Tuesday, July 25, 2006

The Internet and the Future of Consumer Protection, part 2

Panel discussion on industry and consumer perspectives: Susan Grant, VP for public policy at the National Consumers League, noted that internet scams vary in impact, not in nature, from other scams. They can expose existing problems of consumer knowledge – fake check scams, for example, rely on the fact that consumers have no idea what their liability is for checks they deposit to their accounts that later bounce. Grant also emphasized the damage that phishing can do to brand equity; she wished companies would spend less time on internet trademark infringement claims and more on stopping spoofed sites.

Jules Polonetsky, VP of integrity assurance for AOL (presentation here): Responsibilities similar to those of TV network standards and practices groups are coalescing around chief privacy officers.

The trouble is that small businesses now survive by doing business with the elephants – placing banner ads, using paid search results, affiliating with larger partners. Hamsterdance.com is partners with AOL, Wal-Mart, and others. Google has more than 400,000 advertisers and serves more than 200,000 websites. Yahoo! is at the same scale, and others are smaller but still huge. The vast majority of the sites are legitimate, but scammers take advantage too. Search engines refuse to sell high-risk terms; advertisers don’t want their ads on inappropriate websites – the result is pressure on intermediaries.

One possibility is third-party review, which Google, Yahoo!, AOL and others now use for pharmacy websites. PharmacyChecker charges pharmacies a fee to verify that they meet FDA standards, require prescriptions, etc.; only approved pharmacies can buy sponsored links. Similarly, the TRUSTe trusted downloads program is designed to control problem adware, so that advertisers don’t have to worry about their partners’ partners and their partners’ partners’ partners’ (it’s like STDs!). Small companies don’t know what AOL means by “adware” and “spyware”; they’re run by nice guys, but AOL doesn’t want them deciding with whom to affiliate. AOL et al. can use TRUSTe as a business-to-business model to ensure their partners are only using approved distribution methods.

Polonetsky advocated what he called a middle ground, avoiding extreme regulation (elephants and mice in cages) and the law of the jungle through market anarchy. My reaction: Um, isn’t he describing the law of the jungle – the elephant makes the rules? I’m not sure how his model differs, except insofar as he wants legal help stomping on the mice. He suggested that specific standards and best practices codes, or even litigation, is useful because AOL needs to be able to point to something external to tell affiliates what not to do. (He also wants third-party standards because adware companies and the like tend to call up gatekeepers like AOL and yell and threaten to sue when AOL says they’re bad.)

Ari Schwartz, deputy director of the Center for Democracy & Technology (presentation here), recapped the debate over privacy law by taking issue with some of Eileen Harrington’s statements (she’s Deputy Director, FTC Bureau of Consumer Protection). Schwartz thinks the FTC’s focus on harm is a good thing, but privacy legislation shouldn’t follow that path because financially oriented harm isn’t the only damage that privacy violations do. Moreover, Harrington suggested that overall privacy legislation was a bad idea since we don’t know how the market will evolve. Schwartz responded that we now have about 40 different standards depending on the area; this is confusing for businesses and consumers alike. There’s a constant issue of lack of trust.

Schwartz singled out ISP standing to sue under CAN-SPAM as a useful innovation: because it’s not a regular consumer class action, it’s politically palatable and adds parties who are interested in enforcing the law. There are problems with FTC enforcement: though it’s good when it comes, there can be long lag times between a complete investigation and an enforcement action, and delay is especially damaging on the internet.

Schwartz also argued that the elephants and mice metaphor was incomplete. There are also Rodents of Unusual Size, very large entities like CoolWebSearch, which changes its code set every day. It uses a wide range of East European programmers and gets affiliates to spread its software; some say that its software is on half of PCs over 6 months old, especially those used by teens. ROUSs hide; just because you can’t see them doesn’t make them small. DirectRevenue is another example – they’re on the cover of BusinessWeek because they sought venture capital, but they were already a multimillion-dollar business. This is a business that had a Department of Dark Arts, dedicated to hiding the software on users’ computers and making it impossible to remove. Mice (or ROUSs) can become elephants.

Frank Torres, Consumer Affairs Director at Microsoft (presentation here), several times stated that Microsoft supports a comprehensive privacy law, in order to reassure consumers that privacy is protected (and perhaps create barriers to entry, eh?). The rhetoric of consumer choice pervaded his presentation: parents get choices to use the family settings on the Xbox, etc. His three principles for a consumer bill of rights: (1) my computers and devices only run programs I choose; (2) I can choose with whom to connect on the network; (3) I can manage my sharing of information with others. As the tone of my summary suggests, I’m skeptical about “choice” since we already are overwhelmed with choices and routinely ignore opt-outs and the like. He pointed out that, since consumers are still falling for the Nigerian scam, we’ve got our work cut out for us to educate people not to respond to the spam that still gets through.

Moderator Peter Swire wondered if we could get “open-source compliance,” people who go after scammers in their spare time. (See Lior Strahilevitz’s “How’s My Driving” For Everyone (and Everything?) for a variant on this.) Polonetsky responded that he reads a dozen spyware blogs that already do this – “the zealots are there” – fulltime. Susan Grant said that vigilante groups lack the capability to handle enforcement – we need more state and federal resources.

Future directions for research: Grant wants to know about mobile commerce – how do consumers learn the terms when they buy things from their cellphones; what rights do consumers have in mobile space? Polonetsky: Wants to know more about “appropriate content” policies on the content side, such as MySpace pages, and the extension of ratings systems to online space. Schwartz: International transparency – we need to know, when Taiwanese servers are bouncing queries from Utah, how that works and how to get the FTC to track it.

No comments: