 I am just really, really delighted to be able to introduce Julie to you. Julie Brill is one of the commissioners at the Federal Trade Commission. She has held office there, I believe, for about five years now, which is a lot of time and a lot of hard work on our behalf. During her time there, the FTC has done some really, really illuminating and thoughtful work on issues surrounding privacy and data brokerage and things like that. That, of course, is just one piece of an enormous portfolio that the FTC has. I'm really grateful that she has taken some time out of her very, very busy schedule to come and share some thoughts with us here. She's going to talk for a while, and then she tells me she will be happy to field some questions. Without further ado, you can find Bio in the web and things like that. I'm going to just invite Julie up to take the podium and share her thinking with us. Please welcome Julie Brill. Hi, everybody, and thanks Clifford for that very nice welcome and introduction. And thanks to the Center for Networked Information for inviting me to address this meeting. You know, the vast array of topics that you've covered, I've looked at their brochure, and so has my staff, and you know, it's truly inspiring. The scope of what you're looking at and thinking about highlights the profoundly beneficial effects that digital technologies can have on access to information for research, education, cultural preservation, and other scholarly endeavors. I greatly admire the work that you're doing and that you have done over the years to connect researchers and educational efforts, and its ongoing efforts to make scholarship more accessible and collaborative. So thanks for all that you're doing. Now at first glance, CNI and my agency, the Federal Trade Commission, would seem to be focused on quite different issues. Yet I think it's clear that CNI and the FTC, when you look just underneath the surface, we're wrestling with many of the same questions about the benefits and risks of an increasingly connected and data-driven society. One broad issue in which we share an interest is the Internet of Things. We are connecting nearly everything from cars and buildings to clothing and light bulbs to the Internet. Network equipment manufacturer Cisco reports that there are 25 billion networked devices in the world today and predicts that there will be 50 billion by the year 2020. These sensors, along with our smartphones, tablets, and computers, generate twice as much data today as they did two years ago, and this trend is expected to continue. Sensors that are so small and efficient that they can power themselves with ambient radio waves are becoming a reality. But the number of connected devices and the relentless accumulation of data are only part of the story. The other part of the story is big data. Data is becoming cheaper to collect and keep, and our ability to analyze it is improving. This development holds many promises. Cities can better maintain their infrastructures by developing sophisticated early warning systems for gas and water leaks. Medical researchers can enroll patients in large-scale research projects and collect streams of useful data that in the past would have been a mere trickle coming from surveys and patients' own reports. In classrooms from preschools to universities, online learning resources are enriching students' experiences and helping teachers tailor their instruction for students' abilities and interests. And online courses and the communities of students that grow up around them are making it possible for people all over the world to learn and earn degrees from the world's leading experts and most prestigious universities. Some significant risks go along with the potential benefits of connected devices and big data. As we add devices to our homes, classrooms, and clothes, much more sensitive data will be collected. User interfaces on devices will shrink or disappear, making it more difficult for consumers to know when data is being collected or to exercise any control. In fact, I expect that the Internet itself will disappear because connectivity will just be part of the way things work, as electricity is today. Now these developments pose difficult challenges for privacy, security, and fairness in our society. In sensitive settings, these challenges are particularly acute. Let's take education, for instance, where privacy violations and security breaches can cause a wide range of harms, and inaccurate or unfair data processing can have a big ripple effect on students' lives. More generally, the data that will be available as a result of these connected devices will be deeply personal, and big data analytics will make the data more readily actionable. Some of these devices will handle deeply sensitive information about our health, our homes, and our families. Some will be linked to our financial accounts, some to our email accounts, and the devices themselves will be more closely connected with our actions in the physical world, making data security and device security critically important. But some fundamental aspects of our world are not going to change. No matter how connected and data-driven we become. Most importantly, we, as individuals, will remain roughly the same. We will not suddenly become capable of keeping track of dozens or hundreds of streams of our data, peering into the depths of algorithmic decision-making engines, or spotting security flaws in the countless devices and pieces of software that surround us. Faced with a world of uncertainty about which devices are safe and whether consumers are getting a fair shake in the big data world, consumers can use some help. Now I'm optimistic that consumers will be able to navigate and benefit from this complex and uncertain and exciting world. The key, I think, is keeping our focus on the ever-arching value of trust. Trust is the flip side of risk. It is the expectation of favorable reciprocity from others in situations that are uncertain or risky. Trust does not depend on knowing everything there is to know about the person, company, or thing with which you're interacting. Instead, trust becomes an expectation in which we ask, will this person, company, or device do what I expect it to do and not something else? So there's a close connection between trust and transparency, and it's this connection between trust and transparency in the context of the Internet of Things and big data that I'd like to discuss with you today. Now before I get into that discussion, let me take a moment to first describe the role that the FTC, the Federal Trade Commission, my agency, plays in privacy, data security, and consumer protection in general. We are the nation's leading consumer protection agency, and we share competition enforcement authority with the Department of Justice. Under authority given to us under Section 5 of the Federal Trade Commission Act, the FTC is responsible for protecting consumers from a broad range of unfair or deceptive acts or practices. Now it's under that authority, that Section 5 authority, that we have brought nearly 100 privacy and data security enforcement actions. The flexibility of Section 5 and our broad authority to obtain remedies that protect consumers have allowed us to keep up with rapid changes in technology. For example, we have brought actions against companies for allegedly collecting information inappropriately from consumers' mobile devices, for making unwarranted intrusions into private spaces, for exposing health and other sensitive information, for exposing previously confidential information about individuals' networks of friends and acquaintances, and for providing sensitive information to third parties who in turn victimize consumers. We have also brought hundreds of cases vindicating consumers' rights under laws that protect sensitive information. Those are special separate laws that deal with information about children, financial information, medical data, and information used to make decisions about consumers' credit, insurance, employment, and housing. Now the FTC also maintains a pretty busy policy docket. At the beginning of this year, we published a report on the Internet of Things, which emphasizes the importance of data and device security, as well as the applicability of established privacy principles to connected devices. Before that, we published a detailed study of the data broker industry, as Clifford referred to. And frankly, as far as I'm concerned, the data broker industry has been in the big data business long before the words big data became part of our daily lexicon. We also held public workshops on so-called alternative consumer scores, and the potential for big data analytics to be used in ways that discriminate against consumers. And just last month, we held a public workshop on cross-device tracking, which refers to companies' efforts to correlate consumers' activities, any consumers' activities as she moves or as we move, from a smartphone to a tablet to a desktop computer. So let me now turn to the connection between transparency, privacy, and consumer trust. Consumers want to know, and should be able to easily find out, what information companies are collecting, where they're sending it, and how they're using it. This kind of information is important to consumers' decisions about whether to use digital products and services in the first place. But transparency is also important in situations in which consumers are not making choices about whether to interact with the company, but instead, where the company is operating behind the scenes in ways that can significantly affect consumers. Data brokers illustrate this point well. Data brokers are companies that assemble individual profiles on consumers by collecting information from far-flung sources, but typically they don't interact directly with the consumer themselves. Through these profiles, consumers can end up in marketing segments drawn along lines of race, ethnicity, financial status, health conditions, and other sensitive characteristics. With all of this data and the inferences that data brokers can draw from it, they put consumers into categories or segments that had labels such as, we talk about this in our report, and it's been talked about in other reports, financially challenged is one segment. Bible lifestyle, another one. Diabetes interest. Metro parents, and that was a list of single parents who are primarily high school or vocationally educated and are handling the stresses of urban life on a small budget. And another segment that was uncovered recently is called Timeless Traditions, a list of immigrants who speak some English but generally prefer Spanish. Now, while consumers might benefit from some of these segments by receiving more relevant advertising, for instance, consumers should have some choices about where their data ends up and how it is used. Transparency is enhanced by giving consumers what we call at the FTC just in time notices or information. That's giving them information at key moments when it is most relevant to them, such as when they're deciding whether to download an app or whether to allow that app to collect geolocation information or whether they want to make a purchase on a connected device. But transparency should also include helping consumers navigate a complex ecosystem of data, devices, and big data analytics operating behind the scenes so that consumers understand the practices that can affect them and exercise choices about these practices. Now think about the alternatives just for a second, the alternatives to being transparent with consumers. One reasonable response of consumers is that they'll harbor suspicions about a product or service and may choose to avoid it or use it less than they would if they trusted it fully. Another response, particularly when an entity that consumers don't know about is collecting or using data, is to react angrily when the truth about the company's data practices come out. Comes out, sorry. And I think it's wise to presume that the truth will come out eventually. In either case, the result is the same. Consumers or customers lose trust in a company and the results for the company can be devastating. Now many companies and organizations understand this, particularly this important connection between transparency, privacy, and trust. But being transparent in the data-intensive age is challenging. With the Internet of Things, many connected devices do not have a user interface to present information to consumers about data collection. Devices, as I mentioned, are becoming more numerous, adding to the mountain of information that companies present to consumers in their privacy policies that one researcher has found can be as long as Hamlet. That's true. As devices become integrated into homes and other physical spaces, there are also questions around who should receive disclosures about data collection and use practices. How will consumers who buy a device and the innocent bystanders around that device know when the device is recording images or taking down audio and recording audio? And there are other questions like how can consumers choose to avoid having their data collected? For how long will their data be kept by the companies who are collecting it? And how will these companies keep the data secure? Now, companies that provide connected devices should recognize that providing transparency will require some creative thinking. Visual and auditory cues and immersive apps and websites should be employed to describe to consumers in meaningful and relatively simple ways the nature of the information being collected. The same signals should be used to provide consumers with choices about whether any of this information can be used by entities or persons who fall outside the context in which the consumer is employing the device and in which the consumer expects her information to remain private. Now, there's another promising tool for providing information to consumers in this world of connected devices, as well as allowing them to exercise some meaningful control. And this is known as the command center that companies are now developing to run multiple household connected devices. The driving force here is obviously convenience, but these command centers could also provide an opportunity for consumers to understand the information their devices are generating and to control where that information goes. After all, if you can have a centralized interface to program your garage door, your thermostat, your television, your refrigerator, and Lord knows what else, you ought to be able to use that same interface to make meaningful choices about the data your devices will collect and where they're going to send it. Now, let me turn to the issue of transparency and fairness in Big Data Analytics and how it relates to consumer trust. Big Data Analytics, sorry, employed both by data brokers and within companies themselves, are being used to segment consumers by interests and traits and to make an increasingly wide range of decisions about consumers. Now, some of these analytics projects could create questions about fairness. For example, a company might analyze its own data in an effort to identify good versus troublesome customers. The good ones will get to the front of the customer service line, you know, on the phone or on the computer, and the troublesome ones might go to the end of the line. But what if this analysis ends up tracking individuals along racial or ethnic lines? A Harvard Business Review article argues that this kind of result isn't just possible, but it's inevitable. Transparency for Big Data Analytics, both within companies and through third parties, is necessary to engender trust by informing consumers about the significant impact that Big Data Analytics can have on them and clarifying their choices with respect to some kinds of data collection and use. Transparency is also a helpful check on potentially troublesome data practices, since, as Lewis Brandeis famously said, sunlight is said to be the best of disinfectants. Without more transparency in Big Data Analytics, questions will linger about the role that Big Data Analytics plays in the marketplace and whether consumers are being treated fairly. But the question is how to present information that is meaningful to consumers along these lines. Now many of these kinds of decisions are going to be based on some kind of score, a number that's generated by an algorithm that gives some indication of what a consumer is likely to be interested in or how she is likely to behave. A familiar example that I'm sure all of you know about is a credit score. Credit scores are basically predictions of how likely a consumer is to pay back a debt. The higher the score, the lower the credit risk. In their early days credit scores were used strictly for credit decisions, whether you'd be able to qualify for a mortgage, for example, and the interest rate that you were going to be offered. Over time the use of these credit scores expanded to other major decisions about consumers, such as whether a prospective employer would extend a job offer to an applicant, or an insurance company would charge a higher premium on auto or homeowner insurance. Now we know a great deal about what information is in our credit reports and what our traditional credit scores look like. And we know a lot about it for one simple reason. Congress has required some transparency in credit scoring. In 2003 Congress instructed the FTC and the Federal Reserve to study whether one type of popular credit score used for auto insurance employed factors that serve as proxies for race, gender, or other traits that could give rise to unlawful discrimination. In addition Congress required credit bureaus to make consumers credit reports available to them for free and credit scores are increasingly becoming available for free to consumers. Now these transparency requirements and practices have been good for consumers and I think they've been good for credit bureaus and for companies that rely on credit scores to make business decisions. With the transparency provided by free credit reports and increasingly free scores consumers can more effectively exercise their rights to dispute and correct inaccurate information. And the thorough analysis of one critical type of credit score by the FTC and the Federal Reserve made users more confident that this score was not discriminatory. Today we're seeing a proliferation of other types of scores being used to make eligibility determinations covered by the Fair Credit Reporting Act. While these scores are subject to the same obligations of access, accuracy, security, and other requirements imposed by the FCRA they haven't been subject at least not yet to the same kind of scrutiny that Congress and the federal agencies brought to bear on one traditional credit score. The use of these new sources of information including information that goes beyond traditional credit scores to score individuals and to score consumers raise fresh questions about whether these alternative scores may have disparate impacts along racial, ethnic, or other lines that the law protects. And an increasing range of algorithmic scores and decisions fall outside of the framework provided by the Fair Credit Reporting Act entirely. The FTC identified a few of them in our May 2014 report on data brokers. We highlighted so-called risk mitigation. And these are services that service sources to make significant decisions about consumers that are not subject to the protections of the FCRA. These services answer questions like, is this consumer who she claims to be and is the purchase that this consumer is attempting to make likely to be fraudulent? While some of these risk mitigation scores may fall under the FCRA, a vast bulk of them do not. Now transparency is important across the full range of decisions that I've just been talking about. But it's not realistic to rely on the approach that the FTC took to understand one type of score that was used for auto insurance in order to gain an understanding of the full spectrum of scoring models that are used today. It took the FTC nearly four years to conduct the study that I've been talking about. The FTC and other federal agencies for that matter simply do not have the capacity to study every new score that is out there. This approach simply would not scale. Moreover, scoring algorithms and other forms of big data analytics rely on statistical models and data system designs that few on the outside understand in detail. And even if we were, even if we were on the outside, those of us who were on the outside could peer into the hundreds of scoring algorithms that could potentially affect consumers, what would we learn? We might learn which features of a data set are used in a given algorithm and what weight a company attaches to them. These details, though, might be so abstract and so rapidly changing that they would not tell government, consumers, or other concerned stakeholders much at all about what really matters. And that, I believe, is how the algorithms are actually used and whether they have discriminatory or other inappropriate effects. This suggests that the testing, that testing the effects of big data analytics may be a promising way to go, but this route does have some challenges, too. On a technical level, many companies will not have the data, the type of data that they need to definitively answer the question of whether they are treating consumers of different races or ethnicities differently. For example, an ad network might track consumers by using an e-mail address or a device identifier. The ad network might be able to combine this information with other data that is readily available to it, such as which apps a consumer is using. And all that data would be used to make inferences about more sensitive personal characteristics. But this is far from having test data in which consumers' race, health conditions, financial status, and other sensitive personal characteristics are known. Doing this kind of analysis from the outside is difficult. Researchers have done some proof-of-concept studies, but they required considerable work and involved efforts to tackle some cutting-edge research questions. This means that companies using scoring models should themselves do more to determine whether their own data analytics result in unfair, unethical, or discriminatory effects on consumers. In addition to scrutinizing their own practices, companies can provide consumers with creative user interfaces to give consumers more meaningful, usable access to their data. Now, ultimately, I believe we need legislation to address many of the issues that I've been talking about, but technologists have a key role to play, too. They have the skills to make data access tools that are easy for consumers to use and they have the technical insights that are necessary to determine whether specific analytics and specific analytic practices pose risks of excluding or otherwise placing at a disadvantage groups defined according to sensitive traits. I'm hopeful that companies will give technologists, including designers and user interface experts the support and resources needed to tackle these critically important questions. So although I've been addressing transparency, privacy, and fairness from the perspective of consumers and also talking a lot about trust, I hope that the challenges of the Internet of Things and big data that I've been discussing, as well as my suggested solutions, apply to the schools and institutions in which many of you work. Trust is every bit as important to students, parents, and researchers in the educational and research context as it is to consumers in the commercial marketplace. Despite the complexity of some of these problems, some simple questions and operating principles can help guide all of us. The more you can tell your stakeholders about what you're doing to keep their data secure, to use it fairly, and generally to meet their expectations for the kinds of sensitive data that you collect, store, and use, the better off everyone will be. Thank you very much. So, as Clifford said, I am happy to take a few questions if anybody has any. Or you all may be very exhausted from a very full day or two of talking about all these issues and more, but I am happy to take a few questions if you like. And I think there are mics. There we go. There's somebody. Hi. I'm David Rosenthal from Stanford. I noticed that you talked about data security for the Internet of Things, and I want to raise a number of problems in that area. The first one is that the reason that these sensors are proliferating is that they're extremely cheap. And that means that the business model behind that's delivering these things is incapable of supporting the necessary software, continuing software updates that keep the things secure so that one thing we know is true of the Internet of Things as it exists right now and it will continue to be true of the Internet of Things in the future is that it's catastrophically insecure and that there is no practical way of preventing these devices being subverted to harm the owner or to attack other devices in the Internet. We've just seen a major attack on the root servers which has apparently came from a botnet running on people's smartphones. The Microsoft and Sony networks were taken down by a botnet running on people's home routers. And the DMCA effectively makes it illegal for people to research and find these vulnerabilities and report them. And the trade treaties which the administration is pushing make it even more illegal. In fact, according to the TPP, if somebody uses their laptop to investigate a vulnerability of one of these devices, their laptop can be seized and destroyed. That's not very helpful. And the other thing that's happening at the moment is that the Supreme Court's just ruled again that companies can impose mandatory arbitration on their user and user license agreements which means that they can do whatever the hell they like and you have no chance of suing them about it because if you do, you'll end up in arbitration and the arbitration will rule for the company. So there are a number of very serious problems here and the result is we're proliferating the Internet and the world with devices that will undermine its security completely. So, please, go ahead and applaud. I've no problem, sorry. I couldn't agree with you more. I actually had a whole section of my speech that it would have been even longer about security and touching on all those issues and more, but I decided to spare you and focus instead on privacy. But you're absolutely right. In our Internet of Things report, which I do recommend and I hope many of you will go to our website and at least take a look at at least the executive summary, you'll see that we focused a great deal of the report on the security issues, many of which you mentioned, and I just want to highlight a couple of additional ones. So you're absolutely right. The business model is going to be very difficult to address security issues with respect to the Internet of Things. It is absolutely true that many of these devices are going to essentially be throwaways and it's not going to make economic sense for companies to push through patches. They'll fix their new device, the new iteration, but they're not going to push through patches and it's going to be difficult to communicate with consumers who are using the older connected pens or connected glasses, whatever it is, that they are dealing with a security threat, a threat vector. And as to the threat vector issue, Hewlett Packard, going to your point about how insecure many of these devices are, Hewlett Packard did a study of connected devices I don't know how many they studied, but they studied a lot of them, and they found that the vast majority, I think it was on the order of 90%, are collecting personal or linkable information and 70% of that information is flowing over unencrypted networks. So we're talking about some really, really serious security issues. So I commend to you and to everybody who's interested in this issue, all of those of you who applauded and others really take a look at our report because that is the very issue that we focused in on. Oh, and I should mention one other thing. We're not just talking about the security of data, but we're talking about the security of the device itself. And there have been proof of concept hacks, if you will, or studies done of taking over a connected car or taking over a connected medical device. And this presents threats not just to individuals' data and their dignity and the fairness with which they're treated as I spent my time talking about, but it also affects their personal safety. So there are lots and lots of issues around this. Thank you for raising that because you spared me from having to talk about that and put that into my speech. So thank you. Please. Hello, I'm Sue Gardner from University of Nebraska-Lincoln, and one thing I'm concerned about is accuracy of data being collected about me. I have a very common name. One of the administrators of Wikipedia is named Sue Gardner. She's been conflated with her, which is really funny. I have a friend named Sue Gardner. There you go. There's another person in my... She lives in Hartford. See? There's another in my town. I have to always give my address when I pick up my dry cleaning. And Google Scholar, for instance, conflates me with other people with similar names. My husband, in fact, gets confused with me, and he's very accomplished in writing. So I bring his H score down a little bit. He raises mine. And I've tried to disambiguate these things sometimes. And then I sat back and thought, maybe I don't really want people, or whoever is out there, to know accurate information about me. So I stopped trying to disambiguate all of that. So I just wanted to bring that up and maybe ask your comments about that issue. Sure. It's another great issue. So the accuracy of this information is a big issue. And it's one of the reasons why, outside of the credit reporting context, I have been calling for legislation that would require data brokers that are selling these profiles to allow consumers to access their information so that they could correct it if they wanted to. Let me just mention a couple of things here. So the reason I spent a little bit of time talking about credit reports in my talk is because they really are the progenitors of big data. And Congress decided back in 1970 to place rules around how credit reports could be used and how individuals could access their reports and correct them because of the fact that this data was being used for very, very sensitive purposes. Can you get a loan and for how much? Can you get insurance and how much is that going to cost? Can you get a job? As a tenant, can you rent? So Congress decided because this data was being used for very important and sensitive decisions, consumers should be able to access that information and correct it. I absolutely believe the same thing should happen with respect to data brokers. But I have had a similar... I want to just mention a personal experience that I had that's similar to yours. There is one data broker that has been listening to me. Actually, all of them are listening to me. But there's one that has taken action and has provided an immersive tool for consumers to use. It's an online tool that consumers can go to and look at the data, at least some of the data, that this company has. The company is called Axiom. It's one of the biggest data brokers that exists. And the website or portal is called aboutthedata.com. And you can go to it and see, with respect to your marketing profile, not your risk assessment profile, which I also mentioned in my talk, your marketing profile, that is advertisements that you're going to see and whatnot, how you're being categorized. So I went to, of course, I went to the portal and to see how I was being categorized. And there were several errors in it. I think they had my salary wrong and they had my job wrong and a couple of other things. I decided not to correct it for the very reasons that you're talking about. I kind of thought, do I really want advertisers to know that much about me? Similarly, I went to Google and Google actually does have a really good tool that you can see if you can find it. If I could find it, you guys could find it. I mean, it's not that hard to find. But you can go and you can see how you're being categorized by Google. And Google has me pegged as a 65-year-old man. And it's because I watch a lot of sports. And I'm also much younger than 65, but I watch a lot of sports. I watch a lot of sports late at night because my family isn't in Washington here with me and so I'm here by myself. And I just watch sports. And I love basketball. I love soccer. So they decided I'm a 65-year-old man. And I could have gone in and changed that too and corrected that, but I decided not to. I decided, hey, let's see what I get as a 65-year-old man. I'll walk in someone else's shoes for a while. So that's just... But I do think this issue about correcting information when consumers want to. You don't have to. But if you want to, I think it's critically important that consumers be given this tool or these choices. Yeah, I'll take one more. Hi, my name is Anthony Hellman. I'm at Dartmouth College. I really appreciate your opening comments about the FTC's role as a leading consumer protection agency. Right. And I just wanted to follow up some of the other security thread questions as well with the degree to which or asking about the degree to which the FTC is countering or trying to advise other departmental agencies who are advocating, for example, for encryption backdoors into consumer devices and how that seems to go at odds. And there seems to be a real fundamental lack of understanding how one backdoor for one agency might as well be a backdoor for anyone with enough gumption, as it were. Thank you. That's another great question. I shouldn't be surprised that I get great questions from a crowd like this. There's a lot of discussion underway now with respect to encryption and with respect to backdoors. I mean, you all undoubtedly have been following these issues. And frankly, these issues aren't really new. They kind of swing back and forth and have been swinging back and forth for a while now, at least since the 90s. You know, since the internet became such a powerful collector of data that could be used not only by commercial entities but also by governmental entities. I have stated publicly in speeches and elsewhere that I am worried about the magical thinking, and that's what I think it is, that creates this notion that backdoors can be exploited by some for good purposes, law enforcement, let's just say, and national security and otherwise. Really, it's law enforcement, we're talking about, though. And not exploited by people who have bad intentions, for instance, hackers, other malicious actors. So I'm deeply worried about our ability to do this. And I'm worried that the belief that it can happen safely is, as I said, a form of magical thinking. So I think we do need to keep in mind as we have these debates about encryption, the consumer's perspective and the desire for consumers to have their information held securely and to ensure that there aren't going to be these vulnerabilities built in that could lead to significant problems for them, not just with respect to law enforcement, but in other areas that we've been dealing with for so long. So, yes, we have been interfacing on that issue and it's a deeply important issue. And as I said, I think the dialogue and the discussion about it will probably continue for quite some time. So thank you very much. I really appreciate it and especially thank you for your questions. Take care. Bye-bye.