In December 2018 the FTC held hearings on Competition and consumer Protection in the 21st Century. A number of people spoke at the event and the FTC has graciously opened the discussion to public comments. The Federal Trade Commission has interest, certain responsibilities, and can affect changes to how data security evolves. This is our opportunity for the public to share its thoughts and concerns. I urge everyone to comment and provide your viewpoints and expertise to the FTC committee.
Comments can besubmitted electronically no later than March 13, 2019.
Below is my Open Letter to the FTC – Bureau of Consumer Protection, that has been submitted. As always, I am interested in your thoughts. Feel free to comment.
Open Letter to the FTC – Bureau of Consumer Protection
I would like to make clear as an important preface to the following that I do not speak for or on behalf of Intel Corporation. In this regard, all of this material, the opinions and positions expressed and the conclusions drawn are my own and do not reflect the material, positions or conclusions of Intel Corporation.
In response to your hearing on Competition and Consumer Protection in the 21st Century, I respectfully provide the following insights and recommendations:
Protecting consumer data continues to grow in importance while the technology challenges expand the complexity and risks. The difficulty will sharply increase with emerging innovations that will be able to analyze and aggregate vast amounts of consumer data in new and exciting ways.
The challenges are as significant as the benefits that new technology adoption brings. Insightful and calculated strategic action now is necessary to establish a solid foundation to allow technology benefits to prosper, while instituting the frameworks that will protect consumer data in ways that maintain alignment to public expectations as the risks increase.
The technology industry has a focus in providing innovative solutions for profit but must also build trust in how products protects consumers. Incidents which victimize users represent an inhibitor to long-term adoption and business viability. Consumers are increasingly placing more purchasing weight on security factors.
Trust will be key. Consumers must be confident in the security, privacy, and safety of technology. Brand reputation for cybersecurity will emerge as a competitive differentiator. It is in everyone’s best interest to have a healthy technology market where competition drives toward the optimal balance of risks, costs, and usability to meet consumer’s needs.
Observations, inputs, and recommendations:
Digital technology connects and enriches the people and prosperity of the world. Innovation is hugely beneficial, but it also brings risks. In a symbiotic manner, as technology grows in capability and reach, so do the accompanying risks.
- Society wants the benefits that technology enables, but with manageable controls to protect their security, privacy, and safety in the face of ever increasing, creative, and motivated threats. In short, consumers want innovation at the lowest price, without additional risk.
- The risks to consumers will increase with the processing of more personal data. Information is the fuel powering future digital technology and services. Soon, automated and intelligent systems will be the preferred tool to make sense and derive new value from the vast oceans of collected data. It is crucial that data Confidentiality, Integrity, and Availability be protected and its usages aligned to the benefits of the users. These risks must be taken into account now as part of any future control framework.
- The acceleration of widespread consumer victimization is the driving force for expectation changes and regulatory oversight. Consumers want better protective standards and the ability to act through their own choices.
- It is difficult, for all parties, to identify and deliver the optimal balance of security. For consumers, the ambiguity and complexity of risks are more challenging to understand as compared to tangible benefits of the technologies they desire. This delta has traditionally led to the blind acceptance of risks as a tradeoff for benefits. As impacts rise however, the tolerance will not hold and consumers will want action and uncomplicated empowerment to choose a better balance for themselves. The concept of ‘trust’ will emerge as an easy way to help consumers with buying decisions and brand loyalty. Trusted technology, vendors, and service providers, which protect user’s security, privacy, and safety, will have a business advantage to thrive as compared to less-trustworthy competitors. The value of ‘trust’ can be a healthy and sustainable model for market reinforcing incentives that continuously align to consumer data protection needs.
In order for a sustainable ecosystem to maintain parity between risks, costs, and usability, an optimized set of incentives, controls, and oversight must be established.
- Partnership between the public and private sector is crucial. Academia, business, and government must work together in strategic ways to achieve both the adoption of beneficial technology and the mitigation of risks to acceptable levels
- Consumers also have an important role in being responsible for their data and should be given the visibility, tools, and ability to seek remedies for the protection of their information that could be used to their detriment. Efforts that educate them over time support better decision making for tradeoffs and a more informed culture for consumer data protection.
The goal should be to establish a sustainable environment where good data practices benefit ethical market players, and overall trust in technology is elevated through transparency and accountability requirements, enabling users the informed empowerment to make educated choices for beneficial trade-offs.
- Governmental oversight is well suited to regulate and enforce the adherence of businesses to transparency and accountability requirements. This takes minimal effort and primarily targets offenders to ensure a fair and competitive playing field. Market forces then drives the evolving beneficial behaviors across the system and quickly adapts priorities to align with evolving risks.
- One mistake we must avoid is the unnecessary constraint of innovation or attempt for prescriptive controls on behalf of consumers with shifting expectations. Inhibiting innovation is counterproductive as technology can contribute to more protections for consumers and undermines the compounding benefits of iterative advancement and growth. Regulations are not as nimble as the evolving threats and should not attempt to define specific controls to mitigate attacks, but rather establish a framework that promotes the ecosystem to rapidly respond to new risks based upon healthy competition for consumer loyalty.
- Fostering market forces, to reward ethical behaviors of businesses, is key in building a sustainable and self-supporting environment for technology prosperity and better consumer data protections.
I believe that ‘Trust’ in technology is a key to both prosperity and the realization of tremendous benefits by consumers for innovative products and services. Technology providers should compete for consumers trust by providing secure, private, and safe products. The FTC can play an important role to facilitate the healthy competition for consumers benefit while ensuring a fair playing field by targeting organizations which seek to undermine transparency and accountability necessary for consumers to better understand the risks and how organizations compare when it comes to trustworthiness.
Technology organizations, possessing expertise on technology innovation and supporter of ethical competitive practices, should be sought to assist the FTC, peer organizations, and academia to establish a sustainable regulatory structure to maximize market incentives to achieve the best possible optimization for protecting consumers.
Matthew Rosenquist, Cybersecurity Strategist