>> guest: we are interested in the platforms and upgrading systems and mobile app stores

and device manufactures. we ensure the american consu suz are protected. >> host: you have talked about the internet of things. what do you mean by that? >> guest: we do a great deal to protect consumers and i am interested in making sure the ftc says abreast of current technology with the internet being one of them. today, we see all sorts of every day devices increasingly becoming connected to the internet and communicate with each other and consumers.

so you see connected cars and appliances and it can bring a great deal of benefits for consumeemers but also raises pry concerns. i think there are three challenges and the first one is there is a tremendous amount of information that is being collected by these devices that are connected to each other and connected to the internet. also, the information that is being collected, there is the potential for that information to be used in ways that consumms consmerumers

consumersd. and thieves could access the information and use it in malicious ways. >> host: haven't we signed over a lot of price privacy to big compani companies? >> guest: at the ftc, we think consumers should have more control on how the companies are using the personal information of the consumers. we advocate three things and first is privacy by design. we encourage companies from the outset of when they are conceiving of new products and services to think hard about the

privacy implications that they are doing and think how much information is really need. so if they can minimize data that would be best. and we advocate what we call or refer to as simplified notice. we want companies to communicate to consumers how their information is being collected how it is being used so that consumers have, again, control over their personal information. and then the third major principle is the idea of transparency. a lot of what is happening happens in the background and black box and consumers may not be aware of the extent and that creates an issue so we would like companies being more open

about the privacy practices. >> and joining the conversation is lin stanton. >> hi, let's delve into the principles you mentioned. privacy by design, the designers of the app don't design the entire app. they take off the shelves pieces of software and may not be aware of the information it collects. what kinds of responsibility does it have and does the ftc have the tools to deal with the device, software, service provider -- how do you deal with all of the pieces? >> that is an important point you are making. the ecosystem is complex and there is a number of players.

we ahave jurisdiction over a god number of the players, not all of them. we don't have jurisdiction over common carrier and there is exception under the acts that don't have jurisdiction over voice, for example. we think that is outdated given the blurring of lines you see when using a smart phone, for example. so the commission has been advocateing that be removed so we have jurisdiction over the full eco cysystem. but we are looking at app developers and device manufactures. we have brought cases across the eco systems to encourage companies to be looking at the issues and make sure they are

not engaging in unfair practices. for example, if a company make as promise about how they will be handling consumer information, we would expect team do that. if they don't, we bring enforcement. we brought enforcement against htt america because they had security flaws in their software that led to the disclosure of personal information. we feel all of the players have a role and we are on guard to take action where appropriate and also at the same time we have a policy and research function where we encourage best practices and we have been looking at new emerging

technology, including the internet of all things. and we had a workshop to learn more about these technologies. >> typically in the past, consumer information is things consumers provided to the company like your payment history so they have your names, address, members associated with accounts and whether you were paying them on type. but with this new eco system, they know who you are, they know who you call, which apps you use, how things interact with you, your heart maybe even. does it require a different approach when it is this kind of information? does the ftc's authority cover this new information like

financial, health? are there sensitive information we might not have realized are sensitive as the devices learn so much about us. >> guest: a couple things to note is that we have been involved for in this for certain mount of of time. this is falling under e-bick data where you have a vast amount of information and new tools to process the information and allows companies to make certain infrences to them. the amount of information beinging gathered is greater magnitude and this raises

difference because so much information is being disseminated. i think one thing i believe you are getting out is that sometimes you can have benign information and make infreces. an example of this is one that was reported in the media where target had analytical tools they were able to determine based on the purchase of the individual and determine she was in fact pregnant because she was purchasing things like unscented lotion, for example. so it can raise concerns on the inferences being drawn and how the information is being used. these are issues that companies have to think hard about.

and we are tackling and making sure companies abide by relevant law and this can lead to something that is referred to as discrimimation by algorithm. and what is being made and how is the information being used. one thing we are argue is that we are analyzing and have been conducting a study on data brokers. and these companies take information from online and offline sources and sell the information to companies that use it for a variety of purposes. we are reaching a conclusion and hope to be issuing a report soon. it includes making sure the companies abide by the credit reporting act, the fcr, which we do enforce. and i think there are other implications and we are thinking

hard and asking the companies to think how the information is being used. >> host: chairwoman, do you feel the companies are cooperating and do you feel the fcc has enough enforcement tools? >> guest: let me address the first question. i do believe the companies now, and in the last several years particularly, understand consumers understand a great deal about their privacy and they are reacting and responding by making sure their policy and practices ensure greater safety. i think more needs to be done in the area so woo advocate best practicess and where our

enforcement authority applies we take action. i believe there needs to be federal regulation in this arena because i think more needs to be done. we have an approach in the united states where we take a factorial approach to information. we have laws that apply to financial information and health information. and we at the ftc have done a good job of using our authority to enhance privacy protection, but i think more needs to be done and i favor a federal law in this arena. >> you support data security legislation as well. most of that legislation focuses on obligations to protect and after the fact punishment, but for consumers it is better if

the breaches don't happen and the data wasn't out there. why haven't companies done more given the the public relation nightmares these exposures take, and the financial obligations occur? >> guest: i think you are hitting an important point that companies need to be doing more at the front hit. and you hit on data security and there we are looking at the front end. under our authority, what we expect of companies is they provide reasonable and but in place reasonable security measures to protect consumer information they use as part of their business operation. we do find as you are suggesting based on experience and the enforcement work we have done, we find many companies are still not put in place appropriate security measure to protect the

consumer information they maintain; that they collect and use. that experience is backed up by data. verizon releases an annual report analyzing data breaches and finds the intrusions are the result of low-difficult hacking. and what that tells me and there is a lot more that companies need to be doing as a general matter. we are doing what we can through enforcement authorities, but encouraging companies also and we bought our 50th security case. but we are trying to alert companies of their obligations to provide adequate security. there is another area where as a bi-partisan commission, we can have support and endorse for

legislation action in this arena asked congress to enact a robust data security law and would have strong data breach notification requirements. and we are also asking for civil penalty authority for the ftc so we can have greater deterance in this area. and we would like to have access to non-profits because they have had breaches. and we have for ruling to implement the law. >> host: edith ramirez is our guest. he is a lawyer and a harvard law

grad and severed to the "the harvard law review". >> we were talking about data legislation and in reality the political prospects getting passed are not that great. there are a few issues like state authority to enforce and they proved to be blocked. given the authority you have right now, have you looked into the idea of multi stake processing that they are using with respect for privacy and now they picked one up for paton online issues. do you think that could be a good approach? >> guest: absolutely.

i think self-regulation, as long as you have robust organization, we support that. and we at the commission support that as long as there is a robust standard and an enforcer such as the ftc i think it can be very important to compliment the work. >> host: what kind of work do you do with the fcc? >> guest: we collaborate into number of areas with the fcc and that is including enforcing the "do not call" rule. so yes, we work with them on a regular bases. >> you mentioned some carriers, the companies that are common

carriers are looking for transform networks into procall base networks which under fcc regulations are not considered to be common carrier networks. do you see that as changing the implications and the interactions between you and the fcc in terms of the eco system and you having greater enforcement authority potentially over the kinds of services and that would be over the top and internet and non-common carrier services you have in the past? >> guest: i don't see anything changing. when we talk about eliminating the common carrier regulation, we feel like we would like to apply the rules to the entire eco system so everyone shares the same rules of the road.

we have a good relationship with the fcc and each of us have a different, but equally important, role. we work closely with them and my view is we can continue to do that and see how thinks develop over time. but i see each agency have important roles. >> host: what is a privacy score and why is that becoming significant? >> guest: by that you mean companies giving themselves a privacy score? i think what is going on is this issue about communicating in some way to consumers what protections are being afforded and how they can get more information to tell the difference between companies in

terms of their privacy and data practices. we advocate what we call simpleified choice. there is talk on how companies can communicate to consumers in an easy and understandable by how privacy-protective they are. and there are talks on how one can go about that. >> host: edith ramirez barry stein heart was quoted as saying the united states is basically the wild west of privacy. do we have different standards here than the rest of the world? >> guest: we do have different standard than, for example, european laws. for some time, there has been a misimpression from let's say the

european prospective about how americans feel about privacy. let's me also say that we engage internationally with counter part agencies around the world and that includes data protection authorities around the globe whose mission is to protect privacy. i think we actually at the ftc have been engaging with counter parts to let them know americans care about privacy. we may not look at it the same as people in europe, for example, but we care about and the work we engage in is

demonstrative of this in the work we do. the fact of the matter is around the world you see different approaches. so when you talk about international, one issue we care about is how the various systems interoperate because different jurisdictions has culture s of privacy in addiction to the legal approaches to privacy. so the question becomes given those differences how can these systems work together in a way that provides effective and robust protection for consumers. wh that is what we ultimately care about. a company might be using service providers in different parts of the world, the issue of how you interoperate is critical. we need to develop systems in order to make sure there is

intra intraoperability and let data cross borders is a safe way. >> you have the safe harbor agreement with the european union that ensures when a company takes the data outside of the country. there is push back from them in the wake of the nsa leaks. there is concern on allowing u.s. companies to take the data out because it would expose them more so to our government intelligence operations. you brought enforcement actions

across companies that were claiming to observe the safe harbor but had not recertified themselves. was that designed to address the concerns in europe about how robust the safe harbor projections for european citizens? >> guest: the program is adman sist ministered by the department of commerce and it allows u.s. companies to transfer data from europe to the u.s. and over the years, there have been concerns voiced about how robust the program is. we think it is necessary tool that works well and provides an important function given the significant trade relations between the u.s. and europe. but we also have heard the

concerns that have been expressed by our european colleagues. in our view even though the program, we think, is working well, we understand certain companies may not be complying and we'll take action. the ftc was expected to receive referls from europe when there was concern about a company maybe not complying with the program. as it turns out, we received very few referals and that was one of the reasons why we have not taken many action. we started hearing the concerns a few years back, and we on our own started taking initiatives. we have brought close to 25 cases in that arena so we are

making sure we are doing everything we can to insure the program works well. we talk to the european commission on how the program can be improved and robust. >> we are out of time, unfortunately. edith ramirez, chairwoman of the federal trad federal trade commission. please come back. >> on the next "washington journ journal" : you can join the conversation

on facebook and twitter. >> tim starks is here talking about legislation make its way through the house and the senate on the aid in ukraine. what are the details on the measure? >> this was a procedureal vote that needed 60 votes to advance. the vote was 73-18 although i think there was discussion on whether it was 17 at one point. it was a bigger margin that you might have expected given the

number of republicans. i think everyone knew it would succeed, but a bigger margin than i thought it was going to. the bill does three main things that are at the forefront of what congress is doing. one is a sanctions piece aiming at russian officials or past officials that we have decided have been responsible for wrongdoing involving territory sovereignty. and one billion in loan guarantees to ukraine and the congress needed to rule in. and the third piece is the sticking point and that is the one that allows the restructuring that the international monitary fund wants. it allows it