TCS Daily

James K. Glassman interviews Commissioner Orson Swindle of the Federal Trade Commission

By James K. Glassman - April 17, 2000 12:00 AM

Here's Jim Glassman's interview with our TCS Big Shot of the Week, Commissioner Orson Swindle of the Federal Trade Commission. Commissioner Swindle, who once fought for freedom in south-east Asia and served his country as a POW in Vietnam, has become a conspicuous voice for freedom on the FTC, advocating free tech markets and low taxes.

Glassman: Consumers seem to be very concerned right now about threats to their privacy online but you seem to see a larger threat from government regulation. Why?

Swindle: Well, Jim, I think certainly consumers are very sensitive to their privacy and as they become more and more aware of it, they will become more and more concerned. You ask anybody, "Are you concerned about invasion of your privacy?" they always answer, "yes". And so in a survey recently about 80 percent were concerned and the other 20 percent were worried. But I believe the private sector has the incentive, obviously the motivation, it has the skills -- it has all the reasons to solve the problem of protecting customer privacy. The government doesn't. The government simply doesn't have the skills, nor do they have the timing, the speed to do the things that we need to do. In all likelihood, I have a feeling that government will do it wrong and thus choke off a significant amount of the growth of the Internet.

Glassman: You know, the FTC already has the power to enforce certain laws. Isn't that right? I mean, it's kind of confusing -- we hear that there's no online privacy law and on the other hand, we hear the FTC is investigating and prosecuting companies.

Swindle: Well, we have rather broad powers under Section 5 of the Federal Trade Commission Act and you know, deception is deception. And, if a company posts a privacy policy and then does not follow through with it, they're guilty of deceiving people. And we have a case -- the first one that I recall certainly since I've been here that dealt with privacy violations -- that was Geocities, which is very popular, I might add. And they posted a privacy policy saying this is what we want your information for, this is what we're going to do with it -- it's all internal. They turned around and allegedly -- and I must say that -- they passed this information on to other people, as I recall. And you just can't do that. They're guilty of violating their own code.

And you know, we do have the authority and for that very reason I don't think we need more laws. We just need to have some firm understanding, but more importantly than any of that is, we need the industry to step up to the plate and lead on this matter.

Now you know we've been doing surveys for the last three years on the status of privacy practices and the posting of them on websites, and we're seeing lots of improvements. More encouraging is people like Lou Gerstner of IBM. At Boston College, back in early March, he was stepping up to the plate and saying, industry better start leading in this matter, because it is a real problem, we all know that. There's seemingly no limit to what computers can do and Gerstner said the biggest issues are issues of leadership. And he said, you know, if we don't do it, the government is going to step in and do it. And that's what I've been saying for a couple of years, get out there and lead, please.

Glassman: Would you believe that if a website posts its privacy policy that says, "We intend to sell all the information that we can get from you to other customers," is that perfectly all right?

Swindle: Sure. I think that's the way our society ought to work. You know, "Here are the facts, you want to play, come in and play, it's your choice."

Glassman: Is it a problem though that privacy policies are difficult to read and sometimes undefined?

Swindle: I don't think so much that they are difficult to define. You can state fairly clearly and use simplistic terms until the lawyers get into it, of course, and they're going to make it complicated. But you can tell people how you operate: "We're not going to use this information for anything but our personal use," or "We are going to use it for target marketing or whatever we're going to use it for" and people should be able to make a choice there.

The seal programs are, I think, going to help alleviate some of these complexities, sort of like reading those guarantees that you get when you buy a razor, and the print is so small and you can't read it all. But the seals such as BBB On-line and Trustee, I think, if they develop and become more well-known -- people will come to accept that at this site that I'm looking at, that has the BBB Online seal, I can have a level of confidence, and I feel like this is a good site. I'm not going to be jerked around and have something done that I don't want to be done.

Glassman: What is interesting is not that you personally are opposed to new laws, but that the FTC itself has taken a pretty good stand on this. Is that surprising to you?

Swindle: Well, I'm, you know, I fill up rooms sometimes. [laughter] I have my ways. One of the troubling facts is that there's been a change in the attitude. The attitude for the last several years was: We ought to see industry self-regulate on this matter. About last November you started to hear slightly different expressions of that. "Oh, well, we should have private self-regulation, and it looks like we made some progress but, well, maybe we're not quite making enough progress, so maybe government has to come in." And I'm just seeing this pendulum shift over to the other side. "Well, it's year 2000 for God's sake, and we have to go do some things and go back to the base," and the base for the Democratic party is "Let's regulate the hell out of everything," you know.

I have great confidence in the marketplace -- if we don't screw it up. And nothing that I am saying should be taken to mean by any stretch of imagination that I don't think this privacy concern is serious. I think it is very serious. I personally am offended that some personal facts could be gathered and we don't know about it, but the Hippocratic oath should apply to Congress, too. First, do no harm.

IBM, Disney and a number of other companies basically said to the people they advertise with on the web, "If you don't have good well-stated, identifiable and sound privacy practices, we're not going to advertise with you." In fact, Disney went so far, they even told people who advertise with them on their site, "If you don't have good privacy practices, we're not going to let you advertise on our site." And the more of those people we have, the better off we're going to be.

And I have stressed for the last couple of years in talking to CEOs and senior officials of the Intels of the world, and Microsoft, these people - please make this a corporate goal. Make it a part of your corporate culture. CEOs need to be preaching this because if they preach it, all the rest will follow. And if the big companies lead the way, others will follow and other things will come out of their efforts. They will go through the trial-and-error phase -- we don't know exactly how to do all of this stuff -- but they will come out with solutions that others can mimic. And we can solve this problem. The private sector can solve it.

I think the worst thing that can happen right now would be for Congress to go start legislating.

TCS Daily Archives