The Media Institute’s latest discussion couldn’t have been more timely. One day after the FCC and FTC released a memorandum of understanding detailing how they will work together on privacy following the FCC’s decision to reclassify broadband under Title II, The Media Institute held a panel discussion Tuesday in DC titled “Privacy and Cybersecurity: The FTC and FCC.”
Panelist and FCC Enforcement Bureau chief Travis LeBlanc brushed aside the notion that there could be a tug-of-war between the two agencies. “I’ve said it before and I’ll say it again—there is no Batman vs. Superman here. Instead, together, we’re just the Justice League. We stand together as privacy superheroes,” he said. “We’re working on the same common goals. And what [the MOU] recognizes is our joint commitment to engaging in consumer protection work together.”
The FCC and FTC MOU said that the agencies believe the common carrier exemption in the FTC Act does not preclude the agency from addressing non-common carrier activities engaged in by common carriers. It also concluded that no exercise of enforcement authority by the FTC should be taken to be a limitation on authority otherwise available to the FCC. The gist of the memo is that the two will coordinate their actions.
The resounding consensus from the forum was that all carriers and providers are susceptible to security breaches. “If you’ve had a breach, that doesn’t mean necessarily that you’ve had unreasonable security. We’ve taken a pass at a lot of breach cases. The goal is to prevent injury [of consumers] and the question is whether there’s risk,” FTC Consumer Protection Bureau director Jessica Rich said.
While several panelists appeared optimistic in the regulatory measures offered by the FCC and FTC, Penn Law prof Christopher Yoo challenged them. “If you talk to engineers, what they will tell you is that a lot of the [privacy] solutions can be designed into the device, can be designed into the service of the device, or designed into the network itself. And, in fact, they have an arbitrary choice in how to do it—one way or the other way,” he said. “Well, my concern is that when you have a regulatory regime that’s built around these statutes with defined liabilities in very specific ways, [it] will start to force companies into technological decisions that aren’t actually efficient, that aren’t really using the best available technology. And because these are provided by different companies, it will create winners and losers because certain people can access certain things,” he said.