.. >> if the single qualifying criteria is clean skin opposed to well-suited for the job, i think collectively it produces

success. all that said, i point out clearly as far as one in the goal. they are going to succeed. okay? >> okay, thank you very much, and everyone, we'd like to thank you for participating and give general hayden a big round of applause. >> thank you. [applause] >> we'll see you here next year, and we still have some books for sale to support jamestown. look for the dprks vd -- dvds of the conference to be coming out soon and have a safe trip home. [inaudible conversations] >> in a few moments on the communicators, john, the head of the federal trade commission. in a half hour debate on tax

cuts and unemployment benefits. in little more than an hour, campaign spending and political advertising in the midterm elections. >> john, before we get into the substance of the ftc's privacy report, i want to talk about the policy or the process a little bit. this is referred to as a staff

preliminary report. where does it go next? >> realm, i think one of the things we do, and we make a report for it is we take comments from stake holders, consumer groups, industry, perhaps other government officials and state attorney's general because we understand privacy, and we've obviously worked to learn quite a bit about internet privacy, but we also understand we're not perfect, and so we want to take excellents about how to implement a do not track hesm, and -- mechanism, and you know, ensure when there is privacy by design. it's a good practice, and it's one that helps us ensure that we get the best information from the folks who are really involved in the day-to-day workings of the industry. >> well, this report just came out. what is the next step? does it go to congress, full ftc

board? what happens? >> we sent it up to congress, of course, and it's really resinated as i think you guys know, and it has gone up to the ftc board, the commissioners, we voted 5-0. we're a driven consensus organization and released a report to move forward, and we're all proud of that and the approach to people's problems and privacy in particular. we might refine it here and there. >> are suggestions given to you? >> yeah, by steak holders, and we'll have a final report sometime next year. >> there's three major points to this report that you have sent up to congress. number one, companies should promote consumer privacy in every stage of their products and services which you call privacy by design. point number two in this report,

simplified choice. companies should simplify consumer choice, and finally number three, call for companies when it comes to online privacy to provide greater transparency of their data practicings. point number one, what is privacy by design? >> i wish we could take credit for that phrase, but it comes from the privacy organization from ontario. rafi, the children's singer, by the way who is very, very famous. the notion of privacy by design is making sure you have privacy in the sectors you develop. i'll give you an example of a failure of privacy by design. there was no privacy component or inadequate privacy component

early on, and that's why the earlier versions of p to p file sharing allowed for theft of information from people's and consumer's computers and even government computers and corporate computers. that's why privacy by design is an important feature going forward. >> tommy ron from "politico" is also joining us. let's dig into the aspect of the report. >> sure. >> it's one thing to say that companies should bake in privacy of all they do, but what role does the ftc play? >> i would say we have two roles here, and this goes beyond this section. one role is a policy function. i mean, this report is really in a certain sense two-fold. it's best practices for companies, and it's advise to

-- advice to lawmakers through privacy which we all recognize is going to be a major debate in congress and should be. our role is one, providing guidance to companies, and two is when they fall below the standards we except of them, when they engage in unfair practices or have inadequate data security, bring enforcement actions, bringing cases again companies under our statute. >> sure, speaking of those actions, as all of this plays out on the report, you solicit reactions from stake holders, lawmakers, and issue the final report. what can the ftc do now with the draft framework you put together? >> that's a great question. i think it's already having an effect. we expected to have -- i mean, we worked with companies, consumer groups, and we expected to have a somewhat favorable reaction, but from

companies from consumer groups, from lawmakers, you know, across the board privacy is a very bipartisan issue. we've really -- people have really been very supportive of our report, and i think we'll get it on track later, but just yesterday, microsoft announced they offer consumers a do not track mechanism. that makes it clear it is feasible, and we are now getting by-ins from companies to move voluntarily to have privacy by design or give choice to consumers or have more transparency than it is to do by government regulations. we're egg nos tick. we're happy to have -- we're just happy to see companies move forward. >> seeking of microsoft, we had a privacy series here back in september, and one of the guests was anne toth of yahoo and she

talked about what yahoo does to ensure privacy. >> the technology on the internet has a lot to do with browsers and delivering pages to specific users, and it is fairly technical. we go into in detail talking to consumers about the specific data transmitted by your browsers to our servicer. that's the data that the data retention policy deletes after 90 days so it's not kept, but what we're trying to do rather than rely on a privacy policy, we are looking for ways to make this kind of information a lot more understandable, so simple fie it, and talk to consumers in a language they can understand, and we're looking for symbols, shortcuts to get consumers really actionable privacy information that they don't have to dig around and look for, but it's ready for them in the product interaction. >> well, i mean, i think that's exactly right, and, you know,

yahoo has a wonderful and very evolved data retention policy. they only keep the data, i think, as anne mentioned, for 90 days, and one of the things we say in the report is data should only be kept as long as necessary, and so we want to see more responsible companies out there. a lot of them are, but not all of them. >> let's dig more into do not track. microsoft announced internet 9 has a traction protection policy on it. what specifically do you think of that technology? it includes a component of various groups, individuals, you know, even government agencies, i suppose, to draft their own lists of sites that are green lighted or red lighted. it's the networks you would and would not see. what do you think of that particular functionality? >> first, i want to commend microsoft for doing this and giving consumers real choice by

being tracked. it's part of the reason we put out an early report because we want feedback. that is an approach you can take to block third party cookyings, but it creates a red light site and green light site, and so i think what they're doing is really an important step forward. we'd like to see other technology companies, and we've been talking about them in browser vendors as well, and i think you'll see that, and we're hoping that the advertising community will also support this. >> speaking of the advertising community, here's what the interactive advertising bureau had to say about your do not track proposal. >> it is compromised of million interconnected websites, networks, and computers, a literal ecosystem all built on the flow of different types of data. to create a do not track

program, requires reengineering the internet's architecture. >> well, i don't think microsoft is reengineering architecture, just giving the consumers choice. i understand the bureau. they are a lobbying organization for companies that like to put third party cookies in people's computers. if you think about third party tracking distinguished when you go on a site and they give you recommendations, and we all understand that's the company you have a relationship with. think about third party tracking. i'll give you an analogy. say you're walking around a shopping mall, and there's a guy standing behind you and he doesn't know your name, but knows where you live. he's setting up this in front of you an he wants to buy a new suit and uses an american express card. if the guy is following you,

that would be troublesome, but if he's following your daughter, you want to punch him out. that's what's going on with third party tracking. consumers don't realize there's a cookie in their computer and follows them. if we're not begin the option of being tracked on the internet, i would not take it. i like having targeted ads, and i think most people do. >> consumers should have a choice, and that's a fundamental component of the report. >> you've been talking with companies and browser to implement the technology. how does industry self-regulation work? half the ftc put together was either congress grants the authority or industry could lead the way. what role does the ftc play? >> two things. if industry comes around to this, we will commend them for it because they are taking a

major step in favor of consumer privacy and choice. if they don't, we have our bully pulpit, and we sometimes admonish those who don't necessarily violate the law. we could be doing a better job, but that's one part of it, and the other part of our bully pulpit is, of course, too, and the commission is not in this position yet, but we could call for legislation on this, and i think many of the companies who want to do the right thing to give parties more choice on third party tracking, and a lot of others would rather do it voluntarily than have congress write the rule. >> sure. what take away did you take from the do not track hearing on capitol hill? did you feel the run the same track as ftc or becoming political? >> i got the sense that privacy -- and i know this because i

testified a lot on privacy issues. it's a really bipartisan issue. when i testified about internet privacy with the ftc before the senate commerce committee at the beginning of august, it was megs how, you know, it wasn't just chairman rockefeller, but senator thune, and a wide variety of people on both sides of the aisle that really care about consumer privacy, and so when i watched and listened to parts of that hearing, and it's one of those hearings that started and two hours of votes, and then people came back and it ended at two o'clock in the afternoon. i caught some of it. i was pleased by the reception. there's no doubt that folks did their home work and there was questions asked that were legitimate questions, but i think, for the most part, we'll see resonance on capital hill in

supporting consumer privacy. >> it seems they're considering the new members entering, the new chairman of the energy and commerce committee, but there seems to be a disconnect between democrats and republicans on the issue of do not track. whitfield, for example, who could personally take over the consumer protection subcommittee was not a fan of the technology. he didn't speak favorably of it. do you sense there's a political disconnect on the issue? >> i don't. i really don't, and you know, time will tell. i think particularly if it's implemented by companies -- i think some of the business community that opposes what we're doing probably said, ewe know, industry is totally opposed to this, and you know, this is going to change -- as the quote from "change the ecosystem of the internet," but when you see companies like

microsoft, the leading browser market company endorsing this, i think that also sort of helps so that it helps people understand members of congress so it's not opposed by the business community. they want to do the right thing. >> job, one of the -- john, one of the things i read on your report of the do not track is most of us on the commission support the do not track is how it was written in the report. was there dissension? >> there was no dissent. it was a 5-0 report. one of my colleagues, bill, a wonderful commissioner, and was the last chairman under president bush, and stayed, was concerned that the technology wasn't quite there yet, and i think, i haven't talked to bill since the microsoft announcement, but my guess is this will help give him comfort, and again, i think that it was --

he had a -- i think he concurred in his recommendation, but all of this, and this is one of the wonderful things of the federal trade commission that we're all committed to the trade agency and committed to ensuring privacy protections and balancing because we want business innovation and an innovated internet. >> how does do not track compare to the quite pop popular do not call? >> well, they have similar names both designed to protect consumer privacy, but they are very different. with do not call, there's a registry. there are close to 200 million phone numbers signed up for it helping to ensure the peace and quiet of american's dinner hour. it's the most popular government program since the elvis stamp. with do not track, it is

conceptually similar in so far as we are calling for something to help consumer privacy and consumer choice, but it's different. we didn't want to have a main registry of numbers because we thought that could be harvested by spammers and spy ware. we also thought that the technology was just about there or is about to be there for the ability to block third party tracking from consumers. we thought it could be done voluntarily through the browsers, and so we're bringing on a wonderful, tony, you probably know this, a technology gist named ed falton, and he has not started full time yet, but was very, very involved in thinking of the do not track registry and reviews the report and that's been helpful for us. >> our guest is on, and we're

talking about the prelim they're staff report on online privacy. tony romm from the "politico" is our guest questioner. >> this puts consumers in a position where they could not access sites they wanted if this is enabled. consumers have to register, put an e-mail in and pass word, but if they had do not track enabled, they couldn't view the site they enjoy. is that realistic? >> well, i have heard some of this, and the role that, again, i mean, we want to empower companies to do this in the way that they feel they can effectuate it best, but part of the reason why we do a preliminary report is to take comments about the best way or a series of ways to do this. you can standardize a do not track mechanism in a browser,

have a standardization, or have different approaches, and i think whether it's microsoft with this announcement about sort of, you know, a red light and green light list, and you could pick your list so that presumably you wouldn't be blked from accessing the sites you want or whether it's the approach of the second largest browser where you have a protocol that says do not track me and companies or advertisers have to say, we agree this to, and we won't track you. this is a time of roling out the technology, thinking of how it works best, and we want consumer choice. you know, those in the community that oppose do not track, and as you know, there's much more in the report other than do not track. that's just resinated the most. you know, it's what, for example, the imb, i have respect for them, but they want to raise

concerns. if they have concerns, i'm sure that the innovative internet business community can start to work them out. >> another thing in your report, another area in the report is transparency, and when companies provide their online privacy statements to consumers, you have described them in the report as inexrensble and -- incomprehensible and inadequate. >> i think that was my description of how he described in the report. our report is slightly more nuanced. but consumers don't read privacy policies particularly online. what consumers want to get to is the last box to click which is i want to make this purchase or i want to do this, and so, you know, these privacy policies are written by lawyers. i'm a lawyer too, and i don't like to admit that to people, but they are full of legalisms, and consumers really deserve a clear, you know, more

transparent notices so that they can ensure and sort of understand what they are actually agreeing to. there was a -- it's particularly true by the way in the mobile space with so much of the internet advertising. i mean, how can you do 20 clicks 20 get to the privacy policy? right? i mean, it's just inherently unfair to consumers. >> there's a british gaming company on april fool's, they wrote a clause into their uniform, the licensing agreement, that said if you opt out, bewill give you six pounds, or about $10, if you opt out. but if you don't, then we have your soul. you have given us your soul for all eternity. do you know how many people opted out?

11%. that's a significant online gaming commuters. >> to turn towards enforcement, one of the things i know you and others at the ftc reported was you talked about flash cookie technology. what is the ftc doing in that space? >> well, one of the obstacles to a do not track mechanism is that the browser at this point, not all browsers can block. i don't think they can block adoe by flash cookie. we are working with adobe to do that and they are smart people who have browsers. >> with respect to adobe and others in the space, are there others involved with this in

respect to privacy? >> yes. put adobe a side. this is a policy issue with respect to adobe, but we have a number of investigations involving internet privacy in the pipeline. we had a few announcements in the last few weeks, but you'll see more. >> anything you can detail? >> no. >> i tried. >> one of the areas that you have worked on in this report thirdly is simplified consumer choice that companies are not providing in your words consumers with choice whether or not they want to be tracked. is that something you would like to see mandated? >> it's something i would like to see at this point and the commission would like to see more of for consumers. there's some areas by the way, where you don't need choice. for example, if i go to an internet site and order a product, i don't think i should have to get a choice for how they ship it or whether my

information goes to the shipper. it's obviously -- it's sort of what we an anticipate what happenses when we buy product from amazon or anyone else. there's other areas, trashing one, but not the only one where consumers should have choice with the data. there's a whole ecosystem, and some of it is good. nobody wants to get rid of the free internet, the free qon sent that consumers have become to love and expect, but there's a lot of things that just don't involve consumers. they don't see. they ought to have more choice about that. >> jon, in the past you used notice and choice and harm-based tools to assist consumers. how effective have they been? >> we think they have been very effective in some areas, and somewhat effective in other areas. for example, there was a problem four or five years ago with --

it was a spyware called nuance ad ware. you click on some piece on the internet, and it puts a software in your computer that feeds you advertisements, and maybe it's only 10-15 advertisements a day, but one company we put an action against. it acknowledged that they were responsible for 6 billion ads in consumer's computers. that's a lot of harm. the harm-based approach and the fair information practice principles noticed in choice approach have been two different ways in which we have looked at privacy issues, and in this way sort of is a -- it incorporates those and goes beyond them as well. >> sure. i guess the next step of the talk is to look at do not track in relation to the other issues here. it feels the debate focused

entirely on do not track. do you think it's to the detriment of the rest of the report that companies and stake holders, and us at the table talk about the new technology, but not on privacy, literacy, and education? >> i don't think it's to the detriment of the report. it's just to the part we thought would resinate the most. it is resinating enormously across different stake holders and really among consumers. there's a lot of other things in the report, but it's only been out for a week in preliminary form, so i think the notion much sort of educating consumers and having companies provide a little more balance and choice to consumers will continue to be discussed. our expectation is that we will go up and do hearings next year before members of congress in both houses, and so, no, you know, i did -- when we did a press availability right after we released the report, it was a half hour. i had to say remember, there's

more to the report than do not track. it's a substantive report. our staff did a terrific job as did the commissioners. we had this percolating at the commission for quite some time, and i think the whole thing will resinate and hopefully we can move forward with a little more choice, transparency for consumers and more baked in privacy protections. >> is there any policy recommendations for wireless? >> i think our policy recommendation are -- our policy recommendations are consistent across different platforms, but when it comes to wireless and hand held devices, you have to think about them in a slightly different way. so, fretion, one issue -- for example, one issue is privacy policies. consumers want to know what th