Obama Administration's Consumer Bill of Rights Fails on Enforcement

NEWS ANALYSIS: A new White House plan puts enforcement of consumer privacy issues on the Internet into the hands of the FTC. It's not enough.

The White House announcement on Feb. 23 that the Obama administration is going to start pressing for a consumers' Bill of Rights was welcomed by privacy advocates, but others question whether the effort will lead to any important changes. Running the administration's effort is the Federal Trade Commission, which is also responsible for enforcing the "Do Not Call" bills implemented in the past decade. The White House plan would, among other things, ensure that "Do Not Track" settings on browsers would be honored.

It's worth noting that Do Not Call is honored as much in the breach as it is in the law. Telemarketers routinely ignore the Do Not Call list and avoid getting caught by concealing their identities with spoofed Caller ID entries, or by calling from outside the United States where the law doesn't apply. The FTC, meanwhile, only rarely brings charges against violators of Do Not Call. Whether this overworked and underfunded agency could enforce a privacy Bill of Rights is an open question.

While the White House has put a great deal of effort into the Consumers' Privacy Bill of Rights, it has a long way to go before this idea becomes law, assuming it ever does. The next step will come from the National Telecommunications and Information Administration (NTIA), which will go through the usual round of regulatory meetings to establish specific codes of conduct. In addition, the administration will present legislation to Congress to implement the effort and to provide baseline protections. It's unclear whether a Republican-led House of Representatives will even take up such a bill, much less pass it in its current form.

In fact there's a lot that's unclear. While the document presented by the White House shows a lot of thought, turning that thought into legislation is a significant undertaking, especially in an election year when nobody knows for sure who will control either house of Congress or, for that matter, the White House. So as nice as the idea is, don't hold your breath for this to take place.

Adding to the depths of the morass that is privacy on the Internet is the fact that some organizations, such as Google, are effectively integrated from top to bottom. Even if you don't let Google share personal information with others outside of the company, that's not exactly a major restriction. After all, anything that passes through your Android phone or that you search for on Google's search engine or is paid for through Google Wallet can enter the vast collection of data at Google, and even if the law takes effect, there's not much anyone can do about that, except maybe hope for a sense of responsibility at Google.

And while Google's unofficial motto is "Don't be Evil," it's not clear that Google would see such information use as evil. After all, the company undoubtedly believes that it's doing consumers a favor by making commerce easier and providing information on things a person might want to know, or want to buy.

And of course, there are loopholes. The federal government isn't bound by anything in the Privacy Bill of Rights, so the feds can snoop through anything you've done online at their whim and without a warrant.

But ultimately the question is whether the president's plan will actually result in greater privacy for U.S. citizens. Considering the obstacles in the way, I suspect not. Even if the White House were to produce legislation that Congress were to pass, implementing the bill at the FTC would be a nightmare. Getting the administrative procedures into place could take years, and during this time there is certain to be a change of administrations, and with it a change in Commerce Secretaries.

In reality, the only hope for consumer online privacy, and Do Not Track for that matter, is voluntary industry compliance. Browsers are already showing up with the ability to turn on a Do Not Track request. Recently, Google announced that it is putting a "Do Not Track" button on its Chrome browser.

Yet it was Google that found a way to get past Apple's privacy settings and find a way to put ad cookies on Safari browsers against users' wishes. Meanwhile, major Internet sites including Google, Microsoft and Yahoo all say they'll honor Do Not Track. But will they?

The answer is, not if they don't have to. Just because the White House wants consumer privacy protection on the Internet isn't a good enough reason. Likewise, a bill in Congress might get lip service, but no real action. Perhaps a law, and the ability of the FTC to enforce it, might have some effect, but probably not very much.

Right now the Internet is a lot like the Wild West. There's not a lot of law there, and lawbreakers are almost impossible to find. Worse, even if they're found, bringing them to justice is problematic. The only real answer to protecting consumers' privacy rights on the Internet is for the consumers to do it themselves. Good luck with that.