the nation during recessions. uncertainty about the economy is going to be a key factor in this race. it is interesting that they have not really talked about that much yet. >> he has been there 26 years. most people tell me that is long enough. they're ready for a change. when people voted for a change, they did not want to change america, they wanted to change washington. i do not think they feel that that is what they got. we're going to get it right this time. >> he has run for congress three times. this is his best chance of winning. if he does not begin, he will probably not run a fourth time -- if he does not beat him, he probably will not run a fourth time.

>> this week, the start of the four weeks series looking at privacy in telecommunications. >> whether you're a jurisdictional areas when it comes to online privacy -- what are your it jurisdictional areas when it comes to online privacy? >> the key actors in this industry, the ad brokers, the sellers, and the publishers, are all companies that fall within our jurisdiction.

>> what about manufacturers like microsoft, or manufacturers like intel who can build privacy factors into their equipment? >> we just settled a major anti- trust case against intel yesterday. >> when it comes to privacy, how does that rank in the obama administration. >> is a very high priority. we began an initiative last year to take a hard look get all of the privacy issues that we regulate, and we have been working on it very hard ever since then. this is very important to us. >> the tech daily dose editor for the national journal joins us. >> i am told that you're going to be putting out some guidelines in of the fall. could you tell us what they will

do, whom they are aimed at, and more specifically, when they might come out? >> these will not be guidelines in terms of being final thinking on these issues. we will release some draft documents to try to figure out where there are points of consensus and agreement. what we are hoping to do is increase transparency. one of the concerns is that most people do not know they are being tracked. second, come up with clear, meaningful ways for consumers to exercise control and choice. third, identify areas that are most critically important, sensitive and affirmation, and uses of the information beyond online behavioral advertising that we have seen already. those are some of the key issues

that we are going to address in the guidance that we put out. >> in your testimony on july 22nd you said this, if legislation is enacted, the commission believes that it is important that it incorporates the need for simple disclosures at a relative point for consumers. how does that tie in to do lyonnaise question? >> we do not have regular rulemaking authority. the second part of the question is this. we very much would like to move to a regime in which people

receive short, clear privacy notices when they are useful to the consumer. understand who is tracking, what is being collected, and what is going to be used for. if we can come up with some kind of universal, almost like a label that you would see on a soup can for privacy, maybe we can encourage companies to compete on privacy rights. what we are trying to figure out is how you give the information that is most important to consumers in a clear and concise way at the most relevant time. >> do you think consumers are aware of how much tracking is going on online, that if they go online and look up and suv and then go to another website, they might see an ad for an suv. do you think they are aware of how much they are being tracked? >> very few consumers, i think, are aware of that.

researchers of the university of pennsylvania and at berkeley came out reports with -- reports that reinforced everybody's intuition about this, which is that most people do not understand either that they are being tracked at all or just how robust the tracking is and how much information, not necessarily about them, but above their browsing have this, are being tracked and analyzed by analytics companies and others who sell that information. >> a recent senate commerce hearing mentioned the idea of do not track lists similar to the do not call lists. can you elaborate on that? >> this is an idea we're taking a look at. it is another way, a sort of

clever way of calling, giving consumers the opportunity and the means to prevent being tracked when they are online. there are some technical issues. it is very hard these days to come up with a browser or some other system that would, in fact, ensure that your not being tracked. these are technologies that are hard to defeat. there are tracking devices like flash cookies and technologically complicated devices that are not easily overcome by some technology. i am not suggesting that we are not looking very hard at this, but i am not sure that today there is technology that would be perfect in terms of ensuring that we are not being tracked. >> if you could work up the

technical issues, it will this be part of the guidance you plan to issue? >> we could not mandate a do not track. congress, of course, if they chose, could do something like this. we would encourage the development of some sort of universal system so that consumers could, on one screen, disable the tracking feature. they could engage in search so that there would be no trace back to the computer device they were using. >> would that not be something that the manufacturers of the operating systems could build into their systems, or is it to their benefit to be able to have tracking? >> well, that is a great question.

the people who make the technology are close to having the technology to come up with a way to not be tracked. but they also make a lot of money by selling the data that is acquired through to -- three tracking. -- through tracking. as you know, microsoft almost came out with a browser that would have as its default no tracking, but they chose not to use that as a default because they were afraid of how much apparent new -- how much advertising revenue they would lose. >> the me read you another ".

>> this is the affiliate's question. if you look at privacy policy -- and nobody does except my colleagues at the federal trade commission -- there is information that we do not share with not affiliated parties. you might say that affiliated parties are parties that have the same brand name, coke, coke light, whatever, but there may be companies that have the same business model but do not share a brand. i will just pick on one company.

procter and gamble makes soap. they also make sprinkles -- pringles. so, if you are on one of their sites looking at a home cleaning product, you may be fine if they share that information with other products of the same kind, but not if they shared with other businesses who do not bear the procter and gamble name. that is the problem we have here. there is a lot of forbids the sharing of certain financial information, except through affiliates. we now have financial giants to have affiliate's in every financial service and product.

>> there was a recent series on online privacy and tracking. one of the articles was on the web is cutting edge anonymity in name only. it talked about a company called x +1, and how it can predict if you are going to be a good customer and what kind of customer you are with just a few keystrokes and by tracking what website to go to. >> the ability to aggregate this data is common. the use of this data to deliver highly targeted that is ubiquitous. the answer to your question is yes. >> what is your view on upon -- on that? >> there are two issues that we have to worry about. one is, i do not think the

delivery of targeted ads is what has people worried. some people are concerned about, how did i get this ad, but i think the most intense concerns are two things. one is, if people are looking at sensitive issues, health issues, family issues, financial issues. this is purely hypothetical. if i were worried about hair loss, and i were searching website to find out the cause, and by all of a sudden started getting targeted ads for that, that might concern me, but if i had a more serious illness and i it was worried about my health in a more profound way, and i started getting targeted ads, i

think i might find that disturbing. so, there are areas of sensitivity where we need to address. there is also a lurking question, and i think this is where people are most concerned , these allegations are now being used for targeted ads, but there is the possibility that you could actually link this information not just with an address on line, but with a human being. people are worried about that. there is an enormous amount of data out there about them that could be used for purposes other than targeted advertising. >> there have been some well- known data breaches in the last

year or two. what would you like to see done about that? there were a couple of bills introduced in congress. what do you think could be done? is there anything the ftc could do absent congressional action? >> we have brought 29 actions against companies over data preachings. last week we settled a case against rite aid. a month ago we settled the case .gainst twittere people were able to hijack the site to get access to personal data. my concerns that we have not had

a sufficient deterrent effect. companies are storing very sensitive information. at with the right age, it was information about people's prescription -- with the right age, it was information about people's prescription -- with rite aid, it was information about people's prescription drugs. we need to have more robust authority in this area to deter these kind of data breaches. >> there is a broader privacy bill that congress is working on. -- could you talk about that a little bit?

>> we have not taken a formal position on either bill. one was just formally submitted a couple of weeks ago. let me make a general observation. one of our concerns with the house approach is that it permit safe harbors. if the company is involved in the collection or use of data and part of an industry construction -- an industry consortium, their ordeal very week off in -- there would be a very weak opt in. we are worried about that.

both bills also put enormous emphasis on privacy policies and require very detailed privacy policies. we're not opposed to notices, but what we are worried about is that neither bill concentrates on short, concise, just in time notices to consumers about what is being collected, who is doing the collecting, and what the data is going to be used for. part of my testimony was about the need for clear and concise motives, and neither bill adopts that approach. >> our guest is the director of the consumer protection bureau for the federal trade commission. joining me in questioning is the guest reporter from the national journal. she is the text daily dose editor.

>> that is an online blog that covers telecom and technology issues all over the map. people can find it at our online website. >> next question. >> coup d'etat about -- could you talk about the children's privacy protection act? >> this is a statute that generally forbids and the knowing collection of informations on line of children 12 and under unless there is explicit permission given. we are worried that the online environment is developing so rapidly that the original statute and our rules and forcing it are out of date already. for example, it does not necessarily apply to certain

applications on mobile phones. it does not apply to online gaming sites of the kind we see. we held a round table a few months ago. we brought in people to talked- about -- to talk about whether was important to revise our rules on this statute. we have not reached a final solution. there is concern about advertising to children online and about whether we needed to step in to see if there were protections that we could build an -- build into insulate kids. these are complicated issues and we are just taking a look at it, but i suspect that in the next year we will have to revise it. >> of people are pretty

uncomfortable with the amount of the information's about themselves that is already out there somewhere in cyberspace. is the horse already out of the barn in this case? in the informational is out there floating around. is it too late to enforce privacy on the internet? >> there is a promise to the question that may not be correct. there is a lot of information about who is using your computer and the browsing history on that computer. that is being looked at by companies that want to advertise to you through the computer, but they do not necessarily know who you are. finding out exactly who you are would be very costly. they know your age and generally, how much you make generally, something about your interests, but they do not exactly know who you are. now, if they wanted to, and they

were willing to spend the money, and they had acquired a sufficient amount of data, they could figure that out. that is one issue. the other issue is the social networking site. there are half a billion users of facebook now. maybe you are one of them. he may have posted information that you think is available only to a very small circle of people that you permit to get on your site. that may or may not be true. in answering your question, it is important to ask, which concerns are you addressing? is it advertising, or is it the self-posted information that you may or may not have put on like a facebook?

>> are you giving up your rights, to a certain extent, when you go on facebook and post intimation? granted, you have privacy settings. >> i do not know whether i would put it that way. our rule is that if a company like facebook is entering into a bargain with you, conditioned by a privacy policy that gives you some controls, the company has to abide by that. if they want to make a change in the policy, they have to get your permission before the changes are made. i hope that you're not giving up more privacy than you agree to give up. to us, that is the fundamental bargain here. but in answer to your question,

we now know the personal data is a commodity, and it is being traded in online auctions every minute of everyday. part of our goal is to make sure that people understand what the nature of that bargain is and how to make sure that they are comfortable with the bargain. >> given the global nature of the internet, how does that affect what you do what the ftc? >> most of the companies that are driving this process are u.s. companies. i go abroad. people are very anxious to know what we are doing. in terms of the privacy issue, the fact that we are a global does not change things very much. we see lots of frauds being directed at u.s. citizens from outside our borders.

we're entering into international dialogue and agreements to help us bolster our law enforcement capacity, and i think we have been reasonably successful. but in the privacy realm these are global companies, but we have jurisdiction. we are worried about cloud computing. >> which is something the deal, administration is pushing. >> cloud competing offers all sorts of economic benefits, but it does raise questions. suppose you are on a social networking site that has its server in a different country?

we argue that they should be subject to u.s. law, and we would sanction that company as if they were down the road. >> would be a sanction the company whose data is being explored, or the company will is operating the servers? >> we would require any company to take reasonable precautions to make sure that the data is secured. if the social networking site chooses to store its data outside the territorial united states, we will hold the social network responsible because, in our view, it would have a duty to ensure that anyone that it dealt with maintained adequate and reasonable safeguards. we would go after the social networking site even though the data breach may have occurred

somewhere else. >> do you have adequate authority? this goes back to my earlier question about legislation. one of the bills would require consumers to be notified within 60 days of a breach that they could be subject to identity theft. do you need legislation to mandate that kind of action? >> we do not. i mentioned earlier that we have brought a lot of data security cases. we have required companies to do all of the things you are talking about and much more. what i was mentioning earlier is that we do not have the authority, except in some areas, to impose civil penalties for these breaches.

some data breaches are just intolerable, and if we had a civil penalty authority, we would try to exercise it. >> we have time for one more question from each of us. when it comes to financial security and privacy, are there special rules, because so many people do online banking now? >> yes, there are. we are quite a vigilant, as are the banking industries. i am worried about -- we have not mentioned a key issue, which is the transference of computing to mobile devices. we have party figure this out in our forensic labs. -- we have already figured this out in our forensic labs.

if you did online banking, the hard drive on your smart phone would retain all of your financial informations. that could be a problem. there is a huge migration to smart phones, and that is an area we are taking a very hard look at. there have to be adequate security controls on these new devices to make sure that the applications are not easily hacked into. >> do you think there is a way to find a balance between the need for on-line companies to have advertising to support them financially and supporting privacy? >> that is an important question. 26% of the quarterly earnings from advertising revenue