 Hi everyone. If folks could just take their seats, we're going to go ahead and get started. I will keep my introductions very brief, since I'm sure you've all seen me up here before. But my name is Sarah Morris, and I direct Open Internet Policy for New America's Open Technology Institute. And as longtime advocates for net neutrality and for strong privacy rules for ISPs, we're very excited to continue the conversation in the wake of what we feel is some bad news on those friends with the passage of the CRA overturning the FCC's privacy rules. But we're really looking forward to the opportunity today to talk about what that means for the future of privacy, for the future of an open internet, and for the internet more broadly. So following me today will be Gene Kimmelman, and he'll give some introductions. Thank you, Sarah. Thanks everybody for coming. I'm Gene Kimmelman, President and CEO of Public Knowledge. We are honored to be able to co-sponsor this event with New America, and thank you, New America, for hosting and inviting everybody. So Sarah teed it up. I want to elaborate for a minute on why we're here today. We thought it would be important to look at, at this moment in time, with the privacy rules having been rejected through the Congressional Review Act by Congress, and with a lot of discussion about net neutrality, to think about the two agencies that are often talked about involved in this, the Federal Trade Commission and the Federal Communications Commission, and what their respective roles are, have been, ought to be in the future. So we are really honored to have Commissioner Terrell McSweeney here with us today to tee up this issue for all of you and to lead into a panel discussion about it. It's particularly an honor for us to have Terrell here today because to me, she is really the epitome of the kind of person you want to have at an agency, an enforcement agency, at a regulatory agency in our government. And I say that, having been in Washington more than 35 years, and knowing a lot of really smart people who have come to serve and dedicated to the public sector, because Terrell brings together attributes that I think are the best kind of those kind of smart people. Just look at her background, she's worked in a law firm, she's done antitrust cases from the private sector side, she was at O'Malvany for a while. But that's not all of her connection with law and policy and politics. She went on to work in the Senate Judiciary Committee for then Senator Biden, covering a variety of domestic policy issues, and a lot of the key issues the Judiciary Committee covers, including competition policy, was an assistant to the president in the first term of the administration, the Obama administration, and covering a top advisor to then Vice President Biden. Again, covering a broad swath of policy issues across domestic policy for the US. She came to the FTC as a commissioner in three years ago, right, 2014, and has really become expert after having served, while I was in the Department of Justice with her for a number of years, looking at antitrust policy. With all of that governmental experience, experience in the private sector, focus on the elements of industry structure, the patterns of business development, the ways in which competition develops or not in the marketplace, and its intersection with domestic policy across all fronts. It's the combination of those experiences I saw when I was at Justice with Terrell, that she applied to antitrust enforcement, and that we've seen even more broadly since she became a commissioner at the Federal Trade Commission because of the broader jurisdiction beyond antitrust to consumer protection. So at a moment when we have the FTC's privacy rules eliminated, and a lot of discussion about what role the Federal Trade Commission would or could play, the question is, is it really plausible to imagine a world in which privacy protection's data security are handled completely by the Federal Trade Commission? In one very simple way, you might say, why not just one agency? But the history in this country is it has never been one single agency across healthcare, across banking, across telephone service, across a broad set of specific industry sectors regulated by specific industry regulators in addition to the Federal Trade Commission. So is it really plausible to have all of that handled by the Federal Trade Commission? And at the same time, we have the current chairman of the Federal Communications Commission, Chairman Pi, indicating that he will move away from Title II regulation for non-discrimination practices, net neutrality open internet rules. And well, according to press accounts, set up some kind of industry promissory structure where certain commitments are made by internet service providers like Comcast, Charter, AT&T, Verizon. And that under the FTC's general jurisdiction for antitrust and consumer protection, those promises would be somehow enforced. Now, is it really plausible for the FTC to do that? Again, historically, Federal Communications Commission has, under a mandate from Congress, promoted competition and consumer protection in the public interest. Federal Trade Commission has a somewhat different mandate. I'm hoping Commissioner Xweeney will address that today. But in my understanding, it's not just to broadly promote the public interest in competition. It has a specific standard to prevent harm to competition in a variety of ways and harms to consumers in a variety of ways. It's quite different than the Federal Communications Commission. So the question I think before us, as we're moving into this next phase of policy, is can the Federal Trade Commission, if this is the approach that is being followed by this administration, really cover the key elements of potential discriminatory practices that are harmful to large businesses, small businesses, and particularly consumers in the internet environment of a digital age? So with that, I would like to turn this over to Commissioner Xweeney. Thank you. Thank you so much for that incredibly nice introduction. I really appreciate it. Thanks, New America and public knowledge and everybody for joining this conversation today. It's great to see so many friendly faces and familiar faces. I feel like we've been all talking about these issues collectively for the better part of the last 10 years. So hopefully we're moving to a new phase of resolution on them. You know, it's a really important time to be having this conversation. I was thinking about this and getting ready for the event. We're close to the first 100 day mark of the Trump presidency. So if you're counting, by the way, that's like 1,085 days left. And, you know, so this is one of those milestones that we typically celebrate here in Washington with a lot of articles and assessments about what's been accomplished in the first 100 days, what hasn't been accomplished, what campaign promises have been fulfilled, which ones have been missed. And a lot of that attention is gonna focus quite rightly on healthcare, the Supreme Court, trade, taxes, some of these other big policy areas. And I'm concerned, frankly, that very little of it, if any of it's gonna focus on technology policy and the internet. You know, as a candidate, President Trump really hardly mentioned internet access, privacy, or consumer protection during the campaign. And what was said, frankly, wasn't all that alarming. In fact, some of it was even favorable. Protecting the consumer and empowering entrepreneurship has really been the foundation of bipartisan policies since the commercialization of the internet really began under George H.W. Bush's administration. And, quite frankly, in the consumer protection space and the privacy space has led to bipartisan support and passage of legislation like the Do Not Call Registry and the Children's Online Privacy Protection Act. Yet, in these first almost 100 days of the Trump administration, and unfortunately, what the rest of this Congress term portend is that we are about to potentially see a radical change in a host of issues, despite the fact that these changes are deeply unpopular with the American public. The recent passage and enactment of the Congressional Review Act legislation on broadband privacy is the most notable. But we've also seen the first moves against the open internet order. The rescission of rules meant to spur competition in cable boxes and troubling statements made about encryption and consumer privacy. All of these taken together show a departure from three decades of practice by Democrat and Republican administrations, practices that have helped spur our innovation-based economy while bringing information and American innovation to every corner of the globe. I think Americans intuitively understand and value the free and open internet. 81% of them understand and support the concept of internet non-discrimination. 60% oppose the idea of paid fast lanes for data. And not only is an open internet with privacy protections and competition popular, it has been the status quo for much of the internet era. A status quo that has created a virtuous cycle of innovation, trust, adoption, and further innovation. In fact, it is still the case that most Americans expect their sensitive data to be held securely and not used or shared without their consent. 91% of Americans want more control over their data, not less. Even as we embrace a ubiquitous, always-connected internet, we also expect to retain meaningful choices over our data. We recognize that these choices are more meaningful as the technology transforming our lives is also clustering us into like-minded communities and offering us increasingly targeted experiences that not only impact how and with whom we communicate, but also what opportunities are available to us. So what is the future of broadband, privacy, and the open internet? Let's begin with the recent privacy debate. One of the real problems, I think, with the rollback of the FCC privacy rule is that it is a huge shift of risk away from multi-billion industry giants and directly on to American families. The Federal Trade Commission cannot fill that gap because it does not have jurisdiction over the security and privacy practices of broadband, cable, and wireless carriers. So what we have at the moment, in my opinion, is a rapid implementation of a no-copse-on-the-beat approach to privacy and data security in which control over who gets our sensitive information rests in the hands of very few large companies, which are the gatekeepers for our connections to modern life. That will continue to be the case until Congress acts to fully repeal the Common Carrier Exemption in the Federal Trade Commission Act. We can't count on the marketplace or competition to deliver us better options because our broadband markets are highly concentrated. In three quarters of the country, people have only one choice for high-speed broadband connection. But let's assume, just for a minute, for argument's sake, that Congress acts and the FTC's jurisdiction is expanded, is putting privacy, security, and non-discrimination solely under the Federal Trade Commission, even the right approach to these issues. First, let me underscore the tremendous regard that I have for the FTC staff and the agency's 500-plus cases protecting privacy and security of consumer information. For more than two decades, the Federal Trade Commission has done a remarkable job protecting consumers as they have migrated from an analog world to a digital one. The FTC's efforts have focused on holding companies accountable for the promises that they make about the information about us that they use and collect. The agency has consistently focused on transparency, consumer choice, and security. Over time, the FTC has taken the view that consent may be inferred for collection sharing and use of information within consumer expectations consistent with the context of the transaction and consumers' reasonable expectation. Under this approach, the FTC supports opt-in consent for the collection and sharing of sensitive information, and sensitive information includes the content of communications, social security numbers, health, financial, and children's information, and precise geolocation data. Recent FTC privacy cases have focused on ensuring that consumers' choices about their privacy are actually honored by the technology that they're using. For example, in InMobi, the FTC alleged the mobile advertising network. In the case was using technology to track geolocation even when consumers had denied permission to access their location information. And in turn, the FTC settled charges at the mobile ad network, which had been participating in the Verizon Super Cookie program, deceived consumers by leading them to believe that they could reduce the extent to which the company tracked them online and on their mobile phones. And in our recent Smart Television case, Vizio, the FTC required consent for collection and use of television viewing activity. The FTC has also taken proactive steps. In the last year, issuing to app developers who installed Silverpush software designed to monitor consumers' television use through audio beacons, we issued warning letters to them, and we've urged companies that are engaging in cross-device tracking to get affirmative consent before cross-device tracking children, and when cross-device tracking on sensitive topics like health, finances, and geolocation. Similarly, the FTC has recommended providing consumers with affirmative consent before sensitive information is collected and shared with data brokers, which are the companies that collect consumers' personal information and resell it to others. The FTC is at the forefront of these issues because it recognizes that consumer data is both driving valuable innovation to the benefit of consumers and the economy and creating some potential risks. Consumers are concerned about their private information being made public or falling into the wrong hands or being used to make important decisions about them. As our connections deepen and widen, it is possible to combine our data to create increasingly intimate profiles about us without our knowledge to determine, for example, whether we can afford a certain product or whether we might actually be willing to pay a higher price for it. Against this backdrop, the FTC has repeatedly called for more tools to protect consumers for strong comprehensive privacy and data security legislation that would ensure consumers' privacy and data across the marketplace. And importantly, the FTC has worked with states and other government agencies to ensure a consistent approach to privacy and security. I think the array of tech raising privacy and security concerns is growing so rapidly as we connect more and more devices in our homes and on our bodies. The differences between these technologies and some of the risks associated with them may justify some differences in how they are regulated. The regulations for connected cars and medical devices and drones may vary slightly from those required for, for example, connected hair brushes and toasters. Arguably, an optimal approach would be for the FTC to work with expert industry regulators to craft policy that is both right for the industry that they regulate and consistent with the FTC's long-established framework. That's why the FTC has worked with the other agencies like the FCC on things like the FCC's broadband privacy rule and it's what the FTC is now doing, for example, with NHTSA on connected cars. Privacy and security considerations are too important to be partitioned off from core design and regulatory decisions. I'm sympathetic to the concerns raised by those to argue that given the growing complexity of our connectivity, we must strive for simplicity and consistency in the area of privacy. And of course, inconsistent standards pervade the US privacy and consumer law because we have adopted a sector-based approach. But frankly, if consistency were truly the goal, then we'd likely increase protections for privacy rather than unraveling them. And that's the conversation, in my view, we ought to be having. Instead, we're fighting a rear-guard action for basic protections. So as I've just discussed, I don't think one-size-fits-all approach to privacy and data security is realistic and I don't think it would make sense to protect the open internet. There's not an either or choice that has to be made between FCC regulation and FTC enforcement. By design, the agencies have different tools with different features. Both have a role to play when it comes to protecting consumers and ensuring an internet that fosters innovation. And neither agency alone can do everything that needs to be done in order to promote competition and fully protect consumers. First, the open internet is overwhelmingly the status quo in the United States. The internet is not its own sector. It is no longer even just a communications network. Today, there are twice as many internet-connected devices as there are people on the planet. In three years, that number is expected to triple. By 2025, the value of these devices and the ecosystem they operate in is estimated to exceed $4 trillion per year. And thanks to all this connectivity, the internet is basically now a global, ambient, always-on system, vital to connect to the conveniences of modern life. It's no longer just a sector of our economy, it touches every single sector. New content, applications, and services generate increased consumer broadband demand, which in turn increases broadband infrastructure investment, which spurs new innovation and so forth. We now know this thanks to the FCC's voluminous record as the virtuous cycle. Protecting the virtuous cycle, ensuring the internet remains a fountain of innovation is at the heart of open internet policy. And eliminating the FCC's open internet order will put us into uncharted territory. Ex-Post, case-by-case antitrust enforcement is unable to offer the same protections to innovators as clear ex-anti rules. Under the open internet order, innovators can have confidence that discriminatory network access will not threaten their chances for competitive success. A system that solely relies on antitrust enforcement, on the other hand, cannot provide the same assurances because antitrust enforcement requires detection, investigation, and potentially lengthy rule of reason analysis. Even assuming you can come up with a cognizable theory, remedying harm years after it occurred may prove challenging or even impossible. In fact, just last week, the FCC sent a letter to FERC supporting regulatory action to address competition concerns in electricity generation markets, noting the incentives of vertically integrated incumbents to harm competitors, and specifically saying that it could be costly, difficult, and time-consuming to detect and document certain forms of anti-competitive discrimination in the interconnection space. That sounds familiar to those of you that think a lot about the open internet. It's because it should. The FCC also considered First Amendment interests, and Jean alluded to this, in their public interest standard being different than the FTCs, in their open internet process. They considered interests such as free expression, diversity of political discourse, and cultural development as part of its open internet proceeding. These are non-economic values that are not generally protected in the antitrust laws. So if antitrust law enforcement alone is not sufficient to protect the open internet, is relying on commitments by ISPs to honor principles of an open internet. I frankly doubt it, though we still haven't seen any specifics of the proposal, I have some questions about it. First, the obvious question. If ISPs are going to make the same commitments, why roll back the open internet order in the first place? Second, the FTC is a terrific consumer protection agency as I've outlined, but it doesn't have any expertise in network engineering. The FCC has the relevant expertise. Why not continue to rely on it? Third, what happens if ISPs simply change their policies and commitments in the future? Fourth, how will individual consumers detect and complain about violations? And even if they have the expertise and can, will the available remedies be sufficient, especially after the time it takes to investigate and bring cases? And finally, what recourses will innovators, entrepreneurs, and edge providers have in this framework? I think the answer to that last question is particularly critical if we were to preserve the open internet as a driver of innovation in our economy and if we're to preserve US leadership in innovation in the internet. In markets that are highly concentrated, like our broadband markets, adopting policies that strongly favor behemoth incumbents can harm innovation, harm free markets, and chill competition. In these markets, we need all the public policy tools that are at our disposal, regardless of which agency they reside in, to safeguard an open and non-discriminatory internet for the benefit of all consumers and Americans. So I'm looking forward to the conversation that we're going to have today about this important set of issues. And I'm sure we'll get into a lot more detail and hopefully have some time for questions as well. Thank you. I'll just welcome the other panelists up to the stage. And a couple housekeeping matters if you're following along on Twitter. The hashtag is broadband privacy. And we hope that you'll join us after the panel today for a reception where we can continue the conversation over drinks and snacks. All right, well, thank you so much, Commissioner, for your thoughtful remarks. It's a pleasure to have you here today and to be able to continue the conversation on stage with you and alongside our two other panelists. Joining us now, we have Tom Struble, who is Policy Council from Tech Freedom, as well as Laura Moy, who's the Deputy Director of the Center on Privacy and Technology at Georgetown Law. So I'll start the panel today by giving Laura and Tom an opportunity to maybe respond a bit to the commissioners' remarks. I just wish that you covered a lot in those great remarks. And I think we have a lot to dig into on this panel. But I wanted to give Laura and Tom the opportunity. If you have any sort of high-level thoughts, Tom will start with you in reaction to the commissioners' remarks. I should say one thing at the beginning, because I didn't properly disclaim my remarks. I see Neil putting out there. So I should have said also that I was obviously expressing my own views and not necessarily the views of my other commissioner colleague, Acting Chairman Olhausen, or the official Federal Tree Commission views. Probably can't recall. Thank you, Commissioner. Sure. So thank you, Sarah. Again, yeah, Commissioner McSweeney, you've covered a lot of ground. I wasn't diligent in my note-taking, so I'm not gonna try to respond to everything. I agreed with much of it. I guess a few points I'd like to respond to. I think at one point you use the phrase that there is no privacy cop on the beat, or at least a federal privacy cop on the beat, which is true as far as it goes. Insofar as the FTC cannot beat the cop on the beat and the FCC's rules are gone, but the FCC can use and has successful use. Authorities under 201 and 222 of the Communications Act to enforce privacy and data security on a case-by-case basis. The first is the TerraCom Yortel case back in 2014. So there is still a federal privacy cop on the beat that enforces those high-level principles, which the two agencies have said going back to, I think the 1990s or the 2000s, that substantively Section 5 and Section 201 and 222 are the same, they use very similar language about unreasonable or unjust practices that harm consumers. So I would say that there is still a cop on the beat, as well as state cops and various other laws, like the Wiretap Act and ACPA, could be brought to bear, but it's not entirely untrue. But quibble a bit with that. I would also quibble a bit with the characterization of the FTC's privacy approach as being a one-size-fits-all approach. It is a single standard broad. It applies consistently to whoever you are, unless you don't have authority over them, but that doesn't mean it applies the same in every circumstance. The standard being general is amorphous. So if your business requires you to gather a bunch of sensitive data, you're gonna have more burdensome privacy rules in place to govern your behavior than some other business who doesn't deal with as much sensitive data. So the approach is not the same size in every instance. It is the same approach, but it's amorphous. It's not the same. I forget. But the third was about Congress and the Trump administration. I didn't follow the election super closely, so you may have talked some more about broadband infrastructure deployment or online privacy, digital protection, those issues. I didn't hear much of that, but also I would say that many congressional Republicans were not early Trumpan, early to get on the Trump bandwagon. So I know at least John Thune on the Senate side, Greg Walden on the House side. There's still many congressional Republicans that are very determined to get legislative victories in this Congress for the next. So even if it is not a priority in the White House, I still do expect to see some movement on those fronts going forward. And I think we'll talk a lot about the cops on the beat and the authority that is bestowed upon the relevant agencies. Laura, I did want to give you a chance to, particularly if maybe you could take us a step out and think about why these privacy rules were so important. Sure, yeah, so thank you, and thank you. Thanks so much for hosting this and thank you, Jean, for the great introductory remarks and Commissioner McSweeney, of course. So I think Commissioner McSweeney made some statements, talked about the importance of choice, consumers being able to choose the privacy options that work for them. And I just want to underscore that. So when we're talking about broadband access, I think most people in this room, notwithstanding the recent remarks by Representative Sensenbrenner, who stated that you don't have to get on the internet, I think most people in this room would agree that broadband connectivity is more or less essential in the modern world. It's very difficult to complete your education, apply for a job. It's very difficult to communicate with loved ones, friends and family, afar. It's very difficult to, in many cases, to communicate with your healthcare provider without an internet connection. So we want everybody to get online and in order to get online, they have to go through a broadband provider. That broadband provider, because they provide the gateway to the network, gets access to lots of information about what the customer does with that connection. So Commissioner McSweeney was talking about the importance of privacy choice and consumers really don't have a choice but to share lots of sensitive information with their broadband provider. Not only that, but as Commissioner McSweeney pointed out, most of the country only has one option when it comes to high-speed broadband. So not only must customers share information, sensitive information with a broadband provider, but in many cases they don't even get to choose what company they share that information with. This is one of the things, one of the really important things that sets broadband providers apart from many other companies that do business over the internet. Companies that some regulators have argued ought to be subject to the exact same privacy standards and the exact same type of privacy oversight as broadband providers. They just aren't the same in many ways. There are a lot of, although we could argue that some services are evolving in a direction that looks in some ways like the limited choice that we have in the broadband context. At least for now and for the past several years, broadband connectivity has been different. Network access has been different in terms of the choice for consumers. So, and then just to respond really briefly to a couple things that Tom said. So, to be frank, I think that some of the things that Tom said make good arguments for why we ought to have prospective privacy rules as they apply to broadband providers. So, you know, I think Tom argued that the FTC could enforce the privacy provisions of Title II of the Communications Act, Section 222, that the privacy rule was promulgated under, could enforce that provision on a case-by-case basis and also pointed out that while the FTC has its privacy authority under Section 5 of the Federal Trade Commission Act, that it's not exactly a one-size-fits-all approach that its approach differs based on the type of activity that is being overseen. So, you know, I think that actually having prospective rules provides the type of certainty with respect to what the privacy obligations ought to be of broadband providers at the outset. And if we recall back to the enforcement, I'm sorry, to the litigation around the open internet order, some of the broadband providers, many of the broadband providers were making the arguments that one of the harms that would be done to them with reclassification of broadband as a Title II service, one of the harms that would be done to them is that as Title II reclassification went into effect, they were claiming that they didn't know how to comply with Section 222, the privacy provision. And the rules are what flesh out what the obligations are there and having rules like that in place can provide the type of certainty that broadband providers were calling for and can help provide consumers with the confidence that they need that their privacy will be protected. As Commissioner McSweeney pointed out, an overwhelming majority of consumers want more privacy protection, it's not less. Thank you. So, let's maybe go back to this point about who has which roles. Some have argued that the FCC went too far in their privacy rules that were adopted last fall and that they should have just followed the FTC's approach to broadband privacy. Commissioner, do you have a response to that criticism and is what the FCC did really that far from the FTC's approach or is there maybe, are they maybe closer? Yeah, so in my opinion actually, this is a pretty good model for two government agencies working together to harmonize an approach on privacy that made sense given the technology that the expert regulator was regulating. We wrote a staff comment that was sent into the FCC after their initial rule was out for comment and we made some points about where to offer choices around collection of sensitive information that they subsequently adopted and incorporated into their framework so I thought that they actually did a very nice job harmonizing their framework with our framework. They made a choice around, we focus very much on the content of communications at the FTC, they made a choice around web browsing history which is arguably different but other than that I think the opt-in framework is the same as ours. There's been, there was some misinformation in this debate that we don't require opt-in for geolocation but we do so that's there and that's consistent. So I think, I actually think that these two frameworks were very well harmonized and that the FCC was sort of within its authority to make a decision based on the record it had before and about how to handle web browsing history. And there's another argument that people have made even members of Congress, as they sort of brushed aside concerns about the CRA, the Congressional Review Act legislation which overturns the FTC's privacy rules and they said that that's not so much a concern and neither is the inability of the FCC to potentially implement new privacy rules going forward and they said that's true because the FTC can just cover it and I think this really gets at the heart of who is the cop on the beat currently for internet service providers. Can the FTC intervene to protect consumers' privacy as it's collected by internet service providers and are they an appropriate venue for those decisions to be made? Well, so these are two important questions that are slightly different. The first one gets technical and legal really quickly but suffice it to say that I think our jurisdiction is in question at a minimum over whether we would have jurisdiction in this environment right now on the privacy practices of ISPs. I think there's some question, frankly, and I'm not a communications lawyer, thank God, actually it's a very complicated area of the law, tremendous amount of respect for the people that practice there. Maybe that's a good case in point why there should be expert regulators and then generalists consumer protection lawyers. One of the other challenges though I think is whether 201, 222 would apply or whether there's even a majority at the FTC that would apply it to anything outside of telecommunication service or to internet service providers and broadband providers. So I think that's a real question that is unanswered. The use of the CRA obviously is a very blunt tool so now we have the FTC constrained by the use of that authority which is an unfortunate consequence which is why I think the only clear way to make sure that the FTC can live up to what is now being asked of it in this environment is very clear, very full repeal of the Common Carrier Exemption in the FTC Act which is by the way a thing that there is bipartisan support for and has been for some time at the FTC and I think even on the health. But that's the only clear way to make sure the FTC is jurisdiction. Tom and Laura, how do you approach this issue of the Common Carrier Exemption and what it means and what the future of this exemption should be as we navigate the post CRA privacy world? Sure, I'll take it first. So we're talking about the jurisdiction between the FTC and FTC. It's mostly about the Common Carrier Exemption. For those who don't know, the FTC is the General Purpose Regulator. It has jurisdiction overall, firms in the economy with a few specific exceptions like stockyards and Common Carriers. Right. A lot of exemptions. Right, right. But yeah, except for those few exceptions, the Common Carrier Exemption, Title II of the Communications Act, telecommunications providers are Common Carrier Service, but there's still a question. So as long as broadband is classified as Title II service, the FTC doesn't have jurisdiction over ISPs broadband practices. There's a question whether the Common Carrier Exemption is status-based or activities-based. So if it has long been assumed that it was status or that it was activities-based, that if you are providing Common Carrier Services in one part of your business, then that part's regulated by the FCC, but everything else you do would be under the FTC. So your advertising related to your Common Carrier Service, that would be FTC, not FCC. Now that was the case and still is in most of the country, but the Ninth Circuit recently held that it is a status-based exemption. So if you are a Common Carrier, or provide Common Carrier Services in any respect, then your whole corporate bikimith is under FCC jurisdiction and not FTC jurisdiction, which is not an absurd outcome. If you're just thinking about companies like CenturyLink or Sprint, where most all you do is provide telecommunication services, and if you're just advertising those telecom services, then sure, FCC, you could regulate that. It's adjacent to telecommunications. But if you look at other companies like Alphabet, Alphabet has at least two Common Carrier Services under its umbrella with Google Fiber and Project Vi. So with the Ninth Circuit opinion were to carry the day, then you would have the FCC in the position of having to regulate all of Google Alphabet services, some of which look nothing like telecommunications, like Google Search or Gmail or YouTube, all these other things. So I think that Ninth Circuit case was wrongly decided and we, I would at least support a congressional piece of legislation that restores the Common Carrier Exemption XANTE before that Ninth Circuit case to make it clearly an activity-based exemption, but I would go further and say that we could repeal it as well. As Gene pointed out in his opening remarks, it is not uncommon for these big players to be regulated by multiple different agencies. So question of overlapping jurisdiction is not, I guess a big one. What type of stump in to for you to live? I might be saying the same thing. I think that if we just restore it to this activity status-based formulation and like, thank you for staying awake while we talk about this. You did a very nice job of explaining that, thank you. That it is not clear to me that we can do all these additional things that we might be asked to do in terms of preserving the open internet because of course all of that kind of discriminatory activity is all about the activity of Common Carriage as well, right? So these, the status activity distinction continues to create a very murky jurisdictional conundrum. Does that hold even if Title II classification of broadband is undone? As Pai has hinted, he's going to reconsider. I think that- But if broadband is back under Title I, the FTC is that jurisdiction. Chairman Pai is acting under his authority in the Communications Act and we have a problem in our own statute which is the Federal Trade Commission Act, right? So our Act, the FTC Act needs to be fixed and that's what that case is about. Yeah, and if I could just, I also would point out that I think that the extension of the Ninth Circuit decision to alphabet, to a situation like alphabet is questionable, right? Yeah, I mean the question of whether the federal, right, whether the federal, so just to point out that I think we probably don't all agree or certainly wouldn't agree that the Federal Trade Commission does not have jurisdiction over those entities. But, and then when you ask if lifting the federal, undoing reclassification, I think Tommy just asked if undoing reclassification would fix the problem and it certainly wouldn't solve the problem. Well, there are multiple reasons that it wouldn't solve the problem but that also would not address the whether or not the FTC has jurisdiction over phone companies that also extend into other business areas. But stepping back again from again all of the details of the Common Carrier Exemption, there is a role for two cops on the beat here, right? The Federal Trade Commission, the Federal Communications Commission do not do the exact same thing nor do their large staffs have the exact same areas of expertise and skill sets. The Federal Communications Commission as Gene explained very nicely and Commissioner McSweeney elaborated on the Federal Communications Commission has a history and lots of expertise supporting the build out of communications networks and supporting the development of competition essentially, encouraging competition as well as expertise in network engineering. Whereas the Federal Trade Commission is intended in large part to provide a general consumer protection backstop ensuring that companies are not engaging in practices that are unduly unfair and deceptive. So they, I mean they do have, and where the two agencies have had overlapping jurisdiction in the past, they've worked very well together. So Commissioner McSweeney talked about, talked about the do not call registry. The two agencies have worked very well together there. They have worked very well together in enforcing against robo calls and they have a memorandum of understanding to enforce, to work together on broadband privacy. And so far there has not been conflict between the two agencies. There was ongoing dialogue between the two agencies to develop the broadband privacy rule. The Federal Trade Commission filed comments in that proceeding and staff between the two agencies were working together to develop that rule. There really, there is no conflict and it is better for consumers, quite honestly, to have two agencies with their complimentary areas of expertise working together to solve these problems on behalf of consumers. Rather than one agency or of course, at worst, none. If I could just quickly jump in on that. I mean, I don't know how much conflict there is at the agencies right now, but going back a decade in the Comcast BitTorrent case, this was, I guess, about two years after the FCC and Chairman Powell had come out there for an freedom speech and about a year or six months after the FTC had come out with his broadband competition report, which looked at issues of net neutrality. And what I've heard at the time is that the FTC was ready to bring a UDAP case, Unfair Deceptive Act of Practice against Comcast for its BitTorrent throttling had the FCC under then Kevin Martin as the chairman stepped in and brought the complaint on its own on what turned out to be legally on solid ground, trying to use ancillary jurisdiction to enforce 706 and the internet policy statement. It was a bad case to bring, but I would say at that time there was a power grab and the FCC beat the FTC to the punch. And had that not happen, revisionist history, then all the expertise and the net neutrality sphere would be over at the FTC, not at the FCC. That's not where we are, but going back in time, I think there is conflict between the two agencies in terms of a jurisdictional tug of war, but we can get more into that. So Tom, would you say then, is there a role though for what I'm hearing from Commissioner McSweeney and from Laura is this idea that there's a role for multiple cops on the beat to play multiple roles. And assuming under the assumption you're making, which is there is always going to be an inherent tension between the two agencies and possibly even some like power shifts back and forth, wouldn't it still be better to focus on a collaborative approach among the two agencies rather than absolving either agency of authority over a certain area? Yes, I'm full of sportive of that. I mean, I think the FCC has continued relevance to 21st century, particularly because of universal service. There's still lots of people out there without adequate broadband or only one choice for broadband, but I guess I think they should be working together cooperatively and just working towards their core competencies. The FCC is expert sector-specific regulator in telecommunications. That's what they've been doing for 80 or so years. They were a rate-making agency, regulating monopoly providers and telecommunications and video service and they protected consumers by setting rates through tariffs. So they're experts in telecommunications, the engineering that goes along with that and accounting. So to the extent that those are at play in the net neutrality context or the privacy context, I think the FCC has a continuing role to play. So you talk about like interconnection disputes. Some people think the interconnection is part of net neutrality, but really that's an accounting issue. That's how much money the telecommunications provider is charging to carry bits back and forth. So I would say that the FCC is more of an expert in interconnection disputes than the FTC, but when it comes to vertical competition, disputes about vertical foreclosure, ISPs trying to get into other markets like video, I'd say that the FTC has more experience with those sorts of vertical restraints than the FCC. Well, I can't take off my moderator hat for too long, but I would not be doing my organization the service if I didn't point out some really great research that the Open Technology Institute has done on the issues of interconnection disputes, and I would just dispute the notion that they are merely accounting disputes, but I'll put my moderator hat back on beyond frustrated as the name of the paper. I do wanna turn back to a point that started to come up and I wanna tease it out a little bit more because I think that there's some legal nuance, but also just an important policy question that we haven't hit squarely yet. So we've talked a bit about Alphabet and Google and the varying roles that companies play in a connected environment and age. It has been argued that Google and Facebook collect vast amount of information to putting aside any of the legal nuances coming out of the Ninth Circuit AT&T Mobility case who has authority where. Shouldn't the FCC's rules have applied to Google and Facebook and the information they collect and why were they exempt from the rules and is that appropriate? What is the end goal here? Is the end goal comprehensive privacy reform or are different cops better suited to different types of regulatory approaches vis-a-vis different types of disease? I think that if you look at what consumers are saying, then the end goal is more privacy protection please across the board. That said, the FCC's role specifically has to do with the privacy of customers of networks, of telecommunications networks and in this context of broadband providers. I think there are some important differences between broadband providers and edge providers as I was saying before, customers have no choice but to go through a broadband provider to get connected to the internet. They do have a choice, at least right now, they do have a choice as to whether or not they share information with Google or with Facebook. They also, do you want to say something about that? I meant to jump in earlier, but forgot. I feel like you're sort of modeling the issue of choice here because you may not have choice as to who your ISP is if you want high-speed broadband and all you have is your local cable operator. If you don't have a choice as to who gets your broadband, you still have a choice as to how much data you share. They have to offer opt-out. If you don't want to share sensitive data or you don't want to have your ISP use your sensitive data to sell you ads, then you can opt-out of that. You have a choice as to whether your ISP gathers and uses your personal data or not. We're talking about the default assumptions where we set the baseline. I think that that's a question. Yes, I think that those of us, there are many in this room, including myself who would argue that it actually makes more sense to have ISPs ask permission before using information about traffic that is traveling over the network before using it for purposes other than to provide service rather than merely offering their customers an opt-out. There are also important questions about how far the consent requirements extend to what classes of information does the opt-out provision or the requirement of opt-out consent or opt-in consent extend. And this is where prospective rules become really important to flesh out the statutory terms that otherwise broadband providers have argued they have difficulty applying. So, but setting that aside and just talking again about the difference between or a difference for a moment between broadband providers and some of the edge providers, I think Commissioner McSweeney also started to talk or touched on in her opening remarks, touched on the expansion of the Internet of Things, all of the connected devices, wearable health devices, home devices that consumers now have, all of those devices are sending traffic over the network and then the amount of traffic, the time and duration of that traffic as it is transferred over the network and the destination of that traffic, as it, again, is routed by the ISP to the service provider, tells an ISP or another that may be monitoring the network, important information about what is doing in the privacy of their own home. For example, a connected wearable hearing assistance device may tell a service provider that is able to monitor network traffic whether or not an individual in the home is wearing a hearing aid and when they are present in the home, when they are not. Traffic that is traveling through a connected baby monitor may tell a provider that's able to monitor network traffic whether or not there is a child in the house and whether or not the child is sleeping or is at least being monitored by a baby monitor. There's lots of information that can be seen by the network provider that cannot necessarily be, cannot often or usually cannot be seen by any other actor in the Internet ecosystem. I may use Google as my search provider, I may use Chrome as my web browser, but if I have an Internet connection that is provided by Verizon, Verizon can see the traffic that is being transmitted by every Internet of Things connected device in my home and on my person while Google cannot. I just wanna add we are in the post-CRA world, so right now the edge is under FTC jurisdiction with requirements to follow our guidelines and in fact the providers you mentioned or platforms you mentioned are specifically under order with us, right? So they're under our requirement and now the ISPs are under no requirements so we've sort of doubled down on difference in the name of consistency which I find inconsistent. Right, so in the course of undoing the FCC's privacy rules we've now left ISP customers less protected than those who use Google or Facebook or other edge services. And it's pretty simple question, right? When you put it to people I have this conversation all the time with Democrats, Republicans, my parents, sophisticated Internet users, my parents are. Yeah, that's not true. Yeah, and others and I say, well look, do you think you should have a choice before your data is monetized? And it's like, yeah. Well and I think that that's a really important point to make and as we were discussing opt-in versus opt-out consent, I think it's important to remember if I can get a little in the weeds and into the communications act for a second, the definition of consumer proprietary network information or customer proprietary network information is information that is collected as in the course of providing service. So to Laura's point, you do have to, and to Tom's point, you do have to provide this information to your service providers and in fact if you didn't provide it they wouldn't by definition be able to provide you internet service. But the consent determines how that information can then be used. And so I think it's an important thing to remember whenever we have this debate about the FCC's role and the FCC's rules, that the requirements were actually fairly modest and they didn't deal with information collected so much as how that information was shared once it was collected. I just wanted to make sure we were on the same page. I have some other questions but I do want to make sure we give the audience a chance to ask questions so I think I'll turn to the audience now if there, I see Ash comes in the back. One other piece to the last point, Terrell made. So as we try to figure out how to harmonize those rules one of the arguments has been with Google and Facebook and others you don't pay for those services so the exchange they're engaging in whether good or bad is exchange for your data or propensity for advertising and exchange for those services. The broadband providers is a weird case because not only is it potentially more sensitive information but you're also paying them some amount of money and you're also without opt-in allowing them to monetize your data as well. So I think it creates a weird marketplace in terms of allowing them an unfair and managed also both charge and monetize without an opt-in consent. So that's one other thing to think about. And that raises additional questions too. Sorry, Laura, I'll go next. But within the debate around the FCC's consumer privacy rules there was a lot of talk about paid for privacy and what those themes might look like. And so not only is there this question of monetizing data collected for a service the customer already pays for but the idea that you could monetize even that service to customers in different ways. But Laura, I'll let you respond to either of those. Yeah, I was just gonna say, yeah, I think Ashkahn makes a great point. And one that I think is one of the reasons that so many consumers, we haven't talked that much about the response to the CRA but consumers by and large have been outraged by repeal of the broadband privacy rules, right? I mean, let's talk about that for a second because there are a number of states. I don't even know what the current number is. Like 20 states, does anybody know that the exact number of states right now considering it's more than that, right? Yeah, it's at least a dozen. I think it's closer to 20. Many states are now considering bills or in some instances have actually passed legislation that would essentially reinstate opt-in or some consent mechanisms of broadband providers similar to what the FCC's broadband privacy rules would have done. And I think this is a response that we're seeing from the states driven by outrage from consumers in large part because of the point that Ashkahn just raised which is that consumers are already paying for internet access. And the idea that they wouldn't be asked for permission before the information that they have no choice but to share with a network provider to get that service that they're paying for is used for some other purpose is outrageous to many, including myself. Right, so yeah, thank you for bringing that up, Ashkahn. It is sort of a weird scenario to think about now but when it first arrived, it made perfect sense. So as far as I know, this traces back to AT&T in Kansas City and Austin. After Google Fiber entered those markets where AT&T was incumbent, AT&T started rolling out to this digital advertising program where they would ask consumers, hey, can I gather and use your data and sell it to make money by advertising and exchange give you a discount on your broadband service. They did that because they felt they were on unequal competitive footing with the new entrant, Google Fiber, which obviously Google makes most of its money through online advertising revenues. So Google Fiber in those markets, AT&T felt was cross subsidizing their broadband costs with their online advertising revenues. So AT&T wanted to compete on level footing, tried to match Google's online advertising. I don't think they've done a good job but that's why they did it. They wanted to compete on a level playing field with Google. Now that obviously is not... I mean, that was several years ago now. We're not in the same place anymore because it's now alphabets and restructuring. But that's what animated those initial, I guess, response by AT&T and these all concerns about privacy premiums or privacy discounts, whichever way you want to style it historically. I mean, I would say that consumers need to have choice. It should not be a take it or leave it. We're going to vacuum up all your data and use it to support our business whether you like it or not. So if not, go find another ISP. But I personally, being privacy insensitive, I'm okay sharing my data. If I trust that you have good data security, then I would love to pay less for broadband if in exchange for advertising revenues for my ISP. I like that you just said if you trust that you have good data security because I'll just point out that is also now the paradigm that we're operating in. Looks out of the point. And the very first rules of the very first portion of the FCC's consumer privacy rules that we're supposed to go into effect were actually the data breach notification which Chairman Pye actually declined to. Right, and I just, I think that your approach to pay for privacy sounds very similar actually to what was in the FCC's rules, which was that privacy options could not be offered on a take it or leave it basis. And that the FCC would approach with skepticism financial incentives offered to encourage or in some instances coerce customers into accepting particular privacy practices because there could be such a price differential in certain instances that it could rise to the level of essentially being a take it or leave it option. Any other questions in the back? Perinsoca, tech freedom. So just two phases to rewind this discussion to. Phase one, when the FTC was handling broadband, it required opt-in for some broadband privacy issues, specifically when deep packet inspection was used to look inside contents. And Commissioner McSweeney, you already alluded to that when you noted that opt-in was required for use of the contents of communication. But the FTC did not require opt-in for drawing inferences based upon web history, which is what is done by Google and Facebook today and what ISPs are being asked to do, which the media is distorting into quote selling your web browsing history. That's not what we're talking about. So that was phase number one and phase number two for the last two years before the CRA, the Democratic FCC enforced Title II directly on a case by case basis. And there was no consumer outrage either one of those two circumstances. But all of a sudden, when the Republican FCC returns back to the approach that the Democratic FCC took for two years, case by case enforcement of Title II, in order to then, after reclassification is undone, go back to the FTC's original approach, all of a sudden then that's a crisis and everyone's upset about that. I don't understand what exactly has changed to make us think that somehow now we're in a crisis but those other two phases were not problematic. So could someone please explain to me what has fundamentally changed here that you're so concerned about? I mean, I'm happy to take, yeah. So I guess I'm not quite sure, I'm not quite sure why that would be confusing, right? I mean, it makes perfect sense that we would have consideration of practices by companies on a case by case basis. And when it becomes clear that we want the standard we're looking at practices evolve and innovation occur and when it becomes clear that we wanna set the baseline at a particular level after considering the evolution of practices on a case by case basis, then we set the baseline there with prospective rules that say, okay, we have watched this industry innovate and develop, now we have determined that this is what the rules are, this is what, for example, four million consumers have filed comments with the agency asking to set the baseline at, so that's where we're gonna set the rules. Then if you set those rules there, going based on what we have determined the practices, what we want the standard to be, again, looking at the comments of an overwhelming number of commenters, then when a new administration comes along and wipes those rules away, then that feels upsetting to a lot of people, including millions of Americans who commented and supported setting the baseline at those places. I also think partly what's going on here is kind of wiping away a set of rules and options and choices for people with no actual replacement and with respect. I mean, I think actually there's a legitimate question about whether there's an FCC majority in favor of using Title II in the way that you suggest, given that it was a bunch of, there were a bunch of dissenting opinions, as I recall in those cases. And I think people very quickly understand that what is actually happening here is a set of policy choices that are being made predominantly to favor huge incumbents that have a lot of market power, in some case, monopoly power in their markets, without a lot of consideration for how to generally protect an innovation pipeline around them or even consumers kind of as well. And so I think that's probably the origin of a lot of the concern that people are expressing. It's also really true that over time, people are not getting less concerned about the security and vulnerability of their sensitive information. They're getting more concerned and that actually makes intuitive sense because we're connecting more and more things and our connections are in our homes and on our bodies and in our cars. And people are starting to have a lot of strange consequences associated with either the insecurity of those connections or the insecurity of the information that they're transmitting over them. And I think as people have more experiences like that, we will see it affect trust, which affects adoption, which is unfortunate for innovators. And we already are, in some cases, seeing that in the IoT space. But we're also gonna see greater and stronger outcry. I mean, 91% is a lot of people and the polls are usually pretty high around making sure that people have some ability to have choice and control and information about who is getting their data and where it's going. And I think that issue isn't really going away. And absent ways to meaningfully address that and protect that choice, I think people will very quickly become engaged, which is why we see all of this state action in response. Tom? Sure, I mean, yeah, I'll follow up on that as well. I mean, just follow on there, it's a question. I mean, in terms of the law, the rules, the laws governing broadband privacy practices is the same now as they were a month ago, the same as they would have been a month from now, even if the CRA were never passed because Pioneer Riley had orders for recon before them. They descended from the inertial order. So they were probably going to redo it on their own. So consumers didn't really lose much, but at least in terms of the messaging battle, I understand why they are upset and why, I mean, you look at all these polls, consumer opinions are pretty well, are pretty homogenous. Although, I mean, we can always debate about the differences between revealed and stated preferences. I don't wanna get into that debate now just to slay from this panel, but I would say that Republicans certainly lost the messaging battle on the passage of the CRA. And I think if I recall correctly, they had another two or three weeks of time in which they still could have passed it. Months. Months? Yeah, I think I was talking about May. Yeah, right. So I don't know why they rushed it. Maybe they thought it was only gonna get worse if they dragged it out. I suspect they could have come up with some sort of messaging strategy or even a companion bill to go along with it, but I don't work in politics, I work in think tank. I mean, but also, I just kinda tag onto that. I mean, if in retrospect we're saying, boy, they really should have messaged that better so that consumers wouldn't be so outraged at elimination of their privacy protection. I mean, people are outraged because Congress eliminated privacy protections that they had. There's not really a great way to message that. Just really the only ones who are clamoring for elimination of those rules were the broadband providers themselves. Also petition for reconsideration. So, okay, I see everyone who have had hands up. Dallas, I think you're up next. Alison, I don't think so. And we can do questions fairly quickly. I do have a kind of wrap up question, better questions I wanna get to. And we'll have lots of time after this if folks wanna stay. So just quickly on that last point, level three, ask for petition for reconsideration specifically because they want the rules amended, not wiped away. They did not advocate for the CRA. There's a big difference between the two. The rules may not have been perfect. That's a reason why they should have been amended, not eliminated completely. I was hoping maybe we could have a normative discussion about web browsing history and whether it should be sensitive. I think that question has gotten a kinda swept under the rug a bit while the FTC didn't do it in 2012. Maybe they should have, right? The fact that they didn't doesn't mean that that's not the way that privacy should be protected today. So I was wondering if each of you could speak to in 2017 with the types of sensitive information that you can collect or know about people even based upon a top level domain information, should web browsing history be treated as sensitive information requiring an opt in? So if I'll just start, just to clarify, I mean I think the FTC has consistently noted that broadband providers may be in, and they did this in the 2012 report. This was before my time there, but that they may be situated in such a way as being in sort of unique situation vis-a-vis the consumer in that their ability to see everything and understand it comprehensively as attached to one individual. So I like to think of this as kind of tracking what the FTC has been tracking, which is okay, so we over time have been thinking about what is sensitive information that should require opt-in consent and really like just-in-time notice and proper notice, right? If we're continuing to rely on this notice and choice kind of framework and transparency. So we've lately been looking at practices like cross-advised tracking, and we've been focused on some of the harms that we're concerned about. We did a report on data brokers, right? Where we talked about the fact that people should have more choices about when their information is flowing into really specific profiles of them. Okay, but that doesn't actually exist yet because no laws have been passed for that. We say in cross-advised tracking that in fact when you're looking across the device graph of somebody, you should think about offering them a choice before you track their sensitive information across all of those devices, right? For precisely this sort of problem that might arise, which is if I am looking up disease treatment and information on my home tablet and my home computer, I may have a really good reason why I don't want that to show up in advertisements on my work office, computer and network, right? Or on my work devices and things like that. So there are a lot of reasons why we think that people need to start to be able to have a better sense of choice and control because of the really sophisticated technology that is being used. So yeah, I mean in the past it was okay, we'll gather all of this information, we'll put it into like, you'll end up in a group of people, but now it's like you'll end up in a group of people who are living in your house, at your address, and have work at the FTC and into Georgetown and have two kids, like oh, it's me, you know? So I think that we have to be mindful of the fact that the technology is getting more sophisticated and that maybe the choices and options and control choices around that may need to evolve along with it. Sure. So yeah, good question, Dallas, because I feel like we haven't talked very much about norms and things should actually happen. First, descriptively, I mean I think the FTC's privacy approach has been working well. Our consumer preferences are pulling, not withstanding, because if you look at the top 10 most valuable firms in the world, five of them are US-based tech firms that make money off of advertising in some respect. So I'd say that, and also descriptively, since 2012, HTTPS encryption has become much more widespread throughout the internet, but of course you didn't ask about anything past the dash, you said even just domain names, but those aren't directly analogous to addressing information that was applicable in the PTSN context. The telephone numbers, NANP routing numbers, it's the same as in the analog era with the address information you gotta put on the outside of envelopes. You have to give that information to your transit provider and not even for them to deliver the service. So ISPs have to get web browsing history in order to give you traffic you want unless you wanna use a VPN, so I guess that's possible. But in terms of the norms, whether web browsing history should be considered sensitive, I mean I would point out that under the FTC Act, sensitive is not the touchstone, it's consumer harm and sensitivity is a proxy for consumer harm. So the FTC requires opt-in consent for sensitive data because sensitive data is more likely to result in consumer harm if it's breached and accessed by some unknown third party or if the consumer just doesn't realize that they're having a bunch of sensitive information collected, then that's either unfair or deceptive. So that's the touchstone of the FTC Act and we're talking about changing marketplaces, rise of IoT, data brokers, re-identification, it's very possible that it go in the future five, 10 years from now on the internet that web browsing history will be considered generally to be sensitive, which I think illustrates why the FTC's general standard approach is preferable to prescriptive rules because it necessarily is flexible by design. So over time as the internet changes and the way people use it change, consumer preferences all change, the FTC's approach changes along with them, whereas if you have prescriptive rules based on the market in 2017, then once the market changes, you have to change those rules and that's more difficult to do with inertia and procedural hurdles. So when I introduce broadband privacy, this issue area to law students, I often start by asking them for a show of hands of those who have made an effort to obscure some detail about their web browsing in some way in the past. Have you used incognito browsing mode? Have you used a VPN? Have you installed HTTPS everywhere? What have you done to try to obscure something about your browsing history or web traffic? And invariably every hand in the room goes up, right? These people recognize that harm could come to them in some way, whether it is clear financial harm or whether it is the harm of embarrassment or reputational harm that could befall them from having this information used in a way that they are not consenting to merely by browsing the internet. Information, not just about the websites that you view, well, I guess, about the websites that you view, but also about, as others have mentioned, including Commissioner McSweeney, medical details, romantic and sexual preferences, financial status, health status, I mean, employment status, basically virtually anything about you can be learned from web browsing history, particularly taken in conjunction with app usage history and now network traffic generated by Internet of Things devices, of course. So I think we recognize that there's lots of really sensitive information that can be derived from the network traffic. And I just wanted to add another note on this that a paper just came out last week by a group of computer scientists who demonstrated that even when web browsing history is supposedly de-identified when it has been purged of personal identifiers or other clear identifiers, that just from looking at web browsing history alone, one with an interest in identifying an individual can do so looking just at web browsing history at least 70% of the time. So yes, a lot can be learned about an individual, including things that fall into the classic sensitive categories from looking at the web browsing history. Yes, individuals make an effort to keep this information private and consider it to be private. Yes, people consider that information, something that could be used to harm them, were it to be used in a way that they're not consenting to. And yes, just looking at those data sets alone, individuals can be identified with the details that it contains. So for all those reasons, certainly in the broadband context, I think that information is sensitive. We have time for one very quick question. So I'll, I know you serve them with you. And then I'll save a minute or so for each panelist too. Thank you. General Sir Watan with Center for International Economy in Paris. It's a question about the privacy shield between the US and Europe. And why would the European regulators and citizens believe in the validity of the privacy shield if Congress and the administration decide like they did to send the American privacy shield down the drain? I think the privacy shield could be its own panel, but the panelists can respond to it. I'm happy to jump in just to say, I actually think the privacy shield is an incredibly important framework for us to facilitate cross-border data flow and the cross-border data flow that is sensitive to different privacy norms and able to harmonize around it is absolutely vital to the global internet. And one of my concerns would be that in the US, the kind of internal domestic debate we're having right now around privacy could be misunderstood or could be sort of skepticism of our ability to be in frameworks like privacy shield. And I think that would be a misunderstanding because I think we're deeply committed to privacy shield. I know at the FTC we're full speed ahead and implementing it and remain strongly committed there. But it doesn't really help us when we're trying to explain the US approach in a global conversation with other countries around the world and other major economies around the world, when we can't point to strong privacy norms ourselves. And so I think this kind of debate that we're having domestically can kind of weaken our global leadership on a very important set of issues. But when it comes to privacy shield, this debate I think is a separate one. And I think it doesn't actually interfere with in any meaningful way our commitments in that framework. And of course we're looking forward to the one year assessment that will be undertaken, I guess in the fall. Tom and Laura, any response to that or final remarks that were right in the left? Sure, frequently on privacy shield. So I believe that was formalized before the FCC's privacy order came out. So it was founded entirely on the FTC's privacy regime. So the fact that stronger rules were passed subsequently but never actually went into force, I don't think would affect the validity of the privacy shield. It's based on the FTC's regime, which is the same now as it was a year ago. So I don't think that should affect the ECJ's consideration of the privacy shield significantly. But I also, from my reading of the Shrems case, the breakdown of the US safe harbor was at least as much to do with government surveillance as it was with consumer privacy protections. So I'm not gonna comment on privacy shield, but I'm just gonna say that as my closing remark that Sarah and I invited, I'm delighted to see events like this happening. Delighted to see consumers speaking up about privacy. Like it's a little unfortunate that it comes now after the privacy rules have been eliminated. But it is great to see public discourse on this issue. And I hope that this is a situation where we will see one step backwards and two steps forward. Maybe we will see that with so much public outcry against the repeal of the broadband privacy rules, maybe something good will come out of it. It could be more state legislation on this issue that essentially reinstates the privacy rules. It could be a lifting of the common carrier exemption. It could be, well, I don't know, I'm not quite sure what we will see, but hoping to see some good new developments on privacy in the near future to help restore some of what we lost with the CRI. Commissioner, any final remarks for you, from you? Well, thank you for being such an attentive audience and for the really excellent questions and the conversation today. Thank you for convening it. I guess I will just say that I am hopeful that good will come out of the use of the CRI to repeal the privacy rule. I think it was a setback for consumer privacy, but obviously we're seeing states step in. I have full confidence that the FTC has an incredibly meaningful rule to play and will play it in this environment. But one thing I dearly hope is that we don't rush to now unwind the basic protections that really protect our economic liberty and the open internet because if we do that, we are deeply undermining the status quo that exists today that I think is driving the innovation in our economy and I think that would be an even bigger disaster for consumers and innovators and entrepreneurs in the long run than the repeal of the FTC broadband privacy rules were. So I hope we aren't seeing a series of actions here that really substantially tilt the playing field in favor of incumbents and away from entrepreneurs and consumers who are the engines that really drive our economy. Thank you, and I think that's a great note to end on. You can give the last voice on. Uh, yeah, I'll brief you on that. I think he's ganged up on it in the whole panel. That's true, that's true. No, it was fun, you guys were nice. Very heartened to hear my fellow panelists share a bit of optimism going forward. I would love to take two steps forward during this Congress or sometime soon to like give Americans a general right to privacy. You've supported looking at the Common Carrier Exemption, updating the Communications Act, giving net neutrality, you know, jurisdiction authority to somebody so they can solve that issue. These are all things I'd like to see. We'll see what happens going forward. I think America- Thank you, I meant to say that. I was just gonna say, I think American Outrage will continue if not for some progress. Well, and on that note, maybe we should, we should go move into the lobby right outside the main event space where there will be refreshments for everyone and we can continue the conversation there informally.