the analysts talked about facebook privacy rules and the misuse of the facebook data by cambridge analytic and they previewed hearings on facebook with ceo mark zuckerburg. they posted his 90 minute discussion in washington. >> [inaudible conversations] ..

i'm kevin bankston. america ensures everyone has access to the internet and its open and secure. i want to thank you for joining us here today at erica for our conversation about facebook after cambridge analytica and what we should do next. if you are not sure what i'm talking about you might be in the wrong room but once upon a time there was a fast growing social network called facebook. it hoped to grow even faster by becoming a platform for other apps and so in 2010 it launched an application interface that allowed app developers to use data from facebook users who signed up to use their apps. but there was a big privacy catch, not only could they obtain data from their users but

also from the friends of those users and although facebook notified users of the setup through their privacy policies and there was a knock particular easy to find privacy setting for adjusting what day-to-day your friends could sure about you but default on that setting was perhaps to have incredibly broad access to friends data and most ordinary users have little understanding of it. so for about four years until facebook tighten up access with an updated graph 2.0 in 2014 untold thousands of apps to date off of facebook from people who didn't even use their apps. the primary guardrails of protecting that data from misuse after platform or simply a terms of service for app developers telling them they should only use the data for providing the service users have signed up for and they shouldn't. for example sell at all to a

spooky consulting company that wanted to build profiles. of course now we know that's exactly what happened. 2014 alexander kogan used a survey at and was able access facebook users and friends data was able to obtain personal information about and up to 87 million facebook users. kogan sold that data to cambridge analytica political consulting firm that worked with the trump campaign and the brexit campaign and brag about influencing other political outcomes in mexico australia and kenya and based on recently released under recordings have sent text workers as part of its toolbox for influencing

political candidates. we learned about how cambridge analytica had obtained this data we have also learned that facebook is known about cambridge analytica since late 2016 but did little other than that mending cambridge analytica certified that it has done so. while facebook continue to allow cambridge analytica to advertise on its platform until just before last month story broke. the stories story is led to a firestorm river new concerned of the privacy on line generally and facebook specifically. the controversy had been raging for over year about how several platforms have been subverted to help spread foreign state-sponsored propaganda for president in an election and other elections as well. now as facebook is losing the ability -- stock value due to loss of public trust and causing

business changes to regain that trust as policymakers in the u.s. and europe are rattling the saber of regulators and only now seem to be starting to understand how facebook works or at least how it worked for five years ago and what that means their privacy. a simple question is, what now? what should facebook do. what should policy makers to him what should users demand that they do in facebook generally. i will be speaking to carroll mcsweeny about the state of on line privacy and how we can improve improve it but before we do that i wanted talk about rebecca. it is dedicated to answering another question that is relevant to the proceedings just how well are companies like facebook privacy collection will give it preview on the corporate

accountability impacts will answer that question. thank you. >> thanks very much kevin. i don't want to take too much of your time other than to let you know that the ranking digital rights 2018 corporate accountability index is going to be launched on april 25 in new york and we have a flyer here. in an april 27 there will be an event here right in this room that we are planning for people who are not in new york. the index, the 2017 index can be found on our web site at ranking digital rights.org to see how we rated companies last year, the

index ranks, 22 of the world's most powerful internet telecommunications companies on their commitment and disclose policies affecting users freedom of expression and privacy. those are the indicators that look specifically at facebook and other companies policies affecting how they handle user data and it will not surprise you you can see our web site from last year facebook did not perform well on the syndicators last year in terms of the policies, the qualities of policies and what is spent disclose and not disclosed. you'll not a surprise to hear there was no revolution or change 2017 and now. you can see our report when it comes out on line on april 25 for all the details and downloadable data and analysis

preview of have you been to new york on the 25th and similar events on the 27th and people will be able to go through and discuss all the results and the details. one other point in relation to this issue the industry in general is doing poorly that facebook disclosures work towards the bottom. that is just a little preview. >> thank you rebecca. we look forward to reading all about that. now i'd love to welcome terrell mcsweeny to chat about this issue. >> i'm back there. thank you for having me. >> of course. i'm going to start with a question that i'm going to pose

as the first question to our expert panelists which is this a tipping point? is this like a snowdon moment in surveillance where we might see some changes in policy or is this maybe more an experiment where we will see a lot of noise but not a lot of action? what did i say? >> i think you just made your own point. let me start by saying thank you so much for having me here today this is my own perspective and not of the federal trade commission. i'm not going to pull any punches. i'm also going to be careful about what the fcc has confirmed in the open investigation into at least some of the conduct that is alleged here. i think we should have a policy conversation so i appreciate it

discussion. maybe 87 million on facebook and is this a big deal? one of the things i was going to say was wow we are not even talking about the fact that 50 million peoples detail information was reached not even a year ago and that incident. i certainly hope this is a moment of change but i think it's a powerful moment because the general data in europe is coming into implementation in mesa changes are being made in response to that. that has a big impact at the same time the news cycle is having an impact on the story. what i would really really like it to have an impact on are the people that we have been talking

years about the protections in the digital age that american consumers just don't care. i think that is demonstrably false. i think there's evidence of people do care and consumer trust is incredibly important. obviously as the top of everybody's list in terms of what they are concerned about for their business and the fact that consumers are not necessarily understanding or anticipating fully all of the risks of transacting on their platform could i personally don't think we should put all of that risk on individual consumers because of what might happen to their data. i think that's part of the policy conversation we should have.

>> currently the ftc fcc is the primary consumer privacy cop on the beat with the authority to go after trade--deceptive trade actresses and you have gone after facebook before. there's a decree on bats in 2011 over alleged deceptions around privacy transition. which comes to the question how did this happen if the ftc are ready had this in place? >> i think that's a 100% the right question. i love the ftc. i think the staff of the ftc are saying and credible job with antiquated authority, the 104-year-old agency using using--protecting consumers from unfair practices. at the same time the agency has

called for its strongest tools. the ftc is not strong enough and it is figured as current authorities and current resources to be the kind of consumer protection agency that is required for a moment in which we are connect every part of our lives to the entry into each other. >> i would start by making sure it's been more or less flat funded for the past three years. the obama administration to call for an increase in resources for the agency but it has never been funded at near that level so as first of all under resource. one of the things that it has been doing and i'm very proud of

sharing the ftc with this implementation bringing more technology into our work and bringing more researchers. we have an office at technology investigations that i think is a great first step in that direction but i think we need to think about institutional design and whether that kind of capability ought to be significantly expanded and maybe a beer of technology just like the bureau of economics. there's more horsepower in the ftc. the ftc needs additional authority to contact outside experts to evaluating. needs in-house expertise and additional resources to bring that expertise and where it doesn't have it. down that it's really important for civil penalty authority and to access breach violations. it needs rulemaking authority

that can at--it can use for security. it's also been studying it and it's been looking at the data broker industry in calling for more transparency and accountability for data brokers that they think that's important but beyond that we continue to make the case for the consumer rights that we need in the digital age which includes things like data affordability and interoperability. those are things we need to focus on as well. >> one of the questions is what the ftc can do and the if someone misrepresents what they are doing with your data that is the ftc's and the would have fared doing something with your data but telling you about it, that is okay.

how do we get past that? first off as a starter is it a workable model? certainly facebook will argue as have you that its users and the f. t. c. were aware of and had notices of how it worked. this is what the product was. where'd where do you go from there? >> the idea that it's a framework that can adequately protect consumers and the environment is correct. i don't think we can continue to rely solely on that. i think the ftc itself is advocating that it relies solely on that framework but the ftc does have limits to its authority. if you're not telling people truthfully what's happening to their information and how it's being used it's very important

but of course it's looking at the rule and how that has been playing out in the marketplace. the notice is clear and timely and the privacy policy agreement it's offered around the collection and use so i think it's been consistently laying out best practices whether the industry has been following it is a different question. and the issue of whether you the ftc is strong enough and i've been arguing obviously that it's not. don't think the ftc needs to be doing this all by itself. we are sitting here and after congress are peeled the stronger broadband privacy rule there was no justification for that.

you need more than one cop on the beat. >> the privacy settings are confusing. it has gotten more complex. it illustrates some of the problems. when the scandal broke and i've been working to some extent but when i went into the settings i found a setting that said ask your question and it was all about your friends and what they can see on facebook and share with these check boxes. some of them are checked by default. which means facebook did not detonate--up david's privacy settings. when i asked facebook does this

mean anything at this point they were like well we haven't gotten around to fixing it or changing it for getting rid of it. some of those checkboxes named one. i was like is that the only one and they were sure. they are not clear on their settings how can we be clear on their settings? >> again i think you are identifying the model that we are using. i don't know if anybody else have this experience in the room her the latest news through through--broke for example i had the opportunity to sit down with my mom to go through the settings and she was very concerned and also wanted some help in figuring out what the settings actually were. we went into that discussion.

said you want to share the information. apps. you can turn off the platform. turn it off. i don't know if anyone else has had this conversation with their moms. would suggest to me is people are trying to exert choices over how their data is flowing out of that first party relationship that they have with whatever service they are using. they may not necessarily know there are more choices that they need. the ftc has been looking at this issue. if you looked recently in our paypal case where we said you can't have a default setting where you have several different options to navigate. you think you have senator private but then you have to reframe that. that's going to be problematic.

the ftc was looking at whether consumers can navigate. the ftc has looks at the case is more trickery. in our case against--for example if the consumer says don't track my geolocation app running programs to serve ads and the general location on your wi-fi is probably going around privacy setting. we have to find ways to make sure they took elegy is inserted into the privacy choice of consumers. the ftc has been looking at these issues. suggest to me there are some problems out there and we continued to be there at it here.

>> it has been influential in her data security pieces. in fairness is a important authority and it's challenging for the ftc in the way courts have limited over the years. we have to have very clear--and while we have been talking about harms that are not just economic such as turning cameras on and emotional arms and things like that it can be very tricky for the ftc to reach some of the conduct using its authority. this is an area where i continue to reiterate you cannot go it

alone. one of the things that happens to the pc when it uses its unfairness authority very aggressively in the congress has stepped in to try to limit it. the agency has been cautious in developing the use of some of that authority. >> you are also a competition authority. there is a lot of talk in the air about platform monopoly or a variety of other ideas. how do you see competition? >> i think competition is incredibly valuable and competition would then affect consumers. one of the triggs here had to do

with the economics of how these methods work. because of the incentives within them it's obvious to me that just more competition is going to yield better outcomes and better connections for consumers or that's why we need additional regulation to help really direct the marketplace toward the outcome we want towards data security and privacy. more competition is good and competition is terrific. it should the advocating procompetitive policies like interoperability and i think we need to be mindful of the fact that we can't rely on competition of the mark source to correct for all of the competition we are seeing here. >> he talk about what congress could do district in your agency what can it do to strengthen the

consumers hand? >> i think congress can start thinking about what are the laws from the past to protect consumer privacy? one thing it can differently do a stop passing laws that undermines repealing so we could start there. we can build on that i taking a look at a number of ideas and looking around the room a number of people have been talking about for a while which is privacy legislation. also conference of data security and security legislation. i would argue for accountability for data brokers. i think that's very important. i also think some of the rights to win control over your data

and meaningful control around meaningful operability and the important conversations that we should be happening having. that's the consumer protection angle. one of the things that we have seen play out in all of these stories in cambridge analytica mean bigger risk than the consumer protections we are concerned about. the potential for technology to be used in an information campaign to undermine democratic come--institutions i'm concerned about the fcc's comments for the open internet order. it is a deeply harmful thing. that's going to require more responses than just addressing privacy and consumer protection issues.

>> there is a comprehensive data protection regulation coming forward later this month. does that strengthen or weaken it and what are the impacts for a comprehensive doll done? >> i really do hope because what is what is happening is the major technologies are coming in and they are compliant across their platforms globally then it seems to me a lot of opposition allowing u.s. consumers to codify is eliminated. i think it could have an effect of making it easier for congress to think about protection for the digital age. >> i do hope you're right about that and i appreciate you taking the time to use chat today

commissioner. i'm going to invite the rest of the panel up right now. [applause] >> hey gang, how are you all? i'm going to let everybody introduce themselves. we will just go down the line of what i would like is for everyone to introduce themselves and then briefly answer the 10 questions. is this a tipping point or an equifax moment? >> starting with me. this is something that's going to have legs for a little while. it's the possible newsbreak initiative might come up. it's been in the works for a long time and there have been questions for a long time.

i think this will make a difference. the investigation will be ongoing and i think the spotlight will remain on how the company response to this weather response to the consumer interest in privacy but also what the impact the responses might have. i think we need to insist on very important consumer protections but we also need to concentrate on the consequences for overcorrection that could exhibit some of the things that we love about the internet and about openness and ensuring competition remains vibrant. this is an opportunity to shut down competition in the name of privacy. >> i'm carolyn hollen. i'm currently attacked policy fellow working on competition in the system and an open internet.

>> my name is harlan yu and i am in washington d.c.. i think to answer your question i sure hope it is. we really have no way of knowing ..

the answer lies in your framing there've been little chips away at the public trust and even the systems at large thursday so i think that has had the success of the crescendo with a great amount of angst that exists in the country that portrays itself as friendly to the consumers and in fact it is the proposition that they are getting facebook says we will make this free for you because we want to connect you. all of those connected to this moment. something happened and it will be baseline privacy legislation but i am an optimist.

regardless i think facebook will have to face the music and change its practices and become more transparent. it will be a significant moment. it depends on what facebook sa says. there will be public hearings next week mark zuckerburg is going to testify. and what path they decide to follow. i think it is a tipping point in this end. this is the first major breach of an internet giant. yes there was a dustup with google, but in my view there are

major issues facebook is willing to comply with. and i think one of the things we are going to watch closely is what do they say about that and how do they respond if this investigation is on to next year it could force the agency's hand. >> in terms of response, they've announced a whole bunch of changes and they will be simplifying their privacy settings although a lot of that was already planned for compliance to clarify the terms of service and explanations but not yet apparently talking about substantially changing those terms. they saw us working with online data brokers and closed a privacy gap in the function allowing the public through finals and i wonder about that

sooner and they will be narrowing what data is available with a range of the api. so it seems that they are doing everything and anything they can and short of changing their business model in terms of service, so the question what else should facebook be doing now and if you were in the war room what would you be advocating for? >> they raised two issues. we will be talking a lot on the panel about the user privacy and the scope of the sensitive user information made available to its developers that i think there is a vital conversation we need to be having a which is as

facebook starts to raise the wall how is the public going to scrutinize what's happening inside and in particular how the business model is vulnerable to potential abuse and how the public finds out and addresses. because of the links to the political groups and campaigns i think what a story dated that intensify people's interests and the way the facebook be done and platform was being used to manipulate both the election and political discourse so from that they promised an amount of transparency after its own internal investigation of russia interference.

for the avid transparency, that would help everyone especially political watchdog groups and reporters keep advertisers accountable for who they say they are and what they say to different groups. i just want to spend a few minutes talking not about the user privacy side without ad targeting. i'm talking about any message on facebook touched by money whether you are a company or not to a certain segment of the facebook users. we are obviously talking about the political campaigns, political groups that want to do if you add and we are talking about other gravitational states that want to spread intentionally misinformation

were to exploit certain decisions in our society. i am also talking about ways that advertisers might be using facebook at the targeting platforms to prey on for movable consumers. these are ads that are trying to find patient or fraudulent opioid rehab centers or aggressive as for the for-profit colleges were sketchy repayment schemes or campaigns that drive the discrimination as we are talking about advertising in the finance and employment and housing so these are the kind of legitimate ad targeting.

on this business model finding certain segments to target specific messages the main question i have is how would the public be able to scrutinize its targeting behavior and addresses of these abuses and what is facebook going to do to help address the issues.

if you are a user and go to an advertiser's page. in principle all of th the prins are visible but it's also a very manual process. the. it also build a robust api with research functionality. the second thing is that facebook started to make enhanced transparency promises

to. they should be turning their attention to all ads that are being run on the platform. it's important not just to know the content of them. it gets complicated because some advertisers don't use explicit targeting criteria.

the users that have the same features. the. to the extend faceboo extent fas already giving enforcement they should disclose to the public a detailed accounting of all the bad ads that they are taking down and for what reason. it's not just facebook telling us they are doing these things.

it's to verify the case and so i will put a plug on the report that the team is releasing the next couple of weeks to serve as a public advocate guide to the end of transparency. we are building a manipulation layer into the internet we don't understand and can't control and it will be helpful in grappling with that. in terms of my wish list i would

add greater transparency in the venues like this we did invite facebook but they are busy. but i will say they've done a lot more press on the record in the transcript in things like that and obviously they are testifying in congress and don't have a lot of choice. as far as other people's wish lists, they were in the war room, other things which as we move onto another question to ask >> let me say what i think they should talk about doing. one of the problems in the cambridge analytics shows this, how little control facebook was exercising over the party in particular the developers so facebook has recently acknowledged they don't have

contracts with the third-party developers. they don't have any remedies in case there are a delivered overharvesting or sharing. they obviously did no due diligence on any of the third-party developers and so when it comes to how you solve the problem part of it is there has to be greater oversight control, and yet this whole episode has proven that was one of the aims of the dissent decree that require facebook to identify the threats to privacy and to plug those threats and so since the third-party app developers have access to this data, that was obvious for the privacy violation.

as this debacle unfolds it is clear so just going down the list is there some kind of due diligence on who's getting access to the data, some kind of contractual lockups that give them power to give audits, oversight, some certification of the opera collection and sharing, audits done by facebook or a third party to ensure there is compliance, so we are weeks and months into this. or cambridge analytics researchers have destroyed them. i teach law school and we teach students how to enforce these kinds of promises.

it's basically just a fun the broad access to consumer data. i could go on, but what i would like to hear from facebook is what are we going to do to control this? the famous line was this is déàa vu all over again. we solve these problems in 2011 and the dissent to create was designed to avoid the problem so one of the things i like to see is facebook come before the senate and come in with a list of things that are going to control the problem. there's lots of other problems, but in terms of providing minimal safeguards those are some of the things i want to see facebook talk about.

now that you bring about the dissent victory coming to seem to indicate earlier you believe that it had been violated so i would like to hear first in light of the audience a little bit more about wha what that wad what that was about than what you'd expect if i wanted to see in regards to death now. >> again this goes back in part to the third-party access because in 2009 to november andd december, facebook made two changes to its privacy settings that pushed him out of private information to be public and gave the third-party access to information. it'how to exercise their politil views without their consent and

so i've seen this movie before and it didn't end well. so, one of the things they did is try to rein in the third-party collections. if you look at that the creed draws the line between people that actually post things and third parties that actually harvesting. the goal was to limit third-party access unless there is a clear notice and consent. if you believe any of the friends that thought something with cambridge analytics was going to happen to them.

both in terms of the dissent's decree model was violated. they are forcing facebook to look at the vulnerability. where is the consumer privacy at jeopardy in plugging those and that was designed to respond to the downloading third-party apps and it's quite clear in the aftermath they would pay no attention to that part of the dissent decree.

you have no dissent or sharing a third party which is why the cambridge analytics of such a scandal. it's still done nothing to fix this. so a lot of the things has announced a new platform policies that mark has talked about the purpose of stuff before. when you negotiate a settlement with what was going on in 2014 they would say when we negotiated the settlement this is how it worked.

these are the disclosures made to the user and the settings they had carried with chain to make that's not okay anymore because the position is they violated the rules and our product was working the way that it was designed. to force facebook to get a better notice, that was a part of the dissent decree and section number four. facebook didn't pay any attention to this. if any time after the dissent decree was edited into the friends of friends understanding the scope of harvesting their data.

the cambridge analytics take their data if the answer is no. >> what happens if the answer is no? >> in terms of the enforcement i don't think it really matters because i don't think facebook has any argument this isn't a violation of section number five because section five turns on what consumers reasonably expected that they also don't have the defense to my view. it is a violation of the dissent decree and a substantial penalty. at the time we did the case for the statute provided for $16,000 per violation and the ftc is always considered a violation to

harm an individual consumer. so now if you measure them if you multiply to the 87 million they would be able to figure out what the answer to that would be. >> 16 to 40 -- >> you are talking about an astronomical penalty. obviously that would not be a starting point for the agency. but i think that there's likely to be a substantial penalty. >> we are talking about what they might do. there's also the question of what congress might do or should do to start that conversation we will go over to michelle. >> i think that yelling at mark zuckerburg is a start. it's not necessarily going to make a change though. in some ways this illustrates where there are golden abilities and weaknesses and where perhaps

congress could in a more discreet way to make some fixes to make them have more teeth. for example in the google case it was $25 million which is half a day of profits. to make it better when the ftc has defined i think what congress should do is not be make the gdp and for those of you in advocacy this is not exactly in line with what the advocates are saying. i think it is fantastic and forced companies to incorporate a lot of them into their platforms, though i don't think we need to duplicate it for that reason. that's not to say there are not elements that could be great in the privacy law but i don't think enacting the law needs to replicate the failure of

consent. they have a place but i think instead what we should be looking at is expectations over the way that congress should view a baseline privacy law is with the idea that if a person's expectations is designed for the kind of user agency it has come up with sort of transparency is available and what accountability is attached somet of looking at the idea we interact in the platforms is obscure so you can't make the consent and most people know you don't see the hundreds of eyes looking at you and all this is by design. so, to pushed to the forefront, the idea that if you are going to did you expectations in the platform and use the values of agency accountability some of them have to come from the design side so creating a

standard it's more about what sort of interaction with make clear to a person with the value of the proposition is. right now one person put it very well and said when the companies leverage the data 100 times that is what a price increase but you get nothing out of it except a free service. but that argument is hollow now it's up to the extent there are ways to do this and design principles for more transparency and not just the gdp are they need to be in the wall and also the idea going back into the accounaccounts of the because is crucial the idea of making public disclosure and drawing at some of the other success in making them certified public disclosures on a quarterly basis it forces them to have skin in

the game. other areas with auditing requirements and making the the companies tthecompany's duty tot assessment of those things are doable. they are not easy technically for sure there are challenges but i think that there are ways that would make a huge difference in privacy protections. >> the front end is not a modest proposal. i will admit i share some skepticism about the value and the political viability of the baseline privacy at this stage, considering that there was much work done. a lot of smart people focused that it basically wasn't good enough for either side of the debate. and i'm not sure if the calculus is changing that much, but it does raise the question it's not some sort of a gdp are for the

u.s.. and you mentioned a couple of targeted things, the ceo certification idea and impact assessments. what are more targeted -- there are staff wondering what can i write right now that my boss will introduce and looking at the decisions. >> or what can we do that strong that will strike fear into the hearts of facebook and other companies and perhaps impact the behavior what should we be doing? how do we get protection for people and of course with protection should come accountability. i do think strengthening the dissent decree would be great. it would strengthen them which we've heard and everybody in this room knows we need more

tools, more resources to be able to do its job especially with everything that's gone on, more transparency around the dissent decree, we had something we are going to be coming out with is something here are specific recommendations on the dissent decree and hope only that his something that can get bipartisan support. you can look at the republicans reform playbook and use some of the ideas as good governance to get something like that to be more powerful. also another area of david touched on is the idea of the data access by researchers so it's something that has been avoided in part because of the tricky subject we don't want to shut down innovation or open access. but there are ways to create obligations for those that don't exist right now. if you are a federally funded academic researcher, you follow the common rule which means you go through the institutional

review board and those institutional review boards if anybody has gone through them, they are fairly worthless. not for the reasons that they are in good faith they don't ask for things like terms of service review. all the platforms see this by the way but it's imperative for there to be a preview of that. some accountability for the researcher there should also be a certification for the researcher so they are held to some obligation not just for what they intend to do how they are protecting the security of the data. facebook's agreement was light on accountability and i'm not sure that wasn't by design. the idea us but to date i go ifd we don't want to create this viability for the other aspect is creating a chain of command of liability in a ecosystem

which again would end be easy but you start with a platform service creating the risk and then you go down the line and decide what are the rules and what oregon liabilities and i ai think this can be chopped off in small ways may be dissent decree as a part of that order the certifications are another part of it. >> other ideas? i'm guessing you were all for the ftc. >> she's absolutely spot on. i would say to the extent there may be smaller pieces of the privacy issue this would guess that many but not all of the problems and i think given some of the research that we have had and some of the problems with the data brokers, there needs to

be something like the fair credit reporting act stronger for the brokers. the fact is people are worried about what the nsa knows about them and so does facebook and lots of other companies and yet we don't have any effective regulatory tools for any of them. these are massive data pools to the extent that they get worse, you have the data with the risk takes. >> going back to the platforms and away from the brokers will there be a specific use or requirement about dissent but the possibility of the stronger transparency requirements certainly talking about that in the context of ad and i expect they are talking about it in the context of who gets your data.

there's also the question of the political viability an of timing and whatnot. so for example, i have a crazy idea of which is there is a single malt is the strongest in the united states called the video privacy protection that is what you want to do video store and protect us what you watch on networks and that got passed after the supreme court nominee video records were obtained by journalists that congress freaked out hence the privacy law. i don't see any principled reason why that shouldn't extent the need to extend online. i shared this idea with a staffer like sure, but that's in the criminal code and would go through the judiciary and the thing is going to happen and the judiciary. we have to think of things can happen in congress. so what do we make up the like anof the likingof what is possi,

clearly they are not going to pass anything this year. year. they are basically already done because of the election. that's what do we need to plant now? >> what happens in the fall is huge and will decide if they take the gavel or if we take congress and the possibilities are greater based on the privacy law or any updates to the privacy journal. privacy is dressed notorious for being in 100 different committees especially in the high-profile case like this they are scrambling to figure out how to get into agriculture. this is the way to democracy fumbles along that to the extent

we can provide them with the correct facts about what happened first of all is something i noticed even excellent journalists scraping the access interchangeably. they work hard and make sure the committees of information about what they can do next. it's also important to bring republicans interested in this issue. they haven't said much for a little while but now they are and that is a really important development that especially in dc they can't ignore the bipartisan and it's important to engage both parties in the process and explain that this is a truly bipartisan issue or should be. >> moving onto caroline and competition that is your

expertise or do they play in addressing a situation like this is any? >> one of the questions we heard after this does wait a minute, he said things would be better. we've been seeing a lot of headlines talking about the power of big tech, the consolidation that has occurred and the then the follow-on is me more competition they were doing their job and it wouldn't be so bad. i adhere to say antitrust plays a limited role in some of the bigger market structured question for the consumer privacy driven questions. if we have multiple social platforms in an ideal world, it might be on the basis of privacy. but the trick about social

platforms is we really don't want to have to go through the different platforms to find our friends on each side. one is the value of the network effect is the value in this service that the more people that are on th on it, the more valuable it will become. so it's not necessarily something that consumers would want in the real world. you might want options and i will talk about some of these ideas for promoting competition, but we can talk about the limits of the antitrust law. the antitrust law is a function not prohibit the conduct by firms with substantial market power from taking action in the competitive process and also can stop the mergers that would lead to less competition and dick have a positive impact on the

platform. another important tool is the section five authority, section five is believed to and covers something more than the antitrust law and congress must have meant something to think just the antitrust law. section five prohibits so this is what the agency can use the authority and find action that facebook is taking that violates this principle of competition. so somewhat limited tools at one of the things is how do we put competitive pressures in a company like facebook and is the through the vendor data

portability to create a meaningful way for the data through some other application or service that would be able to create some networking service that consumers want. this then goes into some of the questions i am now exploring and trying to think about. it's more questions than answers. the importance of the data portability interoperability and hohow they use the api works ino this. a side note, i have been thinking about how low competitions both innovation and ensure the openness of the internet that we all want and that we get a lot of innovation from the. the. then what is the concept is it

more responsible use of api and how to be speeded to the digital ecosystems, so one of the things i want to put out there and we should be looking for is because the technology and the competition bureau is to make sure facebook as it starts to review its api policies does a lot of things they should do to protect privacy and security to make sure people willy-nilly can't get access to all of the consumer data at the same time make sure there isn't an overcorrection in terms of shutting down access to data that helps developers come up with exciting new programs people want to use on facebook that could ultimately compete with facebook and facebook could have the incentive and the

ability using its api to say what's up with this developer access data because i'm worried about the threat, let's shut it down. >> there's portability which is getting the data out. facebook is a tool for getting your timeline out it's basically built for you to browse explicitly and then not suitable for uploading to another service. let's assume there are services out there. >> but they are not for you to take it somewhere else. it's going to require a level of portability so that you can move it somewhere else and we have seen how people are going to implement that and that will be really interesting.

but then there's also the issue of how we come up with an environment where something can get big enough that you even want to move your data and that's where you get into the interoperability because where i am sitting, one of the only plausible version of a network getting big enough at this point they bought the two networks is to be able to leave facebook while still being able to communicate with people because what it is doing right now is not its platform it's the people on the platform and no one feels like they can leave because then they would mean nothing if the pressure on them to change. but how do we do ac that like wt are the tools to push facebook in the direction of what it considers its most mortal threat

which is building doors into this wild card. >> we need to find them having the market power which we need to find and doing things that would require tha this sort of remedy to say you need to make this open. one of the solutions is more likely legislative to give authority to do rulemaking and i think the important thing it's not just helpful to have my pictures and posts to these valuable pieces for my friend in the data portability is also to think of privacy. my friends are my friends but i'm going to put this over some other service are my friend okay getting pained by the new service i think there's a lot of questions about what the meaningful data portability to another service actually means. and the devil is going to

details. and it will be great to hear from developers and others who are trying to think about the next social platform and what they need to capture the data and build a service off of that. >> what you are talking about is forcing facebook to become a common carrier and that is through all sorts of subsidiary problems. i don't know how you force the excessive legislation. >> when aol bought time warner there was a position to make its messenger interoperable with its biggest competitor and at this point whether they would themselves iputthemselves in the actually it would have to assume such demand.

>> [inaudible] i was just going to say maybe there is a small part of facebook. looking at the specific communication aspects. >> there's also a tension between privacy and interoperability. yesterday, their announcement to close off more parts of api privacy advocates would cheer but then the competition advocates would thought so they would probably have to do with more legal and policy solutions rather than tweaking the knob in terms of how much database. >> it's going to require a lot of study for the research and

empirical data to respond to the common carrier we need to think is that what you want to do because you need to keep in mind we wanted to ensure the platform facebook is going to be as soon as you get big and have a lot of people may be the website of that is we need everyone to be the best they can whatever it is i can provide that's great so it's going to be an important consideration if the trade-off for certaipursued policies thatk will benefit consumers and what

impact it will have. >> i will miss my greatest fear is that it's not only going to push the decision-makers on facebook but the rest of the industry of may. and i worry to some extent you will have facebook saying please don't make us mark them down even more when that would serve its competitive position. >> there are some ideas around the data collaborative it's interesting for people to look at the idea that parts of the data for sure how they would deal with this but part of the platform could be put into the data collaborative is where it could be accessed by researche researchers. maybe there are ways to segment

some of this so it doesn't create problems. >> what is a viable amount of data where they are not really relevant to the pittsburgh can i get my list out with a piece of data that will allow me to be identified after that is for a phone number or e-mail address and then you get into a privacy problem and they say that might be violating what we already -- the >> a lot of discussion not to overpromise much that we will be giving an event on the interoperability and portabili portability, knock on wood. but in the meantime, we have a few more events in their

arkansas shooting up. >> there's a microphone going around. please don't speak until you have the microphone for the folks watching on c-span. >> you brought up the dissent decree and spoke about it quite a bit and also the idea of audits are in the dissent decreed and they would have had to have gone through one if not two between then and now. and it didn't do anything to push this forward. is the object something we should be pushing for was it effective in the consent decree and it wasn't which seems not to be, how can you make them better? >> what it requires our biannual flailings by third-party essentially make sure facebook is adhering to the commitment and the defense to create if there hav had been two or three

submitted since it was filed to haven'haven't seen one in severl years, but that isn't really what i'm talking about. i am talking about trying to make sure third party apps stick to whatever commitment they've made so one of the problems with cambridge analytics is facebook didn't know what it was downloading nor did they have any means of making sure that the data wasn't shared with third parties. there was no control and there was no audit. so, what i am talking about is ways of overseeing the parties that have access and there needs to be contractual markups and

making sure they behave as they promised. at the moment, facebook has been depending on wishful thinking that they are going to do whatever the terms and service provides. cambridge analytics debacle there are no controls so that is what i was trying to refer to. >> these are assessments that are different. you have a private assessor cataloging the benchmarks about the company and there are ways to gain this and they will change the practice right befo before. none of this is public but they will also not list material changes. things that would be relevant to the dissent decree because of

the timing of the assessment. it would require the company to sign off on material changes of their practices before and after the audit happens and it would create a sense of accountability which hopefully would have more of a finding authority. >> it isn't clear that they reported what happened in the cambridge analytics even though it would have been required in the biannual. >> in several conversations of the debate, one of the big concerns is the lack of access to data by researchers said

there is a tension between the personal data and get facebook and other companies not turning over the list of content that they removed or censored etc. so i think we should be careful about making broad brush strokes at the institutional boards at least they have to go through something and definitely there needs to be more technologically adept but how can we balance the need for more oversight and auditing potential both by researchers and also potentially by the judiciary that are deciding what content is illegal or not outside of the judicial process with the need to protect private data. >> i can take that one. in terms of recommendations i was talking about, it is true there is especially when we are talking about countering the violent extremism and how to balance privacy and transparency is a tough call. the recommendations applied to

the facebook already considers the ads to be all public. any money that has been spent to boost its already considered public and not private information. so, at least it isn't going to get at all of the problems with for a largbutfor a large fractie problems beyond, more transparency about the will do a lot of good without risking individual privacy that much. >> i think that your question is when we all need to be asking if it is relevant to the port authoritpart aboutthe question y cluster on how to balance the need of privacy with all the other things we need. you have the commission are writing to "the new york times" about how we need more opening to do research.

yet at the same time we have a push to close them down because of privacy. to be fair to facebook i would be like what do you want us to do. >> [inaudible] >> for the information practice principles the data governance framework and most are very well-versed but it's also a good way to think about how to govern the data so for example it doesn't mean restrictions in terms of this is a good project or this is in secret project that is about privacy and security restrictions and requirements and meet omitting the amount of data and the scope of the data and the reason you are collecting the data into those type of requirements that don't exist right now. that would be a step forward.

>> i'm pretty familiar with the internals of it. to possibly mitigate the situation is the technical solution to internally deprecate all of the numbers that have been exposed so far because one of the problems is the worst left the barn in 2015 and you simply couldn't target them anymore as with mitigat would mn large part. if you had been thinking about that it's something facebook will likwon't like very much, st would have a punitive aspect and

it would also not fundamentally disrupt legitimate ongoing activity from people that are obeying the rules. >> i have a simple suggestion or thought as a result of the investigation. that would create a barrier to the competition to solve some of the problems and of course some of the other requirements but that is something that they would see as punitive. >> i don't know whether the commission would have thought

about a remedy for the deceptive act as opposed to one that impede competition and i suspect they would still have problems doing that now. bob always has interesting ideas. i think people should think about this. the remedies are basically equitable and we do at times force people to do things they don't want like occupational advancement. this is an intriguing idea. >> there will be plenty of other developments ongoing including if everyone enjoys or finds interesting than and cute panels

fothank you to thepanelists forg conversation. [applause] [inaudible conversations]

this is half an hour. >> monday when congress is in in session we'd like to take a look at the week ahead. jason joins us now to do that he is the leadership