[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]
OVERSIGHT OF THE FEDERAL TRADE COMMISSION
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON DIGITAL COMMERCE AND CONSUMER PROTECTION
OF THE
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
JULY 18, 2018
__________
Serial No. 115-153
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Printed for the use of the Committee on Energy and Commerce
energycommerce.house.gov
U.S. GOVERNMENT PUBLISHING OFFICE
35-607 WASHINGTON : 2019
COMMITTEE ON ENERGY AND COMMERCE
GREG WALDEN, Oregon
Chairman
JOE BARTON, Texas FRANK PALLONE, Jr., New Jersey
Vice Chairman Ranking Member
FRED UPTON, Michigan BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois ANNA G. ESHOO, California
MICHAEL C. BURGESS, Texas ELIOT L. ENGEL, New York
MARSHA BLACKBURN, Tennessee GENE GREEN, Texas
STEVE SCALISE, Louisiana DIANA DeGETTE, Colorado
ROBERT E. LATTA, Ohio MICHAEL F. DOYLE, Pennsylvania
CATHY McMORRIS RODGERS, Washington JANICE D. SCHAKOWSKY, Illinois
GREGG HARPER, Mississippi G.K. BUTTERFIELD, North Carolina
LEONARD LANCE, New Jersey DORIS O. MATSUI, California
BRETT GUTHRIE, Kentucky KATHY CASTOR, Florida
PETE OLSON, Texas JOHN P. SARBANES, Maryland
DAVID B. McKINLEY, West Virginia JERRY McNERNEY, California
ADAM KINZINGER, Illinois PETER WELCH, Vermont
H. MORGAN GRIFFITH, Virginia BEN RAY LUJAN, New Mexico
GUS M. BILIRAKIS, Florida PAUL TONKO, New York
BILL JOHNSON, Ohio YVETTE D. CLARKE, New York
BILLY LONG, Missouri DAVID LOEBSACK, Iowa
LARRY BUCSHON, Indiana KURT SCHRADER, Oregon
BILL FLORES, Texas JOSEPH P. KENNEDY, III,
SUSAN W. BROOKS, Indiana Massachusetts
MARKWAYNE MULLIN, Oklahoma TONY CARDENAS, California
RICHARD HUDSON, North Carolina RAUL RUIZ, California
CHRIS COLLINS, New York SCOTT H. PETERS, California
KEVIN CRAMER, North Dakota DEBBIE DINGELL, Michigan
TIM WALBERG, Michigan
MIMI WALTERS, California
RYAN A. COSTELLO, Pennsylvania
EARL L. ``BUDDY'' CARTER, Georgia
JEFF DUNCAN, South Carolina
Subcommittee on Digital Commerce and Consumer Protection
ROBERT E. LATTA, Ohio
Chairman
GREGG HARPER, Mississippi JANICE D. SCHAKOWSKY, Illinois
Vice Chairman Ranking Member
FRED UPTON, Michigan BEN RAY LUJAN, New Mexico
MICHAEL C. BURGESS, Texas YVETTE D. CLARKE, New York
LEONARD LANCE, New Jersey TONY CARDENAS, California
BRETT GUTHRIE, Kentucky DEBBIE DINGELL, Michigan
DAVID B. McKINLEY, West Virgina DORIS O. MATSUI, California
ADAM KINZINGER, Illinois PETER WELCH, Vermont
GUS M. BILIRAKIS, Florida JOSEPH P. KENNEDY, III,
LARRY BUCSHON, Indiana Massachusetts
MARKWAYNE MULLIN, Oklahoma GENE GREEN, Texas
MIMI WALTERS, California FRANK PALLONE, Jr., New Jersey (ex
RYAN A. COSTELLO, Pennsylvania officio)
JEFF DUNCAN, South Carolina
GREG WALDEN, Oregon (ex officio)
C O N T E N T S
----------
Page
Hon. Robert E. Latta, a Representative in Congress from the State
of Ohio, opening statement..................................... 1
Prepared statement........................................... 3
Hon. Janice D. Schakowsky, a Representative in Congress from the
State of Illinois, opening statement........................... 4
Hon. Greg Walden, a Representative in Congress from the State of
Oregon, opening statement...................................... 6
Prepared statement........................................... 7
Hon. Frank Pallone, Jr., a Representative in Congress from the
State of New Jersey, opening statement......................... 8
Witnesses
Joseph Simons, Chairman, Federal Trade Commission................ 10
Prepared statement........................................... 12
Answers to submitted questions............................... 113
Maureen Ohlhausen, Commissioner, Federal Trade Commission........ 34
Noah Phillips, Commissioner, Federal Trade Commission............ 35
Answers to submitted questions............................... 160
Rohit Chopra, Commissioner, Federal Trade Commission............. 37
Answers to submitted questions............................... 164
Rebecca Slaughter, Commissioner, Federal Trade Commission........ 38
Answers to submitted questions............................... 171
Submitted Material
Statement of ACA International................................... 79
Statement of the Electronic Privacy Information Center........... 83
Statement of the Coalition Trade Association..................... 89
Statement of the Internet Association............................ 92
Letter of April 24, 2018, from Members of Congress to the FTC.... 93
Letter of June 25, 2018, from the FTC to Representative Welch.... 95
Article entitled, ``If you shopped at these 15 stores in the last
year, your data might have been stolen,'' Business Insider,
July 14, 2018.................................................. 97
OVERSIGHT OF THE FEDERAL TRADE COMMISSION
----------
WEDNESDAY, JULY 18, 2018
House of Representatives,
Subcommittee on Digital Commerce and Consumer
Protection,
Committee on Energy and Commerce,
Washington, DC.
The subcommittee met, pursuant to call, at 9:15 a.m., in
room 2123 Rayburn House Office Building, Hon. Robert Latta
(chairman of the subcommittee) presiding.
Members present: Representatives Latta, Kinzinger, Burgess,
Lance, Guthrie, McKinley, Bilirakis, Bucshon, Walters,
Costello, Walden (ex officio), Schakowsky, Lujan, Clarke,
Dingell, Matsui, Welch, Kennedy, Green, and Pallone (ex
officio).
Staff present: Melissa Froelich, Chief Counsel, Digital
Commerce and Consumer Protection; Adam Fromm, Director of
Outreach and Coalitions; Ali Fulling, Legislative Clerk,
Oversight & Investigations, Digital Commerce and Consumer
Protection; Elena Hernandez, Press Secretary; Paul Jackson,
Professional Staff, Digital Commerce and Consumer Protection;
Bijan Koohmaraie, Counsel, Digital Commerce and Consumer
Protection; Austin Stonebraker, Press Assistant; Madeline Vey,
Policy Coordinator, Digital Commerce and Consumer Protection;
Hamlin Wade, Special Advisor, External Affairs; Greg Zerzan,
Counsel, Digital Commerce and Consumer Protection; Michelle
Ash, Minority Chief Counsel, Digital Commerce and Consumer
Protection; Jeff Carroll, Minority Staff Director; Lisa
Goldman, Minority Counsel; Carolyn Hann, Minority FTC Detailee;
Caroline Paris-Behr, Minority Policy Analyst; Tim Robinson,
Minority Chief Counsel; Andrew Souvall, Minority Director of
Communications, Outreach and Member Services; and C.J. Young,
Minority Press Secretary.
OPENING STATEMENT OF HON. ROBERT E. LATTA, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF OHIO
Mr. Latta. Well, good morning. I'd like to call the
Subcommittee on Digital Commerce and Consumer Protection to
order.
And before we begin our opening statements, I'd like to say
how pleased I am to have all of our FTC commissioners before us
today.
And what I'd like to do before I begin my opening remarks
is introduce our FTC commissioners. Today, we have Chairman Joe
Simons, who was sworn into office on May 1st. Before joining
the commission, the chairman was a partner at Paul, Weiss and
co-chair of the firm's anti-trust group. He previously served
at the commission in various positions between 1987 and 1989 as
well as 2001 to 2003.
Next, we have Commissioner Maureen Ohlhausen, who was sworn
into office on April the 4th, 2012, and served as acting FTC
chairman between January 2017 and May 1st, 2018. Prior to
joining the FTC she was a partner at Wilkinson Barker Knauer,
LLP. She previously served at the commission for 11 years in
various capacities and leadership roles. We thank the
commissioner for her leadership for the past 15 months when she
was acting chair and for her work at the agency.
Commissioner Noah Phillips was sworn into office on May
2nd, 2018. Before joining the commission he served as chief
counsel to Senator John Cornyn of Texas.
Commissioner Rohit Chopra was also sworn in on May 2nd,
2018. He previously served as a senior fellow at the Consumer
Federation of America.
And finally, we have Commissioner Rebecca Slaughter, sworn
in on May 2nd, 2018, and prior to joining the commission,
Commissioner Slaughter served as chief counsel to Senator Chuck
Schumer of New York.
Our witnesses have a strong fidelity to public service and
they are once again being asked to serve the American people to
maintain competitive markets and to protect consumers against
unfair and deceptive acts and practices, and again, we thank
you very much for being with us today.
And at this time now, I'll recognize myself for a 5-minute
opening statement.
Our hearing today will focus on oversight of the Federal
Trade Commission. The FTC functions as the top cop on the beat
and keeps consumers safe and to promote a vibrant free market
in the United States.
We look forward to working with the FTC on specific issues
relating to this subcommittee's jurisdiction, including self-
driving cars, data security, the Internet of Things, blockchain
technologies, privacy issues, deceptive advertising, robocalls,
and more.
Emerging consumer protection issues are at the forefront of
this committee. Recently, I joined Chairman Walden, Chairman
Blackburn, and Chairman Harper, sending letters to Apple and
Google, asking them to explain how smartphone users' data is
protected, and when audio recording data and location
information is compiled and shared. This morning, we will be
sending letters to location data aggregator LocationSmart,
Securus, and 3CInteractive Corporation.
We continue to remain concerned about cybercrime, estimated
to cost millions to the global economy each year, and how
businesses prioritize protecting the most sensitive data they
hold about individuals. As we all know, there is no such thing
as 100 percent perfect security.
We will continue to work with regulators to understand what
transpired in the recent high-profile breaches and what we
should learn from these actions for the future.
The Economist proclaims, ``The world's most valuable
resource is no longer oil, but data.'' I look forward to a
thoughtful discussion on the appropriate steps the FTC is
considering, including the chairman's recently announced
hearings on 21st century challenges.
In my remaining time, I would like to hear how Chairman
Simons will work to utilize the FTC's annual funding to its
greatest need and impact, judiciously using the taxpayers'
dollars, including on the FTC's current priorities,
authorities, and performance, including its human resources
efforts at securing and retaining the best experts in the
fields of antitrust and consumer protection. While we are in a
challenging fiscal environment, the House Appropriations
Committee approved $2 million more dollars to the FTC than the
agency requested for fiscal year 2019.
I am also encouraged by the large refunds the FTC has been
able to return directly to consumers, most recently to Uber
drivers and customers who bought deceptively marketed bed bug
products, consumers in both cases receiving average checks over
$200.
This is a unique tool in the FTC toolbox. The FTC has
returned over $543 million to consumers and deposited $94
million in the U.S. Treasury. FTC orders in the Volkswagen,
Amazon, and Net Spend matters required defendants to self-
administer consumer refund programs worth more than $11.5
billion.
The FTC's enforcement authorities are broad and far
reaching. The unique position of the FTC as the civil law
enforcement agency for the majority of the U.S. economy cannot
be taken lightly. Calls for expanded rulemaking authority,
shifting the agency from its expertise in enforcement to
regulatory and rulemaking, raises serious questions for me
because Congress has explicitly granted the agency rulemaking
that has not been utilized in years.
Some may argue that the FTC is not equipped to handle the
challenges of the day, but I believe their actions speak louder
than words. The FTC has vigorously defended its jurisdiction
and consumers and we have no reason to believe that will stop
any time soon.
Finally, the FTC plays an important enforcement role in the
EU-U.S. Privacy Shield framework, particularly relating to
compliance and enforcement of U.S. businesses. With the second
annual review of the Privacy Shield by the European Commission
coming this fall, we want to hear about FTC's and the
commissioners' roles, and what can this committee do to help
make sure that 3,100 businesses, including small businesses,
continue to have access to the Privacy Shield.
Again, at this time I want to thank our witnesses for being
here today, and this time I am going to yield to the gentlelady
from Illinois, the ranking member of the subcommittee, for 5
minutes for an opening statement.
[The prepared statement of Mr. Latta follows:]
Prepared statement of Hon. Robert E. Latta
Our hearing today will focus on oversight of the Federal
Trade Commission. The FTC functions as the top cop on the beat
to keep consumers safe and to promote a vibrant free market in
the United States.
We look forward to working with the FTC on specific issues
relating to this Subcommittee's jurisdiction, including self-
driving cars, data security, the Internet of Things, blockchain
technologies, privacy issues, deceptive advertising, robocalls,
and much more.
Emerging consumer protection issues are at the forefront
for this committee. Recently, I joined Chairman Walden,
Chairman Blackburn, and Chairman Harper, sending letters to
Apple and Google, asking them to explain how smartphone users'
data is protected, and when audio recording data and location
information is compiled and shared. This morning, we will be
sending letters to location data aggregator LocationSmart,
Securus, and 3CInteractive Corporation.
We continue to remain concerned about cybercrime, estimated
to billions to the global economy, and how businesses
prioritize protecting the most sensitive data they hold about
individuals. As we all know, there is no such thing as 100%
perfect security.
We will continue to work with regulators to understand what
transpired in the recent high-profile breaches and what we
should learn from these situations for the future.
The Economist proclaims, the ``world's most valuable
resource is no longer oil, but data.'' I look forward to a
thoughtful discussion of the appropriate steps the FTC is
considering, including the Chairman's recently announced
hearings on 21st Century challenges.
In my remaining time, I would like to hear how Chairman
Simons will work to utilize the FTC's annual funding to its
greatest need and impact, judiciously using the taxpayer's
dollars. Including on the FTC's current priorities, authorities
and performance, including its human resources efforts securing
and retaining the best experts in the fields of antitrust and
consumer protection. While we are in a challenging fiscal
environment, the House Appropriations Committee approved $2
million more dollars for the FTC than the agency requested for
fiscal year 2019.
I am also encouraged by the large refunds the FTC has been
able to return directly to consumers--most recently to Uber
drivers and customers who bought deceptively marketed bed bug
products--consumers in both cases receiving average checks over
$200.
This is a unique tool in the FTC's toolbox. The FTC has
returned over $543 million to consumers and deposited $94
million into the U.S. Treasury. FTC orders in the Volkswagen,
Amazon, and Net Spend matters required defendants to self-
administer consumer refund programs worth more than $11.5
billion.
The FTC's enforcement authorities are broad and far
reaching. The unique position of the FTC as the civil law
enforcement agency for the majority of the U.S. economy cannot
be taken lightly. Calls for expanded rulemaking authority--
shifting the agency from its expertise in enforcement to
regulatory and rulemaking--raises serious questions for me
because Congress has explicitly granted the agency rulemaking
that has not been utilized in years.
Some may argue that the FTC is not equipped to handle the
challenges of the day--but I believe their actions speak louder
than words. The FTC has vigorously defended its jurisdiction
and consumers and we have no reason to believe that will stop
any time soon.
Finally, the FTC plays an important enforcement role in the
EU-U.S. Privacy Shield framework, particularly relating to
compliance and enforcement of U.S. businesses. With the second
annual review of the Privacy Shield by the European Commission
coming this fall, we want to hear about FTC's and
Commissioners' roles, and what can this Committee do to help
make sure the 3,100 businesses--including many small
businesses--continue to have access to the Privacy Shield.
Thank you to all of our witnesses for being here today. I
yield to the gentlewoman from Illinois, ranking member of the
subcommittee, for her 5 minute opening statement.
OPENING STATEMENT OF HON. JANICE D. SCHAKOWSKY, A
REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS
Ms. Schakowsky. Thank you so much, Mr. Chairman, for
holding this hearing on the FTC and I want to welcome Chairman
Simons. I know you're new to the job. I look forward to meeting
with you.
Today's hearing really comes down to two questions: is the
Federal Trade Commission equipped to fulfill its mission of
protecting consumers and what can Congress do to make it more
effective--a more effective consumer advocate.
The FTC is--to echo the chairman--the top cop on the beat,
protecting both the public and businesses against unfair,
deceptive, fraudulent, or anti-competitive practices through
the consumer protection and anti-trust authorities.
As the economy continues to change and expand, the FTC has
had to adapt to this new economy and as our social networks,
shopping, banking, and other forms of communication and
businesses move to the internet, the FTC has changed, bringing
in more technology experts. At the same time, many suggest that
the commission needs more technology experts, even though its
resources are as tight as ever.
I am concerned that we are asking one of our country's most
important consumer agencies to choose which protections it will
be able to enforce. I hope we will work together to ensure that
the FTC has all the resources that it needs to maintain
consumer protection and a fair marketplace.
From a regulatory standpoint, it's time to look at ways to
reduce barriers to FTC consumer protection rulemaking. The
FTC's ability to move forward with important rulemaking is much
more limited than those at other agencies.
In the rapidly changing climate of commerce today,
rulemaking must be efficient and timely to keep pace.
Specifically, I would like to discuss how well the FTC is
protecting consumers' privacy and what they are doing to
promote data security. It's my belief that on data security
this committee and Congress should be giving the FTC the tools
it needs to do more.
Ranking Member Pallone and I have introduced H.R. 3895, the
Secure and Protect America's Data Act, which gives the FTC
rulemaking authority and civil penalty authority for data
security breach notification. These issues are becoming more
important for Americans, not less. In our hearing last October
with former Equifax CEO Richard Smith, I asked him if, as a
consumer, can I opt out of Equifax--after all, I never opted
in. Equifax collects my data whether I want them to do it or
not and now my data is at risk of being shared because Equifax
failed to adequately protect it, and the answer was, sadly,
yes, I don't have an opportunity to opt out.
It would be one thing if that breach were an isolated
incident, and it wasn't. We saw this with Facebook and we saw
this with Uber. In the case of Uber, it actually paid the
hackers $100,000 before reporting the incident to the FTC.
This can't be standard industry practice. We need to change
that power balance by strengthening consumer protections. With
the FTC as our partner, we, as Congress, must work to
strengthen the agency to face the 21st century challenges.
Many of these new marketplaces, which are often highly
concentrated, are failing American consumers. Part of the FTC's
mission is the issue of anti-trust and, as we saw this morning
with the EU leveling a $5.1 billion fine on Google, strong
consumer protection and robust competition go hand in hand, and
that's why Congress and consumer watchdogs must step in.
I welcome the new commissioners, Chairman Simon and
Commissioners Phillips, Chopra, and Slaughter. Did I miss
somebody?
Commissioner Simons, Phillips, Chopra, and Slaughter, and I
want to thank Commissioner--I am going to say it wrong--
Ohlhausen, for her work on the commission and her stewardship
during the transition.
I look forward to hearing your perspective, all of you, on
these issues, and I yield back.
Mr. Latta. Thank you. The gentlelady yields back.
The chair now recognizes the gentleman from Oregon, the
chairman of the full committee, for 5 minutes for an opening
statement.
OPENING STATEMENT OF HON. GREG WALDEN, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF OREGON
Mr. Walden. Well, good morning, Mr. Chairman, and to the
members of the FTC, good morning. Welcome before the Energy and
Commerce Committee.
We are delighted you're here. We want to welcome our five
distinguished public servants and welcome to the committee. We
have a lot of work to do. So do you, and so we appreciate your
counsel.
While our economy is the driver of so much growth and
opportunity for Americans, there are still, unfortunately, some
bad actors and the Federal Trade Commission is one of the top
cops on the beat. It is charged with the dual mission of
competition and consumer protection across large segments of
the United States economy and this committee's jurisdiction. So
we need the FTC to follow its statutory authority to protect
consumers from unfair, deceptive, and anti-competitive
practices, both online and off.
Recent data security incidents involving Facebook, Equifax,
Uber, and other companies continue to raise concerns about the
various aspects of protecting consumers in a data-driven
economy.
I understand the commission does not, for good reason,
comment on open investigations--we won't ask you to do that--
but I would emphasize that data security incidents involving
sensitive, personal, and financial information are a
significant threat to United States consumers and businesses
and we are laser focused on these issues here at the Energy and
Commerce Committee.
The revelations surrounding Facebook and Cambridge
Analytica have brought the issue of privacy of consumers' data
and information in the age of pervasive social media to the
forefront. In fact, Mark Zuckerberg sat in that chair in the
middle for 5 hours not long ago. Particularly with Facebook
being under a consent order with the FTC, we are closely
evaluating the tools used by the Federal Trade Commission in
cases as that matter moves forward.
Two weeks ago, we asked Apple CEO Tim Cook and Alphabet CEO
Larry Page to explain how their companies use audio recording
data as well as locational information collected on iPhone and
Android smartphones. Consumers want to know who's tracking them
and how.
And following reports that location data aggregators
obtained locational data from U.S. wireless carriers, in turn
selling it to other firms, this morning we will be sending
letters to LocationSmart, Securus, and 3CInteractive
Corporation to probe their data handling and use practices.
We have pursued, and will continue to pursue, important
oversight work on these issues and we will explore the question
of whether there are improvements in the current privacy
regulations that would increase consumer understanding of how
data flows support the global economy.
We do not want to unduly saddle companies with unnecessary
regulations or impose compliance burdens that will not result
in any meaningful impact for consumers. But we will ensure
companies are being responsible and that they do not misuse
consumer data, period.
This is the overarching reason I support the Federal
Communications Commission's ``Restoring Internet Freedom
Order,'' which reaffirms the FTC's authority over both ISPs--
internet service providers--and tech companies alike. This
authority is critical for enforcing data privacy practices,
promoting a free and open internet, and protecting consumers
from anti-competitive behaviors across the digital ecosystem.
So as we consider these issues, I reiterate my invitation
to the technology company CEOs to come to Congress, come to
Washington, D.C., engage with us and talk directly to the
committee and the public about your practices.
Our goal is to work with all stakeholders on how best to
incentivize data security and help protect personal and
financial data.
So I am encouraged to have all of you here today because I
know you each understand the importance of these issues and the
complexity of these issues, and the role that the Federal Trade
Commission has in protecting consumers.
So we look forward to your testimony. Again, thanks for
being here before the committee and with that, unless any other
members on our side want the remainder of my time, I would be
happy to yield back.
[The prepared statement of Mr. Walden follows:]
Prepared statement of Hon. Greg Walden
Good morning. Today we welcome five distinguished public
servants from the Federal Trade Commission. Chairman Simons and
fellow commissioners, welcome to the Energy and Commerce
Committee. We are so pleased to have a fully-constituted FTC in
place, and we look forward to working with each of you.
While our economy is the driver of so much growth and
opportunity for Americans, there are still, unfortunately, bad
actors. The FTC is one of the top cops on the beat. It is
charged with a dual mission of competition and consumer
protection across large segments of the U.S. economy and this
Committee's jurisdiction. We need the FTC to follow its
statutory authority to protect consumers from unfair,
deceptive, and anti-competitive practices, both online and off.
Recent data security incidents involving Facebook, Equifax,
Uber, and other companies continue to raise concerns about the
various aspects of protecting consumers in a data-driven
economy.
I understand the Commission does not, for good reason,
comment on open investigations, but I would emphasize that data
security incidents involving sensitive personal and financial
information are a significant threat to U.S. consumers and
businesses and we are laser focused on these issues at the
committee.
The revelations surrounding Facebook and Cambridge
Analytica have brought the issue of privacy of consumers' data
and information in the age of pervasive social media to the
forefront. Particularly with Facebook being under a consent
order with the FTC, I will be closely evaluating the tools used
by the FTC in that case as the matter moves forward.
Two weeks ago, we asked Apple CEO Tim Cook and Alphabet CEO
Larry Page to explain how their companies use audio recording
data as well as location information collected on iPhone and
Android smartphones.
And, following reports that location data aggregators
obtained location data from U.S. wireless carriers, in turn
selling it to other firms, this morning we will be sending
letters to LocationSmart, Securus, and 3CInteractive
Corporation to probe their data handling and use practices.
We have pursued, and will continue to pursue, important
oversight work of these issues. And we'll explore the question
of whether there are improvements in the current privacy
regulations that would increase consumer understanding of how
data flows support the global economy.
We do not want to unduly saddle companies with unnecessary
regulations or impose compliance burdens that will not result
in any meaningful impact for consumers, but we will ensure
companies are being responsible and that they do not misuse
consumer data.
This is the overarching reason I support the Federal
Communications Commission's Restoring Internet Freedom Order,
which reaffirms the FTC's authority over both ISPs and tech
companies alike. This authority is critical for enforcing data
privacy practices, promoting a free and open internet, and
protecting consumers from anticompetitive behaviors across the
digital ecosystem.
As we consider these issues, I reiterate my invitation to
tech CEOs to come here to D.C., engage with Congress, and talk
directly to the committee and the public about their practices.
Our goal is to work with all stakeholders on how best to
incentivize data security and help protect personal and
financial data.
I am encouraged to have you all here today because I know
you each understand the importance of these issues and the roll
of the FTC in protecting consumers.
Thank you for being with us this morning and I look forward
to working with you moving forward and to our important
discussion today.
Mr. Latta. Seeing none, the gentleman yields back the
balance of his time.
The chair now recognizes the gentleman from New Jersey, the
ranking member of the full committee, 5 minutes for an opening
statement.
OPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE
IN CONGRESS FROM THE STATE OF NEW JERSEY
Mr. Pallone. Thank you, Mr. Chairman.
Today's hearing focuses on the important work of the
Federal Trade Commission.
I want to congratulate and welcome the new commissioners:
Chairman Simons, Commissioners Phillips, Chopra, and Slaughter,
and welcome back Commissioner Ohlhausen--I guess I am
pronouncing it right.
The FTC plays a critical role in protecting consumers
nationwide. It has the dual mission to prevent anti-competitive
business practices and protect consumers from unfair or
deceptive actions.
It's an enormous endeavor covering many industries and
issues. It works to stop anti-competitive business practices
that are likely to leave the higher prices and lower quality of
goods and services and at the same time it works to protect
consumers from false advertising, annoying telemarketing, data
throttling, and other forms of fraud.
While the FTC has had successes such as its case against
Volkswagen, in which it obtained $11 billion in compensation
for consumers who purchased clean diesel cars that turned out
not to be clean, the commission should be doing more, in my
opinion.
But in order to do more in support of consumers, the FTC
needs the support and legislative authorizations from Congress.
Unfortunately, instead of working with the FTC, this committee,
just 2 years ago, sought to further reduce the already limited
authorities of the FTC and I am hopeful we will not see that
effort again.
The FTC is a relatively small agency, especially given the
breadth of its mission. In the area of data privacy and
security--one of the more critical consumer protection issues
today--FTC's entire division is only 45 full time employees and
only 35 of those are attorneys who are able to bring
enforcement actions.
These actions are important since the commission's
rulemaking authorities are hindered by overly burdensome
requirements that effectively nullify its ability to establish
regulations for consumer privacy and data security. And even
its enforcement authorities are limited.
Most often the FTC can only get an injunction stopping the
unfair or deceptive acts for a first time violation. The FTC
cannot hit the offender where it hurts, with a monetary
penalty. A slap on the wrist with a promise not to do the bad
act again often fails to be a sufficient deterrent to further
bad action. Only if the company commits the same unscrupulous
act again after promising in a consent that it would stop such
conduct can the FTC seek fines, and that limitation on fining
authority has allowed some companies to repeatedly take
advantage of consumers without real consequences.
Just a few months ago, we were here listening to Mark
Zuckerberg apologize yet again for Facebook's failure to
properly inform users of how their data would be shared. If the
FTC was able to fine Facebook in 2011 the first time it found
that Facebook failed to properly notify users, we may not have
seen the Cambridge Analytica scandal.
And to make matters worse, FTC has only 40 employees
reviewing the hundreds of consent decrees that are in effect.
Those employees cannot possibly know whether any one company is
keeping the commitments it made in the consent decree.
After all, Facebook was under a consent decree and we saw
what that wrist slapping did--nothing. And yes, Equifax was
under a consent decree as well.
So today's hearing is not on the breaches at Facebook or
Equifax but those breaches are good examples for exploring how
the FTC could better fulfill its mission and I look forward to
hearing from the commissioners about their ideas for the future
of the FTC and hope we can discuss ways to support the FTC's
dual mission and give it the tools that it needs.
And I'd like to yield the time I have left to Ms. Matsui.
Ms. Matsui. Thank you very much, Ranking Member Pallone.
I've discussed the potential of blockchain applications in
this subcommittee before. These include as possibility to
facilitate spectrum sharing as next-generation broadband
networks are deployed, maintain patient health records and
secure business transactions and communications between the
Internet of Things networks.
In its basic and essential element and function, blockchain
is a decentralized ledger technology. But as the hype
surrounding blockchain and its applications grow, how exactly
blockchain is defined has become less clear.
More fundamentally, there is no agreed upon definition of
blockchain. So I am working on legislation that would direct
the Department of Commerce to convene a working group or
Federal and industry stakeholders to develop a consensus-based
agreed upon definition of blockchain.
I believe a common definition of blockchain could greatly
assist in its development and deployment. I invite all of you
here on the panel to work with me on this as well as my
colleagues here and I hope that we can do this as quickly as
possible.
Thank you, and I yield back.
Mr. Pallone. And I yield back, Mr. Chairman.
Mr. Latta. Thank you very much. The gentleman yields back
the balance of his time and that will conclude with member
opening statements.
The chair would like to remind members that pursuant to
committee rules all members' opening statements will be made
part of the record.
And, again, I want to thank all of our witnesses for
appearing before us today to take time to testify before the
subcommittee. Today's witnesses will have the opportunity to
give a 5-minute opening statement followed by a round of
questions from the members of the subcommittee.
Chairman Simons, you are recognized for 5 minutes. If you'd
just pull the mic up close and turn the button on, we'll--glad
to have you here today.
Thank you.
STATEMENTS OF THE HONORABLE JOSEPH SIMONS, CHAIRMAN, FEDERAL
TRADE COMMISSION; THE HONORABLE MAUREEN OHLHAUSEN,
COMMISSIONER, FEDERAL TRADE COMMISSION; THE HONORABLE NOAH
PHILLIPS, COMMISSIONER, FEDERAL TRADE COMMISSION; THE HONORABLE
ROHIT CHOPRA, COMMISSIONER, FEDERAL TRADE COMMISSION; THE
HONORABLE REBECCA SLAUGHTER, COMMISSIONER, FEDERAL TRADE
COMMISSION
STATEMENT OF JOSEPH SIMONS
Mr. Simons. Thank you so much.
Chairman Latta, Ranking Member Schakowsky, and members of
the subcommittee, I am Joe Simons and I am the new chairman of
the Federal Trade Commission. It's an honor to appear before
you today, especially alongside my fellow commissioners. I'd
also like to thank you for being so supportive of the FTC's
resource needs over the years.
As you've already said, the FTC is a highly productive and
effective independent agency with a broad mission--to protect
consumers and to maintain competition. The FTC also has a long
history of bipartisanship and all of us here today are very
committed to continuing that strong tradition.
I am going to focus my oral remarks today primarily on data
security and privacy. Year after year, these two issues topped
the list of consumer protection priorities at the FTC. The
commission has challenged numerous privacy and security
practices under Section 5 of the FTC Act.
Our program in these areas, which includes enforcement as
well as consumer and business education, has been highly
successful within the limits of our authority. Section 5 is an
imperfect tool. In my view, we do need more authority. I
support data security legislation that would give us three
things: one, the ability to seek civil penalties to effectively
deter unlawful conduct; two, jurisdiction over nonprofits and
common carriers; and three, the authority to issue implementing
rules under the Administrative Procedure Act.
Make no mistake, however. Under my leadership, privacy and
data security will continue to be an enforcement priority and
the FTC will use every tool in its arsenal to address consumer
harm to the extent we can. To date, the commission has brought
more than 60 cases alleging that companies failed to implement
reasonable data security safeguards as well as dozens of
general privacy cases.
We have aggressively pursued privacy and data security
cases in myriad areas including financial privacy, children's
privacy, health privacy, and the Internet of Things.
Recently, the European Union put into effect its general
data protection regulation. The FTC will be watching carefully
and assessing the impact of this new regime to see what lessons
we can learn that might be applicable to the U.S.
In addition, GDPR, like its predecessor, imposes
restrictions on the ability of companies to transfer consumer
data from the EU to other jurisdictions, including the U.S.
The EU-U.S. Privacy Shield framework provides a mechanism
that enables data to be legally transferred from Europe to the
United States and the FTC is committed to strenuously enforcing
Privacy Shield.
Finally, let me mention one additional item. The FTC has
the tradition of self-critical examination, and in that vein,
we recently announced our hearings on competition and consumer
protection in the 21st century, and these will begin in the
fall.
This series of public hearings will explore whether we need
to adjust our enforcement efforts, our priorities, and policies
in light of changes in the marketplace and new thinking.
The issues to discuss include whether we need to change the
governing standard for anti-trust enforcement, whether merger
enforcement has been too lax, our remedial authority with
respect to privacy and data security, and other issues.
A discussion of these issues at the hearing along with the
public comments that will be collected throughout the hearings
will help inform our thinking. The FTC is committed to
maximizing the use of its resources, to enhance its
effectiveness in protecting consumers, and promoting
competition, to anticipate and to respond to changes in the
marketplace, and to meet current and future challenges.
We look forward to continuing to work with the subcommittee
and Congress, and I look forward to answering your questions.
Thank you so much.
[The prepared statement of Mr. Simons follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Latta. Thank you very much for your statement.
And, Commissioner Ohlhausen, you are recognized for 5
minutes.
STATEMENT OF MAUREEN OHLHAUSEN
Ms. Ohlhausen. Chairman Latta, Ranking Member Schakowsky,
and members of the subcommittee, I am pleased to appear before
you today alongside my FTC colleagues.
I've been a commissioner for 6 years and was honored to be
named Acting Chairman in January 2017 and to serve in that
capacity until May 2018.
Having a leadership role at the FTC provides a unique
insight into the vital protections the agency provides for the
American consumer and I am proud of the work that we'll discuss
in today's hearing.
Although the FTC has many accomplishments, I will limit my
remarks today to two areas: process reforms and competition
enforcement.
First, process reforms. In April 2017, I directed the FTC's
Bureau of Consumer Protection to identify ways we could
streamline our civil investigative demands, or CIDs, which are
the agency's version of administrative subpoenas. This
initiative was in part in response to concerns raised by
members of Congress that FTC investigations often imposed undue
burdens on legitimate companies.
Now, of course, the FTC must remain an effective and
aggressive protector of the American consumer. That is our
primary mission. But we should also look for ways to be more
efficient.
These CID reforms have been in effect for a year and I
believe the agency has successfully navigated making the CID
process friendlier to legitimate businesses without sacrificing
our effectiveness. For example, one difficulty for small
business is wading through pages of legalese. To lighten this
burden, the FTC now includes a plain language description of
the CID process in every CID we issue and we've posted FAQs for
small businesses on our website to help them.
We are also being more selective about the time frame for
requested documents or information. Obviously, the broader the
time frame the greater the burden on companies.
It is now our policy where appropriate to limit the time
frames in our CIDs to more recent years and, of course, when
there is good cause, we will seek a broader range of documents
and information. But that is now the exception, not the rule.
These are just a handful of the ways that we've reformed
our CID process so that we can continue to protect consumers
without placing undue burdens on legitimate companies.
And now turning briefly to competition enforcement, I would
like to make just a few points. In fiscal year 2017, the FTC
challenged 23 mergers and obtained remedies for consumers in 15
others, maintaining, essentially, the same merger enforcement
pace during the beginning of this administration as it had
during the previous one.
And the brisk pace continues in fiscal year 2018. The
agency has already undertaken a number of merger challenges
including Tronox, Williamson, and Otto Bock, all of which are
currently in litigation.
During the 2017-2018 period, the commission also stopped
three mergers when the parties abandoned them after we sued,
and, in addition, Walgreen's substantially restructured its
proposed acquisition of Rite-Aid due to commission concerns.
And I would like to highlight two merger cases that focused
on important points about our competition mission. Draft Kings-
FanDuel was a proposed merger of two internet platforms
offering so-called daily fantasy sports contests and the FTC
sued to block the deal, finding that these two companies were
the leading providers and that other forms of fantasy sports
were inadequate substitutes.
And, importantly, the commission rejected arguments that
the technology was too nascent and fast moving to be able to
draw reliable conclusions, and in the face of the FTC's
challenge, the companies ultimately abandoned their
transaction.
And the other case I would like to briefly mention was CDK-
AutoMate, which involved two providers of specialized software
used by auto dealers. Our challenge to the deal noted that the
current levels of competition between the parties likely
understated the competitive significance of the smaller firm.
In effect, the larger firm was buying out this promising
upstart before it could grow to become a much more serious
competitive threat, and in the face of the FTC's challenge the
parties abandoned their deal.
Both of these cases were big wins for U.S. consumers but
they also show how the commission can use its existing
authority to intervene in a factually grounded economically
nuanced way, even in fast-moving high technology markets.
In addition to merger review, we also brought a number of
important conduct cases including several challenging anti-
competitive behavior by drug manufacturers.
And finally, our Economic Liberty Task Force, which I
launched last year, has helped to spotlight unnecessary or over
broad occupational licensing which often disproportionately
harms those near the bottom of the economic ladder and burdens
our military families.
So thank you for your time and I look forward to your
questions.
Mr. Latta. And thank you very much for your testimony
today.
And Commissioner Phillips, you are recognized for 5
minutes.
STATEMENT OF NOAH PHILLIPS
Mr. Phillips. Thank you.
Chairman Latta, Ranking Member Schakowsky, distinguished
members of the subcommittee, thank you all for the opportunity
to be before you today.
I am honored to be here with my fellow commissioners, and
from our testimony I hope you see the important work that the
FTC and its staff do every day on behalf of American consumers.
As you all know, our economy is increasingly globalized,
digitized, and connected. These changes generate incredible
opportunity but they also pose new problems for consumers such
as traditional scams that now thrive online and new internet-
enabled frauds, and they also raise important enforcement
challenges like the enhanced ability of scammers to act
anonymously or to move their ill-gotten gains abroad and
outside of our jurisdiction.
They also create roadblocks to international law
enforcement cooperation. Congress has been an essential ally in
this fight. In 2006, it passed the U.S. SAFE WEB Act. SAFE WEB
allows the FTC to share evidence with and provide investigative
assistance to foreign authorities in cases involving spam,
spyware, privacy violations, and data breach.
It also confirms our authority to challenge foreign-based
frauds that harm U.S. consumers or involve material conduct in
the United States.
Using SAFE WEB, the FTC has worked with authorities abroad
to stop illegal conduct and secure millions in judgments from
fraudsters and sometimes even criminal convictions.
The FTC uses SAFE WEB authority in important international
privacy cases. We collaborated with Canadian and Australian
privacy authorities on the massive data breach of the Toronto-
based adult dating website ashleymadison.com, and we worked
again with Canadian authorities on FTC's first children's
privacy and security case involving connected toys, a
settlement with electronic toy manufacturer VTech Electronics
under the Children's Online Privacy Protection Act.
In total, the FTC has responded to more than 125 SAFE WEB
information sharing requests from 30 foreign enforcement
agencies. We have issued more than 110 civil investigative
demands in more than 50 investigations on behalf of foreign
agencies, civil and criminal.
The FTC has collected millions of dollars in restitution
for injured consumers, both foreign and domestic. SAFE WEB
helps protect Americans by policing and instilling confidence
in the digital economy. But it sunsets in 2020. The commission
respectfully requests that Congress reauthorize this authority
and eliminate the sunset provision.
Our international efforts support American business
leadership in the global digital economy by enabling
transatlantic data flows and protecting privacy.
As Chairman Latta rightly highlighted in his remarks, the
FTC works with the Department of Commerce on three key cross-
border data transfer programs including the EU-U.S. Privacy
Shield.
Privacy Shield provides a legal mechanism for companies to
transfer personal data from the EU to the U.S. with strong
privacy protections and the FTC enforces these companies'
Privacy Shield promises under Section 5 of our organic statute.
We are committed to the success of Privacy Shield and the
other cross-border data transfer mechanisms. We have brought
nearly 50 actions to enforce them including four under the new
Privacy Shield, one announced just two weeks ago.
Privacy Shield is an important mechanism for encouraging
commerce and protecting privacy. Enforcement of it is and will
remain a priority for the agency.
Thank you for your time and attention and I look forward to
answering any questions that you have.
Mr. Latta. Again, thank you very much for your testimony.
And Commissioner Chopra, you are recognized for 5 minutes.
STATEMENT OF ROHIT CHOPRA
Mr. Chopra. Chairman Latta, Ranking Member Schakowsky, and
members of the subcommittee, thank you for the opportunity to
testify and discuss data security and privacy.
According to survey data, 91 percent of adults believe they
have lost control about how companies are collecting and using
their personal information.
News reports of data breaches and disclosure of sensitive
data have become routine. On the dark web, stolen credit card
and Social Security numbers and social media profiles can be
bought and sold.
For many Americans, the situation seems hopeless and they
feel powerless, and Washington cannot be sitting on the
sidelines. We must confront the risks to our economy, our
society, and national security of inadequate data security and
privacy, and the cost of inaction is growing.
According to an industry study, over 15 million Americans
were a victim of identity theft in some form in 2016, leading
to $16 billion of losses. The majority of these Americans had
their records accessed in a data breach in the years prior to
their identity theft. When we talk about data security in
Washington we typically focus on protecting power grids,
payment networks, and other critical infrastructure to avoid a
crippling attack.
But we also know that the infiltration of commercial
holdings of consumer data can also cause chaos. Large-scale
breaches of unencrypted data are increasing these risks and we
must do more to secure personal data from falling into the
wrong hands.
Chairman Simons is right. The FTC cracks down on illegal
practices whenever we can. But I think our existing toolkit
won't do the trick. In too many situations, our resolution is
to tell a lawbreaking company to simply stop breaking the law.
To truly make a difference when it comes to data protection
we need the ability to deter misconduct through financial
penalties and sensible safeguards that can evolve with the
marketplace and when it comes to privacy the United States
should lead.
New privacy protections from Europe and California are
advancing but we shouldn't feel we have to simply copy and
paste. We should be leading. I believe privacy and competition
can go hand in hand, especially when consumers can access their
data in portable and interoperable formats.
We can increase privacy protections without crowning
corporate royalty. We don't need to start from scratch either.
Congress can build upon existing privacy laws such as the
Children's Online Privacy Protection Act.
Twenty years ago, incumbents warned that this bipartisan
effort to protect children online would end in utter disaster
for our information economy and, boy, were they wrong.
COPPA has common sense ideas. Data collected for one
purpose shouldn't be used for another purpose without your
permission. You should have the ability to review the
information collected about you.
Companies should be up front and honest about who they're
sharing your data with and strong protections should be backed
by an enforcement regime that can hold companies and their
operators accountable.
Over the past decade, the FTC has produced scores of
studies and reports but now it is time for Congress to act. I
am confident that if Congress entrusts the Federal Trade
Commission with the authority and resources to do more to
protect families and businesses, we will deploy them
efficiently and effectively while continuing to promote a
dynamic digital economy that truly benefits all of us.
Thank you.
Mr. Latta. And thank you very much for your testimony.
And Commissioner Slaughter, you are recognized for 5
minutes for your opening statement.
STATEMENT OF REBECCA SLAUGHTER
Ms. Slaughter. Thank you, Chairman Latta, Ranking Member
Schakowsky, and members of the subcommittee. Thank you for
inviting all of us here today.
I would like to use my oral remarks to highlight the
critical work the commission does to protect American consumers
from fraud and from illegal robocalls. I also want to draw
attention to the resource challenges of the commission.
Although it sometimes grabs fewer headlines, fighting fraud
is a central part of the FTC's consumer protection mission. The
commission routinely tracks down and stops some of the worst
scams, often targeting consumers who can least afford to lose
money, including the elderly, members of the military, students
burdened by debt, and small businesses.
The FTC takes the lead on important initiatives to shut
down fraudsters and joins with our Federal, State, and
international law enforcement partners. Some recent examples of
these initiatives include Operation Tech Trap, a crackdown on
tech support scams. Another example was Operation Game of
Loans, where we led the first Federal and State coordinated
action targeting 36 student loan debt relief scams. And just
last month, we announced Operation Main Street, an effort to
stop small business scams.
The agency has also been at the forefront of addressing
deceptive moneymaking frauds involving crypto currencies,
bringing enforcement action and hosting a workshop to explore
house scammers or exploiting public interest in crypto currency
and how to empower and protect consumers against the growing
threat of exploitation. This is an area we must continue to
monitor closely including working with stakeholders who don't
traditionally engage with the FTC.
On robocalls, few things unite Americans more than their
outrage over illegal robocalls and I include myself among the
outraged. The FTC uses every tool at its disposal to stop
illegal calls. We've brought 137 cases targeting over 800
individuals and companies responsible for billions of illegal
calls to U.S. consumers and we've collected over $120 million
in judgments.
But, as anyone with a phone knows, the problem persists.
While our aggressive law enforcement efforts will continue, we
know that the explosion in illegal calls stems from
technological developments in the calling landscape.
Law violators can now place endless streams of calls for a
fraction of a cent and too often the criminals behind some of
the worst calling scams are located abroad, beyond the
immediate reach of a civil law enforcement agency.
Technological problems need technological solutions. The
FTC has been a leader in pushing industry to develop those
solutions, helping to spur providers and third parties into
offering call-blocking options. However, the best long-term
solution is to empower and expect providers to deploy solutions
at the network level that will reach every consumer.
Effective blocking tools to stop spam should be available
to all consumers using every kind of phone system and carriers
should have both the right and the responsibility to keep their
systems clear of unwanted calls.
The FTC is currently limited in its ability to address
failures on the part of providers as a result of the common
carrier exemption to our jurisdiction. Some carriers know or
have every reason to know that they are passing along illegal
or even fraudulent calls but they are beyond our reach.
Speaking as a consumer as well as an enforcement official, I
share the public outrage at robocalls and I am eager to work
with Congress to empower the FTC to do even more to combat this
profound nuisance.
Finally, I would like to say a word about our resources.
The FTC works tirelessly to protect consumers and advance
competition in an increasingly technical, digital, and
sophisticated marketplace.
Consumers rightly look to the FTC to address evolving
challenges and one of my top priorities is to make sure that we
meet those expectations successfully. We have excellent expert
experienced staff who want nothing more than to hold
lawbreakers accountable. We leverage them as effectively as
possible. But we have more cases to bring every day. Those
cases have become more complex both legally and technologically
and they involve defendants with deep pockets and armies of
attorneys.
Our budget has not kept pace with these developments. To
wit, we had more full time employees in the Reagan
administration than we do today. It is critical that the FTC
have sufficient resources to support its work, particularly as
demands for enforcement in so many complex areas continue to
grow.
In addition to sufficient resources, as several of my
colleagues have noted, sufficient authority is critical for the
FTC to continue to meet the demands of the 21st century
marketplace.
Repeal of the common carrier exemption, APA rulemaking
authority, and related civil penalty authority would each go a
long way to help the FTC better meet today's challenges as well
as tomorrow's.
Thank you, and I look forward to taking your questions.
Mr. Latta. Thank you very much for your testimony today and
I, again, thank all the commissioners for being with us today
and I will start the questioning with 5 minutes.
And Chairman Simons, if I could start with you. You bring
very strong anti-trust credentials to the FTC, previously
serving as head of the Bureau of Competition.
One of the priority issues of the subcommittee is the
consumer protection jurisdiction enforcement activities of the
FTC and I noted in your opening remarks you talked about
especially enforcement on IoT--I sponsored legislation with the
gentleman from Vermont and on the Internet of Things.
But we also, in the last Congress, had the working group.
So Internet of Things is something that we are very concerned
about.
With recent headlines highlighting the open investigations
of Equifax and Facebook, which I know you can't comment on, and
the Eleventh Circuit recent decision highlighting the
unenforceable order of LabMD data security case, how would you
describe your general approach to consumer protection
enforcement?
Mr. Simons. Our mantra is vigorous enforcement, Chairman.
So that's what we are all about. We are about protecting
the consumer and vigorous enforcement. In addition, we are very
active in terms of not only trying to create a disincentive for
the bad guys to do the wrong thing, but in addition, to educate
consumers and small businesses and businesses generally to make
sure they do the right thing.
So very enforcement oriented, very vigorous, and across the
board. One of the things you probably noticed from the remarks
of the commissioners was that it was spread out in terms of
different subject matters and that was not by accident.
So we are aggressive across the board whether it's data
security, privacy, all kinds of different fraud across the
board.
Mr. Latta. OK. Let me follow up. You mentioned on the civil
penalty authority the FTC doesn't have the civil penalty
authority today to enforce initial violation of the safeguards
rule that covers companies like Equifax.
Would you support civil penalty authority to enforce the
safeguards rule?
Mr. Simons. Yes.
Mr. Latta. OK. Thank you.
Would you like to follow up on that?
[Laughter.]
Mr. Simons. Yes. Sure.
So one of the problems that we have is we are able to show
in these cases that there is sufficient harm to show a
violation under the statute. But in terms of our monetary
remedial authority and showing damage from any particular
breach and tracing it to that specific breach is very
difficult.
So it really hinders our ability to seek a significant
monetary penalty and monetary relief and to create a sufficient
deterrence so that conduct doesn't occur in the future.
Mr. Latta. Let me follow up with another question to you. I
was listening when you were talking about your announcement of
the series of public hearings this year on the 21st century
challenges to the economy and I also commend you and the
commission for taking a thoughtful approach to examining
whether the current legal, economic, and technological
predicates--warrants adjustment to competition and consumer
protection policy.
Would you share your goals for the hearing including
efforts to update the agency's research and policy function or
to set the foundation for enforcement actions in policy agenda
setting?
Mr. Simons. So we are conducting these hearings with a
broad range of participants from all over the spectrum of
thoughts and ideas and so we are going in with an open mind and
we are not expecting any particular outcome. But potential
outcomes would be things that would involve, for example,
amending our horizontal merger guidelines, drafting potentially
new vertical merger guidelines.
We are going to also look at privacy and data security and
maybe we'll come out with strong suggestions there as to how to
move forward maybe along the lines of Commissioner Chopra's
suggestions a minute ago.
So it's really quite wide open. Last time that hearings of
this nature were conducted there were substantial action items
coming out of those hearings. This was done by then Chairman
Robert Pitofsky, and one of the main things that came out of
that was amendments to the merger guidelines relating to
efficiencies.
There was also a lot of work done on the intellectual
property area. And so our goal is to try to be as effective in
these hearings as Chairman Pitofsky was in his hearings.
Mr. Latta. Well, thank you very much, and my time is about
to expire so I am going to yield back and recognize the
gentlelady from Illinois, the ranking member of the
subcommittee for 5 minutes.
Ms. Schakowsky. Thank you.
Let me just say I've been a long-term consumer advocate
since I was a very young woman. So I have a special place in my
heart for the Federal Trade Commission and I want to ask about
your authorities.
Most agencies issue regulations under the Administrative
Procedures Act, which sets out notice and public comment
procedures for issuing regulations. But unless granted APA
rulemaking authority for specific issues by Congress, the FTC
issues rules under a different law, which provides more
burdensome procedures and makes it more difficult for the
commission to issue rules.
So I wanted to ask you, Mr. Chairman, do you agree that the
FTC currently is limited and, an example I think you gave in a
meeting could not write rules like the open internet rules
written by the FCC?
Mr. Simons. So I generally do agree with your
characterization of a rulemaking authority. So our general
rulemaking authority is under the Magnuson-Moss Act and it is
considerably more burdensome than the Administrative Procedure
Act. So I agree with that completely.
In terms of your question about the net neutrality rule, I
don't think that we could adopt exactly the same rule, and if
we were to try to do it under Magnuson-Moss, like you said, it
would be pretty time consuming.
However, what we normally do is we bring enforcement
actions and our sense is that those actually accomplish pretty
much the same thing. By doing.
Ms. Schakowsky. I wanted to ask about that. It says without
effective rulemaking authority, the FCC has focused its efforts
on law enforcement, and we've heard a number of really positive
examples.
But it seems to me the enforcement only approach is not as
effective as when legal standards are supported by agency
rulemaking.
Mr. Simons. I think a mix, depending on the circumstance of
rulemaking and enforcement, could be optimal.
Ms. Schakowsky. So, this issue has come up often in this
committee's discussion of data breach legislation. Previous
commissions have supported APA rulemaking authority for data
security and breach notification.
Ranking Member Pallone and I have introduced a bill--I
mentioned it in my opening statement--3896, the Secure and
Protect America's Data Act--that would require companies to
have reasonable data security and notify consumers in a
reasonable time when breaches occur.
So to the whole panel, our bill would give the FTC
authority to write rules on data security and breach
notification using APA rulemaking and I would just like to go
down the row and see if you would support that.
Mr. Simons. Yes. Without commenting on the specifics of
your bill I certainly support in concept what you're
suggesting.
Ms. Schakowsky. OK.
Ms. Ohlhausen. As I have previously supported data security
and breach notification legislation, I would also support it
without supporting particular details.
Ms. Schakowsky. I understand. Right. Thank you.
Mr. Phillips.
Mr. Phillips. I too support legislation, Congresswoman. I
have not yet formed an opinion with respect to particular
rulemakings. One of the things I look forward to in our
upcoming hearings that the chairman has announced is the fact
that we are going to be doing a careful study of the remedies
available to us and I look forward to learning from those.
Mr. Chopra. Yes, and I would add that the development of
rules is a much more participatory process than individual
enforcement actions and it also gives clear notice to the
marketplace rather than being surprised, and I think it would
be a good idea.
Ms. Schakowsky. Good point. Yes.
Ms. Slaughter. Yes. Like my colleagues, I haven't studied
your particular bill. But as you describe it, it's something
that I would very much support.
Ms. Schakowsky. Let me just say, the word partner came up a
good deal in various testimonies, both on the committee and on
the panel, and I hope that we can use that approach.
Chairman Simons, if the FTC had APA rulemaking authority
now, would you direct staff to begin the rulemaking process for
data security and breach notification?
Mr. Simons. Sure. Yes.
Ms. Schakowsky. OK. Even though FTC's current rulemaking
procedures are burdensome, couldn't the FTC issue an advanced
notice of proposed rulemaking or a notice of inquiry to collect
data and get the process started now?
Mr. Simons. We could certainly start a rulemaking under
Mag-Moss. It would just, you know, be time consuming and really
resource intensive and so there's an issue about whether we
want to start that, not knowing whether we could finish it
under----
Ms. Schakowsky. If I could just have a couple more seconds.
We've had these high-profile hearings from Equifax, Zuckerberg
was sitting in that chair, as the chairman mentioned.
And yet, we really have not moved forward, I think, in
doing something about these data breaches and the mistakes that
have been made. I really look forward to working with you and
meeting with all of you.
Thank you.
Mr. Latta. Thank you very much. The gentlelady's time has
expired and the chair now recognizes the gentleman from Oregon,
the chairman of the full committee, for 5 minutes.
Mr. Walden. Thank you, Mr. Chairman, and I want to thank
you for your leadership in this area on data breach, data
security, and all--I think you have had, what, four roundtables
including one yesterday, I think, with how many participants?
Thirty-eight?
Yes, we know this is pretty complicated. If there were an
easy answer we'd all do it because, I think of my colleague
from Illinois, Ms. Schakowsky, said, she worries about her data
being breached by Equifax.
I don't think you have to worry. I think it is.
[Laughter.]
I think the worry part is gone and that's the tragedy of it
all is we don't have control over our data and we have laws on
the books in some cases. Companies have trust obligations in
other cases and they don't have the security in most cases, and
so it is something we are all concerned about as consumers and
as policy makers and enforcers.
And so it's something this committee is very concerned
about and, as I say, we've been trying to find if there's an
eye in that needle to thread legislation to get to data
notification. Hold people accountable and we are closing in on
it.
And, like others on the committee, I think we are all
consumers and I care deeply about putting the consumer first.
That's been part of my mantra as chairman of the committee,
because if you do that you have competitive markets. You have
innovation and you have price competition and you have choice
and consumers benefit.
And, Ms. Slaughter, your comment about robocalls I am fully
in agreement with. I remember when pop-up ads were a nuisance.
I tongue-in-cheek suggested death penalty for those people,
because you couldn't do anything on your computer. You had
bazillions of these pop-up ads.
We had a hearing on robocalls and the private sector--the
technology sector is being pretty inventive and one of the
witnesses has an app that they market--I won't promote a
particular one--but it actually figures out how to answer the
call and then pretends to be real and keeps the caller on the
line for half an hour.
I love that kind of thing. Run their bill up, drive them
crazy. And so, we have a lot of young kids out there with
brilliant minds that can develop these apps and help us in this
endeavor. But one of the big challenges, of course, is a lot of
this stuff is overseas and hard even for you or for us or
anybody to get their hands around. Boy, we'd have our hands
around their necks.
So, Chairman Simons, what role to do you believe anti-trust
plays with respect to consumer protection? Give us your
thoughts on that as the chairman. Try--yes.
Mr. Simons. It's similar, Mr. Chairman, to what you just
suggested. So the more competition, the more likely it is the
consumer is going to be benefited, and what goes hand in hand
is that competition and consumer protection in terms of
nondeceptive information in the marketplace, an efficient
advertising market, those are things that make firms compete
stronger and it drives competition.
So we want to have those two things. We want to have
vigorous competition. We want to make sure that firms are not
behaving anti-competitively and at the same time we want to
make sure that consumers have the information that is necessary
for them to make the right decisions and right choices in the
marketplace.
Mr. Walden. And with this emerging digital economy that's,
well, fully underway but, it's emerging every day there's
something new, you see we have legacy rules.
We have industries that are built upon those and then you
have a new entrant into the market and then you have
consolidation and mergers and people trying to compete. So what
questions are you most focused on regarding the changing
digital nature of the U.S. economy during your public hearings.
Mr. Simons. We are focused on a very broad range of things,
everything from whether the consumer welfare standard--which
has been the consensus standard for the last 20 or 30 years--
whether that needs to be changed or not, whether the way we
have done merger analysis in the past 20 or 30 years has been
appropriate, whether that's been too lax.
And then we are also focused on the consumer protection
side, particularly in terms of privacy and data security. As I
mentioned in my oral remarks that we are very focused on is the
potential tradeoff between privacy on the one hand and data
security on the one hand and competition on the other hand.
Mr. Walden. Right.
Mr. Simons. We are a little nervous that if you do privacy
in the wrong way, have it go too far in one direction that you
might end up reducing competition.
You might create a situation in which you entrench the
large tech platforms, for example. You make it very difficult,
because the advertising market becomes, potentially, much less
efficient. You make it much more difficult for new entrants and
smaller firms to get the attention of the consumers that
they're trying to reach.
In fact, one of the things that I saw very recently after
the effective date of the GDPR was an article in the Wall
Street Journal that reported that they could already see that
advertising was moving to the Google platform over in Europe
and so that's something we are very conscious of and we want to
be very careful about.
And when Congress thinks about these things in legislation,
this is something that my recommendation would be you think
carefully about to strike the right balance.
Mr. Walden. And I know I am over, but that's exactly the
conundrum we are in is finding that right balance because you
have just a couple of platforms that dominate in the online
advertising world today.
So you want that competition but you don't want to do
something that actually enhances their dominance, if you will.
So I appreciate that.
And I yield back.
Mr. Latta. Thank you very much. The gentleman yields back.
The chair now recognizes the gentleman from New Jersey, the
ranking member of the full committee for 5 minutes.
Mr. Pallone. Thank you, Mr. Chairman.
Much of the FTC's consumer protection enforcement actions
are brought under Section 5 of the FTC Act, which prohibits
unfair and deceptive acts or practices, and the remedies
available for these cases are limited. The FTC can only seek an
injunction in conditions which most often come in consent
decrees. It can seek civil penalties for first violations.
And I know, Chairman Simons, you mentioned already today
that you support giving the FTC authority to seek civil
penalties for first violations when companies fail to maintain
reasonable data security.
How would that tool help the FTC's efforts to protect
consumers from data breaches?
Mr. Simons. Thank you, Congressman.
So what that would do is that would enable us to impose a
sufficient monetary penalty that would incentivize companies to
better protect data.
As you have said and as others have said, if what is going
on in terms of our enforcement authority is that we can only
get an injunction that just says, sin no more, then that's much
less of a deterrent than if we could get monetary penalties
that would actually cause the business to think through how
it's conducting its business and what it's doing in terms of
security and privacy.
Mr. Pallone. Now, to clarify, when the FTC does have
authority to seek civil penalties, it's still up to the FTC to
decide whether to even ask for those penalties and how much
those penalties should be, correct?
Mr. Simons. I am sorry. Could you repeat that?
Mr. Pallone. When the FTC does have authority to seek civil
penalties, it's still up to you to decide whether to even ask
for those penalties and how much those penalties should be,
correct?
Mr. Simons. Yes.
Mr. Pallone. OK. So do you think that civil penalty
authority would be beneficial for FTC's privacy cases as well?
Mr. Simons. That's something I think we should explore. I
don't have a view on that yet. Maybe something will come out of
the hearings that we are going to conduct in the fall that will
inform our views.
Mr. Pallone. I appreciate your having those hearings in the
fall, too. I think it's great that you're doing that.
What about the other Section 5 violations? Would you
support legislation giving the FTC civil penalty authority for
other enforcement actions?
Mr. Simons. So other enforcement actions, I think, are a
little different in the sense--like, fraud, for example. Even
though we are going under our Section 5 authority that provides
for injunctive relief, as part--what's ancillary to injunctive
relief is the ability to get restitution and disgorgement, and
those can serve as significant deterrent effects.
So with respect to fraud, that's something that where our
existing authority probably is sufficient. But with data
security and privacy, it just becomes very hard to prove the
extent of damage to any specific ----
Mr. Pallone. I am thinking of robocalls, which I know we
discussed. Do you see that as different? Like if, you know----
Mr. Simons. Well, we have a rule and so we can get civil
penalties for violations of the robocall, the marketing and
sales.
Mr. Pallone. OK.
Mr. Chopra. Congressman, under our statute, we are able to
ask a court for civil penalties in the case where there's a
rule on the books or when there's a violation of an order,
generally speaking.
So when we do have a rule on the books, it is easier, even
on the first defense, we are able to ask a court for civil
penalty. That's one of the reasons why rulemaking also could
increase deterrence as well.
Mr. Pallone. All right.
Well, now, let me just say one more thing. I wanted to ask
you about the Uber settlement. FTC recently announced an
expanded settlement with Uber, and while the FTC was in the
process of negotiating a settlement with Uber, making deceptive
privacy and data security claims, FTC learned that Uber failed
to disclose another significant breach of the customers' data,
which Commissioner Ohlhausen called strikingly similar.
So just quickly, Chairman Simons, the expanded settlement
with Uber includes some additional requirements but does not
include civil penalties.
Why couldn't the FTC seek civil penalties related to the
second data breach?
Mr. Simons. We would have to show that that was a violation
of a preexisting order.
Mr. Pallone. OK.
Mr. Simons. There was no preexisting order.
Mr. Pallone. But FTC found that Uber twice committed
misconduct but still couldn't impose fines? Maybe I will go
back to Commissioner Chopra.
Do you think this situation is sufficient to stop repeat
offenders in the case of Uber?
Mr. Chopra. Well, my understanding of the Uber resolution
was that the order was modified based on conduct that was not a
direct violation of the original order, and this is what I am
talking about.
Our limitations on obtaining civil penalties are when
there's a rule violation or a violation of an order itself. So
I, of course, and I think all of us want to make sure that FTC
orders are followed and if they are not followed we will seek
all appropriate relief we should.
But the question you're raising about whether on a first
offense there should be penalties, I think that in order to
deter misconduct we need to consider when it's appropriate that
even on a first offense the lack of penalties may not serve as
adequate deterrence.
Mr. Pallone. All right. Thanks so much.
Thank you, Mr. Chairman.
Mr. Latta. Thank you. The gentleman's time has expired.
The chair now recognizes the vice chairman of the
subcommittee, the gentleman from Illinois, for 5 minutes.
Mr. Kinzinger. Well, thank you, Chairman, for yielding and
I thank you all for being here today and taking some time and
everything you do for the country.
Commissioner Ohlhausen, the commission's website states
that the FTC protects consumers by stopping unfair, deceptive,
or fraudulent practices in the marketplace.
I want to ask you a rudimentary and kind of direct
question. Do you think a private company should ever be
compelled to provide inaccurate information to consumers that
deceptive or could impact the marketplace?
Ms. Ohlhausen. I would certainly be concerned about any
company providing inaccurate information to consumers, whether
they did it voluntarily or were required to do so.
Mr. Kinzinger. OK.
Commissioner Ohlhausen, crypto currency scams have been
fertile ground for scammers since the value of bitcoin and
other tokens skyrocketed in value at the end of 2017, bringing
with it rising interest in raising capital for startups via
initial coin offerings.
Last Congress, I worked with Representative Cardenas to
pass Resolution 835 through the House highlighting the
importance of improving consumer access to financial technology
tools.
Besides the recent workshop on crypto currency scams, what
more is the FTC doing to target things like deceptive
investment opportunities and focussed mining operations?
Ms. Ohlhausen. So we actually have brought two cases
involving crypto currency to enforcement actions where there
were deceptive representations to consumers and we also have a
long history of bringing, at different times, enforcement
actions against deceptive promises about precious metals.
Mr. Kinzinger. And is that getting enough public attention,
do you think, or should it get more and how?
Ms. Ohlhausen. We are always happy to get more public
attention and interested in ways to find that out.
Mr. Kinzinger. Sometimes you have to compete for bandwidth
in the media.
The goal of the U.S.--and I will ask each of you this
question--the goal of the EU-U.S. Privacy Shield is to protect
personal data and enable the flow of transatlantic data.
Without this framework, companies on both sides of the
Atlantic would face grave uncertainty and serious limitations
on their ability to conduct business overseas.
So for each of you, yes or no--do you pledge support for
Privacy Shield and commitment to enforce the framework?
Mr. Simons. Absolutely.
Ms. Ohlhausen. Yes.
Mr. Phillips. Absolutely.
Mr. Chopra. Yes.
Ms. Slaughter. Yes.
Mr. Kinzinger. Good. It's easy.
And Chairman Simons, the calendar years 2015 and 2017 and
the first quarter of 2018 all broke records for merger and
acquisition activity. In the first quarter of 2018, for
instance, the merger activity increased 67 percent year over
year.
Researchers found that economic concentration has increased
in many or most economic sectors. At the same time, researchers
have found that entrepreneurs are not starting new businesses
at a rate sufficient to overcome business closings.
Do you think that increase in concentration is cause for
concern or evidence of declining competition in the U.S.
economy?
Mr. Simons. Thank you, Congressman.
So that is one of the main focuses of the hearings that we
are going to have in the fall. Precisely that concern is one of
the things that we want to get testimony about and take
comments on.
Mr. Kinzinger. You will be in a better position, you think,
to comment after all that?
Mr. Simons. Yes. In other words, it's an important focus of
the hearings because, based on what we see in terms of the
economic literature and otherwise, there's enough out there to
be concerned that those things are really problematic.
Mr. Kinzinger. Do you see any correlation between rising
concentration and declining rates of new firm formation?
Mr. Simons. Not specifically. Some of the material that
you're probably citing relates to broad industry categories.
So, for example, you might have--and the categories could
be national. And so if what you have in the marketplace is you
have chains who are becoming more pervasive in displacing local
companies.
The local concentration might not be changing at all. But
the national concentration is, and for anti-trust purposes in
those types of markets it would probably be the local
concentration that you'd want to worry about.
So there might be some other issues going on. But our job
or our intent is to kind of figure that out.
Mr. Kinzinger. Thank you. And the last question for you--
two companies, Google and Apple, together dominate the market
for mobile operating systems, accounting for 99 percent of the
market for smartphones in the United States, and you have seen
the news, I am sure, this morning that the EU is set to fine
Google $5 billion anti-trust for the way it bundles its apps on
Android smartphones and tablets.
The question is what, if any, competitive discipline exists
in such a highly concentrated market?
Mr. Simons. So there's the two of them so they compete
pretty heavily against each other. So that's one level of
competition.
But I have to agree with you, it's concentrated. So, it's
not like commodities in the Midwest or whatever. It's,
obviously, very fragmented. This is a concentrated industry and
this is an industry, as I've said before, what we do in the
anti-trust world is most of the problematic conduct occurs
where firms are big and have market power and that's where we
look. And so this is one of the places we would focus on.
Mr. Kinzinger. OK. Thank you. I yield back.
Mr. Latta. Thank you very much. The gentleman's time has
expired.
And the chair now recognizes the gentleman from Vermont for
5 minutes.
Mr. Welch. Thank you, Mr. Chairman.
I've got 5 minutes, so I want to go through this quickly.
First, I want to say congratulations to each of you. I've
read all your resumes. You people are smart, and in addition to
that, you have got a record of public service and it
demonstrates you're not only smart but you actually want to use
your talent for the public good, and I just want to say to you
that I think serving on the FTC at this time is incredibly
important.
I think a lot of working Americans are being squeezed at
one end because wages aren't going up and, at the other end,
because what Mr. Kinzinger was talking about, incredible
pricing power as a result of anti-competitive practices, and
that is so essential that you stand up for the American
consumer.
So you're 3-2. But I hope you're 5-0 in asserting the need
to have a very strong FTC to help working Americans. So thank
you.
I want to talk about a couple of things. One, in April, a
bipartisan group of my colleagues including on this
subcommittee Congressman Jeff Duncan and I wrote to you about
the technological changes taking place in mobile commerce.
And we think it's important for the FTC and the Department
of Justice to be vigilant to make sure that incumbent
businesses with existing payment technologies don't use that
market position to block innovations and developments by
potential competitors.
And I appreciate it very much the commission's response to
our letter where you indicated that you'd look closely at the
payment standard setting process and your assurance that the
commission will take appropriate action against any act or
practice in the mobile payments marketplace that violates any
of these statutes that you enforce.
And I would like to submit for the record if I could, Mr.
Chairman, our letter--these letters.
I want to ask you, Chairman Simons, with our mutual goal of
detecting and remedying any practice that may harm competition
and consumers, can you share what you have done to date on the
issues we raised in our letter to protect competition and
innovation and, quickly, if you can.
Mr. Simons. Yes. Sure.
So standard setting, which is what you're describing is a
really important thing in our economy. It can be useful for
great numbers of efficiencies. As you can tell, the payment
system itself is very interoperable.
There's a bunch of different players in it and they have to
interoperate. It's all the banks, the credit card companies,
and all the merchants, of course.
And so it's really important that that function but it's
also possible that those types of organizations can be used for
anti-competitive purposes and we've had cases involving anti-
competitive activity in standard-setting bodies. And so we are
focused on that.
Mr. Welch. Thank you. Let me go on to my next question.
And I was pleased to see just yesterday that the FTC issued
a statement to Health and Human Services in response to the HHS
request for public comment on lowering drug prices and out-of-
pocket costs, which laid out the commission's concerns with
pharma companies abusing the REMS program to prevent generic
competition.
The commission comments really captured the issue perfectly
and I can read it. The REMS program can protect the public from
pharma abuse but they can also be misused to disrupt
competition and innovation, and you go on to say the FTC
supports regulatory and legislative actions aimed at correcting
the misuse of REMS programs.
I believe that's exactly right and I want to thank you for
that. Chairman Simons, as we continue to consider the FAST
Generics Act and the CREATES Act, how can Congress deter the
current abuses and delays by brand manufacturers, instead,
motivate them to provide generics with access to samples in a
timely way?
Mr. Simons. So without giving a view on the precise
specifications in the act and the legislation you're
describing, we are very supportive of this issue.
Mr. Welch. OK. Let me interject because I just have a few
seconds left.
Mr. Simons. OK. Sorry.
Mr. Welch. But thank you, and I appreciated the FTC letter.
Another issue that's come to my attention is that web
browsers are considering the changes to the user interface that
consumers see on their screens.
Specifically, in the coming months consumers who are
already wrestling with how best to protect themselves will
potentially be provided with less information about the
security of the website they are using at any given time.
We should be working together to provide consumers with
that information. Is this potential change to consumers' web
browsing experience something that the commission is aware of?
That's the security label at the top.
If so, I would ask the commission to keep consumers and
this committee updated on the impact of that potential change.
And I am out of time, so it ends up as a statement, not a
question.
But, again, Mr. Chairman, I want to thank you. I think your
institution, your agency, is so, so vital. I hope you find a
way better than sometimes we find a way to work together to get
to an outcome that will be durable and helpful to the American
people.
We thank you.
Mr. Latta. Thank you very much. The gentleman's time has
expired and the chair now recognizes the gentleman from Texas,
the chairman of the Health Subcommittee of the full committee
for 5 minutes.
Mr. Burgess. Thank you, Mr. Chairman, and I appreciate our
commissioners being here. This is always a good day when we
have all of our commissioners in front of the committee.
Chairman Simons, you began your testimony stating that
Section 5 is an imperfect tool and, granted it is. But it's the
tool that we have.
Still, after years of studying the LabMD case, and I
realize that most of you were not even born when that case
started, and I also understand that it's--although there was a
recent Eleventh Circuit decision, I am certain it's not settled
yet. But here in the aftermath of that, the business had
arguably had a good business plan and was competently run.
But because of a breach that occurred in technology that
was really poorly understood years ago, now this business is no
more and the people that were involved have, obviously,
suffered significant harm.
And, really, my question is, is this a learning process as
we look back? And I know you can't talk about the specifics of
the case because I do understand that it's still in litigation.
But it's been a hard one as I've watched for the last 10,
15 years in Congress. I practiced medicine before then so I
certainly understand that yes, you can have somebody in your
front office do something on a computer that puts some data at
risk.
But in the absence of harm, to do this much violence to the
business plan and the business model seems a little bit over
the top. I just wondered. is this an ongoing process that
you're learning about this imperfect tool?
Mr. Simons. Sure. One of the things the FTC does is it has
a good history of engaging in self-critical examination.
So, first of all, let me say that, of course, we never
intentionally tried to put legitimate businesses out of
business.
We try to get them to comply with the law and not drive
them from the market. That's bad for competition, which is the
other side of our mission. So we really don't want to do that.
And then the other thing I will say is that we do engage in
self-critical examination, even outside these public hearings.
We do it internally, and so one of the things that we've got
going on is a task force on how we do our orders, and so that's
relevant to the LabMD decision.
Mr. Burgess. It's reassuring to know that. Again, history
is history and what has happened has happened and none of us
can undo that. But I am grateful to hear that.
Let me ask a question on robocalls because man, they are a
nuisance, and at our house we have three cell phones and they
can all ring simultaneously with the same identifying number
from a town called Mexia, Texas, which is a small little town
between Waco and Dallas. I don't know if it really did
originate from there, and they're all selling, well, there was
a hailstorm in your community and we are in the neighborhood
and we thought we'd come by and check your roof for you. But
three simultaneous calls come at the exact same time. It just
doesn't seem reasonable that that that's one person doing that.
Is there recourse for the consumer at this point?
I know we've passed do not call laws. In this committee,
we've passed anti-spoofing laws. Is there recourse for the
consumer? Should I have them call your 800 number? What is the
next step?
Mr. Simons. So one of the things--I am sorry, was that
directed to----
Mr. Burgess. Well, anyone can answer. Ms. Slaughter brought
it up but, Chairman, you're welcome to answer as well.
Mr. Simons. Well, I don't want to hog the attention. So if
anyone else would like to answer please go ahead.
Ms. Slaughter. Thank you for the question. I think we
probably are all on the same page about this. So you could hear
a similar answer from any of us. It is enormously frustrating
for consumers.
It is just endlessly frustrating, and I can't tell you,
sitting here, whether those three calls originated really from
Texas or not.
The challenge for us that I outlined a little bit in my
testimony is that many of the people orchestrating these calls
and orchestrating these schemes are overseas and hide behind
spoofing technology.
Mr. Burgess. So the next step for the consumer that gets
these calls what should we tell them?
Ms. Slaughter. Right now, the technological solutions that
the FTC has helped push into the marketplace can be among the
most helpful that identify calls as fake or robocalls when they
come into your phone and block them.
Chairman Walden talked about one such example. But I think
looking at larger scale solutions that can be implemented
across network levels is an important thing.
Mr. Burgess. And it's a longer discussion. I am going to
submit some questions for the record. But the issue of
consolidation in the health care industry and when I was in
practice back in the late '80s I worried that there was going
to be a single payer health care system and it was going to be
called Aetna.
And now the corner drug store is buying Aetna. So it is a
cause of some concern for those of us who sit on this
committee.
We've had hearings on it. I will have some specific
questions for you on that and I would appreciate your attention
to that.
Thank you.
Mr. Latta. Thank you very much. The gentleman's time has
expired, and the chair now recognizes the gentleman from
Massachusetts for 5 minutes.
Mr. Kennedy. Thank you, Chairman. I want to thank everybody
for coming and testifying this morning, and helpful information
has been provided and I appreciate all of your service.
I wanted to touch a little bit on some of the focus of a
number of hearings that we've had on this committee over the
course of the past year or so with regards to internet and
internet companies.
So following the revelations of Facebook's data sharing
practices with third parties, specifically for third party app
developers, which led to Facebook users ending or data ending
up with Cambridge Analytica, there was a lot of discussion
around the FTC's 2011 consent decree with Facebook.
That consent decree was entered into following Facebook's
earlier failure to notify its customers of its data sharing
policies and the recent Cambridge Analytica issue appears very
similar.
Chairman, I am not going to ask you details. I imagine
you're not going to get into the details of an investigation.
But I believe you have confirmed that the FTC is investigating
whether Facebook violated its consent decree. Is that right?
Mr. Simons. Yes, that's correct.
Mr. Kennedy. And so, sir, under the consent decree Facebook
was required to get biennial independent audits certifying that
it has in fact a privacy program in place that meets or exceeds
their requirements of the FTC order and to ensure that the
privacy of consumers' information is protected.
Given that requirement, it's a bit troubling to see that
the FTC didn't discover the Cambridge Analytica issue earlier.
So, again, I know you're not going to discuss the ongoing
investigation.
But this is a circumstance in which the FTC is
investigating the acts of a company that is subject to a
consent decree.
Is the investigation limited to whether the consent decree
was violated or with the FTC also consider whether there were
new unfair deceptive practices?
Mr. Simons. Thank you, Congressman.
Like you said, it is an ongoing investigation. We
publically announced that. But what we can't do is we can't
discuss the particulars of the investigation itself.
And so I am sorry, but I can't comment on that.
Mr. Kennedy. OK.
Mr. Chopra. Congressman Kennedy, though, I just want to
add, FTC orders typically do not preclude the agency from
investigating conduct outside of those orders. So if you
reviewed the wide swath of orders that we have entered into
over the years, we typically do not handcuff ourself to the
four quarters.
Mr. Kennedy. So just the four quarters of the scope of
that. Thank you. I appreciate that, Commissioner.
So to reiterate a couple of the points that were made
earlier, if new unfair deceptive practices are in fact found, a
repeat offender could then be subject to civil penalties for
those violations. Is that correct?
Mr. Simons. Yes.
Mr. Kennedy. So thank you. I also want to understand
whether the FTC takes into account public statements made by
those companies. Commissioner, you might have just touched on
this point.
But Facebook has made public statements that it's
investigating all third party apps to determine if there was in
fact misuse of users' information.
Contrary to that statement, though, it's also been reported
that Facebook has not even been able to access data regarding
Cambridge Analytica to understand what happened in that case
because the company and the data are located abroad.
Again, without getting into the details of the current
investigation, I respect that, Chairman. Do you consider those
public statements as commitments made to consumers?
Mr. Simons. So let me just say without tying it to a
specific case, we look at everything. We look at what they say
in their public documents. We look at what they say in their
advertising. We look at what they say on their website--the
whole range.
So we would look at everything.
Mr. Kennedy. OK.
Mr. Phillips. Congressman, if I--please, I apologize for
interrupting you.
Mr. Kennedy. No.
Mr. Phillips. One of the things that I talked about in my
oral statement earlier was the importance of Congress
reauthorizing and eliminating the sunset in the U.S. SAFE WEB
Act.
You mentioned access to data abroad without, again,
speaking to the specific case. That is a very important tool.
So we really do urge you all to consider that.
Mr. Kennedy. I appreciate the insight, sir.
Last bit, and I think one of my colleagues touched on this
as well. Google has told the public that it would stop scanning
personal emails. Of course, most consumers probably didn't know
that that was happening.
But now we hear that Google does allow third parties to
scan emails. Do you review those public statements for
violations of either Section 5 generally or of a consent
decree?
Mr. Simons. Yes, we review everything. So, that's one of
the ways we start investigations. We issue public announcements
or public statements and we get complaints. So, we consider
everything.
Mr. Kennedy. OK. Chairman, thank you, and I thank all the
commissioners for being here. Appreciate your testimony and I
yield back.
Mr. Latta. Thank you very much. The gentleman yields back
and, as agreed upon, we are going to take a 5-minute recess at
this time and come back in at 10 til the hour.
Thank you.
[Recess.]
Mr. Latta. I would like to reconvene the subcommittee to
order, and at this time I would recognize the gentleman from
New Jersey for 5 minutes.
Mr. Lance. Thank you very much, and good morning to the
distinguished panel.
I champion the Consumer Review Fairness Act in 2016 to
protect consumers ability to share their honest reviews and
opinions about products, services, or conduct in various forms
including social media.
There has been growth and influence of search and social
media since the bill became law. Much has changed since the FTC
closed its Google investigation in 2012, and I ask the panel,
beginning with the chair, what is your view on how best to
maintain competitive markets and better safeguard consumer
reviews?
Mr. Simons. So let me just say that that piece of
legislation is terrific.
Mr. Lance. This is being recorded.
[Laughter.]
Mr. Simons. OK. I stick with that statement.
So one of the key things as I've described a little bit
earlier or alluded to in terms of competition is that you need
good information.
Good information allows consumers to make the best choices
and the reviews are just terrific in that regard. They really
help spur competition. So that's terrific and we are very much
looking to--and have enforced under that statute.
Mr. Lance. Thank you. Would others on the panel like to
comment?
Yes, of course.
Ms. Ohlhausen. Yes, thank you, Congressman.
I think that legislation was also very beneficial, and I
was at the commission when we brought the case against Roca
Labs----
Mr. Lance. Yes.
Ms. Ohlhausen [continuing]. Saying that that was a
violation. But I also want to mention in addition to making
sure that consumers are free to express their opinions, we want
to be sure that when opinions are expressed what they're paid
for by a sponsor that that's clear to consumers, too.
So the FTC has engaged in a lot of enforcement and consumer
ed and business warning letters to make sure that reviews, if
they're sponsored, are labeled as such.
Mr. Lance. And is that a more recent addition to this whole
issue, the fact that you have required there be a disclaimer or
whatever the appropriate word would be for the fact that some
are being paid?
Ms. Ohlhausen. So it's not recent but we've given
additional guidance for the new, on Twitter or online to make
sure that the old rules that have always applied that people
understand how they apply in the new economy as well.
Mr. Lance. Thank you very much, Commissioner.
Other comments? Yes, Commissioner.
Mr. Phillips. Just briefly. I just want to associate myself
with the comments of my colleagues and thank you for your work
on that really important legislation.
Mr. Lance. Thank you. It's based upon the fact that there
was a review of I think an orchestra at a wedding and there was
some discussion that those who might purchase that service had
to sign a form saying that there could be no disparaging review
online which, of course, I think appals the American consuming
public.
Mr. Chopra. I agree, and I also want to share that one
useful provision of that bill as well as some other bills that
have been passed on a bipartisan basis is also allowing our
state attorneys general to enforce it as well.
We don't have the resources to do everything. But sometimes
we won't be able to catch every orchestra violation. But the
more we can rely on our state partners, the better.
Mr. Lance. Thank you.
Without commenting on any particular company or
investigation, if a company is operating under a consent order
and found in violation of the agency's data security or privacy
rules, does that affect the assessment of fines and penalties?
Whoever would like to begin.
Mr. Chopra. So, typically, violations of orders allow the
FTC to seek from a court injunctions equitable relief, which
can include consumer refunds as well as substantial civil
penalties over 40,000 per violation.
So we have the discretion in many ways of when to seek it
and how much to seek. But enforcement of our orders has to be a
top priority.
Mr. Lance. Thank you. I ask these questions as the FTC
continues its investigation into Facebook. During my
questioning at this committee's hearing with Facebook CEO Mark
Zuckerberg on April 11th, I indicated that Facebook's actions
leading up to the Cambridge Analytica hack may have violated
the consent agreement Facebook struck with the FTC in 2011.
News reports since that hearing have highlighted other
questionable practices at Facebook. This has strengthened my
belief that the company has routinely violated its promise to
obtain express consent from consumers before sharing
information with third parties.
I realize you cannot comment on that as members of the
commission. But that is my considered view, having reviewed the
matter.
Thank you, Mr. Chairman. I yield back.
Mr. Latta. Thank you. The gentleman yields back.
The chair now recognizes the gentlelady from California for
5 minutes.
Ms. Matsui. Thank you very much, Mr. Chairman.
Last week in the Telecom subcommittee, we discussed the
difference frameworks governing consumer privacy. Current
privacy rules for the telecommunications providers, for
instance, require opt in consent from consumers before their
provider could share so-called CPNI with unrelated third
parties for independent use.
More broadly, however, it is often the case that an
unrelated third party to an online platform can and does
receive data on a consumer that visits that platform.
Third party analytics tools on a given website which send
information on a user's visit to a third party and allows that
third party to assess user data.
So I believe that a necessary part of the data privacy
discussion--maybe the most important part--could be addressing
access to data by a third party with whom a consumer has no
direct relationship or knowledge.
Mr. Chopra, what role does addressing independent third
party data use have in the FTC's consumer protection mission?
Mr. Chopra. Well, under our current authority, if that is
disclosed, we may be frustrated in being able to combat that.
But with respect to any privacy legislation that offers
consumers affirmative rights to know where data is being
shared, to know what it's being used for, and for consumers to
be able to access that, if we were able to implement that and
some of these principles come from our work from nearly 20
years ago in 1999, I think that would be very effective for the
marketplace.
Ms. Matsui. So you're basically saying you need
legislation.
Mr. Chopra. We are doing what we can----
Ms. Matsui. Right.
Mr. Chopra [continuing]. With what we have. But we can't
solve all of these problems with the existing law we have. This
is why I really think we need more tools and resources to----
Ms. Matsui. So we have to be very specific, though, in our
legislation to direct you then. Is that correct?
Mr. Chopra. Well, many people know how to craft legislation
better than me.
But the extent to which you can provide the framework in
which we can implement through rulemaking, that will allow us
to be flexible as how the market changes.
No one would have known the extent to which website
trackers would be used 10 years ago.
Ms. Matsui. Right. OK.
Any other comments?
OK. As you all know, regular HTTP connections sent in plain
text can be intercepted and exploited by anybody or anything
between a user and the website including somebody using public
wifi.
So I am pleased that HTTPS deployment continues to grow.
HTTPS protocol can ensure an online connection between a
consumer and a website that's encrypted. And I am interested
that the commission is looking at whether the same standard UI
security indicators could be helpful in providing consistent
meaningful consumer information no matter which browser you're
using and whether you are using a desktop or mobile device.
Common security indicators that are deployed consistently
could be a step towards increasing consumer understanding as to
when their connection to a website is not only secure but also
safe.
Does anybody have any thoughts on how security indicators
deployed by web browsers could promote consumer protection?
Mr. Chopra. Well, I think the advancements in how we are
securing website traffic are a positive step in the
marketplace.
We know from other sectors of the economy, particularly in
financial services, that encryption and higher standards for
website security continue to be far ahead of the rest of the
digital economy.
I don't necessarily know what we can do from a law
enforcement perspective. But, obviously, companies that are
maintaining sensitive data, financial health or whatever it may
be, need to take steps to secure that data.
Ms. Matsui. The rest of the panel any comments?
Ms. Ohlhausen. I think it's important that we look at how
consumers get information about the security of the entire
chain.
So the FTC has brought enforcement actions against browsers
that weren't secure against--that was the ASUS case--computers
that had inadvertently or they didn't understand that it was
really providing a man in the middle attack for adware in the
Lenovo case. So I think we've paid attention to all links in
the chain for consumers.
Ms. Matsui. And I think the consumer needs to know and
that's the part of it that we like to look at and I hope you're
looking at too, because they don't know, in essence, and that's
what's causing a lot of problems today, because they are
unaware of what's protected, what's secure, what's not.
So anyway, it looks like I've run out of time. I yield back
my time. Thank you.
Mr. Latta. Thank you very much. The gentlelady yields back.
The chair now recognizes the gentleman from Kentucky for 5
minutes.
Mr. Guthrie. Thank you, Mr. Chairman. Thank you for holding
this meeting and thank you all for being here.
This first one is for Commissioner Ohlhausen. Last
Congress, I introduced--it was H.R. 5315, which is the CLEAR
Act, which we had part of a series of bills that we put forward
on commission process reform.
And I think it was almost a year ago that the commission
announced a set of reforms for consumer protection
investigations, and it was reportedly looking into reforms for
competitive investigations as well.
Has there been progress made?
Ms. Ohlhausen. So yes, there has been progress that's been
made. So we had our civil investigative demands reforms that I
talked about at the beginning of my testimony that tried to
give recipients clearer information and better guidance.
We also reduced the time for civil investigative demand. I
gave a little more time to respond. We've gone through, under
my leadership and we closed a number of investigations, but one
of the other things that we did is we went through and looked
at all our data security investigations, and privacy, the ones
that we closed, and we distilled form that lessons about what
steps companies had taken where we found it gave reasonable
security and we issued that in an updated guidance called Stick
with Security. It gave us 10 additional lessons to supplement
or start with security for sure.
Mr. Guthrie. OK. Well, thank you.
And Mr. Chairman, do you have any comments on the issues
the committee should be considering in just terms of process
reform as well?
Mr. Simons [continuing]. Process, also on the competition
side. So one of the things that's been reported publicly is
that the merger investigation seems to have gotten longer, at
least according to some measures.
So one of the things we are looking at is actually
developing a tracking mechanism to see how long they are in
fact taking and why they are taking as long as they are and
then allow us to determine what we can do to make them more
efficient and less burdensome.
Mr. Guthrie. Thank you very much. And I am going to shift
gears to the chairman as well. Particularly with older folks
we've advertised and talked--our office to try to put out when
somebody calls you never give any information over the phone.
Hey, we are your bank--we need to fix your account or
whatever--we do that.
But the concern that I have is these fake websites. When
you go online and you're seeking the information and you're
trying to engage with a hotel chain or to get a reservation or
whatever and you got to give information to confirm a rental
car--any of that--any consumer, actually, retail business.
So just interested in how we know the identity of a
website. One, I know the committee is looking at how websites
or identities confirmed, and the question is what tools can
consumers use to confirm they're on a real website where they
intended to go instead of a phishing site.
I think it's the green padlock that should be next to the
site. Is that secure? Is that something we should look for? If
anybody that's in that area to talk about that? Is there any--
talking about secure websites under that?
OK. I guess that's not, unfortunately ----
Mr. Phillips. Congressman, you had asked about other
process reforms. I think I would be remiss not to bring up the
Sunshine Act. While that law has a really great name, the way
it operates today it inhibits our ability as a commission to
talk to each other.
And so I just forward that for your consideration.
Mr. Guthrie. How is that detrimental?
Mr. Phillips. Well----
Mr. Guthrie. I am not challenging. I am asking to ----
Mr. Phillips. Sure. So----
Mr. Guthrie. An example you would like to talk with each
other and----
Mr. Phillips. If three of us want to talk together about an
important issue or four of us want to talk together, unless we
publicly notice it in advance we can't meet and while there are
some really important meetings that take place that are
noticed, the daily back and forth can also be important.
Mr. Simons. The ability to informally meet without having
to in advance schedule a full commission meeting would be
enormously helpful.
Mr. Guthrie. OK. So----
Mr. Simons. It allows us to work through issues much more
quickly and without delay as opposed to actually scheduling a
formal meeting.
Mr. Guthrie. So the idea if you were going to take any
action that it would be noticed but you can't even----
Mr. Simons. We'd have to vote. We'd have to vote.
Mr. Guthrie. OK. Any action would report, I see that.
Mr. Phillips. Typically, we are talking about informal
conversation--take any legal action. Yes, of course.
Mr. Guthrie. Yes. I've seen city commissions in a room or
something. They say, oh, we got one commissioner needs to step
out and talk about something.
Mr. Phillips. It happens.
Mr. Guthrie. So there only can be two instead of three when
I am talking to them about different business I've seen that
before, and they literally do that.
They don't take advantage. They send somebody out of the
room and say they don't have the quorum or moving forward. But
it does seem like him and I just talk about what issues are
important to the city. It's not an action that's being taking
and moving forward. I see your point to that.
I yield back.
Mr. Latta. Thank you very much.
The gentleman yields back the balance of his time.
And the chair now recognizes the gentlelady from New York
for 5 minutes.
Ms. Clarke. Thank you, Chairman Latta and Ranking Member
Schakowsky, for convening this morning's hearing.
A pleasant good morning to all of our commissioners and a
special welcome to our newest FTC commissioners. Your role is
more important now than it has ever been before.
The American people count on you to protect their data,
privacy, promote competition, and much more. There are so many
pressing issues and changes happening under the FTC's authority
daily.
I can say that I'm very anxious to hear your answers
regarding these issues and the significant changes. I would
like to start with the issue of privacy, and direct this
question to Commissioner Chopra.
When it comes to privacy, there are many changes that need
to be made to protect American consumers. Over the past years,
discrimination online has been rapid, resulting in the
marginalization of struggling families and communities.
So can you please talk about the impact that the lack of
meaningful privacy protections has on consumers, particularly
those in under served and low income communities?
Mr. Chopra. Yes. So 50 years ago, Congress had a debate
about secret databases that were making decisions about where
we could live, about where we could work, and about what loans
we could take.
We passed the Fair Credit Reporting Act in 1970 to advance
new levels of transparency, to give consumers redress when
there are mistakes.
In today's digital economy, decisions are increasingly
being made through data sets that we could have never imagines.
It's no longer a manila folder world. It's a digital world.
And in many cases, it's very hard for us to look at what
was the data that was being used. With machine learning and
algorithms that are constantly changing, it's hard to audit and
hard to see when maybe those mechanisms are reinforcing biases
rather than leading to more inclusion.
The FTC has done work on big data and inclusion issues and
I am concerned that our existing laws to prevent discrimination
can't really be easily used when it comes to how technology is
affecting the choices of firms in our economy, particularly
with employment, housing, and credit.
Ms. Clarke. So what can the FTC do to make sure that these
consumers are protected and do you feel that the FTC has the
resources, expertise, and authority necessary to protect these
consumers?
Mr. Chopra. Well, we have the Fair Credit Reporting Act. We
have the Equal Credit Opportunity Act. We have not brought a
case in a long time in the Equal Credit Opportunity Act. I
would like us to energetically enforce those two laws.
But, truthfully, on the second part of your question, my
answer would be no, I don't think we have the resources and
authority to confront some of the issues you're raising,
particularly with respect to privacy and data security.
Ms. Clarke. OK. Well, I think that, Mr. Chairman, this is
something we need to take a look at because it's only something
that will become more insidious over time.
Net neutrality and the FTC's authority is an issue that I
believe is on everyone's mind. So let me just extend this to
the panel.
Would you state or believe that the recent Supreme Court
decision in Ohio v. American Express has affected the FTC's
ability to police anti-competitive behavior and net neutrality
violations by broadband providers?
Mr. Simons. I will answer first. I don't think so.
I think the Am Ex case is extremely narrow. I think,
really, the basic crux of it is limited to situations where
there's a multi-sided platform that effectively involves a
transaction where the platform is providing a service to both
sides at the same time in the same way, basically.
So I think, generally, that's going to apply to very few
situations.
Ms. Clarke [continuing]. That it serves a two-sided
market--edge providers or interconnecting parties on one side
and consumers on the other.
Does the American Express decision potentially preclude
effective FTC enforcement against anti-competitive conduct
against edge providers?
Mr. Simons. It might depend on the very specific facts.
But, in general, I would think not.
Ms. Clarke. Very well.
Former FTC Commissioner Terrell McSweeny has suggested
creating a bureau of technology at the FTC. Does the commission
have sufficient resources and staffing to protect consumer
privacy in the digital age and were resources an issue in
failing to enforce the 2011 consent order?
Mr. Simons. We can't talk about an existing investigation.
So we have numerous ways of getting the technology help that we
need. So we have an office of technology research and
investigation which has, I think, about eight technologists in
it. We frequently contract with outside parties to get
technology resources and we hold workshops and seminars where
we bring people in to educate us about new developments in the
technological area.
Ms. Clarke. Very well. Mr. Chair----
Ms. Slaughter. Can I jump in, Congresswoman?
I would lend my personal support to the idea of a bureau of
technology. I think it is the kind of thing we could really
benefit from and I am concerned that with our current resource
constraints to set something like that up we would have to be
taking resources away from other important work that we are
doing.
So it is an area where I think we could really benefit from
some injection of more resources.
Mr. Simons. We are looking into that. So we actually are
affirmatively evaluating whether to create a bureau of
technology and that's just in process So I am not sure how
that's going to come out.
There's a group of technologists that are embedded in the
Bureau of Consumer Protection and so they're already there. And
so the question is whether we need to have a commission wide
bureau as opposed to one that's just in one of the bureaus.
Ms. Clarke. And whether, in fact, the workload is----
Mr. Simons. And yes.
Ms. Clarke [continuing]. Would be a burden to those who are
already in that space.
Mr. Chairman, I yield back.
Mr. Latta. Thank you very much.
The gentlelady's time has expired.
The chair now recognizes the gentleman from Indiana for 5
minutes.
Mr. Bucshon. Thank you very much, Mr. Chairman.
As a physician, I am concerned to hear reports that the DOJ
may not challenge the CVS-Aetna merger. In the health care
industry that already lacks price transparency and, in many
areas, competition, this vertical merger could increase anti-
competitive practices.
I am not passing any judgements on the merger at all, up or
down. I am just voicing a few concerns and then I have a few
questions.
The merger could potentially lead to Aetna customers
receiving some pressure to fill prescriptions at CVS and to
visit CVS walk-in clinics instead of other pharmacies or
clinics, eliminating real choice for the consumer.
In addition, Caremark, owned by CVS, is one of the largest
PBMs--pharmacy benefit managers--in the country, and as you
likely know, ensures our PBMs to negotiate prices from drug
manufacturers.
The top three PBMs manage the drug benefits for
approximately 95 percent of the American people. The merger
might incentivize Caremark to secure better deals from Aetna
while potentially increasing costs for other companies.
While I understand that the DOJ is currently investigating
the merger, I want to get your perspective not particularly on
this merger. I am getting to my point here. I want to get your
perspective since the FTC also has jurisdiction enforcing
Federal anti-trust laws.
So to the panel, what are your thoughts on this type of
vertical merger in the health care industry, again, not
specific to this but in general, in the health care industry
and other industries.
Particularly in health care, I am very concerned about this
because, as you know, as a country, we are struggling to get
health care costs down and provide coverage for all of our
citizens.
So I guess I will just address this to the panel. What are
your thoughts about this type of merger in the health care
space?
Mr. Simons. So let me say first, that the health care
industry has been and will continue to be an enormous emphasis
for the FTC for all the reasons that you just described.
So we are very focused on this part of the economy and we
are very much looking out for the consumer here.
So, and in terms of the vertical mergers, they turn out to
be very, very fact specific. So sometimes they can be
efficiency enhancing and beneficial for the consumer, even
maybe when the companies involved are relatively large.
But sometimes they can be very harmful to the consumer. And
so, the job of the anti-trust authority is to determine which
is which and act accordingly.
Ms. Ohlhausen. I agree that healthcare is enormously
important to consumers and it's an enormously important part of
our economy and thus an enormously important and focus at the
FTC and health care enforcement in general.
Regarding vertical mergers, I agree with Chairman Simons
they are intensely fact specific. But I would mention that's
outside the healthcare space. But we recently just had a
vertical merger where we had a behavioral remedy in the
Northrop-Orbital ATK matter.
So there can be problems in vertical mergers and where
there are problems the mergers should be stopped or maybe a
remedy should be proposed that takes care of that problem and
allows the efficiencies to occur.
Mr. Phillips. Thank you for the question, Congressman. I
agree with my colleagues that healthcare has been for a very
long time and will remain a focus for this agency--I am very
proud of the work that our staff have done in fighting all
sorts of anti-competitive conduct in the health care space in
ensuring that mergers work for consumers.
Experience and economic learning teach us that verticals
can be very good for consumers. But the specifics depend on the
facts, and that makes it really important that we, as law
enforcers, pay attention to trends, in that sector of our
economy. Look at how companies are changing their behavior,
look at how they're combining and stay on top of them when we
fear that there may be anti-competitive effects.
Mr. Chopra. I think the structure of the pharmacy benefit
manager business raises very serious transparency and conflict
of interest issues.
Ms. Slaughter. My colleagues have said basically everything
I was going to say. I was going to add a point that I think in
health care in particular consumers are frequently frustrated
and competition is frustrated by a lack of transparency, as
Commissioner Chopra mentioned, and it's particularly true with
respect to pharmaceutical benefits.
Mr. Bucshon. Quickly, Commissioner Phillips, this committee
is very focused on ways in which companies and devices collect
information about consumers.
As I've raised in several hearings, I have specific
concerns with cell phones and other smart devices listening and
collecting information and then that information being used to
deliver targeted ads, and this happens to all of us all the
time.
Is this something you're concerned with--and I know you
are--that--and will it be an issue that the FTC makes a
priority?
Mr. Phillips. I think it's one of those economic trends
that I mentioned a moment ago outside the healthcare space that
very much is at the front of what we are looking.
Mr. Bucshon. OK. Thank you very much. I yield back.
Mr. Latta. Thank you. The gentleman's time has expired. The
chair now recognizes the gentleman from Texas for 5 minutes.
Mr. Green. Thank you, Mr. Chairman. I thank you for holding
this hearing, also for our ranking member.
I would like to talk a bit about our robocall problem and
consumer fraud. As you know, robocalls and failure of the do
not call registry are some of the top complaints received by
the FTC and by members of Congress and our constituents,
particularly older Americans.
Older Americans lose more money to fraud than younger age
groups. According to the FTC's Consumer Sentinel Network Data
Book, Americans ages 50 and older are reporting a median loss
of $1,092 over two and a half times the median loss for
Americans in their 30s for only $380.
Chairman Simons, out of all the complaints received by the
FTC on these calls and can you provide a rough estimate on how
many come from U.S. companies or individuals and how many come
from overseas?
Mr. Simons. Thank you for the question.
We are very interested in that. But, unfortunately, the
data that we have access to doesn't allow us to determine that.
If I had to guess, I would say it's probably, largely, coming
from overseas.
Mr. Green. Well, I've heard that the hearing to date--she
said that she got a robocall and somebody was speaking to
Chinese to her. I don't know how that would do any good to try
to call us in Texas. But----
Mr. Simons. That's one of the problems really is that the
do not call rule has been superseded by technology--right,
technological developments.
You can have the telecommunications costs have come down so
dramatically and the computing costs have come down so
dramatically that blasting out millions and millions of calls
is so cheap.
Mr. Green. Do you know how many defrauded older Americans
receive consumer redress from the FTC?
If you don't know, if you'd just get it to us, because a
lot of us do senior townhall meetings and they want to know
about Social Security and Medicare and then they say we are
tired of robocalls.
Mr. Simons. We are all tired of robocalls and actually one
of the things we think would be really helpful in that regard
is to give us jurisdiction over common carriers because some of
them are, we think, are facilitating robocalls and we could
challenge that.
Mr. Green. I've understood that and I don't have any
opposition to it. But I know when we get the FTC and the FCC
it's--somehow in our committee had jurisdiction over both of
them. So you're talking to the right committee.
What more could the FTC do under current law to protect
older Americans from fraud?
Mr. Simons. We do a lot. So we have enforcement actions. We
have community outreach. On our website we have consumer
materials for the elderly and we do sweeps.
We recently conducted a sweep that dealt with the elderly.
Or actually, there's a task force now that the DOJ is
spearheading that we are involved with. That is one of the
communities that's geared to help is elderly.
Mr. Green. Could the FTC partner with the FCC on a joint
effort, particularly for seniors and older Americans?
Mr. Simons. We would certainly be happy to talk to Chairman
Pai about that.
Mr. Green. I will bring that up at our telecom
subcommittee.
Elder abuse is an issue and that's a big one I know we all
hear about. Mr. Chairman, I will yield back the balance of my
time.
Mr. Latta. Thank you very much. The gentleman yields back.
The chair now recognizes the gentleman from Pennsylvania
for 5 minutes.
Mr. Costello. Thank you. In May, the FTC and the FDA sent
13 warning letter to retailers, manufacturers, and distributers
of vaping nicotine products to stop marketing these products to
children. As we have recently seen, vaping--some people call it
JUULing--has increasingly become pervasive in our schools.
As FDA Commissioner Gottlieb announced in April, it is well
established that nicotine can ``rewire an adolescent's brain,
leading to years of addiction.''
Two questions, Mr. Chairman, and if anyone else would like
to weigh in--does the FTC agree with Chairman Gottlieb's
statement that there is no acceptable number of children using
tobacco products--I guess that's an easy answer----
Ms. Slaughter. Yes.
Mr. Costello [continuing]. Followed by this question. Would
it be a powerful deterrent to give the FTC the authority to
find a party marketing these vaping products to children for
their first violation?
Mr. Simons. I would think any financial penalty would be
more of a deterrent than no financial penalty.
Mr. Costello. This comes on the heels, I think, of
Commissioner Chopra's comment about the difference between
having the ability to find versus working on a----
Mr. Simons. Correct.
Mr. Chopra. If there was a rule in place or if we had that
authority, we would certainly be able not only to just tell
someone stop; we would be able to seek penalties and other
remedies to----
Mr. Costello. What would that rule look like and how could
Congress carefully tailor that so that you don't have all the
freedom that we fear you could have?
Mr. Chopra. Yes. Well, I think actually some of the
comments Commissioner Gottlieb has made on this I think that
would really inform how you might prescribe it because there is
some changing science.
There are some changing delivery mechanisms of nicotine.
Maybe someone is but I am not an expert in the tobacco market.
But I think you would be able to put the guardrails around
it to make it as narrow or as wide as you want. I just want to
make sure that whatever you do give us we vigorously enforce.
Mr. Costello. Yes. The broader application of that example
is, from a marketing perspective, how do you fashion how you
would go about determining what is and isn't a violation and
just how broadly would that power be vested upon you to go into
the marketing space and say we are going to fine you here
versus we are going to enter into a consent decree there.
And is it so broad as to say any marketing or is it going
to be sort of certain types of marketing or certain products?
Mr. Chopra. Right. So actually we do----
Mr. Costello. Because I gave you the easy example.
Mr. Chopra. We do enforce a children's online privacy
protection act and there's implementing regulations, and as
part of that we help to communicate to the marketplace what is
considered dealing with online transactions with children. We
specify that.
So one of the advantages of putting some meat on the bones
through implementing rules is that it gives all market
participants a clear sense as to what is inside and outside the
bounds rather than just waiting for enforcement action.
Mr. Costello. Right. I have another question for you. I
will ask that and if you want to follow up on this one.
The Smart IoT Act was approved by the full committee. We
were focused on both the benefits and challenges of what a
connected world brings.
Can you talk about the actions and initiatives the FTC has
or will take to promote consumer protection with respect to IoT
devices?
Mr. Simons. Yes. So we are active in that space, as
Commissioner Ohlhausen mentioned. We've had a couple of orders
there already and we continue to look at that.
We've also had an IoT workshop and so to educate ourselves
and to look at what we should be doing, going forward.
So we are very active in this area.
Mr. Costello. Ms. Ohlhausen, you also mentioned that in
your opening testimony. Anything to add to that in terms of
what you're doing in the IoT space?
Ms. Ohlhausen. I think it's a particularly interesting area
and, certainly, our enforcement actions against the first
connected toy case in VTech, other ones that we brought about--
internet connected cameras and the routers as well as the
policy inquiries, because Internet of Things can have enormous
benefits for consumers and for competition.
So we want to draw the lines in the right place to make
sure consumers are protected but that innovation can still
continue in the market.
Mr. Costello. Do you have the type of authority vested in
you to be able to do that or have you found that lacking in
your diligence?
Ms. Ohlhausen. I think for the Internet of Things, the
cases we've been able to bring I think do show that we do have
sufficient authority there to--teeth and got the attention of
the industry about making sure that they don't have flaws and
that they are looking at things.
But it is a challenging area because they are often
disposable products they don't necessarily get updated a lot.
So there may be----
Mr. Costello. Layered with other products?
Ms. Ohlhausen [continuing]. Industry involvement as well.
Mr. Costello. I appreciate your feedback.
I yield back.
Mr. Latta. Thank you.
The chair now recognizes the gentleman from Florida for 5
minutes.
Mr. Bilirakis. Thank you, Mr. Chairman, I appreciate it.
To the panel, well, this is actually for Chairman Simons.
The FTC points out it serves its dual mission through
vigorous enforcement, education, advocacy, and policy work, and
by anticipating and responding to changes in the marketplace.
Outside of law enforcement, are there past or recent
examples of policy work, reports, and workshops related to
online privacy that you can share with us today, please?
Mr. Simons. I am drawing a blank right now. But maybe one
of my colleagues could help me.
Ms. Ohlhausen. So just in the past year and a half, we
actually have done six workshops in major policy efforts
looking at privacy and data security things from industry
guidance.
We did a student privacy and NED tech workshop. We did an
informational injury workshop to explore the boundaries and
types of industries consumers may suffer. We did an identity
theft workshop, a connected cars workshop, going to the
Internet of Things.
So I think we have done quite a bit in this space. Just in
recent time, and that's just building on all the other years of
work we've done in this area.
Mr. Bucshon. OK. Thank you. And Commissioner Phillips--does
somebody else want to add something?
Mr. Phillips. I was going to.
Mr. Bucshon. OK. Go ahead, please.
Mr. Phillips. I was just going to say the chairman also has
announced a very ambitious set of hearings to begin this fall
on a variety of issues including those.
Mr. Bucshon. OK. Very good. Thank you.
Mr. Chopra. And we also--I would encourage you--our 2012
privacy report as well as a later report on data brokers--those
two, I think, provide a real consensus roadmap on a lot of the
initiatives that could be pursued on a bipartisan basis, in my
view.
Mr. Bucshon. Right. Do you have anything to add? We are OK?
I will go on the next one.
Commissioner Phillips, do you believe American consumers
fully comprehend exactly how much personal health and financial
data has been collected on them? What can the FTC do to better
educate consumers on data collection activity that industry is
engaged on? It's up to the individual. But they need to get all
the facts. So if you could answer that I would appreciate it.
Mr. Phillips. Thank you for that question. I think that's a
really important one. I can't sit here and tell you that every
individual fully comprehends the way which data are being
collected, how those data are being used or how those data, as
Commissioner Chopra said earlier, are being shared.
You're right to note that consumers have access to that
information and consumers also have certain expectations. For
instance, my ability to use an app, let's say, that guides me
through traffic and tells me where the traffic jams are going
to be.
I know that it must have information about that traffic
from drivers like me who are supplying it. That balance is a
very important one.
Fostering the innovation as we want to do and also helping
to keep consumer understanding in line, I think that's going to
be one of the biggest challenges that we face over all of our
tenures.
I know it's going to be a topic that we are going to be
talking about in years to come and we look forward to working
with you on that.
Mr. Bilirakis. Thank you. If someone else wants to add, but
would you recommend that the consumer assume that particular
data would be collected when they make an informed decision as
to whether they want to log in or log out, and a lot of times
they don't have the opportunity to opt out.
Mr. Phillips. Let me start with the second one. I hope in
my own life and I hope that everyone in their own lives always
make informed decisions.
That's not always how we do things. I will admit to you
that I have repeatedly in the last few weeks clicked on any
number of accept accept accepts online. And now I've forgotten
the first part of the question. I apologize.
Ms. Slaughter. I will jump in.
Mr. Bilirakis. Well, just--yes. Should I repeat the
question?
Mr. Phillips. If you don't mind.
Mr. Bilirakis. For our consumer, would you recommend the
consumer assume----
Mr. Phillips. Let's assume.
Mr. Bilirakis. Yes, assume that this data is collected on
them.
Mr. Phillips. The short answer is yes. As we engage with
the digital economy, we derive tremendous benefits from that
almost every minute of every day of our lives and in many
respects we are sharing information and so that is a pretty
reasonable assumption.
Mr. Chopra. That's pretty sad, though.
Mr. Bilirakis. Would you like to add something?
Mr. Chopra. It's pretty sad that we have to assume
helplessness. So I understand we may want to warn consumers
that anything can be up for grabs. But that can really lower
consumers' confidence in engaging online or engaging in spaces
where they just think everything is going to be taken from
them.
So we have to make sure that we are also not scaring people
from engaging in productive transactions for their lives
because they fear that someone is always spying on them and
this is why we have to put into place the right framework to
protect privacy.
Ms. Slaughter. And from an enforcement perspective it's our
obligation to ensure that when companies represent to consumers
that they are collecting data in a certain way or not
collecting data in a certain way that they're living up to
those representations that they make and that is an area under
the current law where we can and do enforce.
Mr. Bilirakis. Yes, go ahead, please.
Ms. Ohlhausen. So going back to the FTC's 2012 privacy
report it talks about the importance of it being context
specific.
So if I am sharing my location with the traffic app, I
certainly understand that it knows where I am to route me
around the traffic jams. But we have to understand that the
consumer may not expect that that data will be used in other
ways.
For example, we brought an enforcement action in a case
called Goldenshores, which was about a flashlight app and it
worked fine as a flashlight. But the consumers didn't know that
it was also collecting their real-time location data and
sharing that with marketers.
So I think that is an important thing is the context. Is
the information being used the way the consumer expects to get
the service or is it being shared--their sensitive data being
shared in some way that they don't anticipate and I think
that's where enforcement and guidance and policy concerns need
to focus.
Mr. Bilirakis. All right. I have a couple more questions
but I will submit them for the record. I appreciate it , Mr.
Chairman. I yield back.
Mr. Latta. Thank you very much. The gentleman's time has
expired.
The chair now recognizes the gentleman from New Mexico for
5 minutes.
Mr. Lujan. Thank you, Chairman Latta, Ranking Member
Pallone, and Schakowsky, Chairman Walden, for holding this
important hearing with our Federal Trade Commission Oversight.
When it comes to protecting consumers, I am afraid that
both Congress and the FTC have much more to do.
Commissioner Simons, I am going to direct my questions to
you, which I believe you should be able to address without
getting into the FTC's active investigations.
In September of 2017, the credit bureau Equifax announced a
massive consumer data breach due to vulnerability that the
company knew about but failed to adequately address.
Personal information including Social Security numbers,
birth dates, addresses, and, in some cases, driver license
numbers or partial driver's licence numbers of almost 150
million consumers were exposed to illicit actors.
Commissioner Simons, is that correct?
Mr. Simons. I am sorry. Is that what?
Mr. Lujan. Is that correct?
Mr. Simons. That's my understanding. That's consistent with
what I----
Mr. Lujan. And, again, it's that Equifax announced the
massive consumer----
Mr. Simons. Yes. This is public information.
Mr. Lujan. Is it correct, due to this breach of the credit
card numbers of more than 200,000 consumers were compromised as
well as other personal information included in the dispute
documents of more than 180 consumers?
Mr. Simons. So I am not sure if that was public. So I
really don't----
Mr. Lujan. I believe that that was public as well. So we
can verify that. We'll get that entered into the record.
Mr. Simons. OK.
Mr. Lujan. Is it correct that Facebook recently revealed
that 87 million Facebook users had their data exposed to
Cambridge Analytica?
Mr. Simons. I believe there were press reports to that
effect.
Mr. Lujan. Is it correct that in November of last year we
learned that hackers stole information of 57 million Uber
drivers and riders?
Mr. Simons. I think that's reported as well.
Mr. Lujan. So Mr. Chairman, I would like to support a
business insider article into the record. The article states
that since January 2017 at least 15 retailers were hacked and
likely had information stolen from them. Techy include Macy's,
Adidas, Sears, Kmart, Delta, Best Buy, Saks Fifth Avenue, Lord
& Taylor, Under Armour, Panera Bread, Forever 21, Sonic, Whole
Foods, Game Stop, and Arby's.
Commissioner Simons, have you ever shopped at one of these
establishments?
Mr. Simons. Yes.
Mr. Lujan. Me too. I think most Americans have.
Commissioner Simons, is there any reason to expect that there
will be fewer data breaches in the future?
Mr. Simons. That's our goal and that's what we are working
for.
Mr. Lujan. But the reason we are working toward that goal
is because we are concerned that they could happen.
Mr. Simons. Yes, and one of the things that we discussed
earlier is the need for civil penalty authority to act as an
increased deterrent.
Mr. Lujan. So building on that, Commissioner, can you
detail what rules the FTC is currently developing to better
protect consumers' privacy and data?
Mr. Simons. We don't have any rulemakings going on. We are
engaged in enforcement to the extent our current authority
allows us to do that and we are as aggressive as we can under
our current authority.
Mr. Lujan. Does the FTC have rulemaking authority?
Mr. Simons. We do under Magnuson-Moss. But it's very
cumbersome.
Mr. Lujan. But not in this space?
Mr. Simons. No, well, it's general.
Mr. Lujan. Could the FTC use support for authority to have
more clear rulemaking authority to protect consumers' privacy?
Mr. Simons. I think through individual enforcement we are
able to make pretty clear what companies are supposed to do.
So I think we are relatively effective in that regard, and
I don't think we need a rule to make it clear what the
companies need to do. I think the civil penalty authority would
act as a substantial conditional deterrent.
Mr. Lujan. So some of the numbers that I rattled off--150
million people exposed with Equifax, 200,000 consumers were
compromised, 180,000 consumers here and there, 87 million with
Facebook and Cambridge Analytica, 57 million Uber drivers, a
lot of people are getting their information stolen.
Commissioner, are you aware of any recent legislation
that's been passed by the Congress and signed into law that
will strengthen privacy protections for consumers?
Mr. Simons. You mean like COPPA?
Mr. Lujan. Anything that you might be aware of.
Mr. Simons. COPPA would be one. That would be a relatively
recent one.
Ms. Ohlhausen. It's not recent, but there's the Fair Credit
Reporting Act as well.
Mr. Lujan. The reason I ask that question is this
subcommittee, Mr. Chairman, held a hearing on Equifax in
October of 2017. We had Mark Zuckerberg before the full
committee in April 2018. It's now July.
And these breaches took place before the holidays. There
were assurances that the Congress would act to provide more
certainty to the comments that Commissioner Chopra shared--that
you need to instill confidence.
Nothing happened. I believe, Mr. Chairman, that this
Congress and this committee need to act before the August
recess, need to act before the end of this year to be able to
get more comprehensive privacy legislation adopted and I
believe our constituents and the American people deserve
better.
I thank everyone for their time and I see my time has
expired.
Mr. Latta. Thank you very much. The gentleman's time has
expired.
The chair now recognizes the gentleman from Georgia for 5
minutes.
Mr. Carter. Thank you, Mr. Chairman. I appreciate you
letting me sit in on this.
I thank all of you for being here. You have a very
important job and certainly, it's very important to consumers.
Full disclosure--currently I am the only pharmacist serving
in Congress for over 30 years. I practiced in retail pharmacy
and I am very familiar with what's going on in that.
And I wanted to ask you--I want to talk specifically about
PBMs--pharmacy benefit managers--where three companies control
78 percent of the market.
First of all, Mr. Simons, you and I met after you became
director and we met and we talked about the anti-competitive
nature of this. Would you consider three companies owning 78
percent of the market be a problem?
Mr. Simons. Certainly, a market structure in which you
might find and we might look for anti-competitive conduct.
As I mentioned before, in terms of anti-trust enforcement,
the places you look are the places where there are small
numbers of firms with large shares.
Mr. Carter. Right.
Mr. Simons. And this would be such a case.
Mr. Carter. One of the things that confuses me is when we
talk about vertical integration and horizontal integration and
often times you tell me, well, vertical integration is fine and
we just have to worry about horizontal integration.
Mr. Simons. No, I wouldn't say that.
Mr. Carter. Well, I appreciate you correcting me because
that's probably a misnomer that I want to dispose of because
the vertical integration as we see it right now, all of you
know what's going on. All of you know what's going on.
We've got the top three--those three that I mentioned--PBMs
that control 78 percent of the market--you have got CVS,
Caremark that now is buying Aetna. So all of a sudden you're
going to have a vertical integration that includes the
insurance company owning the pharmacy benefits manager owning
the pharmacy.
Now you have got Cigna buying out Express Scripts. Did you
know that Express Scripts, according to volume, is the third
largest pharmacy chain in America right now?
So now you have gone number one at CVS. You have got number
three at Express Scripts. Cigna is going to be the insurance
company.
Express Scripts will be the PBM and there will be the
pharmacy, and that vertical integration you yourself, Mr.
Simons, the FTC investigated in January of 2012 regarding
patient steering from Caremark to CVS. And what was going on
there?
We see it. I've got numerous examples that I can share with
you and I will be glad to share with you, and yet they hide
under the auspices of a lack of transparency.
This is the most opaque system that's known out there, and
they hide behind that and their profits have been just
outrageous.
In fact, I don't like to read but I am going to read this:
according to data from CMS, between 1987, when PBMs first
became involved in this when they were formed, and 2014
expenditures on prescription drugs have jumped by 1,100
percent.
There's been 1,553 percent increase in per employee
prescription drug benefit cost since 1987. In the last 10
years, the two largest PBMs have increased their profit margins
by nearly 600 percent.
Now, folks, I am not opposed to anybody making money. But
if you ask them what is the mission of a PBM, they'll tell you
it's to control prescription drug prices.
Well, how is that working out? Why is that an initiative of
the president of Health and Human Services right now to lower
prescription drug prices?
If they are fulfilling their mission, and yet they're
hiding again and this is what we look to the FTC to do. Am I
wrong? Is that not your responsibility? Should I be talking to
some other agency?
Mr. Simons. Well, it's partially our responsibility. So we
look at anti-competitive conduct and if they're engaging in
anti-competitive conduct we should be challenging it.
Mr. Carter. So just a quick story. I had a pharmacist that
shared a story with me--that he filled a prescription at his
drug store for his wife, who was covered under Caremart
insurance.
That night he got a call at his home from CVS saying if you
get it filled at our pharmacy you can get a lower co-payment.
Now, is there supposed to be a firewall? What happened to
that firewall? This was his wife.
Mr. Simons. I understand.
Mr. Carter. That's the kind of behavior that's going on
here. Yet and we look to you to help us with this, not because
of the pharmacy but because of the consumer. It's the consumer
who's suffering here, because as you do away the independent
retail pharmacies, you do away with choice, less competition,
that's not going to benefit the consumer at all.
It's just very frustrating when you have a profession where
the PBMs are responsible--they create the pharmacy networks.
They decide who's going to be let into that network and who's
not going to be let into that network. They direct the patients
to the certain pharmacies and it they own the pharmacy who do
you think they're going to direct it to?
My one question is who is supposed to be watching this. I
thought it was the FTC. Can I get a commitment that you will
look into this?
Mr. Simons. We are looking into it.
Mr. Carter. You're looking into it now?
Mr. Simons. You and I had a meeting and----
Mr. Carter. We did.
Mr. Simons. --And I took what you said to heart.
Mr. Carter. Thank you.
I look forward to continuing that conversation with you.
Mr. Latta. Thank you very much.
Mr. Carter. Thank you. I yield.
Mr. Latta. The gentleman's time has expired and the chair
now recognizes the chairman from Maryland for 5 minutes.
Mr. Sarbanes. Thank you, Mr. Chairman, for the opportunity
to participate in the hearing. Just before I start my
questions, I want to say I agree 1,000 percent with my
colleague. These mergers are kind of out of control. They're
putting the consumer, really, in a very, very bad position.
I want to thank you all for being here, for your work. This
is an incredibly important commission in terms of protecting
consumers, obviously, and the opportunities to lean in to do
that, I think are expansive right now, if you look across all
the various areas of jurisdiction that you have.
Commissioner, is it Simmons? Is that the pronunciation?
Mr. Simons. It's Simons.
Mr. Sarbanes. It's Simons. OK.
Mr. Simons. One M, two S's.
Mr. Sarbanes. I was wondering why everyone was saying
Simmons.
Mr. Simons. But it's remarkable how often it's pronounced
so I am used to it.
Mr. Sarbanes. OK. So Commissioner Simons, I wanted to talk
a little bit about biologic drugs and biosimilars. The FTC, as
I understand it, doesn't currently have the authority to
monitor agreements made between the manufacturers of biologics
and biosimilars, and I wanted to know if you thought it was
important that the FTC get that authority and, if so, why.
Mr. Simons. I mean, in terms of, like, pay for delay and--
--
Mr. Sarbanes. Exactly.
Mr. Simons. Yes, that would be helpful.
Mr. Sarbanes. I mean, my understanding is that if you look
at the authority you have over the agreements between brand
name drug manufacturers and generic drug manufacturers where
you can monitor this anti-competitive behavior, the pay for
delay agreements, and so forth, that you can have a significant
impact on the overall cost to the consumer out there is you
take those actions.
Can you describe a little bit some of the tools you have
when you go after those pay for delay agreements?
Mr. Simons. So the statute you're talking about requires
that if there's any agreement between a brand and a generic I
think that delays the marketing of the product that they have
to report that to the FTC and those disclosures are significant
way in which the commission finds out about these agreements
and whether it tells us where to look for whether these
agreements might be anti-competitive or not.
So the alert says hey, these agreements, and it's a big
brief description of what they are, and we can look at them and
then figure out OK, which ones look like they're problems and
then we go after them.
Mr. Sarbanes. It's incredibly important. I think there's a
study out there that shows that while brand name drugs are
about 10 percent of all drugs that are dispensed, I think
that's including biologics in the equation, they make up about
72 percent of the annual U.S. drug spending.
So there's a huge amount of money on the line, obviously,
from patients directly and from payers like Medicare and
Medicaid, government payers that can be saved by monitoring
these agreements, blocking these agreements.
But it's really critical to get that same kind of authority
with respect to the biologics and the biosimilars because in
the same way those paid for delays are decreasing market
competition. They're keeping the costs high. That's hurting
patients at the counter, and I want to, again, commend you on
the work you're doing with respect to the brand name drugs and
the generics.
But the Medicare Modernization Act of 2003, which gave FTC
this authority, as you know, didn't extend it to biologics and
biosimilar drugs.
So I will be introducing soon the Biosimilars Competition
Act of 2018 to grant FTC that authority so that you can begin
to monitor these deals, punish the bad actors and hopefully
deter many of these backroom deals from being made in the first
place.
We look forward to any comments you all will have with
respect to the proposed because we do want to give you that
authority.
Mr. Simons. Thank you very much.
Mr. Sarbanes. I wanted to switch gears really quickly. You
had probably two or three members ask you about your authority
as it related to Facebook and that earlier consent decree and I
wanted to pick up on that a little bit.
I was sort of struck in a recent earnings call--the various
Wall Street analysts were, like, peppering Mark Zuckerberg and
Sheryl Sandberg about the implications of Europe's new privacy
law, the general data protection regulation, how it might
impact the company and its earnings.
Not a single analyst asked about the FTC's announced
investigation into Facebook's privacy concerns, potential
violation of the 2011 consent decree.
So the market, in any event, doesn't seem to be taking that
consent decree--your ability to enforce it and punish Facebook
if you see violations, seriously from a kind of market
standpoint.
Actually, Commissioner Chopra, I would like your
perspective, if you could share it quickly, just about this
issue of the commission's credibility.
I mean, to me that treatment on the earnings call suggests
that they're not taking it seriously. Can you speak to how the
FTC could be taken more seriously on things like that and the
tools that you could maybe uses to do that?
Mr. Chopra. Without speaking about this specific matter at
hand, the FTC very energetically goes after companies that
break the law and when it comes to small time scammers, we
really do lay down the hammer. We seek bans of executives. We
sometimes close down a business.
I would like us to apply the law evenly regardless if it's
a small time scammer or a big time publicly traded corporation
and it's our duty, I think, to apply that law equally and the
market needs to see that we are willing to do that. Otherwise,
the credibility of our orders and enforcement will not be as
high as it needs to be.
Mr. Sarbanes. Well, thank you very much. I appreciate that.
I agree with you and I think we do need to make sure the big
guys receive the same kind of attention as the small guys.
The public's confidence in the commission, I think, is
dependent upon that.
Thank you, and I yield back my time.
Mr. Latta. Thank you. The gentleman's time has expired, and
the chair now recognizes the gentleman from California for 5
minutes.
Mr. McNerney. Well, I thank the chair and the ranking
member. I thank the commissioners for your service with limited
resources. It's a tough job.
In recent years, we've witnessed numerous data breaches
incidents from many companies like Facebook, Equifax, Target,
Home Depot, LinkedIn, and Anthem.
The FTC does have resources to help consumers who have been
victims of data breaches.
Commissioner Slaughter, what more could the FTC be doing
for consumers?
Ms. Slaughter. Thank you for the question, Congressman.
I think my colleagues and I have all spoken particularly in
the area of data breach and data security. Well, I don't say
all--several of us have spoken.
No, I think all, actually, about how we could benefit from
data security legislation, perhaps data breach notification
legislation that gave us more specific authority and perhaps
rulemaking authority with respect to data security and data
privacy.
Mr. McNerney. So that would be your specific recommendation
as it you--the FTC be given rulemaking authority?
Ms. Slaughter. Yes. A number of us have outlined different
kinds of authorities that would be useful in different ways.
Rulemaking is one. Civil penalty authority is another.
I think we do and we will go after violations of the law
where we find them now. But deterring these problems on a large
scale would be better able to do that with a little bit more
authority.
Mr. McNerney. Thank you.
Commissioner Chopra, do you have anything to add to that?
Mr. Chopra. Well, I think that you mentioned Target and
some other large retailers. I just want to underscore,
particularly with respect to stolen credit card information at
these large retailers, this actually impacts a wide swath of
our banking industry as well. Community banks, others, who in
some ways have to take those losses.
So we require financial institutions. We require certain
health care institutions to protect data. I think we, in some
ways, need to level the playing field and make sure other big
sectors of the economy are doing the same thing.
Mr. McNerney. Thank you.
Chairman Simons, facial recognition features are
increasingly being incorporated into technology. However, just
last week, Brad Smith from Microsoft stated that facial
recognition technology should be regulated, which is voicing a
great concern on this issue.
What is the FTC doing to address privacy concerns raised by
facial recognition technology?
Mr. Simons. Thank you for the question, Congressman.
So this is a good example of something that maybe even a
few years ago was not really considered sensitive information,
and now with the development of technology now it is sensitive
information.
And so one of the things we are following and are careful
about is whether people are being misled about information that
is sensitive information for them and whether the companies
have disclosed how they're using it in the correct way.
Mr. McNerney. Thank you.
Mr. Chopra, do you have anything to add to that?
Mr. Chopra. Well, I agree with Chairman Simons.
I will just add I think the potential for misuse with
facial recognition implicates a lot of issues and values that
we are not always best situated to combat.
I don't know if I want to live in a society where everyone
knows my movements at all time and where my face can be scanned
and it can be used to decide other things about me.
Mr. McNerney. Hear, hear.
Mr. Chopra. So it's something I am worried about when it
comes to misuse. I saw Microsoft's announcement about this. We
will do what we can.
But I want to be clear. We can't solve everything with
respect to the issues with facial recognition. We have limited
authority to do that.
Mr. McNerney. So this is an area you think Congress needs
to get involved in?
Mr. Chopra. Well, I think it involves a lot of issues
beyond our narrow lens including really our values as Americans
and our civil liberties, and that is something that we want to
enforce the law with respect to promises that are made or
misuse of data in certain commercial transactions.
But I think it's on you guys to really think about the big
picture.
Mr. McNerney. OK. Thank you.
Chairman, I am going to follow up on the Cambridge
Analytica issue.
The FTC entered a consent decree with Facebook in 2011. In
2015, it was revealed that Cambridge Analytica illegitimately
obtained consumer data.
Yet, it was not until this spring that the commission
announced it was investigating. Now, I realize you can't
comment on Facebook specifically, but can you tell us what
steps the commission is taking to improve how it monitors
compliance with consent decrees?
Mr. Simons. Yes. Without saying anything about the
particular matter, so this is another example of self-critical
examination.
So when this all came to light, one of the things we did
was we started a task force to deal with potential changes in
how we do our orders.
Mr. McNerney. And how you enforce those?
Mr. Simons. How we write them and how we enforce them.
Mr. McNerney. Because, you don't enforce them. There's no
point in----
Mr. Simons. Right. But also you have to write them in the
right way. So you have to get the company committed to doing
what it needs to do and you have to--and also in terms of being
able to monitor them properly.
So writing the orders is important and enforcing is
important. Both are important.
Mr. McNerney. Thank you for that answer.
Mr. Chopra. Congressman, if I can quickly add, I think we
all take enforcement of our orders seriously. I will note that
when Chairman Simons was--his previous stint at the FTC he
achieved and obtained a very significant penalty against a
larger order violator and I think we will continue with that
spirit and use all the tools we can to correct violations of
our orders.
Mr. McNerney. Thank you.
I would like to yield back.
Mr. Latta. Thank you very much.
The gentleman's time has expired and at this time the
ranker and I are going to ask one last quick question each that
we agreed upon.
Chairman, I was wondering if I could start, to just ask my
last question to you. I want to touch on an issue we've all
heard about. We have seen advertisements that target the senior
population. We've all seen or heard the lawsuit advertisements
that proclaim that certain medications or drugs may cause
complications and to contact the organization or law firm
airing the advertisement.
I also understand that these ads may at times be misleading
or in some cases just outright fraudulent, leading to potential
physical harm.
Is this an issue that the FTC is focused on and, if you
are, what is the FTC doing to prevent misleading or false ads?
Mr. Simons. Yes, so this is potentially deception in a very
sensitive area and it also, because of the area of its
involvement, it's something that we would do in conjunction
with the FDA.
Mr. Latta. OK. But this is something you're actively
working on then?
Mr. Simons. Well, you brought it to our attention, yes. So
this is some of the concern, yes.
Mr. Latta. OK. Well, thank you very much.
And I will recognize the gentlelady from Illinois, the
ranker of the subcommittee.
Ms. Schakowsky. As I mentioned in my opening statement, the
European Commission announced a $5.1 billion antitrust fine on
Google.
The E.U. alleges, among other things, that Google, for
smart phone makers, preinstall Google Search together with its
Play Store and Chrome browser and sign agreements not to sell
devices on rival Android systems by imposing its bundled
package on smart phone makers.
Google, arguably, gave itself an advantage over its
competitors. So, Chairman Simons, I know that you have
announced a series of hearings that will examine a competition
policy.
But as of right now, are there any limitations under U.S.
law that would prevent the FTC from looking into Google's
conduct regarding this kind of bundling.
Specifically, do you have enough authority to consider if
Google's conduct is anti-competitive?
Mr. Simons. So thank you for the question.
We do have enough authority to determine whether it's anti-
competitive or not. And let me just say, we are going to read
what the EU put out very closely.
We are very interested in what they're doing. I had a
conversation with Commissioner Vestager yesterday. So we are
very interested in what the EU is----
Ms. Schakowsky. I am sorry. Who is that person?
Mr. Simons. She's the commissioner. She's my counterpart of
the European Commission's competition directorate.
But in terms of what they look at versus what we look at,
their regulatory regime is a little different than ours.
So once they find that a company is dominant, as I
understand it, that imposes upon the company kind of like a
fairness obligation irrespective of what the effect is on the
consumer.
Our anti-trust regime requires that there be a harm to
consumer welfare. So the consumer has to be injured.
So the two tests are a little bit different. But we are
going to look closely at what the EU is doing.
Ms. Schakowsky. Thank you.
I yield back.
Mr. Latta. Thank you very much. The gentlelady yields back.
And seeing that there are no other further members here to
ask any questions, again, we want to thank you all for being
with us today and appearing before the subcommittee.
Before we do conclude, I would like to submit them for the
record by unanimous consent: A letter from ACA International, a
letter from the Electronic Privacy Information Center, a letter
from the Coalition Trade Association, and a letter from the
Internet Association.
And without objection, so ordered.
[The information appears at the conclusion of the hearing.]
Mr. Latta. Pursuant to committee rules, I remind members
that they have 10 business days to submit additional questions
for the record, and I ask that our witnesses submit their
responses within 10 business days upon receipt of those
questions.
And without objection, the subcommittee stands adjourned.
[Whereupon, at 12:02 p.m., the committee was adjourned.]
[Material submitted for inclusion in the record follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]