"There are a lot of people who think cyberspace is the Wild West, but it isn't," said Mozelle Thompson, one of four current FTC commissioners, referring to the FTC's belief that online privacy breaches and credit card fraud remain serious problems.
While he declined to say whether an FTC report due by summer's end will recommend new e-commerce privacy or anti-fraud regulations, Thompson's remark suggests the FTC may call for Congress to lay down the law in Dodge City.
Thompson made his comment during an interview with ZDNN here today. He also said he thinks the Internet industry could do a much better job protecting consumers than it's done so far.
"If the goal is to make e-commerce more accessible to the average consumer, the Internet can't be a place where the consumer feels they have to take on a high degree of risk" to their data privacy to carry out a transaction, Thompson said.
He also told ZDNN he was "really disappointed" with the results of a study published in May that showed most Internet sites could do a better job of protecting consumer privacy.
Thompson's words carry weight because he has spearheaded the agency's two-year investigation into whether to recommend that Congress pass new laws regulating Internet commerce.
The issue of just how much risk exists for online users was a topic of hot debate here at the FTC's public workshop on Consumer Protection in the Global Electronic Marketplace, conducted yesterday and today. There is fundamental disagreement over how much risk consumers really take in buying goods and services online.
Some participants in the workshop, the agency's last public event before the commissioners draft their report to Congress, said the purported risks have been overblown.
"I think there is a wrongful perception out there that there is all this Internet fraud," said Peter Gray, co-founder of the Internet Consumers Organization. "Upon investigation, we find that a lot of it is people who didn't know their kids had gotten hold of their credit cards. There's absolutely no evidence that fraud is a huge problem that is preventing people from using the Internet," Gray said.
"Fraud is one issue, but the real issue is the new entrepreneurs entering the (e-commerce) business who don't understand the rules" of protecting users' privacy and guarding against credit card fraud, said Steve Cole, senior vice president and general counsel at the Better Business Bureau.
Many online businesses, once they hear from consumer watchdog groups such as the Better Business Bureau, are more than willing to change their policies to help protect consumers, Cole said.
Some law enforcement officials cautioned, however, that self-regulation doesn't have the impact of legal pronouncements.
"The role of self-regulation is to supplement, not to supplant, baseline legal protections," said Eric Wenger, assistant attorney general in the Internet Bureau at the New York state attorney general's office. "Self-regulation alone lacks enforcement; if you violate it, there may not be a penalty."
The FTC is not necessarily against the idea of self-regulation, either. Another key FTC official, Commissioner Orson Swindle, said it would be foolish to think that all Internet fraud can be eradicated.
"We can only touch a smattering of all the crooks in the world," Swindle said. "Self-regulation may not work as fast as we'd like it to, but my impression is it's light years ahead of what government can do."
With one study on Internet privacy just completed and another on international cyber commerce still underway, a few trends have emerged to make regulators such as Thompson nervous.
The privacy study, conducted for the FTC by Georgetown University, revealed that a growing number of e-commerce sites tell users whether they collect personal data, but the vast majority (about 90 percent) fail to meet all the researchers' criteria for truly protecting user privacy. Those criteria include offering ways to opt out of data submission, supplying contact names, and setting forth mechanisms for conflict resolution.
"I was really disappointed in that finding," Thompson said.
Many Internet companies have maintained ever since the FTC's original report on e-commerce privacy in 1997 that the industry simply needs more time to respond to the challenge of protecting user privacy. Some were still saying that when the Georgetown study was released in May.
"The industry can't have it both ways," Thompson said. "They're saying it takes so long (to implement privacy protections), but if you look at their own pronouncements on what an Internet year is, any more delays in providing consumer remedies really take on a different cast."
Ears still open
Before the report to Congress is finalized, Thompson said he wants to hear more from the Internet industry on what new steps it intends to take to protect user privacy.
"The big issues for me are whether the industry is getting the message out to smaller companies as well as major ones, and whether companies are providing meaningful enforcement of their privacy policies," he said.