission, which
you have said doesn't have the kind of enforcement authority
you would like to see it have, correct?
Ms. Moy. Right, right. Yes, indeed. And, you know, and
staff and Commissioners----
Mr. Walden. Do you think there should be greater authority
for enforcement over the edge providers or similar to what you
would see over the ISPs?
Ms. Moy. I would certainly support adding protections for
consumers across the board. I think that there are concerning
practices by both types of actors. I would caution this
committee against exploring a one-size-fits-all solution to----
Mr. Walden. Why?
Ms. Moy. Because I think that, you know, again the types of
information that various actors have access to is different.
The commitments and relationships with consumers that they have
is different. For example, consumers are paying dearly for
monthly access to the internet with a broadband provider,
whereas they often are getting certain other services for free
or----
Mr. Walden. Right. No, it is an exchange of value. Yes.
Ms. Moy. There are certainly differences between different
types of actors as well the availability or lack thereof of
sharing information with a particular provider or particular
type of actor.
Mr. Walden. So let me ask you a question, because we have
also heard before this committee that there is a very high rate
of encrypted data that passes through the ISP pipes, if you
will allow me to use that term, and that that is encrypted.
They don't know what those data are. It is encrypted, it goes
through. It is well over 50 percent, perhaps, so they don't see
it, but the other platforms do see the data and can use it and
do use it in that exchange, as we know. I am not saying these
are bad things.
And I think we have heard--I believe it is Dr. Tucker. I am
going to get them to make those nameplates bigger for us old
people that have vision issues. But the point is that they can,
they see it differently. Can you address that, the differences
you have seen in Europe versus here maybe on how our technology
has expanded dramatically and innovation here because we
haven't cranked down as much, right, on privacy?
Dr. Tucker. OK. So in the past--and this was about 2011--I
did research on how some of the early European data privacy
regulation really stymied the ability of Europe's ability to
create additional ecosystem like we have now. And since then
there has actually been follow-up research which has shown that
it wasn't just at the beginning, but it has kept on going, and
we have seen an awful lot of lack of entrepreneurship in
Europe, too.
And so we have seen the failure at the beginning and then
the follow-on failure of entrepreneurship, and I think to me
that is what has really distinguished what we have seen in the
U.S. tech sector.
Mr. Walden. So we have had, am I accurate to say we have
had more of a light touch regulatory approach to the internet
up through 2015 from Europe?
Dr. Tucker. I think it is certainly true that we have had a
sector-specific touch, right. That we have focused on areas we
might care about such as health, private financial data,
children, rather than going for a broad brush approach.
Mr. Walden. All right. I have exceeded my time. Thank you
all again for your testimony, it is very helpful in our
discussions, and I yield back.
Mr. Latta. Thank you very much. The chairman yields back
his time. And at this time the gentlelady from California, Ms.
Matsui, is recognized for 5 minutes.
Ms. Matsui. Thank you very much, Mr. Chairman. I want to
thank the witnesses for being here with us today.
I have a question, I think, for Ms. Moy right now. In 2015,
the Office of Management and Budget issued a memorandum
requiring all publicly accessible Federal websites to only
provide service through an HTTPS connection by the end of 2016,
which was last year. HTTPS protocol ensures that a consumer's
connection is encrypted from their devices all the way to the
Federal Government's systems. Regular HTTP connections sent in
plain text can be intercepted and exploited by anybody or
anything between the user and the website, including somebody
using public Wi-Fi. A study released earlier this month
revealed that only around 70 percent of Federal websites
employed HTTPS protocol.
Ms. Moy, how important are the security standards like
HTTPS to protect the confidentiality of internet-delivered data
on both Federal and commercial websites?
Ms. Moy. HTTPS is very important. HTTPS would encrypt in
transit the information that is transmitted via websites. So,
for example, if you fill out a web form, for example, perhaps
in an application for a service that you might find on a
Government website, and that form contains or asks questions
about information that is highly private, such as information
about financial status or personally identifying
characteristics like Social Security number, then, if the site
is not employing HTTPS technology, one could mount an attack on
the transmission and potentially read the information that was
transmitted.
Ms. Matsui. So how would you know whether it employs the
HTTPS on the Federal website?
Ms. Moy. So this is the type of thing where in a browser
bar, you know, you will see up at the top the little, now we
have that little icon, the little green lock that indicates
trust for HTTPS protocol.
Ms. Matsui. OK, something what we never look for, anyway.
OK, thank you.
I want to talk about embedded networks. Across almost every
industry, we are seeing a trend towards embedding
communications functions into their structures. Applied data
science such as a massive internet of medical things, rely on
faster, more efficient, and more robust communications with
innovative enabling technologies such as blockchain. Blockchain
can facilitate the exchange of massive amounts of data, but as
a decentralized ledger technology it can make online
transactions faster and cheaper while maintaining and
protecting data integrity.
Anyone on the panel, how can new digital technologies and
applications help consumers improve data security? Anyone want
to start on that one?
Dr. Tucker. Well, I have written a little bit on
blockchain, so I am just so excited that you mentioned it, and
I am glad that you mentioned it without mentioning bitcoin,
which is always a distraction.
Ms. Matsui. It is a distraction.
Dr. Tucker. And certainly we have got an initiative at MIT
which gives enormous optimism for the kind of process that you
are describing where, really, what we call verification costs
for making these kind of transactions easier.
Do I have any caveats? My only caveats are that when we
have studied it, and if we are thinking about blockchain as
being a recipe for protecting privacy, that in some sense it
can sometimes embolden people to be somewhat more careless
about their data surrounding the edge providers who are trying
to serve the blockchain. And so, for example, we have seen that
the mere mention of blockchain encourages people to share
really quite personal information such as telephone numbers and
so on without any guarantees of protection.
Ms. Matsui. So they feel like it is much more safe because
of the blockchain. They just figure that what they have heard
about it, that this is a safe way to go?
Dr. Tucker. Yes. That is right. So I sort of have the
analogy that it is a bit like, once you have your seatbelt on,
perhaps you drive a bit too fast, that kind of an analogy. And
so I think it is definitely a step forward, but we have to
realize that of course it is going to interact with other
providers, and the most will be privacy concerns there.
Ms. Matsui. Thank you.
Did you want to make a comment?
Mr. Pasquale. I would just say very briefly that I
testified in September before the Senate Banking Committee, and
I mentioned in part of my testimony futurist financial
technologies such as blockchain. And I think that it is just
very important to distinguish between the private permission
blockchain and the public permissionless. I have a lot more
confidence in the sort of private permission because it
involves what I call complementary automation technology
complementing individuals rather than replacing them.
So I think that it is, just in terms where I have hope, it
is more in that latter category of private permission
blockchain.
Ms. Matsui. OK, thank you. And I see my time is expired. I
yield back.
Mrs. Blackburn [presiding]. The gentlelady yields back. Ms.
Matsui, I just mentioned to counsel that we may want to secure
his Senate testimony and submit that into the record in
coordination with your question.
Ms. Matsui. Thank you very much.
Mrs. Blackburn. Agreement? So ordered.
[The information appears at the conclusion of the hearing.]
Mrs. Blackburn. Mr. Shimkus, 5 minutes.
Mr. Shimkus. Thank you, Madam Chairman. It is great to be
here. I got to listen to your opening statements. I found them
all very interesting. And then I had to run upstairs to do
Energy Markets and Interconnectivity, and then I came back down
here, so I may have missed a few issues.
I just want to put on the record on this whole net
neutrality debate, it is just, for a lot of us it is what is
the enshrined law by the legislative process versus what a
regulator decides what to do. And what we are seeing now with
the passing of the Obama administration, and the Trump
administration, is I kind of explain to my constituents it is a
pendulum. We are going to do it this way, now we are going to
do it this way, now we are going to do it this way, and to stop
the pendulum you have to pass a law. You have to enshrine that
into a statute, and I would encourage my colleagues to come
together to do that.
I also want to incentivize build-out. I like more pipes
versus less pipes, and I don't want the Government deciding how
one pipe should be structured. I would rather have so many
pipes that everybody gets what they want when they want it at
the speed that want it, and if you are a market-based
conservative you have got to send a price signal.
And then the other issue on that is this whole--part of
this was kind of paid prioritization, or we are talking about
so small of lag of time that I can't even use the proper
terminology. But would I rather have lifesaving telemedicine go
fast versus a Three Stooges video? The answer is yes, I would.
So I just want to put that in the guise of some of the debates
based upon what the FCC is considering. And then I want to
segue real quick to this whole--this is a fascinating panel
because you all have done, brought pretty much a different
focus and sometimes there are similarities on privacy, on
algorithms, on data.
So I want to use this example. Over the Thanksgiving break
I visited Washington University, a major medical facility in
St. Louis, and so I briefly drew my little DNA strand, right,
here. And so the question with data is in the healthcare arena
we want to go to drive to personalized data, I mean
personalized medicine, and personalized medicine means we
understand the DNA sequence, and we can pull that out. So then
a cancer patient, we don't have to try 15 different types of
cures, we can direct it.
Now that creates a lot of issues public policy-wise. One
issue is the data collection. The other one is data sharing.
The other issue is privacy. And when you are doing medical
research, I mean, you are really trying to share that data,
that DNA sequence of this one case across different major
schools of medicine across the country and probably across the
globe.
So that goes to a lot of your individual comments. I kind
of want this to happen. I really believe in personalized
medicine. I think it is going to be a huge savings, and I think
it helps treat the patient quicker and return them to a very,
you know, return life. And we have these hurdles that we are
all discussing here.
Anyone want to weigh in on--Mr. Pasquale, and then I will
go to Dr. Tucker. I got about a minute, 2 minutes left.
Mr. Pasquale. I will be very quick to say that I completely
agree with you, and I think that, you know, we have talked to--
I run a health law podcast with Nick Terry called ``The Week in
Health Law,'' and we talked to several people who are law and
policy experts in this type of area, sensitive health data, and
we get a lot of good advice on, you know, how can we develop
best practices in order to enable data liquidity, data flow
between institutions.
But I would also say, you know, based on some of the great
work done by Sharona Hoffman in her article ``Big Bad Data,''
that sometimes if we don't have good data practices so we know
where data comes from and where it is going to, that may impede
the scientific validity of some of the findings. So I think we
have heard a lot about privacy impeding innovation, but there
are ways in which good data practices, good record keeping, can
actually help promote innovation as well and promote scientific
validity.
Mr. Shimkus. Thank you.
Dr. Tucker?
Dr. Tucker. So I have a study coming out, it is forthcoming
at Management and Science, where we actually look at different
types of regulation and how they promote or don't promote the
kind of personalized medicine you are talking about. And what
we found there was that basically just focusing on consent was
really quite harmful to patients being willing to adopt this
kind of or sort of give this kind of unique data in a cancer
treatment setting.
What did seem to work, though, was actually giving control
to patients, and there were some States that actually
experimented with creating ownership or property rights over
genetic data, and we have actually seen quite a bit of efficacy
in terms of promoting personalized cancer treatments in those
States.
Mr. Shimkus. Anyone else want to weigh in? I really
enjoyed--again I am having a hard time, too, with Mr. Ben-
Shahar on the statements of--I mean, how many of us get
financial booklets after the fiscal year, and how many people
throw it away? I bet you 99.99 percent of all people who get
those booklets on what you should know. And I think it is a
protection. It is really a protection for those people who are
controlling our data. ``OK, we have done it. We have given you
the information, now it is your fault if you don't follow it.''
So, it is a great hearing. I appreciate everybody being
involved. And I yield back my time.
Mrs. Blackburn. The gentleman yields back and, Mr. Green, 5
minutes.
Mr. Green. Thank you, Madam Chairman. And I want to thank
our two chairs and two ranking members for the hearing today,
and as well as our witnesses.
It is pointed out that personalized content that we all see
on various online platforms is curated by both humans and
algorithmic technology. However, the potential for harm from
algorithms can be particularly difficult for Congress to
address, and thus we should be focusing on it.
Professor Kearns, in your testimony you point out that
machine-learning-based algorithms can be used to determine a
consumer's emotions at any given point in time. How do you
monetize that?
Dr. Kearns. Well, the short answer is I don't know. But
certainly, if I can shape people's moods and it seems plausible
people might be more willing to shop if they are in a good mood
rather than a bad mood, that might be one way that I could
monetize it. I think more generally, though, knowing detailed,
fine-grained information about people's mental and emotional
states in addition to, for instance, knowing about medical
facts about them and their fitness level and their financial
health, et cetera, I mean, it has clear sources of
monetization.
And some of my colleagues on the panel have mentioned some
of the negative ones already, such as targeting groups that are
particularly vulnerable at a particular time. There is a great
deal of documentation, for instance, on kind of predatory loan
practices online in the arena of for-profit education, for
example.
Mr. Green. OK, thank you.
Professor Pasquale, if a person often does online searches
for phrases that might signify challenging financial
circumstances such as financial counseling, how might that
change the ads and the search results that they see online?
Mr. Pasquale. Oh, that is a terrific question. And one of
the big worries that a lot of advocates have is that we can
route people into different opportunities. So, for example, if
you have exactly the type of searches that you are mentioning,
someone might be routed towards payday loans, others might be
routed away from them. Now to Google's great credit, I think, 1
or 2 years ago, working actually with Georgetown, they started
some self-regulation where they said, ``We are not going to
have certain ads on that are over 36 percent APR.'' And I think
that is very important, but I also worry that, you know, kind
of competition concerns might arise if, for example, Google
owned its own finance company that had a business model that
would be advantaged by that particular rule.
So I think we have to balance, you know, we have to both
encourage tech giants to try to self-regulate to avoid the type
of tracking that you are invoking, but we also have to have
outside authorities to be able to watch that self-regulation,
as well.
Mr. Green. Or just so the consumer knows that, you know,
that is being done and you might not be getting some other
offers, that somebody else is making that decision on what they
are presenting to you.
Another question I have, you mentioned in your testimony
that in 2016 after Facebook was found to be enabling
discriminatory housing ads, it promised to change the system to
address that issue but has not done so. Could you talk about
efforts that Facebook and who might require Facebook to fix
this problem, and why they may not be successful?
Mr. Pasquale. Yes. I think that the issues here are, it is
a complex ad ecosystem and so there are lots of different
moving parts in the ads, but I think that what is disappointing
is that there was this expose in ProPublica, there was a lot of
attention to it. There were pledges to do better, but we just
saw in the past week or so that the same people that exposed
the original problem, that they are saying it hasn't been
solved.
So I think that is, again, another example where we have to
empower either State or Federal regulators to actually have
some teeth and to impose some of the penalties that would
actually lead to a positive response.
Mr. Green. As I found out in this job, everybody needs the
boss and has to answer to someone. So we don't have an agency
that can do that right now with Facebook if they agree to do
something and do not do it?
Mr. Pasquale. I think that there are possibilities with
respect to, say, the deceptiveness or unfairness authority at
FTC. I would also have to research with respect to the
Department of Housing and Urban Development and its own
enforcement practices, but that is not something that I have
personally looked into, so I would have to look into that. Yes.
And I could send that later on to the committee, yes.
Mr. Green. Professor Kearns, you advocate for a policy
approach to the extraction of consumer data that is
technologically neutral and accounts for the sensitivity of the
data collected. My question, can you elaborate on what you
think that policy might look like?
Dr. Kearns. Yes. I mean, first of all, maybe let me take
the opportunity to say one thing that I think has been running
through my head but I haven't been able to get out yet, which
is especially on issues of discriminatory behavior by
algorithms, I do think that there are scientific things that
can be done to address this and there is a, you know, not small
and growing community of AI and machine-learning researchers
who are trying to design algorithms explicitly that meet the
various fairness promises and guarantees.
And it is still very early days, but this sort of idea of
endogenizing some kind of social norm like fairness or privacy
inside of an algorithm I think is extremely important, because
while regulatory and watchdog agencies will always be very
important, you know, the way a computer scientist would put it
is they don't scale, right. So, if instances of malfeasance or
privacy or fairness violations have to be caught by human
organizations looking at, you know, specific instances or
behaviors, they just won't keep up, right, because the tech
companies are doing this at massive scale in an automated way.
In terms of what can be done, you know, I think it is
possible to audit algorithms for various kinds of behaviors
without compromising the proprietary nature of the models or
algorithms used. And a rough analogy I would offer are kind of
the stress tests that banks have been subjected to on Wall
Street where, you know, you have to demonstrate certain
properties of behavior of your algorithm, but you are not, you
know, releasing the source code for it.
And I, you know, without having super-specific suggestions
in that regard, I think that that is a promising general
direction for policy and one that can balance between, you
know, a company's legitimate right to preserve their
intellectual property and consumer and societal concerns about
the behavior of those algorithms.
Mr. Green. Thank you.
Mr. Chairman, I know I am over time. I appreciate your
courtesies.
Mr. Lance [presiding]. Thank you very much, Mr. Green, and
I recognize myself.
Ms. Klonick, in your testimony you mentioned choice as a
key part of regulators' decisions not to pursue Title II-like
regulations for online platforms. Title II-style regulations
may be inappropriate for edge providers or for others in the
internet ecosystem, as well. However, some have argued there
are fewer choices among online platforms because each website
or application serves a specific audience with a specific
service. Would you please comment on that? Thank you.
Ms. Klonick. Yes. I agree with that statement generally,
that specific platforms speak to a specific audience. But there
is an enormous and incredibly important distinction to be made
here, and that is that there is a huge difference between
companies that have kind of natural monopolies like ISPs and
then content platforms like Facebook and Twitter.
And the former kind of a piece of the pipe, or to put it in
terms of speech, they are kind of the printing press and you
don't want the printing press rearranging letters or blocking
out sentences. You want it to be content-neutral to a certain
extent, but you do want the paper or the writers or the editors
who use that printing press to be able to make decisions based
on the content, and that is something why what we are talking
about today is so important.
Mr. Lance. Thank you. If there are fewer choices among
these platforms, how does that change the evaluation of the
platform's ability to moderate content? Does it make it more or
less troublesome in your judgment?
Ms. Klonick. Yes. I think that as Representative Doyle said
earlier, that one of the issues here is that there is a lack of
choice between certain types of providers, but on these
platforms right now there is just a plethora of choice. I mean,
Twitter might have a monopoly over 280 characters of text and
Facebook might have a monopoly over a kind of like a relatively
safe, family-safe community, but there are plenty of other
presences that are currently online. Of course, if that changes
in the future and the taxonomy of what these different
platforms are able to provide and what users use them for and
how they end up having a monopolization or not over broader
areas, then I think that that is something that can be
revisited.
Mr. Lance. Thank you very much.
Professor Ben-Shahar, as many of the online platforms we
are discussing today offer their services free of charge to
consumers, how do we as lawmakers evaluate the appropriate
balance between personal privacy against convenience?
Dr. Ben-Shahar. Thank you very much for the question. I was
hoping to be able to say a few words about that. I think we
should be very careful not to change this grand bargain, people
paying for excellent services that they like very much not with
money but with their data. And it would be a, I think, disaster
of consumer protection if we changed that, if you ask consumers
in the aftermath of some reform that removed that bargain and
made them pay for things like Google, Facebook, and other
things with money, if they feel that they were helped, I think
they would say in unison, ``No, don't do this.''
In that sense, I think the bargain and the underlying
bargain is an excellent bargain. Now, there are worries that of
course arise, and I think this is the ultimate, the
foundational problem of data policy. It is not privacy or
security, it is competition. It is the fact that there are very
few companies that dominate the central forum in which these
exchanges occur--Google, Amazon, Facebook, and maybe a few more
small players.
I am not so worried about the ISPs. They, notwithstanding
the fact that on broadband there is some local monopolies,
there is great competition from mobile, but these big three, or
big four if you throw in Apple, big five if you throw in
Microsoft, have a lot of power, and the FTC has failed, for
example, last year, to intervene in something that the
Europeans thought, I think rightly, as raising antitrust
concerns.
So to conclude, I think that the concern for consumers will
arise from lack of competition and concentration, not from
privacy and security.
Mr. Lance. Thank you very much, and I yield back 42 seconds
and I recognize Mr. McNerney of California.
Mr. McNerney. Well, I thank the chairman and I thank the
witnesses. Sorry, I missed some of your testimony a little
earlier. Professor Moy, what do you think the benefits of the
current FCC rules for consumers and small businesses are
regarding net neutrality?
Ms. Moy. Great, yes. So I mean that is a great question. I
appreciate that question. The current rules enable small
businesses to reach consumers. That is the short answer to the
question. You know, if we didn't have rules that prevented ISPs
from paid prioritization and blocking, then it would be much
more difficult, potentially, for small businesses to reach
consumers.
Mr. McNerney. So you would agree--or I don't want to put an
answer in your mouth--would you agree that it would be harder
for small businesses to innovate if the FCC Chairman's proposal
is adopted?
Ms. Moy. Yes. You know, and it might even be very difficult
for a business to know whether or not it is being throttled if
it is being throttled. The draft order has transparency
provisions in it, but it is unclear whether the transparency
provisions would be consumer-facing or in fact if some
companies could fulfill those by just turning over information
about their practices directly to the FCC.
Mr. McNerney. Well, that sort of leads, already answered my
next question. But the new rules or the new regime would
require or ask businesses if they feel like they have been
subject to anti-competitive practice to go to the FCC to
resolve their problems. How quickly do you think the FCC could
response to those sorts of requests?
Ms. Moy. I mean, if it could respond at all, I mean, well,
I think the question is whether it could respond at all, right.
So there are many practices that might seem anticompetitive but
not raise to the level of an antitrust violation. So, for
example, if an ISP were throttling a service that an innovator
is introducing into the market but that doesn't compete
directly with the ISP service of a phone or internet provision,
then that practice might look anticompetitive but might not be
considered an antitrust violation.
Also if, you know, if a company were to try to bring an
action in court, you know, I think there is this idea that
companies might be able to bring antitrust actions in court,
but antitrust actions in court take many years and may cost
potentially millions of dollars to mount against a major
incumbent. And that can be, you know, that is a barrier that
really creates impossibility for a small business or----
Mr. McNerney. Sure. And what sort of penalties could the
FTC impose, and would they be effective?
Ms. Moy. Right. I mean, so again the FTC's primary
authority when it comes to enforcing something like net
neutrality, if it could enforce net neutrality again, you know,
and I think for all of the reasons that we have discussed
repeatedly, including the FTC's lack of authority over common
carriers, it is questionable whether they have the authority at
all, but most of their authority would come from the ability to
prohibit unfair and deceptive trade practices, and there is no
civil penalty authority in that area.
Mr. McNerney. So under Chairman Pai's plan, broadband
providers are not required to disclose the practices at the
point of sale or on their website, but they can give those
practices to the FTC and the FCC, and they would in turn put
them on their website. Is that sort of disclosure viable?
Ms. Moy. So, you know, I mean, I think I would say again,
you know, I think as an initial matter it is worth remembering
that the disclosures alone are not necessarily, are not going
to be sufficient, particularly when it comes to when you are in
a situation where a consumer only has access to one broadband
provider.
But when there is a choice that is available to the
consumer and they might rely on disclosures to make a choice
between two different providers or between multiple providers,
that information really does need to be consumer-facing. I was,
in fact, on the task force at the Consumer Advisory Committee,
the FCC's Consumer Advisory Committee that designed the so-
called broadband nutrition label that Chairman Pai is planning
to do away with, you know, and we did think that in a situation
where a consumer might be considering adopting one of two
different services or one of two different service plans, it
would be extremely important for them to have easy-to-read
information about the actual performance of that service
package.
Mr. McNerney. I had a couple of questions for Professor
Kearns. With regard to machine learning, there are going to be
benefits in all sorts of areas, but are there areas where
machine-learning techniques should not be used?
Dr. Kearns. Well, yes, I think so. And there is, you know,
a large and growing community of AI and machine-learning
researchers who are trying to debate those sorts of issues. You
know, one logical extreme, there is the notion that any
decision that really, you know, should lie with a human just
because of moral agency shouldn't be made by an algorithm.
So one example that is commonly offered is in automated
warfare, that even if we could design algorithms or learn
models that, you know, made more accurate decisions about
whether to fire on an enemy, that perhaps we shouldn't do that
because the decision to do that should always lie with a human
who has the moral responsibility for that decision.
So I think, you know, that is an extreme that I think I
would agree with. The harder cases, I think, are cases in
which, you know, machine learning is demonstrably effective yet
making difficult moral decisions like in criminal sentencing
and to, you know, one could arguably ask about things like, you
know, college admissions or loan decisions and the like.
And so, you know, my view right now is that we are at the
very beginning of a very difficult debate about the extent to
which decisions that have been made historically by humans and,
by the way, you know, historically also exhibited biased
privacy decisions, et cetera, when they were being made by
humans and turning over them to machines where the tradeoffs
are going to be different, but there will be tradeoffs, right.
And there is always this tension in machine learning
between accuracy, which is, you know, right now essentially
what is almost always optimized for, and other things like
privacy or fairness, right.
Mr. McNerney. Well, I have really gone over my time.
Dr. Kearns. OK, yes.
Mr. McNerney. So I am going to have to interrupt you and
yield back. Thank you.
Mr. Lance. Thank you very much. The Chair recognizes Mr.
Johnson.
Mr. Johnson. Thank you, Mr. Chairman.
Mr. Pasquale, when we talk about how companies interact
with consumers and handle consumer data, we often talk about
transparency, that is, being transparent with business
practices. In some industries there are actually transparency
rules that require companies to disclose certain information.
For example, ISPs have to disclose a slew of information about
their business and network practices. Are there any rules that
require companies that use algorithms to be transparent about
how they work?
Mr. Pasquale. So it is a very narrow range of requirements.
So, for example, if you look at the online lending space, there
has been some caution about certain forms of automated
underwriting using what is called fringe or alternative data,
data beyond, you know, what is usually used by FICO or other
entities like that because under FCRA it can be a requirement
of explanation under the Fair Credit Reporting Act with respect
to some of these, like giving the reason codes for why an
automated decision was made.
But in general it is a zone of great opacity. We just don't
know. That is why I titled my book ``The Black Box Society,''
because there are so many rules there, so little sense of what
is going on there. Yes.
Mr. Johnson. OK, all right.
Mr. Kearns, Professor Swire from Georgia Tech--my alma
mater, by the way, it is where I learned about networking--
concluded that applications such as search engines and social
networking services collect data providing greater consumer
insight than ISPs. Do you agree with that conclusion?
Dr. Kearns. Yes, I do.
Mr. Johnson. OK, care to expand?
Dr. Kearns. Well, in addition to the aforementioned
encryption that, you know, occurs with the vast majority of
data that ISPs carry, you know, there is the additional fact
that I don't think it has been mentioned yet that it is at the
packet level. And the way internet routing, packet routing
works is that longer messages, whether they are actual text
messages or they are a web search or they are an audio call,
are divided into these tiny little fixed-size packets which
then travel possibly different paths through the network.
So, you know, just going back to a comment I made earlier,
this sort of actionability of data at that level, if half or
more of it is encrypted and it is also traveling in these
little bite-sized pieces and you are carrying a phenomenal
amount of that data over your network, if you ask me whether if
I am trying to figure out who somebody is and what to sell them
and what their mental and psychological condition is, I would
much rather have search engine data or Facebook data than
packets at the network level.
So this is basically what I mean by, I think, you know,
from a privacy perspective it is less concerning to me than the
data that is being collected by the edge services.
Mr. Johnson. OK, all right. Continuing with you, Mr.
Kearns, then, my understanding is that approximately 80 percent
of internet traffic is encrypted. You just talked about
encryption a little bit. That limits what ISPs see regarding
consumers' online activities. In contrast, by their very
nature, don't edge providers largely have to interact with
consumers' unencrypted data?
Dr. Kearns. By definition, yes.
Mr. Johnson. Yes. Well, doesn't that give edge providers
much greater insight into consumers' preferences, habits,
choices, beliefs, that kind of stuff?
Dr. Kearns. Yes, it does. I mean, I think the right way to
think about it, let's say, back in the old days of telephony
is, you know, would you rather see the raw analog signal and
try to figure out what the conversation is from that, or would
you rather have that analog signal rendered through a speaker
so that you could actually listen to the conversation, right?
And this is an imperfect metaphor, but I think it is a good
one.
You know, another thing I might offer is, if I am just
trying to describe an image to you, would you rather I go pixel
by pixel through the image and tell you the color value of it,
or would you rather me describe it to you and say, well, ``It
is an outdoor image''? ``There are trees. There is a lake.
There is a family picnicking.'' And so, you know, by
definition, what the end services are getting and what users
want to give to those end users are this much-higher-level data
that is easy for humans to understand and model.
Mr. Johnson. They want to see it all put back together
again.
Dr. Kearns. Yes, exactly. And you are just kind of not
easily getting that at the network level because of the
encryption and because of the fragmentary nature of packet
routing.
Mr. Johnson. Right, right. OK.
Well, Mr. Chairman, I yield back a full 10 seconds.
Mr. Lance. Thank you, Mr. Johnson. The Chair recognizes Ms.
Eshoo.
Ms. Eshoo. Thank you, Mr. Chairman, and thank you to the
witnesses. I read all your testimony last night, listened to
all of you today, and I want to make some comments about this
hearing. The title of it is very interesting, and it is an area
that needs to be examined.
The word ``privacy'' has come up many times, certainly net
neutrality and references to it have come up. Strong
enforcement has come up. But when you look at the backdrop and
the broader stage on which this hearing sits, look what is
happening in our country. In a flash, like lightning, privacy
was ripped away, the privacy protections were ripped away from
the internet.
So all of the happy talk of some of my colleagues on this
committee about privacy and the sanctity of it, that was
forgotten when that vote was taken and the American consumer, I
think, has really been hammered as a result of it. I think
that, Professor Moy, you made a very important point when you
said that the last thing we should do is to repeal, and that
has happened.
It was very interesting to hear the description of what has
taken place in Europe with what they have done with the
internet and what we have done and how the internet has
flourished in our country just on the eve of the Chairman of
the Federal Communications Commission getting ready to rip away
the protections that are there that have made it open, free,
accessible. So I think there is some political cross-dressing
here today, with all due respect, not by the panelists, but I
think by some of the Members.
And the term ``a strong enforcement'' has been referred to,
but I don't think strong enforcement is something that you pick
and choose, because we are lawmakers and, unless there is
enforcement, then the law is not worth the paper that it is
written on.
I take heart from what Professor Kearns spoke of because,
in this whole issue of algorithms--and let's keep in mind these
social platforms are free. They are free. They are not like the
ISPs. In the ISPs there must be, I think, only three happy
outfits in the entire Nation on the eve of what Chairman Pai is
doing relative to net neutrality, and that is Comcast, AT&T,
and Verizon. They are the happiest. I don't know anyone else
that is for what he is planning to do to the internet. But I do
think that it is very interesting to me that you have raised
the issue of auditing algorithms.
Now, I think that truth has always required transparency.
We don't, I don't think, as a committee, really know how to get
socks on the octopus, so to speak, here because it is
complicated. Free speech is central to us, but we also know
that there are bad actors that have used the best of what we
have invented to divide us, and something needs to be done
about that. There is no question in my mind, and the chairman
of the full committee raised that, as well.
So how close, Professor Kearns, do you think we are to this
what you raised, the auditing of algorithms?
Dr. Kearns. So I think we are close. So in particular, you
know, many of the instances of discrimination, for instance, in
algorithmic behavior were actually discovered by groups of
researchers who are effectively doing their own auditing, you
know, doing kind of field experiments using services that have
algorithms underlying them, testing their behavior and
demonstrating, for instance, they have some particular type of
bias.
There is good research being done on, again, internalizing
notions of fairness inside of algorithms. And just to be clear
here, I think most instances of discrimination in algorithmic
behavior are not the result of any evil by the researchers and
scientists at these companies. It is just that, when you
optimize your model for predictive accuracy, you shouldn't
expect it to have any other nice properties, either, so you
need to actually specifically put those properties in your code
if you want them to have it.
You know, in the privacy arena there is a very strong
notion of, you know, kind of internal privacy of an algorithm
known as differential privacy that is kind of starting to
finally get out of the lab and be used, for instance, in the
latest version of Apple's iOS. So this stuff is happening, and
the tech companies are participating in, you know, the dialogue
and in developing some of the science. It just needs to be kind
of taken seriously at scale by those companies.
Ms. Eshoo. Well, I am encouraged by what you have just
described, and I want to pursue it, as well. If there is more
information that you can get to us on it, I certainly would
welcome it. And with that, Mr. Chairman, I yield back.
Mr. Lance. Thank you very much. The Chair recognizes Dr.
Bucshon.
Mr. Bucshon. Thank you, Mr. Chairman.
Professor Kearns, this is a little bit different line of
questioning but important. Is it feasible for your cell phone
or an app on your cell phone to listen in on your conversation
and collect data?
Dr. Kearns. Yes.
Mr. Bucshon. And are you aware that that is happening in
our country, in everywhere? I will give you an example of why I
think that this is happening, and it is an issue that we really
haven't touched on today as part of data collection.
Dr. Kearns. My default assumption is that, unless I have
taken explicit pains to arrange otherwise, that when I use an
app on my mobile phone, it is recording at least the data of my
interaction with that app and possibly many other aspects of my
usage of the phone, as well.
Mr. Bucshon. How about when you are talking? Like right now
my phone is sitting here, and there is a speaker and I am
talking, and is that data, is what I am saying potentially
being collected?
Dr. Kearns. With or without the microphone on.
Mr. Bucshon. Correct, with or without. Well, the question
is the definition of ``on,'' right, because that is being made
by the company that makes the phone. I mean, it has been shown
recently and it has been on, I think, Wall Street or somebody
reported that you can turn off essentially everything on your
phone and you are still being tracked. So the speaker is
important.
Let me just say this, and this is the reason this came to
me is because my son, who is 24, he lives in Chicago, he was
standing around with some, a couple, with a friend at work, a
person at work. Nobody was on the internet. He was talking
about, and I can't remember specifically what it was, but it
was about shoes or something and the next day he had ads for
that exact thing on his feed. He didn't do a Google, he didn't
do any search. I don't want to single out a company, but he
didn't do any search at all. All he did was talk in the
presence of his microphone on his phone. Do we know if that is
happening?
Dr. Kearns. I am not a security expert, but I do know that
there are more instances these days of situations in which, you
know, the operating system on your mobile phone communicates
with beacons in retail stores, and this is how one often
experiences, you know, why even though I didn't do a search on
some product at all, but I happened to be in the store
yesterday, the physical retail store----
Mr. Bucshon. Yes, they can do that.
Dr. Kearns [continuing]. Am I not, you know, and this is
because they are now starting to install so-called beacons in
these stores that interact with the operating system on your
phone, and so then the retailer knows that you were there.
Mr. Bucshon. If you were in a shoe store, they know you
were in a shoe store.
Dr. Kearns. So, you know, my feeling about these things is
that the way technology is, is anything is possible, right. And
then the question is, is it widespread and who is doing it, and
is it kind of for deliberately nefarious purposes or is it, you
know, just advertising, quote unquote?
Mr. Bucshon. I mean, it is important because I am a Member
of Congress and I have confidential conversations all the time
with my phone, and I am not on the internet. And so that is a
question. I had mentioned this to my staff, by the way, when I
went back to the office, and they go, ``Oh yes, that has
happened to me.'' I mean, all the young people are like, ``Oh
yes, that happened to me before.''
So I just thought that was something that we need to,
really, also as far as collecting data and then analyzing like
you have described, I mean, I think what we really need to
think about, not only when you are actively on your phone but
whether or not through your--and I am not a conspiracy theorist
or anything, right--through your actual speaker that you can be
monitored.
Dr. Kearns. Yes. I mean, and I think we are also
voluntarily heading this direction in the form of home devices
like, you know, Echos and, you know----
Mr. Bucshon. Yes, right. That is obvious, right.
Dr. Kearns [continuing]. In which, you know, are kind of
sitting there all the time recording.
Mr. Bucshon. Right.
Professor Ben-Shahar, you stated that consumers ignore
privacy disclosures. How would you suggest we inform consumers
that they have given consent to their data being collected? How
can we do that?
Dr. Ben-Shahar. I think consumers understand in general
what is going on, and indeed a lot of the surveys suggest that
they know that a lot of their information is being collected.
They are not surprised when they find out that yet another
practice is prevalent, for example, that now these home
butlers, the Google Home or Alexa is listening to everything
that is going on. I think that consumers by now have figured
out that this is going on, and so there is not much that we can
tell them that they don't know.
Now there are specific things that are going on that defy
consumers' expectation. And if the expectation is created in an
affirmative way by your smart phone or by Google or by other
service, for example, they give the consumer the impression
that they can turn on or turn off some kinds of surveillance or
some kinds of data collection and it turns out that they can't,
that even if they did what they were supposed to do and had the
reasonable understanding that they are not going to tracked in
a particular way, they still are, that is an FTC issue. That is
an issue of----
Mr. Bucshon. Well, that has happened. It has just been
written in the papers recently that it has happened.
Dr. Ben-Shahar. To the extent that that is happening, that
should be--I think that there are tools in our law, both in
contract law and in consumer protection statutory law, to take
care of these kind of things. I don't know, you know, maybe
other panelists know better. I don't think these things happen
too much, for the simple reason that it all costs nothing for
the services to let consumers know what is going on. Consumers
don't care. They are not going to bother, change the settings
or re-change the settings every time there is a new version of
the software.
Mr. Bucshon. Thank you. I am out of time. I yield back.
Mr. Lance. Thank you very much.
The Chair recognizes Congressman Flores.
Mr. Flores. Thank you, Mr. Chairman. I appreciate all the
panelists for joining us for this important hearing today.
The first question I ask, I mean, one of the things that is
obvious is that data is pulled from everywhere, whether it is
data services, your mobile phone, your Alexa, whatever,
operating systems, and social media platforms. So my question
is this, for all of the panel. I am going to start with
Professor Kearns, and then I am going to ask a couple of other
questions, and we will come back to the panel if we have time
about this issue.
So the question is simply this: What are your thoughts as
to whether or not Congress or policymakers need to establish a
consistent legal and regulatory framework for how this data is
obtained and used?
Dr. Kearns. Well, I will be brief so other people can talk,
too. But, I mean, as per my earliest remarks, as a scientist,
so I am not a policymaker, I am not a lawyer----
Mr. Flores. Right.
Dr. Kearns [continuing]. But from a scientific perspective,
to me the most important thing is not sort of, you know, how
much data you have measured in petabytes. It is not kind of
whether the data came from this service or that service or this
app or that ISP. It is, what are the actionable insights about
consumers and what are the facts about their lives that you can
infer from that data?
And as a scientist I don't see an easy way to carve that up
into little subdomains and say, like, ``Oh, well, you know,
because we just--'' the truth is, we don't know, right. These
companies themselves are figuring out just now how powerful AI
and machine-learning techniques applied to all kinds of data
are.
Mr. Flores. Right. Well, the challenge is, is that
policymakers and regulators typically move way behind the speed
of technological change. And so what I am trying to figure out
is how do we get in front of this, or do we need to even worry
about it? And I will come back to the rest of the panel on this
question in just a minute, but I do have two other questions
for Professor Pasquale first.
In your testimony, you noted that bottlenecks can threaten
competition at any layer of the network, not just the physical
layer provided by the ISPs. And so the question is this: Can
you elaborate on the potential bottlenecks other than the ISPs,
beyond the ISPs?
Mr. Pasquale. Sure. So I did a 2008 article called
``Internet Nondiscrimination Principles,'' and what I tried to
do is to say that the same type of concerns that are motivating
people to advocate for net neutrality should also be looked at,
at the social layer, at the search engine, at the app store
level. And particular examples, there are two examples related
to China that I think are really interesting and I discuss in
my book. One is that someone developed an app called ``In a
Permanent Save State,'' and it was a game that was also a
critique of Apple and its use of certain Chinese factories and
labor. And the Apple app store rejected it over and over again,
and they couldn't really understand why that was happening.
Similarly, there is a case called Langdon v. Google where
someone wanted to buy an ad titled ``China is Evil,'' and there
was, I thought, a relatively arbitrary decision by Google to
say, ``No, we are not going to sell you that ad.'' And so I
think those are very concrete examples of a much larger
problem, where I think that we have to be much more imaginative
as academics and as policymakers in seeing the connections
rather than seeing the separations between these different
entities.
Mr. Flores. Well, that sort of goes to my next question,
because we have talked a lot about how content is filtered
online, but we need to consider how content is filtered through
other platforms, even voice service devices. It has been
reported that voice service devices prioritize certain content
and services and they have even excluded certain products from
their platforms.
So the first question is, are there anti-competitive
concerns associated with this type of prioritization?
Mr. Pasquale. Congressman Flores, I have to confess I am
not familiar with that niche of the market, so I will have to
pass.
Mr. Flores. OK. That is fine. Let's move back to my initial
question, if we can. I would like to get the comments from the
rest of the panel. Again, the question was this: What are your
thoughts as to whether policymakers need to establish a
consistent legal and regulatory framework for how this data may
be obtained and used? Let's start with Ms. Tucker.
Dr. Tucker. So I think it is very difficult--and Europe has
taught us this--to have a consistent framework governing
technology. On the other hand, I think it is possible to
identify areas where we are particularly concerned about
privacy, be it health, be it kids, and make sure the policy is
focused on protecting those outcomes we really care about.
Mr. Flores. OK.
Dr. Ben-Shahar?
Dr. Ben-Shahar. My answer, with all due respect, is a
resounding no. I don't think that policymakers should tell
business what data to collect and how to use it.
Mr. Flores. In the interest of time, I appreciate the short
answer, OK.
Dr. Ben-Shahar. And maybe just set red lines.
Mr. Flores. Ms. Klonick, sorry.
Ms. Klonick. Yes. I think that regulation, Section 230 and
any regulation that kind of curtails the ability of these
businesses and platforms to self-regulate, is probably not in
the best interest of the public.
Mr. Flores. OK, thank you.
And, in the interest of time, I will yield back the balance
of my time.
Mr. Lance. Thank you very much. The Chair recognizes
Congresswoman Walters of California.
Mrs. Walters. Thank you. And thank you for holding this
hearing, and thanks to the witnesses for being here.
We can all agree that protecting consumers' information is
paramount and that consumers deserve a clear understanding of
their privacy expectations when using the internet. It is
important we have this discussion so we can better understand
how consumers benefit from current practice and examine ways to
protect against the misuse of consumer information.
Professor Tucker, what is the best way to protect my
constituents' privacy to make them feel secure and confident in
the use of their data without impeding future innovation and
America's leadership in the technology sector?
Dr. Tucker. So, over the various sectors and various time
periods, my research has repeatedly shown that the best way of
introducing privacy protections is to give a sense of control
back to consumers. Now, that is distinct from transparency. It
is distinct from disclosures. Instead, it is about restoring a
sense of control. And what is more, my research has actually
shown that that kind of policy is in from self-interest. And if
you try and do the kind of microsegmentation using really
personalized data, for example, preferences of someone over
shoes, then using that kind of data for advertising only works
if there is a parallel sense of control among consumers.
Mrs. Walters. OK, thank you.
Professor Ben-Shahar, what protections do existing legal
schemes provide for consumers to protect them from the theft or
loss of their data, and are those legal schemes sufficient?
Dr. Ben-Shahar. Well, I think that, again, I am not a data
security expert, but my understanding is that there are very
few protections that are granted to consumers. Many of the
things that were recommended that people do after, for example,
the Equifax breach were fairly limited. I mentioned before in
my testimony that I think that the reason there are so few
remedies and recourses is because largely there is no evidence
for the fact that consumers are suffering in a magnitude of
harm that requires greater a remedy in this context.
Mrs. Walters. OK. And then I have another question for you.
How does the use of algorithms to deliver content impact
consumers' experiences online, and is there a benefit we see to
the practice of collecting data?
Dr. Ben-Shahar. I think that benefit is enormous, and it
has been, you know, measured in many different ways. But I will
just recommend to try one time to disconnect all the knowledge
about you from your smart phone and see what happens. When you
open Google Maps and want to go something and it no longer
recognizes after the first letter where it is that you wanted
to go and the inconvenience that you will say, ``Ah, no, I wish
the data service was still on, the recognition was on.''
I think in many contexts personalization delivers
astronomical value that has not yet been tapped. In my own
research I am looking about at ways in which we can personalize
legal rules and other things, but the only reason that we think
about these new areas is because existing areas have proven to
be enormously beneficial--education, insurance, medicine, and
the like.
Mrs. Walters. OK, thank you.
And Professor Tucker, some digital platforms would say
that, when third parties are permitted to use their platform,
that platform gives consumers the tools to control their
experience. Are we putting too much of the onus on the consumer
to review the permissions the developer is requesting and
forcing the consumer to choose which information to share?
Dr. Tucker. So I think this is a very good distinction to
make in that, let's be clear, whenever we have actually studied
search logs of how consumers behave when they are confronted by
control, rather than opting out and, you know, protecting their
privacy, they tend to actually go in and try and improve the
data, because there is nothing more irritating--I don't know if
this has happened to you, that you are looking at a web service
which thinks you are a 25-year-old man, and you are like, ``Why
do you think that?'' Consumers tend to try and improve the
quality of data, intriguingly.
The one distinction I do want to make, though, is that
there are some categories of consumers where perhaps there
isn't that level of control exerted. For example, we have a
study right now which looks at apps which are targeted at
toddlers. I don't know if you have ever been to a restaurant
where parents are using these to quiet down their toddlers, but
we saw there a vast quantity of data being collected. And there
I think it is fair to assume that those toddlers are not really
actually exerting any control on whether their location is
being tracked or their use of the sort of My Little Pony app or
whatever it is.
Mrs. Walters. Thank you, and I yield back the balance of my
time.
Mr. Lance. Thank you very much. The Chair recognizes
Congressman Costello.
Mr. Costello. Thank you. I want to share some reflections I
have here and allow each of you to correct my understanding or
enhance it, whatever terminology you may wish to use. From my
perspective, browser history in some respects is a commodity,
but it is very invisible and at this point there is no
regulatory framework for when and how it can be incorporated
into an algorithm.
I take, and this is not a precise corollary, but if I made
a phone call to you and the content of our discussion was
transcribed and it was then sold or utilized for proprietary or
commercial gain, there are some similarities between that and
how an ISP is able to gather some of that content and then
incorporate that into an algorithm or into how advertising
would make its way into my internet searches, or if I go to a
news website, all of a sudden up pops laundry detergent if I
was Googling laundry detergent.
Someone made the comment about editorializing content or
raise concerns on the political side. It may have been Ms. Moy
in her written testimony. I read everyone's written testimony.
The trouble, the thing that I am grappling with on the concerns
related to what kind of political content shows up and how you
might be able to shape one's opinion of things is, what is the
difference between that and picking up a newspaper in the
morning? And I don't really know how to distinguish between--
you can distinguish between the two, but in some respects I
don't know that you should distinguish between the two.
As it relates to the Federal Trade Commission, if we are
talking about, particularly on political content, but even
amongst other things, how would the FTC go about adjudicating
equal time if we were to get into talking about political
content, and how does it get, how do you determine, oh, well,
you put too much left-leaning or too much right-leaning
content? I think that that can get deeply problematic.
And I believe, also, Ms. Moy mentioned something about
adding protections for consumers, if you could share with me
what kind of protections you might be speaking about.
The gentleman, I believe it was Dr. Ben-Shahar, I agree
with your testimony. I don't think that these waivers or
disclaimers or--it doesn't mean a hill of beans. I totally
agree with you. I am not sure, I think that is just more about
indemnification or protecting one's liability, and that is
fine. I mean, I don't think we should expect more from that. I
don't know how you could expect more from it.
But the final thing I want to say for comment relates to
Ms. Tucker's testimony. And in the final two paragraphs, you
talk about how different types of data can have different
consequences and that any regulation, rather than treating all
the data the same, needs to distinguish between what kinds of
data may be actively harmful to consumers and what data may not
be.
And it seems to me that we are really talking about values
here, right. We want algorithms to be able to be helpful to the
consumer and, candidly, in some respects helpful to those who
are going to use that data to make sure that you have
information that you may be more predisposed to wanting to see.
We don't want that data to be harmful.
See, I am going on way too long. How do we create a clear
yet evaluative standard and entrust everyone to follow it with
enough tools for the FTC to embrace that kind of framework if
we were to do it? I have spoken way too long. Comments?
Mr. Pasquale. I mean, I just want to--I have two quick
responses, one being that I do think that, you know, in terms
of thinking about what data is sensitive and what is not, that
can be a strength of a privacy regime.
But if we also look at the work on big data proxies, how
like Nicholas Terry has described, how you can have, say,
location could be a proxy for race or the very data that you
don't think is terribly sensitive could be a proxy for other
data that is sensitive, that is where I would turn sort of Dr.
Kearns' work against Dr. Tucker's work in a way and sort of say
that there is a way in which, you know, it is because of these
sort of inferences you can make from somewhat insensitive data
to sensitive that is important.
With respect to Google and the newspaper, the difference
that I would make is that I would say that what we are
concerned often with respect to unfair algorithmic influence on
political activity would be something that was a lot more
subtle. So, for example, imagine if Facebook decided it was
only going to encourage Democrats to vote. We do have studies
that have shown that that can lead to I think it is a 0.63 or a
small increase on the margin of the people whose feed is spiced
with get-out-the-vote advertisements.
So that is something I think we definitely have to look for
because, when a newspaper says ``Vote for X,'' I can see that.
But when Facebook, you know, suddenly spices the feed of the
people that, say, it likes, then we can't see that.
Mr. Costello. Fair point.
Ms. Moy. So yes, and I will just add, you know, when it
comes to--so a couple things. One, you know, when it comes to
the FTC's enforcement authority, at the risk of sounding like a
broken record, the enforcement authority really is limited to
deception, unfair and deceptive practices, and there is no
civil penalty authority.
But, you know, on your question of paid political ads,
specifically, you know, I think that this is a really hard
challenge that I suspect we don't have a lot of really good
answers for yet on how to deal with. You know, one thing,
though, is that there is very little transparency about what
ads are being paid for and even when they contain political
content. The FEC is conducting a rulemaking right now to at
least explore the possibility of increasing transparency when
it comes to labeling of political content on platforms, but--or
online, I should say.
You know, but I think also this is a question where it
might be extremely difficult to identify some political
content, for example, when it relates to issues as opposed to
candidates, without human eyeballs. And there is a tremendous
amount of content that gets posted online and not nearly enough
human eyeballs reviewing some of that content to determine
whether and to what extent it might have a political effect.
Mr. Costello. I am just going to read this, something real
quick into the record. I know you are ready to get out of here,
Mr. Chairman. When someone states, quote, ``I could slow
down''--well, we talked a lot about power that exists in the
hands of those that are not ISPs. For instance, just last
weekend, Matthew Prince, the CEO of Cloudflare, signaled he
would look into taking up a challenge to slow down the FCC
Chairman's internet speed at his home. These apparently are not
the least of the threats to Chairman Pai's home life.
When someone states, quote, ``I could do this in a
different but equally effective way''--and I would like to
submit the entire string of tweets for the record--isn't it
clear there is a great deal of power in those that are not
governed by the same rules in the internet ecosystem? And how
would your reaction be different if an ISP did this rather than
an edge provider?
We don't have time, but if we could take any comments for
the record on that, because we are dealing with this larger net
neutrality issue, and I think some of the concerns are that it
is not just ISPs that we should be looking at. There are some
others that aren't governed that clearly have the power to do
things that we all have concerns about. I yield back.
[The information appears at the conclusion of the hearing.]
Mr. Lance. Thank you very much, Congressman Costello.
Seeing there are no further Members wishing to ask
questions, I thank all of our witnesses for being here today.
Before we conclude, I include the following documents to be
submitted for the record by unanimous consent: a paper from the
21st Century Privacy Coalition, a letter from the Electronic
Privacy Information Center.\1\
---------------------------------------------------------------------------
\1\ The paper has been retained in committee files and also is
available at http://docs.house.gov/meetings/IF/IF17/20171129/106659/
HHRG-115-IF17-20171129-SD004-U4.pdf. The letter appears at the
conclusion of the hearing.
---------------------------------------------------------------------------
Pursuant to committee rules, I remind Members that they
have 10 business days to submit additional questions for the
record and I ask that witnesses submit their response within 10
business days upon receipt of the questions. Without objection,
the subcommittee is adjourned.
[Whereupon, at 12:47 p.m., the subcommittee was adjourned.]
[Material submitted for inclusion in the record follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]