PRIVACY IN ELECTRONIC COMMUNICATIONS THURSDAY, MARCH 26, 1998 HOUSE OF REPRESENTATIVES, The subcommittee convened at 10 a.m. in Room 2237 of the Rayburn House Office Building, the Honorable Howard Coble, chairman of the subcommittee, presiding. Present. Representatives Howard Coble, [chairman], Barney Frank, F. James Sensenbrenner, Jr., William D. Delahunt, James E. Rogan, Bob Goodlatte, and Edward A. Pease. Also present. Mitch Glazier, Chief Counsel; Debbie Laman, Counsel; Robert Raben, Minority Counsel; and Veronica Eligan, Staff Assistant. OPENING STATEMENT OF CHAIRMAN COBLE Mr. COBLE. Good morning, ladies and gentlemen, and welcome to our subcommittee hearing. The subcommittee will conduct an oversight hearing on privacy in electronic communications. This hearing was suggested by the Ranking Member of this subcommittee, Mr. Frank of Massachusetts, and I am pleased to begin exploring this very important and very delicate issue. In the technologically advanced world in which we live privacy in electronic communications is of vital importance to individuals and businesses. The ability to intercept, descramble and eavesdrop on private electronic communication over the Internet and cellular and digital communications places the privacy of individuals and businesses in jeopardy. That in turn deteriorates the incentive for individuals and businesses to engage in electronic commerce, and as a result stifles the growth of American business. It also places at risk the fundamental right of individuals to keep personal information private. I look forward to the informative and hopefully illuminating educational hearing today. This is an area, folks, and I'm just thinking aloud now, where it's not unreasonable for citizens to want some sort of assurance of privacy when they disclose certain private information on the Internet, and some sort of assurance that the public at large won't be able to intercept or descramble and come into possession of that information. Descrambling on the part of third party individuals and/ or the government has indeed become a problem. (1) So having said that, I am pleased to recognize the gentleman from Massachusetts, Mr. Delahunt. Mr. DELAHUNT. Thank you, Mr. Chairman. I don't have an opening statement, but I would associate myself with your remarks. I think this is an issue that is starting to emerge in the public consciousness, and I expect that this will be the first of a number of oversight/educational hearings that we will conduct on this particular issue. I would ask the witnesses, and this is rather an informal hearing, to describe, if they can, those laws that are currently invoked with respect to the protection of privacy as they apply to digital, cellular and communications over the Internet. That I think would be a good start to give the members of this subcommittee a sense of what the current status is of the laws of privacy in terms of these kinds of communications. Thank you, Mr. Chairman. Mr. COBLE. I thank the gentleman. Mr. Rogan of California, do you have an opening statement? I waive an opening statement. Mr. COBLE. I see Mr. Frank has joined us, and I'll wait until he Mr. FRANK. Go ahead. Mr. COBLE. All right. Mr. Frank can speak to us later. Our first panel, Ambassador David Aaron has been the United States permanent_representative to the Organization of Economic Cooperation and Development, OECD, since September, 1993. In addition to his responsibilities as Ambassador to the OECD, Under Secretary Aaron has been designated Special Envoy for Cryptography. His responsibility is to promote growth in international electronic commerce and robust, secure global communications in a manner that protects the public safety and the United States national security. Next we will hear from Mr. David Medine, Associate Director for Credit Practices of the Bureau of Consumer Protection of the Federal Trade Commission. Mr. Medine is responsible for enforcing numerous Federal credit statutes, including the Equal Credit Opportunity Act, Truth in Lending Act, Fair Debt Collection Practices Act and Fair Credit Reporting Act, as well as the Federal Trade Commission Act. He has testified before Congress on numerous occasions and has worked on a number of policy issues relating to consumer protection in cyberspace. We welcome you, Mr. Medine, and Ambassador Aaron in absentia until he gets here. [Ambassador Aaron joins Mr. Medine at the witness table.] Ambassador, it's good to have you with us. If you all can please confine your comments to 5 minutes. I assure you your written testimony has been and will be examined thoroughly. You will know your 5 minutes have elapsed when you see the red light illuminate. Having said that, let me recognize Mr. Frank if he has an opening statement. Mr. FRANK. Having come late, Mr. Chairman, I will pass on that. I appreciate your convening this hearing giving us a chance to talk about this. I would say obviously this late in this session we're not going to be doing anything legislatively now, but I think it is important that we begin this period of consideration. There may very well need to be some legislation, and this gives us a good start. So I encourage those who have an interest who may be here listening to take advantage of our being here and to follow up on this because I do believe that by the next Congress the time will be ripe for some legislation, and this is the right way to begin to go about it. I also would note as people read about all the contention and acrimony that besets this committee that it is nice also to have an example that we can remind people that most of the work most of the time goes forward in a very straightforward, non-partisan and non-ideological way, and we may reserve the right to yell at each other next week. But I do think we should be explicit that the differences that we have where they exist in no way hinders our ability to work together in non-ideological and non-partisan ways to do important business. Mr. COBLE. As Mr. Frank so eloquently said on the House floor yesterday, he has yet to see a pie hurled in the direction of a Judiciary Member by a fellow Judiciary Member. Mr. FRANK. Thank you, Mr. Chairman, and just for people from my_part of the country may I point out that "pah" is spelled p-ie. [Laughter.] Mr. COBLE. And I thank the gentleman. I said this earlier, but I want to credit Barney for this hearing because it was his idea. This is an area that needs attention directed to it. As Barney pointed out on the subcommittee, this issue has attracted widespread attention across the spectrum. Ideologically we have ultra-conservative and ultra-liberal advocates for this. So I look forward to hearing from you all. Mr. Medine, if you will kick it off. STATEMENT OF DAVID MEDINE, ASSOCIATE DIRECTOR FOR CREDIT PRACTICES, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION Mr. MEDINE. Thank you, Mr. Chairman and members of the committee. I appreciate the opportunity to present the Federal Trade Commission's views on the important issue of privacy on the Inter net. The Internet is an exciting new marketplace for consumers. It offers not only unprecedented ease of access to a vast array of goods and services, but also to sources of information that will enable consumers to make better informed purchasing decisions. The Commission recognizes the importance of the development of the Internet as a viable and safe marketplace for consumers. Yet our experience and survey results teach us that in order for the online marketplace to grow sufficient privacy protections must be in place. Surveys have shown that increasing numbers of the consumers are concerned about how their personal information is used in the electronic marketplace. According to the results of a Business Week survey published just last week, consumers who are not currently using the Internet ranked concerns about privacy of their personal information and communications as the top reason they have stayed off the Internet. The Commission's primary statutory jurisdiction in this area is the Fair Crediting Reporting Act and the Federal Trade Commission Act, which I would be happy to discuss further, not as part of my testimony, but in response to the members' concerns. We are focusing primarily in the testimony today on what the policy and self-regulatory approaches should be to Internet privacy. The Commission's approach has been to first assess the impact of consumer protection issues for consumers online engaging in commercial transactions, to provide a public forum for the exchange of ideas and presentation of research and technology, and to encourage industry self-regulation. The Commission supports technological innovation and encourages industry self-regulation. I want to touch on three areas of Internet privacy and privacy generally: first, look-up services; second, unsolicited e-mail and, third, online privacy generally. First as to look-up services. In response to a growing public and Congressional concern, the Commission examined the availability of sensitive personal identifying information through computerized databases that are used to locate, identify or verify the identity of individuals. These are often referred to as individual reference services or look-up services. The Commission's study of this issue culminated in a report to Congress this past December. The Commission found that a vast amount of information is available about consumers through these services both through proprietary networks and on the Internet. The Commission found that the look-up services provide some valuable benefits in terms of law enforcement agencies' ability to carry out their mission, parents' ability to find missing children, journalists to report the news and consumers to find lost relatives. At the same time the availability of this information poses risks to consumers' privacy and financial interests, including the possibility of increased incident of identity theft. Fourteen companies, a substantial majority of the individual reference service industry, as well as the three major credit bureaus, agreed to abide by what are called the IRSG principles, a set of principles that address the availability of information obtained through these services. These principles primarily address access to individual information obtained from non-public sources contained in these databases. It's noteworthy that the IRSG principles prohibit distribution to the general public over the Internet or otherwise of certain nonpublic individual, including Social Security number, mother's maiden name and date of birth. These principles show particular promise because of their degree of specificity, their inclusion of a compliance assurance mechanism and the likelihood they will influence virtually the entire individual services industry. The Commission concluded that these principles addressed many of the public concerns about these databases and suggested that these principles should be given a chance to operate before any legislation was enacted in this area. Turning to unsolicited e-mail, the Commission has gathered a considerable body of information about the growing problem of unsolicited commercial e-mail. Three initiatives have resulted from this effort. One is we have encouraged a cross-section of interested parties, including Internet service providers, online firms, senders of unsolicited e-mail and privacy advocates to form a working group, which they have done under the auspices of the Center for Democracy and Technology. They are expected to issue a report outlining some proposed solutions to this problem. Second, the Commission using its existing statutory authority has brought a number of enforcement actions in this area. And, third, we've launched an educational campaign. If I could just have an additional minute or two on online privacy generally. Mr. COBLE. Without objection. Mr. MEDINE. The Commission has focused extensively on the collection of information about consumers online and through its public workshops has encouraged and facilitated self-regulatory efforts. This month we are surveying 1,200 web sites to assess whether they are posting privacy policies, giving consumers choice over use of their information and giving access, as well, to that information. We will be issuing a report to Congress in June reporting on the results of that as well as assessing industry self-regulatory guidelines. We believe the report we submit to Congress will shed light on how much progress has been made in self-regulation and in achieving effective online protection for consumers, and if progress is inadequate in this area, appropriate alternatives may need to be explored. Thank you for the opportunity to discuss these timely issues. [The prepared statement of David Medine follows:] PREPARED STATEMENT OF DAVID MEDINE, ASSOCIATE DIRECTOR FOR CREDIT PRACTICES, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION Mr. Chairman and members of the House Judiciary Committee: I am David Medine, Associate Director for Credit Practices, Bureau of Consumer Protection, Federal Trade Commission ("FTC" or "Commission"). I appreciate this opportunity to present the Commission's views on the important issue of privacy on the Internet.1 I. INTRODUCTION A. Internet Privacy The Internet is an exciting new marketplace for consumers. It offers not only easy access to a vast array of goods and services, but also to rich sources of information that enable consumers to make better-informed purchasing decisions. The online consumer market is growing exponentially. In early 1997, 51 million adults were already online in the U.S. and Canada.2 Of those people, 73% reported that they had shopped for product information on the World Wide Web ("the Web”), the interactive graphics portion of the Internet.3 By December 1997, the number of adults online in the U.S. and Canada had climbed to 58 million, and 10 million had 1My oral testimony and responses to questions you may have reflect my own views and are not necessarily the views of the Commission or any one Commissioner. 2 CommerceNet and Nielsen Media Research, CommerceNet/Nielsen Media Demographic and Electronic Commerce Study, Spring '97 (March 12, 1997) (defining adults as individuals over 16 years old) (reported at <http://www.commerce.net/work/pilot/nielsen-96/press/97.html>) [hereafter CommerceNet/Nielsen Demographic Study, Spring '97]; IntelliQuest Communications, Inc., Worldwide Internet / Online Tracking Service (WWITSTMM): Second Quarter 1997 Study (Sept. 4, 1997) (reported at <http://www.intelliquest.com/about/release32.htm>). 3 CommerceNet/Nielsen Demographic Study, Spring '97. |