[House Hearing, 115 Congress] [From the U.S. Government Publishing Office] ALGORITHMS: HOW COMPANIES' DECISIONS ABOUT DATA AND CONTENT IMPACT CONSUMERS ======================================================================= JOINT HEARING BEFORE THE SUBCOMMITTEE ON COMMUNICATIONS AND TECHNOLOGY AND THE SUBCOMMITTEE ON DIGITAL COMMERCE AND CONSUMER PROTECTION OF THE COMMITTEE ON ENERGY AND COMMERCE HOUSE OF REPRESENTATIVES ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION __________ NOVEMBER 29, 2017 __________ Serial No. 115-80 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Printed for the use of the Committee on Energy and Commerce energycommerce.house.gov ______ U.S. GOVERNMENT PUBLISHING OFFICE 28-578 PDF WASHINGTON : 2018 COMMITTEE ON ENERGY AND COMMERCE GREG WALDEN, Oregon Chairman JOE BARTON, Texas FRANK PALLONE, Jr., New Jersey Vice Chairman Ranking Member FRED UPTON, Michigan BOBBY L. RUSH, Illinois JOHN SHIMKUS, Illinois ANNA G. ESHOO, California MICHAEL C. BURGESS, Texas ELIOT L. ENGEL, New York MARSHA BLACKBURN, Tennessee GENE GREEN, Texas STEVE SCALISE, Louisiana DIANA DeGETTE, Colorado ROBERT E. LATTA, Ohio MICHAEL F. DOYLE, Pennsylvania CATHY McMORRIS RODGERS, Washington JANICE D. SCHAKOWSKY, Illinois GREGG HARPER, Mississippi G.K. BUTTERFIELD, North Carolina LEONARD LANCE, New Jersey DORIS O. MATSUI, California BRETT GUTHRIE, Kentucky KATHY CASTOR, Florida PETE OLSON, Texas JOHN P. SARBANES, Maryland DAVID B. McKINLEY, West Virginia JERRY McNERNEY, California ADAM KINZINGER, Illinois PETER WELCH, Vermont H. MORGAN GRIFFITH, Virginia BEN RAY LUJAN, New Mexico GUS M. BILIRAKIS, Florida PAUL TONKO, New York BILL JOHNSON, Ohio YVETTE D. CLARKE, New York BILLY LONG, Missouri DAVID LOEBSACK, Iowa LARRY BUCSHON, Indiana KURT SCHRADER, Oregon BILL FLORES, Texas JOSEPH P. KENNEDY, III, SUSAN W. BROOKS, Indiana Massachusetts MARKWAYNE MULLIN, Oklahoma TONY CARDENAS, California RICHARD HUDSON, North Carolina RAUL RUIZ, California CHRIS COLLINS, New York SCOTT H. PETERS, California KEVIN CRAMER, North Dakota DEBBIE DINGELL, Michigan TIM WALBERG, Michigan MIMI WALTERS, California RYAN A. COSTELLO, Pennsylvania EARL L. ``BUDDY'' CARTER, Georgia JEFF DUNCAN, South Carolina (ii) Subcommittee on Communications and Technology MARSHA BLACKBURN, Tennessee Chairman LEONARD LANCE, New Jersey MICHAEL F. DOYLE, Pennsylvania Vice Chairman Ranking Member JOHN SHIMKUS, Illinois PETER WELCH, Vermont STEVE SCALISE, Louisiana YVETTE D. CLARKE, New York ROBERT E. LATTA, Ohio DAVID LOEBSACK, Iowa BRETT GUTHRIE, Kentucky RAUL RUIZ, California PETE OLSON, Texas DEBBIE DINGELL, Michigan ADAM KINZINGER, Illinois BOBBY L. RUSH, Illinois GUS M. BILIRAKIS, Florida ANNA G. ESHOO, California BILL JOHNSON, Ohio ELIOT L. ENGEL, New York BILLY LONG, Missouri G.K. BUTTERFIELD, North Carolina BILL FLORES, Texas DORIS O. MATSUI, California SUSAN W. BROOKS, Tennessee JERRY McNERNEY, California CHRIS COLLINS, New York FRANK PALLONE, Jr., New Jersey (ex KEVIN CRAMER, North Dakota officio) MIMI WALTERS, California RYAN A. COSTELLO, Pennsylvania GREG WALDEN, Oregon (ex officio) ------ Subcommittee on Digital Commerce and Consumer Protection ROBERT E. LATTA, Ohio Chairman ADAM KINZINGER, Illinois JANICE D. SCHAKOWSKY, Illinois Vice Chairman Ranking Member FRED UPTON, Michigan BEN RAY LUJAN, New Mexico MICHAEL C. BURGESS, Texas YVETTE D. CLARKE, New York LEONARD LANCE, New Jersey TONY CARDENAS, California BRETT GUTHRIE, Kentucky DEBBIE DINGELL, Michigan DAVID B. McKINLEY, West Virgina DORIS O. MATSUI, California ADAM KINZINGER, Illinois PETER WELCH, Vermont GUS M. BILIRAKIS, Florida JOSEPH P. KENNEDY, III, LARRY BUCSHON, Indiana Massachusetts MARKWAYNE MULLIN, Oklahoma GENE GREEN, Texas MIMI WALTERS, California FRANK PALLONE, Jr., New Jersey (ex RYAN A. COSTELLO, Pennsylvania officio) GREG WALDEN, Oregon (ex officio) C O N T E N T S ---------- Page Hon. Robert E. Latta, a Representative in Congress from the State of Ohio, opening statement..................................... 2 Prepared statement........................................... 3 Hon. Janice D. Schakowsky, a Representative in Congress from the State of Illinois, opening statement........................... 4 Hon. Marsha Blackburn, a Representative in Congress from the State of Tennessee, opening statement.......................... 5 Prepared statement........................................... 7 Hon. Michael F. Doyle, a Representative in Congress from the Commonwealth of Pennsylvania, opening statement................ 7 Hon. Greg Walden, a Representative in Congress from the State of Oregon, opening statement...................................... 9 Prepared statement........................................... 11 Hon. Frank Pallone, Jr., a Representative in Congress from the State of New Jersey, opening statement......................... 12 Prepared statement........................................... 13 Witnesses Omri Ben-Shahar, Ph.D., Leo Herzel Professor in Law, University of Chicago Law School.......................................... 15 Prepared statement........................................... 18 Answers to submitted questions............................... 154 Kate Klonick, Resident Fellow, Information Society Project, Yale Law School..................................................... 23 Prepared statement........................................... 25 Answers to submitted questions \1\........................... 157 Laura Moy, Deputy Director, Center on Privacy & Technology at Georgetown Law................................................. 33 Prepared statement........................................... 35 Answers to submitted questions............................... 159 Catherine Tucker, Ph.D., Sloane Distinguished Professor of Management Science, MIT Sloane School of Management............ 57 Prepared statement........................................... 59 Answers to submitted questions............................... 164 Frank Pasquale, Professor of Law, University of Maryland......... 67 Prepared statement........................................... 69 Answers to submitted questions............................... 169 Michael Kearns, Ph.D., Computer and Information Science Professor, University of Pennsylvania.......................... 93 Prepared statement........................................... 95 Answers to submitted questions............................... 183 Submitted Material Letter of November 1, 2016, from Hon. Robin L. Kelly, et al., to Mark Zuckerberg, Chairman and Chief Executive Officer, Facebook, submitted by Ms. Clarke.............................. 130 Statement of Frank Pasquale, Professor of Law, University of Maryland, before the United States Senate, September 12, 2017, submitted by Ms. Matsui........................................ 131 ---------- \1\ Ms. Klonick did not answer submitted questions for the record by the time of printing. Tweets of November 22, 2017, Cloudflare, submitted by Mr. Costello....................................................... 149 Report of May 2016, ``Online Privacy and ISPs,'' The Institute for Information Security & Privacy,\1\ submitted by Mr. Lance Letter of November 28, 2017, from Marc Rotenberg, President, and Caitriona Fitzgerald, Policy Director, Electronic Privacy Information Center, to Mr. Latta, et al., submitted by Mr. Lance.......................................................... 150 ---------- \1\ The information has been retained in committee files and also is available at http://docs.house.gov/meetings/IF/IF17/ 20171129/106659/HHRG-115-IF17-20171129-SD004-U4.pdf. ALGORITHMS: HOW COMPANIES' DECISIONS ABOUT DATA AND CONTENT IMPACT CONSUMERS ---------- WEDNESDAY, NOVEMBER 29, 2017 House of Representatives, Subcommittee on Communications and Technology joint with the Subcommittee on Digital Commerce and Consumer Protection, Committee on Energy and Commerce, Washington, DC. The subcommittee met, pursuant to call, at 10:07 a.m., in room 2123, Rayburn House Office Building, Hon. Robert E. Latta (chairman of the Subcommittee on Digital Commerce and Consumer Protection) presiding. Members present: Representatives Latta, Blackburn, Harper, Lance, Shimkus, Burgess, Guthrie, Olson, Kinzinger, Bilirakis, Johnson, Bucshon, Flores, Brooks, Mullin, Collins, Cramer, Walters, Costello, Walden (ex officio), Doyle, Schakowsky, Eshoo, Engel, Green, Matsui, McNerney, Welch, Clarke, Loebsack, Ruiz, Dingell, and Pallone (ex officio). Staff present: Mike Bloomquist, Deputy Staff Director; Samantha Bopp, Staff Assistant; Kelly Collins, Staff Assistant; Robin Colwell, Chief Counsel, Communications and Technology; Sean Farrell, Professional Staff Member, Communications and Technology; Margaret T. Fogarty, Staff Assistant; Melissa Froelich, Chief Counsel, Digital Commerce and Consumer Protection; Adam Fromm, Director of Outreach and Coalitions; Gene Fullano, Detailee, Communications and Technology; Ali Fulling, Legislative Clerk, Oversight and Investigations, Digital Commerce and Consumer Protection; Theresa Gambo, Human Resources and Office Administrator; Elena Hernandez, Press Secretary; Paul Jackson, Professional Staff Member, Digital Commerce and Consumer Protection; Bijan Koohmaraie, Counsel, Digital Commerce and Consumer Protection; Tim Kurth, Senior Professional Staff, Communications and Technology; Lauren McCarty, Counsel, Communications and Technology; Katie McKeogh, Press Assistant; Alex Miller, Video Production Aide and Press Assistant; Mark Ratner, Policy Coordinator; Madeline Vey, Policy Coordinator, Digital Commerce and Consumer Protection; Evan Viau, Legislative Clerk, Communications and Technology; Hamlin Wade, Special Advisor for External Affairs; Everett Winnick, Director of Information Technology; Greg Zerzan, Counsel, Digital Commerce and Consumer Protection; Michelle Ash, Minority Chief Counsel, Digital Commerce and Consumer Protection; Jeff Carroll, Minority Staff Director; David Goldman, Minority Chief Counsel, Communications and Technology; Lisa Goldman, Minority Counsel; Lori Maarbjerg, Minority FCC Detailee; Dan Miller, Minority Policy Analyst; Caroline Paris- Behr, Minority Policy Analyst; and C.J. Young, Minority Press Secretary. OPENING STATEMENT OF HON. ROBERT E. LATTA, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OHIO Mr. Latta. Well, good morning. I would like to call our joint subcommittee meeting to order, and the Chair recognizes himself for 5 minutes for an opening statement. And good morning again. I would like to welcome everyone back from Thanksgiving holiday to our joint subcommittee hearing. I would like to thank our witnesses for being here today. I would venture to guess many people were able to get a jumpstart on their holiday shopping and seeing some of the earlier reports showing that online shopping rose 17 percent from last year, which makes our hearing this morning even more timely. When Chairman Walden became chairman of the Energy and Commerce Committee, we agreed that keeping our focus on the consumer was a priority for the committee. And everything that the Digital Commerce and Consumer Protection Subcommittee has done, whether it has been exploring new technologies through our Disrupter Series or the bipartisan work that went into the SELF DRIVE Act, our goal has always been to act in the best interest of the consumer, the American people. Earlier this fall, the Equifax data breach compromised the personal information of over 145 million Americans. This troubling incident raised many questions about credit industry practices with respect to the collection of consumer information. Many Americans, some of whom never heard of Equifax, were confused as to how their sensitive personal information could have been compromised by a company they had never interacted with. Just last week, Uber announced their systems were hacked, exposing data of over 57 million users. Rather than alert authorities and make the breach known to their users and drivers, Uber kept the hack secret for a year. Disregard of law and disregard of consumers' and drivers' trust all require close scrutiny. The Digital Commerce and Consumer Protection Subcommittee will continue our work to protect consumers and make sure those who disregard the law are held accountable. As investigations continue, the importance of this hearing cannot be understated. Polls show Americans both feel that technology has had a positive effect on our society but are also skeptical about how their information is used by major technology companies. As policymakers, it is our obligation to ask the tough questions and make sure consumers understand how their information is being used in our digitally driven economy. That is why we explore today how personal information about consumers is collected online and, importantly, how companies use that information to make decisions about the content consumers see. Right now, there are more than 224 million smart phone users in America, and U.S. consumers spend about 5 hours a day on their mobile devices. As we continue to see the number of connected devices increase and our digital economy expand, Americans are only going to spend more and more time online browsing the web, shopping, or checking social media, with more information about them being collected. Although there are legitimate reasons and benefits of the collection and use of information online, we want to ensure that Americans understand how their information is being used. Specifically, how do companies use algorithms to make decisions and deliver content to consumers? What information goes into these complex algorithms, and how do they control the information that comes out? How important are human decisions in creating the algorithms and interpreting the results? Are the results of the researches we conduct online objective, or are companies controlling the information we get? These are all fair, legitimate questions that we intend to explore. It is our job to make sure consumers have the information they need to make informed decisions, especially when it comes to the flow of their personal information online. With that said, it is also important to understand how effective privacy policy disclosures are. Although some scholars believe such disclosures empower the consumers, others contend they are only there for the lawyers and are impossible to read. For that reason, we must consider whether there are more effective ways to empower the consumer. I would like to thank Chairman Blackburn for her commitment to these issues, and I look forward to exploring these complex but important issues with all stakeholders. Again, I want to thank our witnesses for being here today, and at this time I would like to recognize the gentlelady from Illinois, the ranking member of the subcommittee, for 5 minutes. [The prepared statement of Mr. Latta follows:] Prepared statement of Hon. Robert E. Latta Good morning, I'd like to welcome everyone back from the Thanksgiving holiday to our joint subcommittee hearing. I'd like to thank our witnesses for being here today. I would venture to guess many people were able to get a jump start on their holiday shopping. Early reports show online shopping revenues rose over 17 percent from last year, which makes our hearing this morning so timely. When Chairman Walden became chair of the Energy and Commerce Committee, we agreed that keeping our focus on the consumer was a priority for the committee. In everything the Digital Commerce and Consumer Protection subcommittee has done--whether it has been exploring new technologies through our Disrupter Series or the bipartisan work that went into the SELF DRIVE Act--our goal has always been to act in the best interest of the consumer and the American people. Earlier this fall, the Equifax data breach compromised the personal information of over 145 million Americans. This troubling incident raised many questions about credit industry practices with respect to the collection of consumer information. Many Americans--some of who had never heard of Equifax--were confused as to how their sensitive personal information could have been compromised by a company they had never interacted with. Just last week, Uber announced their systems were hacked exposing data on over 57 million users. Rather than alert authorities and make the breach known to their users and drivers--Uber kept the hack secret for a year. Disregard of the law and disregard of consumers and drivers trust all require close scrutiny. The Digital Commerce and Consumer Protection subcommittee will continue our work to protect consumers and make sure those who disregard the law are held accountable. As investigations continue, the importance of this hearing cannot be understated. Polls shows Americans both feel that technology has had a positive effect on our society, but are also skeptical about how their personal information is used by major technology companies. As policymakers, it is our obligation to ask the tough questions and make sure consumers understand how their information is being used in our digitally driven economy. That is why we will explore today how personal information about consumers is collected online and--importantly--how companies use that information to make decisions about the content consumers see. Right now, there are more than 224 million smartphone users in America and U.S. consumers spend about 5 hours a day on their mobile devices. As we continue to see the number of connected devices increase and our digital economy expand, Americans are only going to spend more and more time online-- browsing the web, shopping, or checking social media--with more information about them being collected. Although there are legitimate reasons and benefits to the collection and use of information online, we want to ensure that Americans understand how their information is being used. Specifically, how do companies use algorithms to make decisions and deliver content to consumers? What information goes into these complex algorithms and how do they control the information that comes out? How important are human decisions in creating the algorithms and interpreting their results? Are the results of the searches we conduct online objective or are companies controlling the information we get? These are all fair, legitimate questions that we intend to explore. It is our job to make sure consumers have the information they need to make informed decisions--especially when it comes to the flow of their personal information online. With that said, it is also important to understand how effective privacy policy disclosures are. Although some scholars believe such disclosures empower the consumer, others contend that they are only there for the lawyers and are impossible to read. For that reason, we must consider whether there are more effective ways to empower the consumer. I would like to thank Chairman Blackburn for her commitment to these issues, and I look forward to exploring these complex, but important issues with all stakeholders. Thank you again to our witnesses for being here today. OPENING STATEMENT OF HON. JANICE D. SCHAKOWSKY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF ILLINOIS Ms. Schakowsky. Thank you, Mr. Chairman. We like to think of the internet as an open marketplace and forum for the exchange of ideas. In reality, the information that consumers see is determined in part by tech companies. Today, algorithms determine what appears in web ads, search results, and your customized news feed. Some of the content you are presented may be based on personal information such as your gender, race, and location. It may also depend on how much companies have paid to get that content in front of you. The internet and social media have changed how Americans consume news, information, and advertising. According to an August 2017 survey by the Pew Research Center, two-thirds of Americans get at least some of their news through social media. Consumers rely on a handful of popular platforms, making the algorithms of those platforms tremendously powerful. On a sinister level, organizations and even nation-states can exploit algorithms to spread disinformation, as we saw with Russian interference in the 2016 elections. In addition, platforms profit by selling ads targeted to specific groups based on their demographics and inferences made through their engagement with content on the platform. This may have some benefit: Consumers see ads that they are actually interested in. But the line between tailoring advertising and facilitating discrimination can get murky. As we grapple with algorithms on the internet, the Federal Communications Commission is considering big changes that would allow corporations to further shape what content consumers access. On December 14th, the FCC will vote on whether to undo the Open Internet Order, which protects net neutrality. If that proposal is adopted, internet service providers will be able to control consumers' access to content. They can make a website load faster or slower depending on whether the content provider pays for the better speed, or an ISP can block content altogether. Destroying that neutrality would change the internet as we know it, and how does a small business compete online if it now has to pay every ISP in the country for its website to load as fast as big corporation competitors? What happens to the exchange of ideas when access to some content is restricted? This is a disturbing amount of power that the FCC might cede to for-profit broadband providers. We already have examples of what broadband providers do when empowered to block content. Verizon blocked text messages from reproductive rights group NARAL, calling them, quote, controversial, unquote. AT&T limited use of FaceTime to incentivize its customers to purchase more expensive data plans. TELUS, another telecom company, blocked the website of a union with which it had a labor dispute. No wonder millions of internet users have filed comments in support of maintaining the Open Internet Order. Just since last Monday, my office has received about 500 calls from net neutrality supporters. Americans are watching the FCC's next move. The FCC under Chairman Pai is also encouraging consolidation and media ownership. It has bent over backward to clear the way for Sinclair Broadcast Group's acquisition of Tribune Media. Congress established a 39 percent cap on the national audience one broadcaster can cover, but Chairman Pai moved to reinstate the outdated UHF discount so that Sinclair can potentially cover 70 percent of the national audience. This media consolidation is a threat to local journalism, especially as Sinclair forces its stations to run nationally produced, quote, must-air, unquote, content. Big corporations are being given more and more influence over the information that Americans receive, from news feeds to websites, from smart phone to TVs. Congress and Federal watchdogs like the FCC have a responsibility to push back on corporate power when it threatens fair competition and free expression. I look forward to our witnesses' insights on how we fulfill that responsibility, and I yield back. Thank you. Mr. Latta. Thank you. The gentlelady yields back, and at this time the Chair recognizes the gentlelady from Tennessee, the chairman of the Communications and Technology Subcommittee, for 5 minutes. OPENING STATEMENT OF HON. MARSHA BLACKBURN, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TENNESSEE Mrs. Blackburn. Good morning, and welcome to all of our witnesses. I want to thank my colleague Mr. Latta for working closely with me and our committee to put together this stellar panel so that we can talk about all things virtual. Although we often refer to the world on the other side of the screen as the virtual world, we are seeing that, when things go wrong, the real-world impacts on our privacy, finances, knowledge base, and even freedom of expression are anything but virtual. They are very, very real. As so many of these issues overlap between our two subcommittees, I am pleased we are able to kick off our exploration of these issues as a team. On a number of fronts, we are seeing the pressure turned up on the tech companies that often serve as the new town squares for public discourse as governments and users are demanding that certain speech be shut down. Some of the responses have perhaps been a disappointment from the perspective of free speech. Companies that began as start-ups in Silicon Valley garages have fundamentally changed the way we communicate with one another about everything from the song we want to hear, to what stock to buy, to what is the best way to change our healthcare delivery system. These multinational corporations now respond to pressures that do not necessarily align with American values, so we need to examine how and why content is being blocked, filtered, or prioritized. This may all sound faintly similar to another topic, net neutrality. Exercise caution here, as it is important to note the FCC's current rules only apply to ISPs, not social media or search platforms. In some very concrete ways, the open internet is being threatened by certain content management practices. These 2- year-old FCC rules have not and cannot address these threats, so it is disheartening to see Title II regulatory advocates happily conflating the two to divert attention from who is actually blocking content. The current FCC proposal to return internet regulation back to the bipartisan light-touch norm also reminds us that we are simply shifting authority back to the FTC to handle privacy matters. The previous head of the FCC swiped jurisdiction from the FTC, a 100-plus-year-old institution established by a Democratic President to act against trusts. As discussed at our previous hearings on the limits of the FCC, its authority can only touch one part of the internet ecosystem, and thus it ignores edge provider services that collect arguably more data than ISPs. As you may have heard, in order for consumers to be able to protect their virtual you, I introduced a bill that would create a level and fair privacy playing field by bringing all entities that collect and sell personal data of individuals under the same unified rules. Given the witnesses' testimony today, let me also plug another bipartisan initiative we have addressed: data security. Given the implications and risk associated with transferring all of this data, it is imperative that we address data security. It is a timely issue. I look forward to working with my friends across the aisle on this, data security, and on privacy, the BROWSER Act, and all of these topics so that we can settle our differences right here with legislative authority in these hearing rooms rather than relinquishing that authority to regulators in power. I thank the chairman for his collaboration and work on this issue, and I yield back the balance of my time. [The prepared statement of Mrs. Blackburn follows:] Prepared statement of Hon. Marsha Blackburn Good afternoon, and welcome to our witnesses. Let me also thank my colleague Mr. Latta for working closely with me to put together this all-star panel to discuss all things virtual. Although we often refer to the world on the other side of our screens as the virtual world, we are seeing that when things go wrong, the real world impacts on our privacy, finances, knowledge base, and even freedom of expression are anything but virtual. As so many of these issues overlap between our two subcommittees, I am pleased that we are able to kick off our exploration of them as a team. On a number of fronts, we are seeing the pressure turned up on the tech companies that often serve as the new town squares for our public discourse. As governments and users are demanding that certain speech be shut down, some of the responses have perhaps been a disappointment from the perspective of free speech. Companies that began as start-ups in Silicon Valley garages have fundamentally changed the way we communicate with each other about everything from what song we want to hear, to what stock we want to buy or sell, to what is the best way to change our health care system. These multinational corporations now respond to pressures that do not necessarily line up with American values, so we need to examine how and why content is being blocked, filtered, or prioritized. This may all sound faintly similar to another hot topic-- net neutrality. Exercise caution here as it is important that we note: the FCC's current rules only apply to ISPs, not social media or search platforms. In some very concrete ways, the open internet is being threatened by certain content management practices. These 2-year-old FCC rules have not and cannot address these threats, so it is disheartening to see Title 2 regulatory advocates happily conflating the two to divert attention from who is actually blocking content. The current FCC proposal to return internet regulation back to the bipartisan light-touch norm also reminds us that we are simply shifting authority back to the FTC to handle privacy matters. The previous head of the FCC swiped jurisdiction from the FTC, a 100-plus-year-old institution established by a Democratic president to act against trusts. As discussed at our previous hearings on the limits of the FCC, its authority can only touch one part of the internet, ecosystem and thus it ignores edge provider services that collect arguably more data than ISPs. As you may have heard, I introduced a bill that would create a level and fair privacy playing field by bringing all entities that collect and sell the personal data of individuals under the same rules. Given the witnesses testimony today, let me also plug another bipartisan initiative I have worked on in the past-- data security. Given the implications and risks associated with transferring all of this data, it feels rather timely. I look forward to working with my friends across the aisle on this and all of these topics so we settle differences in this hearing room as opposed to relinquishing our authority to regulators in power. Mr. Latta. Thank you. The gentlelady yields back. And, before I recognize our next Member, I just want to mention to our witnesses we have another subcommittee that is going on right now, so you will have Members coming in and out of subcommittee today. And at this time, the Chair recognizes the gentleman from Pennsylvania, the ranking member on C&T, for 5 minutes. OPENING STATEMENT OF HON. MICHAEL F. DOYLE, A REPRESENTATIVE IN CONGRESS FROM THE COMMONWEALTH OF PENNSYLVANIA Mr. Doyle. Thank you, Mr. Chairman, for holding this joint hearing, and thank you to the witnesses who have come before us today. Machine learning and artificial intelligence are powerful tools that are reshaping our country and our economy. In places like my hometown of Pittsburgh, our leadership in artificial intelligence is leading to new technologies and new advances that have the potential for revolutionary changes. I hope this committee can continue to investigate and understand this important technology and the impacts that it will have. That being said, troubling recent events such as the hack of Equifax continue to show light on the dark world of data brokers and data mining. Credit rating agencies play a central role in many Americans' lives whether you are buying a home, a car, or even a new phone. Your ability to demonstrate good credit in the eyes of these institutions is tantamount to being allowed to make a purchase or being told that you do not pass Go. Americans have little recourse, and our Government provides little oversight of these institutions and their practices. They are increasingly using big data and machine learning to make judgments about individuals and their ability to access and use credit. Data breaches at these companies pose grave threats to nearly every American, and I think this warrants further investigation. However, today I am deeply concerned that this hearing is happening in the shadow of the FCC's efforts to end network neutrality and this Congress' own decision to use the Congressional Review Act on the FCC's broadband privacy rules. These policies are and were robust protections for consumers that are at the heart of our discussions here today. In addition, Ms. Moy's testimony refers in numerous places to the CRA against rules requiring mandatory arbitration by financial institutions. The majority does not seem content to merely strip Americans of their legal and regulatory protections. They are going even further now and working to deny them their access to the courts, as well. The majority seems willing only to give lip service to these real consumer protections that they have already cast aside. The FCC's current efforts to repeal the Open Internet Order and end network neutrality are a perfect case in point. The need for net neutrality was borne out of a long history of anti-consumer and anti-competitive behavior that limited consumers' access to content and information, new technologies, and competitive choices. ISPs have blocked consumer access to services that compete with their own services, new services, and transformative services more times than I can count. The FCC's privacy rules themselves were a reaction to bad behavior by the ISPs. For years, ISPs have taken actions to track user behavior online using deep packet inspection, undeletable supercookies, and even force consumers to pay them on top of the sky-high fees they already charge to retain their privacy. Consumers were protected from these abusive practices until Congress and President Trump recklessly acted to nullify these rules. I cannot reiterate to my colleagues enough that when you own the pipe to the home, you own access to the consumer, as ISPs have demonstrated so many times. Repealing these rules will have grave consequences on consumers and the vibrance of the online ecosystem. I continue to urge Chairman Pai to end his quixotic misadventure, and with that being said, I will yield the remainder of my time to Mr. McNerney. Mr. McNerney. I thank the ranking member. While I am glad we are holding today's hearing about protecting online consumers, I am disappointed that the Republicans on this committee and at the Federal Communications Commission are doing just the opposite. Earlier this year, Republicans passed the privacy CRA, eliminating broadband privacy protections for consumers' personal information. In response, I introduced the MY DATA Act. This legislation would give the Federal Trade Commission rulemaking and enforcement authority so that consumers can have strong privacy and data security protections across the internet. Not a single Republican agreed to cosponsor this bill. In addition, this December, the FCC is expected to adopt Chairman Pai's proposal to dismantle net neutrality. Thousands of constituents have reached out to my office this year to express concerns about eliminating broadband privacy and net neutrality protections. I urge my Republican colleagues to take actions to actually protect consumers instead of talking about protecting consumers while exposing consumers to online mischief. I yield back. Mr. Latta. Thank you very much. The gentleman yields back. And at this time, the Chair now recognizes the gentleman from Oregon, the chairman of the full committee, for 5 minutes. OPENING STATEMENT OF HON. GREG WALDEN, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OREGON Mr. Walden. Thank you, Mr. Latta, and good morning, everyone. Thanks for being here, especially thanks to our witnesses. And today we begin a critical discussion about the evolution of consumers' online environment. We will dive into many of the important questions surrounding the future of data access and content management in a marketplace driven by algorithms. Just in the past decade, the internet economy has grown, thrived, and evolved, as you all know, substantially. It is amazing what is happening there. The smart phones we carry with us everywhere, the tablets we log on to, the smart home devices in our kitchens, all represent a transformational shift in how Americans gather information, receive their news and content, and how they connect with friends and with family. These services are convenient, efficient, and provide valuable and tangible benefits to American consumers. The companies behind the services have created thousands and thousands of jobs and brought the U.S. into the forefront of technology and innovation. In exchange for using certain websites or platforms, consumers are willing to share personal details about themselves--names, locations, interests, and more. The context of the relationship drives that exchange. Now, depending on the service, tech companies and online platforms make their money because they know who you are, where you are, what you like, what photos and videos you take and watch, and what news you read. The depth and power of data will be supercharged with the proliferation of connected and embedded devices in the Internet of Things. Billions of IoT devices will surely be deployed, linking machines to other machines and transmitting massive amounts of data and information to connect Americans to even more services, conveniences, and benefits from all around the globe. So what is behind these services and activities? Algorithms and data. Algorithms are a sequence of instructions to solve a problem or complete a task. These instructions help devices and apps predict user preferences as well as provide the content and advertising you see in your social media feed. Data serve as inputs or signals to those algorithms. Well-intentioned algorithms can lead to unanticipated consequences. For example, algorithmic bots are being profusely designed to steal or to cheat in online gambling and ticket sales. Humans remain a critical part of the creation and monitoring of these systems. In recent months, reports of data breaches and algorithms gone awry have demonstrated the potentially negative influences of digital technology on Americans' lives. This committee has done extensive work on issues surrounding consumer protection and data breaches. We brought in the former CEO of Equifax for a hearing, and we continue to push for answers on behalf of American consumers. At the same time, there have been some high-profile instances of major social media platforms blocking content for questionable reasons using opaque processes. As a result of all of this, consumers are concerned about whether they can trust online firms with the integrity of news and information they disseminate, the welfare of its users, and on a much larger scale the preservation of our own democratic institutions. All these are part of the big public discussion going on right now. As we all know net neutrality is the issue of the moment, but regardless of where you stand on that policy, the recent attacks on Chairman Pai and particularly his children are completely unacceptable and have no place in this debate. Period. I condemn it in the strongest terms, and I call on the entire tech community and my colleagues on both sides of the aisle to condemn it, as well. In light of the current controversy surrounding net neutrality rules for ISPs, it is important to examine how content is actually being blocked or promoted or throttled every day on the internet and not by the ISPs. Net neutrality rules do not address the threats to the open internet that we will discuss today. Now, the goal for today's hearing is to help provide all Americans with a better understanding of how their data flows online, how online platforms and online media sources determine what they see or don't see, and the extent of and methods by which their information is collected and used by online firms. Americans should be able to feel confident that their well- being, freedom of expression, and access to the content of their choice are not being wholly sacrificed for profit. Americans should have vibrant, competitive markets both offline and online where consumers know their rights and options and have the freedom to choose what is best for their circumstances. It is undeniable the internet has created millions of new jobs, tremendous opportunities, access in ways unimaginable just a few years ago, but it has also created these new risks and challenges. So, in the name of convenience, is there a potential for online firms to undermine America's privacy and security in a way that they don't expect or know about? Are the current policies regarding the collection and use of personal data working? Are consumers harmed by this hyperpersonalization? And finally, are firms' content management practices constraining America's ability to speak and to listen freely on an open internet? Consumers should remain as safe from unfair, deceptive, and malicious practices by online firms and their algorithms on the internet as they do in the real world. And we are here today to dig into these tough questions, and we appreciate your advice and counsel from our witnesses today. And with that, Mr. Chair, I yield back. [The prepared statement of Mr. Walden follows:] Prepared statement of Hon. Greg Walden Good morning. Today we begin a critical discussion about the evolution of consumers' online environment. We will dive into many important questions surrounding the future of data access and content management in a marketplace driven by algorithms. Just in the past decade, the internet economy has grown, thrived, and evolved substantially. The smartphones we carry with us everywhere, the tablets we log on to, and the smart home devices in our kitchens all represent a transformational shift in how Americans gather information, receive news and content, and connect with friends and family. These services are convenient, efficient, and provide value and tangible benefits to American consumers. The companies behind the services have created jobs, and brought the U.S. into the forefront of technological innovation. In exchange for using certain websites or platforms, consumers are willing to share personal details about themselves--names, locations, interests, and more. The context of the relationship drives that exchange. Depending on the service, tech companies and online platforms make their money because they know who you are, where you are, what you like, what photos and videos you take and watch, and what news you read. The depth and power of data will be supercharged with the proliferation of connected and embedded devices in the Internet of Things. Billions of IoT devices will surely be deployed, linking machines to other machines, and transmitting massive amounts of data and information to connect Americans to even more services, conveniences and benefits from all around the globe. What's behind these services and activities? Algorithms and data. Algorithms are a sequence of instructions to solve a problem or complete a task. These instructions help devices and apps predict user preferences as well as provide the content and advertising you see in your social media feed. Data serve as inputs or signals to the algorithms. Well-intentioned algorithms can lead to unanticipated consequences. For example, algorithmic bots are being purposefully designed to steal or to cheat in online gambling and tickets sales. Humans remain a critical part of the creation and monitoring of these systems. In recent months, reports of data breaches and algorithms gone awry have demonstrated the potentially negative influences of digital technology on Americans' lives. This committee has done extensive work on issues surrounding consumer protection and data breaches--we brought in the former CEO of Equifax for a hearing--and we continue to push for answers on behalf of consumers. At the same time, there have been some high-profile instances of major social media platforms blocking content for questionable reasons, using opaque processes. As a result of all this, consumers are concerned whether they can trust online firms with the integrity of the news and information they disseminate, the welfare of its users, and, on a much larger scale, the preservation of our democratic institutions. As we all know, net neutrality is the issue of the moment, but regardless of your position on the policy, the recent attacks on Chairman Pai and particularly his children, are completely unacceptable and have no place in this debate. I condemn it in the strongest terms and I call on the entire tech community and my colleagues on both sides of the aisle to condemn it as well. In light of the current controversy surrounding net neutrality rules for ISPs, it's important to examine how content is actually being blocked and throttled every day on the internet--and not by the ISPs. While I will continue to pursue legislation on net neutrality rules, the fact is, they do not and cannot address the threats to the open internet that we will discuss today. The goal for today's hearing is to help provide all Americans with a better understanding of how their data flows online, how online platforms and online media sources determine what they see or don't see, and the extent of and methods by which their information is collected and used by online firms. Americans should be able to feel confident that their well- being, freedom of expression, and access to the content of their choice are not being wholly sacrificed for profit. Americans should have vibrant, competitive markets both offline and online, where consumers know their rights and options, and have the freedom to choose what is best for their circumstances. It is undeniable the internet has created new jobs, tremendous opportunity, and access in ways unimaginable just a few years ago. But it has also created new risks and challenges. In the name of convenience, is there the potential for online firms to undermine Americans' privacy and security in a way that they don't expect? Are the current policies regarding the collection and use of personal data working? Are consumers harmed by this hyper- personalization? And finally, how are firms' content management practices constraining Americans' ability to speak and to listen freely on an open internet? Mr. Latta. Thank you very much. The gentleman yields back, and at this time the Chair recognizes the gentleman from New Jersey, the ranking member of the full committee, for 5 minutes. OPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE IN CONGRESS FROM THE STATE OF NEW JERSEY Mr. Pallone. Thank you, Mr. Chairman. The internet is home to some of the most important conversations taking place today. As internet companies find ways for Americans to communicate, our democracy should be stronger than ever, but as you all know something else is going on. Our national dialogue is being curated by companies policing content, and the number of websites handling this traffic has consolidated to just a few key players. The aim of internet platforms is monetizing web traffic, not public policy. Algorithms created for the purpose of increasing ad clicks is what ends up shaping what we see online, and too often this content is not an accurate reflection of the real world. Structural flaws built into the algorithms used to sort online content may result in racial and other bias in our news feeds. As diverse voices are squeezed out, bias increases even further, and this is simply not acceptable, and I look forward to hearing more today about what we can do about it. Unfortunately, forces are at work here in Washington that make this problem worse. At every turn, we see efforts to give more power to gatekeepers, either by eviscerating net neutrality and privacy or by picking favorite voices for preferred regulatory treatment. Even now, as we hold a hearing to talk about mitigating bias on the internet, FCC Chairman Pai is planning to introduce more bias into the system. The net neutrality rules that he plans to destroy are the protections that ensure that we the people can decide for ourselves what we do and say online, and Chairman Pai's plan will fundamentally change the free and open internet as we know it. Independent voices, those outside the mainstream, may be most at risk simply because they don't have an affiliation with the companies that run the internet. Unfortunately, broadband companies have more than just financial reasons to obstruct access to independent content, it can also be political. Under Chairman Pai's plan, nothing stops those in power from pushing broadband companies to censor dissenting voices or unpopular opinions or to promote views that they support. We are seeing more and more often how this administration is using its political might to pressure even large companies. And this is not a partisan point or even a political one. Jeopardizing the national dialogue should concern all of us. The dialogue that happens online is critical for our democracy. Chairman Pai's move comes after this Congress acted earlier this year to wipe out privacy and data security online. Under President Obama, the FCC adopted fair rules to protect the little guy: ask before collecting information, don't share it without consent, and take reasonable measures to safeguard it. But that was too much for congressional Republicans who voted to take away these protections and hand over consumers' data to big business. Sadly, there is still more to come. Over this past year, the FCC has taken every step possible to ensure that Sinclair broadcasting, already the largest owner of broadcast stations in the country, becomes even bigger. And these steps by the FCC fly in the face of laws Congress put in place to protect local voices. We understand that diverse perspectives are critical for our communities and strengthen our democracy. Instead, the FCC is doing everything it can to allow one company to control what people hear no matter where they are in the country and that is simply not what we intended. So I look forward to discussing ways to eliminate bias in our communication systems. We need to figure out how to wrest power over information from corporations and return it back to the people. And I yield the remainder of my time to the gentlewoman from New York, Ms. Clarke. [The prepared statement of Mr. Pallone follows:] Prepared statement of Hon. Frank Pallone, Jr. The internet is home to some of the most important conversations taking place today. As internet companies find ways for Americans to communicate, our democracy should be stronger than ever. But as we all know, something else is going on. Our national dialogue is being curated by companies policing content, and the number of websites handling this traffic has consolidated to just a few key players. The aim of internet platforms is monetizing web traffic, not public policy. Algorithms created for the purpose of increasing ad clicks is what ends up shaping what we see online and too often, this content is not an accurate reflection of the real world. Structural flaws built into the algorithms used to sort online content may result in racial and other bias in our news feeds. As diverse voices are squeezed out, bias increases even further. This is simply not acceptable and I look forward to hearing more today about what we can do about it. Unfortunately, forces are at work here in Washington to make this problem worse. At every turn, we see efforts to give more power to gatekeepers either by eviscerating net neutrality and privacy or by picking favorite voices for preferred regulatory treatment. Even now, as we hold a hearing to talk about mitigating bias on the internet, FCC Chairman Pai is planning to introduce more bias into the system. The net neutrality rules that he plans to destroy are the protections that ensure that we, the people, can decide for ourselves what we do and say online. Chairman Pai's plan will fundamentally change the free and open internet as we know it. Independent voices--those outside the mainstream--may be most at risk simply because they don't have an affiliation with the companies that run the internet. Unfortunately, broadband companies have more than just financial reasons to obstruct access to independent content--it can also be political. Under Chairman Pai's plan, nothing stops those in power from pushing broadband companies to censor dissenting voices or unpopular opinions or to promote views they support. We are seeing more and more often how this administration is using its political might to pressure even large companies. This is not a partisan point or even a political one. Jeopardizing the national dialogue should concern all of us. The dialogue that happens online is critical for our democracy. Chairman Pai's move comes after this Congress acted earlier this year to wipe out our privacy and data security online. Under President Obama, the FCC adopted fair rules to protect the little guy--ask before collecting information, don't share it without consent, and take reasonable measures to safeguard it. But that was too much for Congressional Republicans, who voted to take away these protections and hand over consumers' data to big business. Sadly, there is still more to come. Over this past year, the FCC has taken every step possible to ensure that Sinclair Broadcasting--already the largest owner of broadcast stations in the country--becomes even bigger. These steps by the FCC fly in the face of the laws Congress put in place to protect local voices. We understand that diverse perspectives are critical for our communities and strengthen our democracy. Instead, the FCC is doing everything it can to allow one company to control what people hear no matter where they are in the country. That is simply not what we intended. So I look forward to discussing ways to eliminate bias in our communications systems. We need to figure out how to wrest power over information from corporations and return it back to the people. Thank you, I yield back. Ms. Clarke. I thank you, Mr. Ranking Member Pallone, for yielding me time. Today's hearing is of great importance to me for various reasons, both as a congresswoman and as a consumer. You see, technology continues to touch all areas of our lives. and its reach will continue to grow in the coming days, weeks, months, and years. With greater reach comes greater responsibility. Companies must ensure that the algorithms used for their services and products are free from all biases. including racial, ethnic, gender, sexual orientation biases. That includes making sure there is a diverse employee base behind the scenes ensuring these algorithms accurately represent American consumers. As a member of the Congressional Black Caucus, I would like to highlight the great work of the CBC Diversity Task Force and the CBC TECH 2020 initiative, two entities that have been doing a substantive deep-dive analysis into the progress of the American tech sector in accomplishing meaningful diversity and inclusion in the technology space. Additionally, I would like unanimous consent to submit for the record a letter my colleagues, Representatives Butterfield, Cleaver, and Kelly, and myself sent to Facebook regarding their site's use of ethnic affinity search criteria, which allow users to violate the Fair Housing Act. This is just an example of abuse within the algorithm space that really needs to be monitored and addressed, and I hope that we will get some recommendations from you here today. It is my understanding that this is being addressed in the short term through Facebook. I just want to go on the record that this is a concern to my colleagues and I. These issues are vitally important, and I look forward to today's testimony. Mr. Chairman, I yield back. Mr. Latta. And without objection, the letter is accepted for the record. [The information appears at the conclusion of the hearing.] Mr. Latta. And the gentlelady yields back. This concludes the Member opening statements. The Chair reminds Members that, pursuant to the committee rules, all Members' opening statements will be made part of the record. Additionally, I ask unanimous consent that Energy and Commerce members not on the Subcommittee on Digital Commerce and Consumer Protection or the Subcommittee on Communications and Technology be permitted to participate in today's hearing. Without objection, so ordered. Again, I want to thank our witnesses for being with us today, because it is very important for us to hear from you and being here to testify before the subcommittee. Today's witnesses will have the opportunity to give 5-minute opening statements followed by a round of questions from our Members. Our witness panel for today's hearing will include Dr. Omri Ben-Shahar, the Leo and Eileen Herzel Professor of Law at the University Chicago of Law; Ms. Kate Klonick, the resident fellow for the Information Society Project at Yale Law School; Ms. Laura Moy, the deputy director of the Georgetown Law Center on Privacy and Technology; Dr. Catherine Tucker, the Sloane Distinguished Professor of Management and Science and Professor of Marketing at the MIT Sloane School of Management; Mr. Frank Pasquale, the Professor of Law at the University of Maryland, Francis King Carey School of Law; and Dr. Michael Kearns, the Professor and National Center Chair of the Department of Computer and Information Science at the University of Pennsylvania. Again I want to thank all of our witnesses for being with us today, and again you each have 5 minutes. If you will, just pull that mic up close and turn on the button. We look forward to hearing your testimony. And Doctor, we will start with you this morning. Thank you. STATEMENTS OF OMRI BEN-SHAHAR, PH.D., LEO HERZEL PROFESSOR IN LAW, UNIVERSITY OF CHICAGO LAW SCHOOL; KATE KLONICK, RESIDENT FELLOW, INFORMATION SOCIETY PROJECT, YALE LAW SCHOOL; LAURA MOY, DEPUTY DIRECTOR, CENTER ON PRIVACY & TECHNOLOGY AT GEORGETOWN LAW; CATHERINE TUCKER, PH.D., SLOANE DISTINGUISHED PROFESSOR OF MANAGEMENT SCIENCE, MIT SLOANE SCHOOL OF MANAGEMENT; FRANK PASQUALE, PROFESSOR OF LAW, UNIVERSITY OF MARYLAND; AND, MICHAEL KEARNS, PH.D., COMPUTER AND INFORMATION SCIENCE PROFESSOR, UNIVERSITY OF PENNSYLVANIA STATEMENT OF OMRI BEN-SHAHAR Dr. Ben-Shahar. Thank you, Chairman Latta. Thank you, Chairman Blackburn, for inviting me, Ranking Members Schakowsky and Doyle and members of the subcommittee, I cherish this opportunity to participate in the conversation. I am a law professor at the University of Chicago, and I specialize in consumer law and consumer protection. You will hear today a lot about the dangers of big data enterprise, how websites know our locations, how smart alarms know and predict our vacations, how employers and insurers know our medications, and even Fitbit records our dedication. We of course all know the data-driven economy delivers enormous convenience and benefits too by offering personalized experience to consumers, but concerns about discrimination, manipulation, data security, and market power and the potential harms they might cause ought to be taken seriously. Still, it is important throughout this inquiry that the basic question-- What is the consumer injury?--be answered before we begin thinking about what the solution ought to be. You will probably hear today other speakers call for more transparency on how data is used and secured so as to give consumers more control over their data and allow them to make more informed decisions. Chairman Walden invited such noble proposals of transparency, writing eloquently in an op-ed, quote, ``It is our job to shine the light on these practices for consumers and ensure transparency in the marketplace so that they can make informed choices.'' I would like to spend my remaining 4 minutes or so to try to talk you out of this transparency instinct. It is not that I don't like transparency or informed decision, it is just that this technique has never worked in any area, and it is decisively unlikely to yield any benefit here. I co-authored a book titled ``More Than You Wanted To Know,'' in which I looked at the effect of transparency laws. These are the numerous laws that require companies to give consumers full disclosures to help consumers make informed choices. Mandated disclosure is probably the most common and for sure the least successful regulatory technique in American law. Disclosure requirements, we sometimes call them sunshine laws, have been used for decades as the primary tool for consumer protection to protect borrowers, investors, medical patients, internet users, insurance buyers, home buyers, in every area of the law, and the record confirmed by mountains of empirical evidence is abysmal--transparency doesn't make a difference. Transparency requires that companies give consumers disclosures, but consumers are not cooperating. They are not reading or using the disclosures. How could they? The texts are too long and cluttered. [Photo shown.] Here is a picture of a typical artifact of transparency, Apple's terms and conditions that include their privacy policy, which I printed out and assembled into a 30-foot scroll, 8- point font, mind you, and hung from the top of the atrium at the University of Chicago Law School. Shoving this monstrosity in front of consumers: Is that what consumer protection ought to do? If consumers tried to read the disclosures, they would of course not understand them and would not be able to put them to profitable use. To use complex information, one needs experience and expertise which people simply do not have. Transparency is defeated not because it is a bad idea but because it is so overused. When you close a mortgage, you receive at least 50 different disclosures so that you, quote, ``know before you owe.'' When you walk into a clinic or buy a product or enter a website or download an app or eat at a restaurant or check your bank balance, you receive disclosures, all in the name of transparency. Consumers have long become numb and indifferent. Any transparency effort in the area of data protection would meet the same consumer apathy. Do you really want to be the authors of an irrelevant policy? Can transparency be done more effectively? If disclosures are defeated by complexity, can simplicity save them? Simplification seems like an obvious solution: If disclosures are too long, shorten them; if too technical, use plain language; if poorly presented, improve the formatting. Unfortunately, simplification strategies have been tried for as long as disclosures have failed. In my research, I tested whether people who are sharing deeply private information with websites that engage in nasty data practices can be prompted to act more prudently by well- designed privacy warnings. I discovered that no matter how simple, conspicuous, and alarming the warning the consumers receive, their behavior is entirely unchanged. Consumers don't pay attention to any of the transparency tools lavished upon them. To conclude, if Members of Congress believe that collection of consumers' data poses risks that require regulatory intervention, I advise that they look for solutions that are outside the popular but unsuccessful repertoire of mandated disclosure and transparency. Thank you. [The prepared statement of Dr. Ben-Shahar follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. Thank you very much for your testimony this morning. And, Ms. Klonick, you are recognized for 5 minutes. STATEMENT OF KATE KLONICK Ms. Klonick. Thank you. Chairmen Blackburn and Latta, Ranking Members Doyle and Schakowsky, and members of the subcommittees, thank you for having me here to discuss this important topic. Every day millions of people around the world post videos, pictures, and text to online speech platforms, but not everything that is posted remains there. Sites like Facebook, Twitter, and YouTube actively curate the content that is posted by their users through a mix of algorithmic and human processes broadly termed content moderation. Until recently, how and why these platforms made these decisions on users' speech was largely opaque. Over the last 2 years, I have interviewed dozens of former and current executives at these platforms as well as content moderation workers at these companies working abroad in an effort to better understand how and why these platforms regulate content. A summary of that research and my conclusions are the subject of my paper, ``The New Governors: The People, Rules, and Processes Governing Online Speech,'' forthcoming in the Harvard Law Review. My testimony today draws from that expertise and knowledge that I gained in researching and writing that article. As a threshold matter, when I refer to content moderation I am referring specifically and exclusively to the experience of the user in posting speech to a platform and what happens to that posted content in terms of removal or nonremoval. I am not speaking to the algorithm that configures the prioritization, promotion, order, or frequency of how content later appears in users' news feeds or Twitter feeds. And in that context, content moderation happens at many levels. It can happen before content is actually published on the site, and when a user uploads a photo, a message appears: ``Upload completed. The video in your post is being processed. We will send you a note when it is ready for review.'' And the moderation process that happens in this moment between upload and publication largely runs through an algorithm screening that checks for matches in pixel fingerprints between illegal or banned content and the uploaded content. Examples of this include photo DNA for child pornography and content ID for copyrighted information. Only a very small amount of material is removed through these types of processes, and most is published, and once published it can be removed in two ways. The first is by platforms proactively using their own moderators, but because of the absolutely enormous amount of posts, this is not a feasible method for all but a very select area of moderation, such as extremist and terrorist content. The second way content is removed after publication is also how the vast majority of content is removed, through being flagged as violating community standards by other users on the site. After a piece of content is flagged, it will stay up, but a crop screen grab of the content is placed in a database queue, where it is eventually reviewed by trained human decision makers. They will look at the offending content and see if it actually violates the terms of service. With that background, I would like to use my brief time to clarify four major misconceptions about content moderation. First, that, contrary to this hearing's title, the vast majority of content moderation of user content is done by trained human decision makers who review content only after it has been flagged by other users and not by algorithms or AI or photo recognition. Second, while users who use sites like Facebook are given a public set of community standards guiding what kinds of content is posted by the site, a separate and much more detailed and much more regularly updated set of internal rules is used by human moderators in making their decisions. These internal rules at these companies are not currently known to the public. Third, Facebook and most platforms use one global set of rules with exceptions to comply with the laws of a given jurisdiction to curate content. This means, for example, the definitions of inappropriate sexual activity are the same for users in Canada as they are for users in India as they are for users in France. Finally, it is critical to note that the ability for these platforms to create this intricate system of governance to regulate content stems from incentives put in place by Communications Decency Act Section 230 which granted platforms immunity from intermediary liability in an effort to encourage sites to remove offensive content while also protecting against collateral censorship of users' speech. In many ways these platforms' self-regulation have very well met the goals of Section 230, but as access to online speech platforms has increasingly become an essential public right, new concerns about regulating platforms are being raised. While these and other concerns are undoubtedly present, changes to Section 230 or new regulations that might affect it should be considered with extreme caution and with a full appreciation of the potential damage that could be caused to consumer rights and to free speech. Thank you. [The prepared statement of Ms. Klonick follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. And, again, thank you for your testimony. Ms. Moy, you are recognized for 5 minutes. STATEMENT OF LAURA MOY Ms. Moy. Thank you. Good morning, Chairmen Blackburn and Latta, Ranking Members Doyle and Schakowsky, and distinguished members of the subcommittees. Consumers are frustrated. Ninety-one percent of adults feel that consumers have lost control of their personal information and nearly 70 percent think the law should do a better job of protecting their information. The law can do better, and it should do better. Consumers are in greatest need of greater control when they do not have a choice about whether to share the information in the first place. This is one reason that we have specific privacy laws that protect things like the information students share with educational institutions or the information patients share with doctors. In these contexts and others, it is not permissible for companies to simply do what they wish with consumer information as long as they are transparent about it, something we see all too often online; rather, strong privacy protections apply by default. We need similar protection by default in other situations where information sharing is unavoidable, as well-- for example, when consumer information is shared with a credit agency like Equifax or when consumer information is shared with the provider of an essential communication service like a broadband provider. We may also need protection by default for other types of online actors such as content platforms as they become bigger and more powerful and consumers increasingly find it unavoidable to share their information with those actors, as well. This is certainly a conversation worth having. But whatever specific information-sharing problem or problems Congress decides to address, it should keep a few things in mind. First, Congress should not eliminate existing protections for consumers' information. This really should go without saying, but unfortunately, in an incredibly unpopular move earlier this year, Congress voted to eliminate strong Federal privacy rules that would have applied to broadband access providers. Similarly, Congress has occasionally considered legislative proposals on data security and breach notification that would eliminate stronger State laws, but consumers want more protection for their information, not less. If Congress wishes to improve on the privacy and data security status quo, it should start by preserving the protections we already have. And just to touch for a second on net neutrality, the same applies in that context, as well. Today's hearing is surfacing some concerns about the power platforms have to editorialize the things internet users read and say, but at the same time the FCC is considering wholesale elimination of rules that prevent broadband providers from doing that. Just imagine how much worse things could get if we start allowing broadband providers to muck with content. Again, consumers in this area need more protection, not less. Second, prospective rulemaking authority is an incredibly important consumer protection tool. After-the-fact enforcement can be helpful, but an enforcement-only regime does not always create clarity, and because it comes only after a problem has occurred, it does not necessarily protect consumers from the problem in the first place. Granting rulemaking authority to an expert agency also fosters much-needed regulatory flexibility. We do not always know what the next privacy or data security threat will be, but unfortunately we all know that there will be one. An agency with rulemaking authority can respond to shifting threats more quickly than Congress. Third, consumer protections are only as good as their enforcement, so any protections Congress creates on privacy or data security must be accompanied by strong enforcement authority. Right now, the FTC does substantial work on privacy and data security, but with few exceptions it does not have the ability to seek civil penalties for privacy and data security violations. In fact, FTC staff and commissioners have appeared before Congress requesting civil penalty authority to buttress their ability to enforce. Agencies that are tasked with protecting consumers' private information cannot do it without the proper tools. Civil penalty authority is needed. Fourth, Congress should avoid the temptation to address complex challenges with a one-size-fits-all approach. There are different types of actors on the internet with different roles to play, different relationships with and commitments to consumers, different competition environments, and different abilities to solve problems. If we adopt a uniform regulatory approach to the entire internet, we are going to be left with the lowest common denominator, something like transparency with enforcement that just prohibits deceptive practices. That is not good enough. Consumers are asking for more. I appreciate your commitment to this issue. I thank you, and I look forward to your questions. [The prepared statement of Ms. Moy follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. And again, thank you for your testimony this morning. And Dr. Tucker, you are recognized for 5 minutes. STATEMENT OF CATHERINE TUCKER Dr. Tucker. So, first of all, I would just like to say what a huge honor it is to be invited here today. Thank you very much for the invitation. What I want to do in my 5 minutes is, first of all, talk about some research I did into an apparent algorithmic bias and then talk about three implications for policy. Now, this particular research topic--what we did was we ran a field test on Facebook where we placed an ad which advertised job opportunities in science and technology. And we placed that ad, we also replicated it on Google and Twitter, and we found that the advertising algorithm ended up showing this ad for job opportunities in science to 40 percent more men than women. And on the face of it, this seems really quite concerning because obviously this is an area where we would like parity of gender opportunity. Now, I say on the face of it, it sounds concerning, because our research didn't stop there, which is usually how research stops, but instead we actually delved into the reasons why this apparent discrimination had happened. And we ruled out the usual leading explanations, which is either that humans are biased, absorb cultural prejudice, or the idea that somehow women have self-inflicted not seeing the ad on themselves by not reacting to it. Instead, if women ever saw the ad, they loved it. They clicked on it. Instead, what actually was going on is all in terms of understanding how the algorithm works, which is that an advertising algorithm basically runs an auction in real time where advertisers bid for eyeballs, and there were some advertisers out there that liked to show ads just to women, and as a result they pay more to show the ad to women. And because we had set up our ad to be gender-neutral, the algorithm thought it was doing us a favor by trying to minimize our costs and not show our ad to those expensive female eyeballs, but instead prioritize those cheaper male ones. Now, that takes us, you know, to show that actually economic forces actually shape a lot, you know, how we see algorithms work. And I want to just highlight three implications of policy. The first implication is that about algorithmic transparency. Now, algorithmic transparency just sounds wonderful, right? Who could ever argue with transparency? But, in this case, let's suppose we could ever decode the pages and pages of algorithms which underlie this ad auction. All we would find is an innocent algorithm trying to save advertisers money. It wouldn't give us really any insight into the potential for bias, and I think that is another argument to build on what we have heard earlier, why transparency, though just so beautifully sounding, is probably not a solution here. The second thing I want to emphasize is, it may be tempting, and we sort of, you know, we have heard a little bit of this idea that maybe the problem is not the algorithms, it is the data that feeds them. And I do want to caution the committee surrounding just simply restricting data flows in this economy. I have done some research. I have testified it into the past about the really quite hideous effects that attempts to regulate privacy in online advertising have had on the health and strength of the technology industry in Europe. We show that they had a 66 percent drop in efficiency after passing regulation, and you just have to sort of fast forward 10 years, look at the strength of the American tech industry relative to Europe to see where that has led. I have also done some research in the U.S. We should emphasize that just restricting data in the health arena has actually led to some really quite negative consequences, such as hospitals failing to adopt potentially lifesaving neonatal technology saving babies. Now, the last--so that is why I am worried about restricting data as a solution--the last thing I just want to say is, look, in some sense you could write a headline saying ``MIT professor finds ad algorithm doesn't show job ads to women,'' but imagine if I had found that for toothpaste. Would we be that worried? No, we might think, well, maybe men should see toothpaste ads, not that worried about it. So I do want to emphasize again the idea that it really matters, the outcome really matters. Thank you. [The prepared statement of Dr. Tucker follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. Thank you very much for your testimony. And Dr. Pasquale, you are recognized for 5 minutes. STATEMENT OF FRANK PASQUALE Mr. Pasquale. Thank you very much, Chairmen Walden, Blackburn, and Latta and to Ranking Members Schakowsky and Doyle. It is a great honor to be here today. My testimony is based on my book, ``The Black Box Society,'' in which I distilled about 10 years of research into the role of data and algorithms and argued for the importance of transparency, and I am happy to do that today. I want to argue that the use of data and algorithms by large corporations will be at the core of civil rights, consumer protection, and competition policy for the 21st century. And I will go over each of those and then talk about how this committee can play a role in advancing all three of those goals. First, with respect to civil rights, I was very glad to hear from Congresswoman Clarke about the letter to Facebook with respect to discriminatory ad profiling. That was discovered last year by ProPublica. There were promises it would be addressed. It was not addressed. And I think that shows some of the failures of self-regulation in the area. Also in my testimony I talk about racial disparities with respect to ad delivery and disparities with respect to disability status or a health condition. For example, a credit card company deciding to raise the interest rate on someone once they know that the person went for marriage counseling. I think that is a very troubling sort of thing, and we should be able to look into that to get transparency about whether it is happening and to stop it. Secondly, with respect to consumer protection, Ariel Ezrachi and Maurice Stucke are great antitrust law scholars and they say that, given the information asymmetry between large corporations and consumers, consumers now really exist in a Truman Show. It is like a Truman Show online. They know so much about us, we often know so little about their practices, and they show how consumers can be manipulated by data that they don't know about. So, you know, we may hear a lot about good personalization online, you see things that you want, et cetera, but there is always a dark side to that. There are things, for example, like vulnerability-based marketing, where the marketing could be based on picking out people who are at particularly insecure times in their life or particularly insecure times of day for individuals. And I think this sort of vulnerability-based marketing, predatory loan targeting, all those things are troubling, and not just for traditionally protected groups but also for people, say, in rural areas that might be subject to price discrimination that I discuss in my testimony. I would also say that with respect to competition, the combination of the power of data in terms of enabling very large digital platforms to decide what consumers see, when they see it, what types of things that they are offered and not offered, that that leads to what I call a self-reinforcing data advantage. What I mean by that is to say that, if you are a large platform, you tend to have more data. When you have more data, you are able to target your things better to consumers. When you are better able to target to consumers, more consumers come on board. It is a virtuous cycle in a way, but on the other hand it does risk getting out of hand and creating the types of asymmetries that really you can't overcome as a competitor. And we have seen that, for example, with respect to European action against Google in their antitrust judgment against Google, where they talked about Google potentially privileging its own services over rivals in search results in ways that were opaque to consumers. And I think that we have got to look at those sorts of dynamics and start to address them. It will be hard, though. And, by the way, I would say that one reason maybe why the U.S. tech scene is doing better than the European one, you know, we have to look at these sort of competitive dynamics, as well, not just regulation. I would also talk about the black box effect here. I would say that it is very hard for us to know exactly what is going on, and we may have only seen the tip of the iceberg here. We may have only scratched the surface. Now, I have painted a very bleak picture of big data and algorithms in this testimony, but there is good news on the horizon. Over the past decade, a number of visionaries have developed a movement for accountability by users of algorithms. It took a combination of computational, legal, and social scientific skills to unearth each of the examples that I have discussed: troubling collection, bad or biased analysis, or discriminatory use of data. And I hope we talk about all three of those things today. Empiricists may be frustrated by the black box nature of algorithmic decision making, but they can work with legal scholars and activists if we have freedom of information laws and if we enable people to understand better how data is being collected, how it is being used, how it can lead to discrimination. Journalists also have been teaming up with computer programmers and social scientists to expose new privacy-violating technologies of data collection analysis and use, and they have pushed regulators to crack down on the worst offenders. I would conclude today by saying that U.S. lawmakers can really help by requiring the openness of algorithms used in many governmental contexts and moving on to empower people to have knowledge of what is going on and how their online lives are being ordered. With that, thank you very much. [The prepared statement of Mr. Pasquale follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. Thank you for your testimony this morning. And Dr. Kearns, you are recognized for 5 minutes. STATEMENT OF MICHAEL KEARNS Dr. Kearns. Thank you. Chairmen Blackburn and Latta, Ranking Members Doyle and Schakowsky, and other distinguished members of the subcommittees, thank you for the opportunity to testify at this important hearing. My name is Michael Kearns, and I am a computer and information science professor at the University of Pennsylvania. I am an active researcher in the field of machine learning, and I have consulted extensively on the use of machine learning in the technology and finance industries. The fields of machine learning and artificial intelligence now play a central role in virtually every sector in which large data sets are present. The number of instances in which the use of machine learning has provided tangible societal benefits, such as in medical diagnosis, is large and growing. Machine learning also increasingly plays a central role in the data collection and use practices of consumer-facing technology companies. Today I want to discuss data intimacy, which is the notion that machine learning enables companies to routinely draw predictions and inferences about users that go far deeper than the apparent face value of the data collected as part of online activities. It is not simply a question of whether consumer- facing tech companies are collecting large volumes of data, such companies are collecting information that provides or allows inferences regarding intimate details about our personal lives. Search engine queries permit inferences about our physical, financial, and psychological conditions. Social media users routinely reveal intimate opinions, beliefs, or affiliations. For example, a recent study showed that using machine learning, anonymous social relationship data permitted accurate identification of romantic partners for over 55 percent of users. Another study concluded that Facebook's algorithms and models are capable of identifying social relationships of which its users are themselves unaware. And religious and political beliefs can be accurately predicted from apparently unrelated social search and shopping activity. Consumer-facing tech companies in the United States have amassed an almost unimaginable set of data about consumers, which enables machine learning and artificial intelligence to make predictions and inferences about consumer behavior and preferences. These large and diverse data sets are the foundation for effective algorithms and models, and companies compete vigorously to amass or acquire these data sets. For example, search engines provide vast amounts of data about consumers' interests in the manner in which they conduct searches. Similarly, mobile operating system data provides a treasure trove of information regarding virtually everything a consumer does on a mobile device as well as their physical location. In addition to knowing with whom a consumer affiliates directly, social media platforms are able to accumulate information about who a consumer follows or what he or she likes. However, while the quantity of data is critical to develop accurate algorithms and models, the quality and intimacy of such data is equally or more important in discerning consumer preferences and behaviors. Increasingly, machine-learning-based algorithms are utilized not only to determine consumer purchasing habits, but also to infer a consumer's emotions, moods, and mental states. While machine learning is employed most commonly and pervasively to target advertising as we have seen in the media recently, algorithms can also be utilized to generate or incite certain emotional responses. From a privacy perspective, perhaps the most important overarching conclusion is that the intimacy of consumer data cannot be measured by metrics that fail to account for the nature, diversity, and content of the data and, most importantly, its potential uses for modeling and inferences. It is both common and possible that the highest-volume data sources can reveal little about the consumers who generate that traffic, whereas more specialized data can directly and indirectly reveal the most private and personal details about consumers. In fact, the widespread application of machine learning to specialized consumer data sources is deliberately designed to extract personal and actionable insights about both individual users and collective behavior. It would thus be wrong to formulate privacy policy based only on the amount or apparent source of data. One must evaluate the sensitivity of the data as well as anticipate how private or intimate the inferences and predictions that could be made from the data might be. This challenge argues for a privacy framework that comprehensively covers the diverse range of data being used commercially and applies consistent technology-neutral privacy requirements. Thank you again for the opportunity to testify before you. Machine learning and AI present significant challenges for policymakers because of the rapidly evolving nature of the technology as well as its pervasive use among consumer-facing tech companies in predicting consumer preferences and drawing inferences about their lives. While policymakers should be mindful that machine learning and AI also produce many of the sizeable benefits inherent in consumers' online experiences, such technology enables companies also to both model and shape user behavior. Thank you. [The prepared statement of Dr. Kearns follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Mr. Latta. Thank you very much for your testimony. We really appreciate it. And this ends that portion of our hearing this morning. We will now be going to the questions from the Members, and I will begin the questioning and recognize myself for 5 minutes. And again I apologize for my 4 weeks of allergies, and I hope I get better in the next 4 weeks. Professor Kearns, if I could start with you. Algorithms are used to produce the results that we see on the internet such as when we do a search or see an advertisement. As policymakers, what are the key benefits and risks for consumers associated with these algorithms that we should be focused on as legislators? Dr. Kearns. Well, I think the benefits are, you know, pretty obvious to anyone who is a regular user of modern internet technology. The personalization in social media sites, in search engines, and in many other aspects and apps that we use, we all enjoy the benefits of that. I think to me, I think the greatest risks are the kinds of things I talked about, which is, you know, there is sort of a distinction about facts about you and things that can be inferred about you from those facts. And so it is one thing to, for instance, ask about disclosure or discuss what is actually, literally, in the data that is being collected, but that is kind of where the game is being played, as far as I am concerned. The use of machine learning allows one to make many inferences that are statistically quite accurate about consumers that aren't written down anywhere in the data about that consumer. So, you know, to give a personal example, the fact that I am an academic and, you know, use a Mac and drive a Subaru probably lets you guess my political affiliation quite accurately already, and if you knew a bunch of other facts about my online behavior, you could probably infer a great deal more. And there are many, many studies these days that sort of establish that fact, and this is a valuable thing to technology companies to be able to do that, to do this kind of--I think in one of the other testimonies here--this kind of microsegmentation. And I think this is the kind of thing that is hard for people to understand, and it is even hard for the scientists at these companies to understand the sort of power of this, this sort of predictive power that they have. You know, when these models are built they don't really know a priori and maybe even afterwards exactly what properties of consumers or inferences they are making about them that aren't--you know, they go well beyond the latent data itself. Mr. Latta. Thank you. Dr. Tucker, your research shows the tension between how much we say we value privacy and in reality how much data we are willing to share online to connect with friends or get personalized recommendations and coupons. What accounts for that disconnect, and how important is the context in what consumers are willing to share online? Dr. Tucker. Well, I am really thrilled to be able to talk a little bit about this because I didn't get to mention it in my testimony. And this is a so-called privacy paradox that so many people say they care about privacy but then act in ways which doesn't sort of live up to that. And one thing, we did a little study at MIT where we showed that undergraduates were willing to share really very personal data in exchange for a slice of cheese pizza. And that was even the ones--and what was slightly disconcerting about it was even the people who said that they really cared about privacy, they usually behave in accordance with those norms, but the moment they saw the cheese pizza was the moment they are willing to share the most personal information. Now I wish I could tell you that I found any group of consumers out there who were not--or any group of undergraduates who were not willing to share data for cheese pizza, but I didn't. So as of yet, answering your question is hard just because we do see this inconsistency between the way that consumers say they talk about their privacy and actually act out there in the online world. Mr. Latta. Thank you. Professor Ben-Shahar, your research indicates that consumers often view privacy policies as confusing and often ignore them, especially from your photograph. At the same time, mandated disclosure has been embraced in many laws and by many regulators. How should we balance the desire for transparency with the results of your research? Dr. Ben-Shahar. I think we should recognize that our desire for transparency, while well-intentioned and makes sense--very alluring, consistent with all American ideologies--all these transparency laws and mandated disclosure laws pass without opposition in this chambers or in any State chambers. This is the one unifying American law. I think we should also recognize that there is a good reason probably why it is so easy to enact these laws: There is nothing to them. And therefore I think that it is important to set them, cast them aside, and then that would enable us to actually get into the--I think in my book I give the example of medicine in the 19th century. Almost every disease was addressed by blood- letting. It took the ability or, you know, from the medical profession to recognize that this is, you know, that panaceas don't work. You cannot use that to start figuring out solutions for each individual problem. And today you are talking, you know, I am invited to talk to you about data policy. I was invited by the FTC and before other agencies to talk about consumer lending, other contexts in which transparency and disclosure is the key regulatory technique, and I keep suggesting to them that it is in your area. You have to first ask yourself what the problem is. I think it is striking to hear what Dr. Tucker and others are finding, that statements about the magnitude of the problems are not matched by the behavior and economic reality. Data privacy is a nice kind of buzzword and data security we are really worried about, we can brandish the number of people that were hurt by the different--were implicated by the different breaches that occurred, security breaches. But what is the evidence about actual consumer harm? Most of the lawsuits that followed, you know, the lawsuits that have followed the Target breach and the Equifax breach were by merchants, credit card companies, banks, they are suffering a lot of the--because our laws largely protect consumers from these incidents. So I think I do not want to suggest that there is no harm in these areas, but it is critically important to understand its magnitude before we begin to think about solutions. Mr. Latta. Thank you very much. And, since I ran over, I will recognize the gentlelady from Illinois, the ranking member of the subcommittee, and also give you a little more time on your questions. Ms. Schakowsky. Thank you. You know, it is hard to decide who to really focus on because we only have 5 minutes. You know, when it comes to transparency, not only don't I take the time to read it, but in order to get to my goal if I don't hit Accept, I Agree, then I can't finish the transaction. So most of the time, for both reasons, I just accept and move on. But I do want to talk about enforcement, and therefore I want to ask Ms. Moy some questions. In Chairman Blackburn's opening statement she talked about shifting privacy from the FCC, the Federal Communications Commission, to the Federal Trade Commission, so I think it is important to understand how the FCC and FTC differ, you alluded to that. But so, Ms. Moy, can you briefly describe the FTC's authority, if any, to issue regulations? Ms. Moy. The FCC or--I am sorry, the FTC really doesn't have authority to issue regulations. It can issue rules under-- it can issue Mag-Moss rules, but it is extremely difficult to do that, and as a practical matter nearly impossible. It can issue rules under the Children's Online Privacy Protection Act and has done that rather effectively, and the Safeguards Rule under GLBA. But when it comes to general privacy and data security obligations, the FTC is unable to issue regulations. Ms. Schakowsky. So the FTC can't use the typical notice and comment rulemaking process to issue regulations about what personal information platforms can collect from users or how those platforms can use that personal information to determine what content it shows to users, correct? Ms. Moy. That is right. Ms. Schakowsky. So which means the Commission is limited to bringing enforcement actions after unfair, deceptive practices have been committed, and often after consumers have been harmed already, right? Ms. Moy. Yes. Ms. Schakowsky. So let's talk about the FTC enforcement tools. In your written testimony you wrote that, quote, ``the FTC generally can only take enforcement action against entities that use consumer information in ways that violate their own consumer-facing commitments.'' Can you describe what do you mean exactly by consumer-facing commitments, and are you referring to policies like the terms of services and privacy policies? Ms. Moy. That is right. The bulk of the FTC's privacy and data security authority comes from Section 5 of the Federal Trade Commission Act which authorizes it to prohibit unfair and deceptive trade practices. As a practical matter, the FTC almost never enforces unless it determines that there is deception that has occurred, and it evaluates a possible deception based on something that a company has said perhaps in a privacy policy and then trying to figure out whether or not it has violated that. Ms. Schakowsky. Even when a platform does violate its own policies, the FTC's remedies are limited. As you noted in your written testimony, the FTC cannot impose a fine against that platform. What are the remedies available to the FTC? Ms. Moy. Exactly. Yes, you know, and as I mention in my comments, I think the authority of an agency is only as good as its enforcement is. And when it comes to the FTC, although it can bring actions for deception when as it relates to privacy and data security, with few exceptions it cannot levy civil penalties against companies that violate privacy and data security commitments. And as a result there is very little in way of teeth when it comes to the FTC's authority. Ms. Schakowsky. So I know that both Acting Chairman Ohlhausen and Commissioner McSweeny support giving the FTC civil penalties authority, and I believe you do, too, as well. Is that right? Ms. Moy. That is right. Ms. Schakowsky. And do you think it would benefit consumers if the FTC had authority then to issue regulations under the normal notice and comment process? Ms. Moy. I do. I think that the fact that the vast majority of consumers are asking for greater consumer privacy protection and for the law to be stronger in this area suggests that we would benefit greatly from greater authority for the FTC or another agency. Ms. Schakowsky. Well, so are there other things that Congress can do? I mean, you alluded maybe to other agencies to help strengthen the FTC's ability or some other agency to protect consumers. Ms. Moy. Well, in addition, as of right now the Federal Trade Commission can't actually regulate the actions of common carriers, and that is a major problem that, particularly with a recent case or a case that is currently pending in the Ninth Circuit, it is unclear whether the FTC has any authority at all to enforce the privacy and data security obligations and activities of companies that have any common carrier practice at all. So internet service providers that offer--whether broadband is classified under Title II or not, the FTC may well not be able to. Ms. Schakowsky. So in the short term what should we be considering? Ms. Moy. In the short term I think that we do need strong protection, privacy by default, ideally, for entities where consumers have no choice but to share information. And I also think that we need to preserve existing protections. We need to preserve existing protections at State law as well as existing protections under regulations like net neutrality. Ms. Schakowsky. Thank you. I yield back. Mr. Latta. Thank you. The gentlelady yields back. The Chair now recognizes the chairman of the Communications and Technology Subcommittee for 5 minutes. Mrs. Blackburn. Thank you, Mr. Chairman, and thank you all for your testimony. It is so enlightening, and we appreciate it. And Dr. Kearns, I am going to come to you first. Thanks for the work you are doing on privacy and around those elements, and we have had a lot of focus on privacy here. And earlier this year I had introduced the BROWSER Act, and basically it has two guiding principles, things that many of us think are very important. One is that we have to find a better balance on privacy moving toward giving the consumer more information and more control over, as I term it, their virtual you, their information that is being collected and used and sometimes distributed; and then, secondly, that consumers have the very same privacy expectations across the entire ecosystem. They are not distinguishing between the ISPs and the edge providers, so when we are setting the ground rules on privacy, they should reflect that. So I would like to hear what your thoughts are on those two points. And when we are talking about online privacy, do you think that people make that distinction? When we are talking about appropriate balance, where is that appropriate balance within opt-in where the consumer owns that information or either opt-out? So I would love for you to talk about that for a minute. Dr. Kearns. Yes. These are good questions, hard questions. First of all, to preface, I don't have specific policy recommendations on these issues. But as a scientist, when I think about the landscape for consumer privacy, the first thing I think about is kind of how actionable the data being collected is and sort of at what level of abstraction it is. And furthermore, there is a phrase I like to use, which is ``data triangulation,'' which refers to the incredible power you can get from having multiple sources of data about the same individual. So to me, you know, when I think about privacy, the things I worry most about are cases in which there are parties that are collecting sort of very private, intimate data on the one hand and also many different sources of it. So, to give an example, you know, by seeing what you buy I can know a lot about you. By seeing, you know, what you search for I can know much more about you. By knowing not only those things but where you are, that gives me a great deal of more information. And if you, for instance, let me also maintain your calendar for you, then I also know where you will be in the future. And I think that the, you know, greatest privacy concerns I have are at that level, at the level where people are very directly expressing, you know, things that might be quite private, things that they wouldn't express in public forums, or that they are expressing in a public forum like a social networking service but are completely unaware how strong the correlations are between their own behaviors and their friends' behaviors and their other online behavior. And so I think in terms of helping consumers understand the privacy landscape it is important not to ignore any source of data. I am not claiming that ISPs, for instance, aren't also collecting very large amounts of data, but to me, I personally am much more concerned about the data I kind of willingly give away using a search engine, and then also letting my operating system track my location online or the presence of beacons in retail stores that kind of correlate my online and my offline behavior. Mrs. Blackburn. Great. Ms. Klonick, I want to come to you on economic incentives and the economic incentives that the platforms have to use algorithms to curate selective content. And I think Dr. Kearns used the term ``microsegmentation'' as they are looking at that for users, you know, based on this online activity. Would you agree that the platforms are being paid to prioritize certain content over other content? And touch on the free speech implications there. Ms. Klonick. Yes. Insomuch as advertised content is paid content over their user content, I think that these, you can absolutely prioritize certain types of content. I am not familiar with the algorithmic processes that would prioritize one user's content over the content of another and that they are being paid to do so right now, but the free speech implications of the vast power of these platforms to self- regulate is, they are twofold. One, it has a lot of implications for the user's speech rights in how these private platforms can unilaterally control at what goes up and what stays or goes down on their sites. But also these platforms have free speech rights, arguably, free speech rights, themselves. So their right to create the community at Facebook or at Twitter, for example, is arguably their own First Amendment right. Mrs. Blackburn. Dr. Tucker, on the economic incentives, do you think that some of these platforms should be willing to pay consumers or users more than a free slice of cheese pizza? Dr. Tucker. Wonderful question. Now, this is a very interesting question. So the slice-of-cheese-pizza example was really about the consistency between what people say about their privacy and then how they act. Now, in terms of paying for data, there have been many experiments, some of them launched from Cambridge, Massachusetts, where various startups have helped devise, have tried to actually set up markets for data. And the reason that is so attractive is, from an economics point of view, one way of thinking about privacy is, really, there is a lack of clarity about property rights. So a market for data is an attractive notion. Now, in all of the instances, though I have been really excited at the beginning because of the idea of actually setting up a market for data and paying consumers, all of these platforms have failed for the simple fact that the kind of consumers they attract who want to exchange their data in these markets tend to be, how can I say it, the less commercially exciting consumers. And we have had this problem of actually just setting it up, making these markets work just because we haven't been able to get the right set of consumers. So I think it is a wonderful idea. I hope one day we will get it to work. We haven't yet. Mrs. Blackburn. Yield back. Mr. Latta. Thank you very much. The Chair recognizes the gentleman from Pennsylvania, the ranking member on C&T, and I also yield you the long time, too. Mr. Doyle. Well, Mr. Chairman, this terrible precedent that you have started by allowing everybody to go 2 minutes over, I am going to try to get us back on track and just use my 5 minutes. You know, when you think about all this technology--social media, the internet, artificial intelligence--you know, the most wonderful, horrible invention in the world, and as consumers we tend to look at the bright side of all this technology without understanding the dark side. If anybody thinks they have privacy, the only way you have privacy today is, I call it to go Flintstone, to have the old flip phone, to not be on Facebook or Twitter or any of these social media sites. But, you know, the reality is, for most Americans over 80 percent of the land mass of country, most Americans have only one ISP provider. They don't even have choice when it comes to that. And so they go on their ISP, and it is the only one they have, and they tell you how they are going to use your data, and it is about 20 pages long of a bunch of legal jargon that most attorneys probably couldn't understand. And if you don't click I Agree, that is it, you don't have access to any of this. So you don't even need a cheese pizza to get people to give up their information. They want to go online to do whatever it is they want to do online, and the only way they can get there, especially if they only have one ISP, is to do that. Now, search engines, you have some choice and you can read different, you know, policies on search engines of how they use your data, and it varies online, whether you are on Google or whether you are on DuckDuckGo or these various sites, at least you have some choice. With your ISP, most Americans don't have choice. They have one place to go. And it is kind of ironic that we are here today to discuss concerns about algorithms used by these social media companies to curate content on the internet, but as we speak, over at the FCC the Chairman is getting ready to allow broadband providers to block and edit speech on the internet at their discretion, relying on public commitment from these providers that they are going to behave. And, given the Ninth Circuit case casting doubt on whether the FTC may even police these broadband companies, it is sort of creating a situation where broadband companies are just free to reign over consumers with impunity, and the FTC for all intents and purposes is a toothless tiger. We talk about shifting all this watchdog function over to the FCC---- Ms. Schakowsky. FTC. Mr. Doyle [continuing]. And they don't really have the ability to do anything on behalf of consumers. Right now, if this law passes on net neutrality next month, basically there is no law of the land, we are just trusting people to behave. They are saying they are going to behave, and we are going to take them at their word that they are going to behave. Professor Moy, I wonder if you can give us some examples of how broadband providers behaved prior to the enactment of strong bright line rules that were put in place by the FCC in 2015? Ms. Moy. Thank you, Representative. That is a great question. Right, because before we had rules we did see broadband providers, internet service providers, blocking things like Voice over IP, blocking tethering applications, so they could extract more from consumers in monthly fees, blocking peer-to-peer sharing applications. AT&T threatened, I think, to block FaceTime unless consumers agreed to pay more for the ability to use that. So, you know, we certainly have seen examples in the past of ISPs using their power as gatekeepers to prevent consumers from using services that may well want to---- Mr. Doyle. So tell me what recourse would consumers have if the FCC Chairman gets his way and removes these protections? Ms. Moy. It is hard to see how they would have any recourse at all. I mean the FCC plans to rely on the consumer-facing commitments again of ISPs, but it is unclear whether ISPs would actually be required to commit to not prioritizing content, not blocking content. And even if they did make those commitments and then violated them, the FTC--you know, you mentioned the Ninth Circuit case--may not be able to enforce against them. You know, their enforcement authority against ISPs is going to be questionable at best or nonexistent at worse. And even if they could enforce, again, they don't have civil penalty authority. Mr. Doyle. Thank you. Mr. Chairman, in the spirit of staying within 5 minutes, I have 5 seconds left, and I will yield them back to you. Mr. Latta. Thank you very much. The gentleman yields back. And at this time the Chair recognizes the gentleman of the full committee for 5 minutes. The chairman, the chairman of the full committee. Mr. Walden. OK, thank you all, I appreciate it. And thanks for our witnesses. My apologies for having to come and go a bit today, but we do appreciate your written testimony and the answers to our committees' questions. I guess, Dr. Moy, the question I have because we are concerned about misbehavior by ISPs, I am also concerned about misbehavior by others in the ecosystem of the internet. And it strikes me that on these information platforms we have seen foreign actors try to affect our elections with paid advertisement that is targeted. We know that there is, in effect, paid prioritization on some of these platforms, right, because you buy advertising, and it strikes me that at least Google--it is an amazing American company, it does incredible work but has about 77 percent market share of search, and I have had consumers complain to me about what they believe to be the use of algorithms that have disproportionately affected them. So what--and maybe this can go to everybody on the panel, but so if, who governs the edge providers when there are questions about use of private data or--nothing is private anymore, but your data and how that gets--and I don't mean this in a negative way, but manipulated use through the algorithms, which we are all trying to get a better handle on, so who governs their activities and what enforcement protocols are in place for those? And I will start with you, Ms. Moy. Ms. Moy. Great. Thank you so much for the question. So yes, right now those practices are, in theory, governed or regulated by the Federal Trade Commission, enforced by the Federal Trade Commission, again under this idea that they can enforce consumer-facing commitments. But, you know, I think you raise a really good point, which is that the growing power of these platforms to editorialize on content is potentially problematic, and we should explore possible solutions to that. But in the meantime, the last thing that we should be doing is eliminating protections that consumers have against paid prioritization at the network level, where there is very little transparency. Mr. Walden. Right. But in terms of other enforcement in the overall ecosystem, if I have a complaint against a search engine or I have a complaint against my social media, I go to the--my only recourse is the Federal Trade Commission, which you have said doesn't have the kind of enforcement authority you would like to see it have, correct? Ms. Moy. Right, right. Yes, indeed. And, you know, and staff and Commissioners---- Mr. Walden. Do you think there should be greater authority for enforcement over the edge providers or similar to what you would see over the ISPs? Ms. Moy. I would certainly support adding protections for consumers across the board. I think that there are concerning practices by both types of actors. I would caution this committee against exploring a one-size-fits-all solution to---- Mr. Walden. Why? Ms. Moy. Because I think that, you know, again the types of information that various actors have access to is different. The commitments and relationships with consumers that they have is different. For example, consumers are paying dearly for monthly access to the internet with a broadband provider, whereas they often are getting certain other services for free or---- Mr. Walden. Right. No, it is an exchange of value. Yes. Ms. Moy. There are certainly differences between different types of actors as well the availability or lack thereof of sharing information with a particular provider or particular type of actor. Mr. Walden. So let me ask you a question, because we have also heard before this committee that there is a very high rate of encrypted data that passes through the ISP pipes, if you will allow me to use that term, and that that is encrypted. They don't know what those data are. It is encrypted, it goes through. It is well over 50 percent, perhaps, so they don't see it, but the other platforms do see the data and can use it and do use it in that exchange, as we know. I am not saying these are bad things. And I think we have heard--I believe it is Dr. Tucker. I am going to get them to make those nameplates bigger for us old people that have vision issues. But the point is that they can, they see it differently. Can you address that, the differences you have seen in Europe versus here maybe on how our technology has expanded dramatically and innovation here because we haven't cranked down as much, right, on privacy? Dr. Tucker. OK. So in the past--and this was about 2011--I did research on how some of the early European data privacy regulation really stymied the ability of Europe's ability to create additional ecosystem like we have now. And since then there has actually been follow-up research which has shown that it wasn't just at the beginning, but it has kept on going, and we have seen an awful lot of lack of entrepreneurship in Europe, too. And so we have seen the failure at the beginning and then the follow-on failure of entrepreneurship, and I think to me that is what has really distinguished what we have seen in the U.S. tech sector. Mr. Walden. So we have had, am I accurate to say we have had more of a light touch regulatory approach to the internet up through 2015 from Europe? Dr. Tucker. I think it is certainly true that we have had a sector-specific touch, right. That we have focused on areas we might care about such as health, private financial data, children, rather than going for a broad brush approach. Mr. Walden. All right. I have exceeded my time. Thank you all again for your testimony, it is very helpful in our discussions, and I yield back. Mr. Latta. Thank you very much. The chairman yields back his time. And at this time the gentlelady from California, Ms. Matsui, is recognized for 5 minutes. Ms. Matsui. Thank you very much, Mr. Chairman. I want to thank the witnesses for being here with us today. I have a question, I think, for Ms. Moy right now. In 2015, the Office of Management and Budget issued a memorandum requiring all publicly accessible Federal websites to only provide service through an HTTPS connection by the end of 2016, which was last year. HTTPS protocol ensures that a consumer's connection is encrypted from their devices all the way to the Federal Government's systems. Regular HTTP connections sent in plain text can be intercepted and exploited by anybody or anything between the user and the website, including somebody using public Wi-Fi. A study released earlier this month revealed that only around 70 percent of Federal websites employed HTTPS protocol. Ms. Moy, how important are the security standards like HTTPS to protect the confidentiality of internet-delivered data on both Federal and commercial websites? Ms. Moy. HTTPS is very important. HTTPS would encrypt in transit the information that is transmitted via websites. So, for example, if you fill out a web form, for example, perhaps in an application for a service that you might find on a Government website, and that form contains or asks questions about information that is highly private, such as information about financial status or personally identifying characteristics like Social Security number, then, if the site is not employing HTTPS technology, one could mount an attack on the transmission and potentially read the information that was transmitted. Ms. Matsui. So how would you know whether it employs the HTTPS on the Federal website? Ms. Moy. So this is the type of thing where in a browser bar, you know, you will see up at the top the little, now we have that little icon, the little green lock that indicates trust for HTTPS protocol. Ms. Matsui. OK, something what we never look for, anyway. OK, thank you. I want to talk about embedded networks. Across almost every industry, we are seeing a trend towards embedding communications functions into their structures. Applied data science such as a massive internet of medical things, rely on faster, more efficient, and more robust communications with innovative enabling technologies such as blockchain. Blockchain can facilitate the exchange of massive amounts of data, but as a decentralized ledger technology it can make online transactions faster and cheaper while maintaining and protecting data integrity. Anyone on the panel, how can new digital technologies and applications help consumers improve data security? Anyone want to start on that one? Dr. Tucker. Well, I have written a little bit on blockchain, so I am just so excited that you mentioned it, and I am glad that you mentioned it without mentioning bitcoin, which is always a distraction. Ms. Matsui. It is a distraction. Dr. Tucker. And certainly we have got an initiative at MIT which gives enormous optimism for the kind of process that you are describing where, really, what we call verification costs for making these kind of transactions easier. Do I have any caveats? My only caveats are that when we have studied it, and if we are thinking about blockchain as being a recipe for protecting privacy, that in some sense it can sometimes embolden people to be somewhat more careless about their data surrounding the edge providers who are trying to serve the blockchain. And so, for example, we have seen that the mere mention of blockchain encourages people to share really quite personal information such as telephone numbers and so on without any guarantees of protection. Ms. Matsui. So they feel like it is much more safe because of the blockchain. They just figure that what they have heard about it, that this is a safe way to go? Dr. Tucker. Yes. That is right. So I sort of have the analogy that it is a bit like, once you have your seatbelt on, perhaps you drive a bit too fast, that kind of an analogy. And so I think it is definitely a step forward, but we have to realize that of course it is going to interact with other providers, and the most will be privacy concerns there. Ms. Matsui. Thank you. Did you want to make a comment? Mr. Pasquale. I would just say very briefly that I testified in September before the Senate Banking Committee, and I mentioned in part of my testimony futurist financial technologies such as blockchain. And I think that it is just very important to distinguish between the private permission blockchain and the public permissionless. I have a lot more confidence in the sort of private permission because it involves what I call complementary automation technology complementing individuals rather than replacing them. So I think that it is, just in terms where I have hope, it is more in that latter category of private permission blockchain. Ms. Matsui. OK, thank you. And I see my time is expired. I yield back. Mrs. Blackburn [presiding]. The gentlelady yields back. Ms. Matsui, I just mentioned to counsel that we may want to secure his Senate testimony and submit that into the record in coordination with your question. Ms. Matsui. Thank you very much. Mrs. Blackburn. Agreement? So ordered. [The information appears at the conclusion of the hearing.] Mrs. Blackburn. Mr. Shimkus, 5 minutes. Mr. Shimkus. Thank you, Madam Chairman. It is great to be here. I got to listen to your opening statements. I found them all very interesting. And then I had to run upstairs to do Energy Markets and Interconnectivity, and then I came back down here, so I may have missed a few issues. I just want to put on the record on this whole net neutrality debate, it is just, for a lot of us it is what is the enshrined law by the legislative process versus what a regulator decides what to do. And what we are seeing now with the passing of the Obama administration, and the Trump administration, is I kind of explain to my constituents it is a pendulum. We are going to do it this way, now we are going to do it this way, now we are going to do it this way, and to stop the pendulum you have to pass a law. You have to enshrine that into a statute, and I would encourage my colleagues to come together to do that. I also want to incentivize build-out. I like more pipes versus less pipes, and I don't want the Government deciding how one pipe should be structured. I would rather have so many pipes that everybody gets what they want when they want it at the speed that want it, and if you are a market-based conservative you have got to send a price signal. And then the other issue on that is this whole--part of this was kind of paid prioritization, or we are talking about so small of lag of time that I can't even use the proper terminology. But would I rather have lifesaving telemedicine go fast versus a Three Stooges video? The answer is yes, I would. So I just want to put that in the guise of some of the debates based upon what the FCC is considering. And then I want to segue real quick to this whole--this is a fascinating panel because you all have done, brought pretty much a different focus and sometimes there are similarities on privacy, on algorithms, on data. So I want to use this example. Over the Thanksgiving break I visited Washington University, a major medical facility in St. Louis, and so I briefly drew my little DNA strand, right, here. And so the question with data is in the healthcare arena we want to go to drive to personalized data, I mean personalized medicine, and personalized medicine means we understand the DNA sequence, and we can pull that out. So then a cancer patient, we don't have to try 15 different types of cures, we can direct it. Now that creates a lot of issues public policy-wise. One issue is the data collection. The other one is data sharing. The other issue is privacy. And when you are doing medical research, I mean, you are really trying to share that data, that DNA sequence of this one case across different major schools of medicine across the country and probably across the globe. So that goes to a lot of your individual comments. I kind of want this to happen. I really believe in personalized medicine. I think it is going to be a huge savings, and I think it helps treat the patient quicker and return them to a very, you know, return life. And we have these hurdles that we are all discussing here. Anyone want to weigh in on--Mr. Pasquale, and then I will go to Dr. Tucker. I got about a minute, 2 minutes left. Mr. Pasquale. I will be very quick to say that I completely agree with you, and I think that, you know, we have talked to-- I run a health law podcast with Nick Terry called ``The Week in Health Law,'' and we talked to several people who are law and policy experts in this type of area, sensitive health data, and we get a lot of good advice on, you know, how can we develop best practices in order to enable data liquidity, data flow between institutions. But I would also say, you know, based on some of the great work done by Sharona Hoffman in her article ``Big Bad Data,'' that sometimes if we don't have good data practices so we know where data comes from and where it is going to, that may impede the scientific validity of some of the findings. So I think we have heard a lot about privacy impeding innovation, but there are ways in which good data practices, good record keeping, can actually help promote innovation as well and promote scientific validity. Mr. Shimkus. Thank you. Dr. Tucker? Dr. Tucker. So I have a study coming out, it is forthcoming at Management and Science, where we actually look at different types of regulation and how they promote or don't promote the kind of personalized medicine you are talking about. And what we found there was that basically just focusing on consent was really quite harmful to patients being willing to adopt this kind of or sort of give this kind of unique data in a cancer treatment setting. What did seem to work, though, was actually giving control to patients, and there were some States that actually experimented with creating ownership or property rights over genetic data, and we have actually seen quite a bit of efficacy in terms of promoting personalized cancer treatments in those States. Mr. Shimkus. Anyone else want to weigh in? I really enjoyed--again I am having a hard time, too, with Mr. Ben- Shahar on the statements of--I mean, how many of us get financial booklets after the fiscal year, and how many people throw it away? I bet you 99.99 percent of all people who get those booklets on what you should know. And I think it is a protection. It is really a protection for those people who are controlling our data. ``OK, we have done it. We have given you the information, now it is your fault if you don't follow it.'' So, it is a great hearing. I appreciate everybody being involved. And I yield back my time. Mrs. Blackburn. The gentleman yields back and, Mr. Green, 5 minutes. Mr. Green. Thank you, Madam Chairman. And I want to thank our two chairs and two ranking members for the hearing today, and as well as our witnesses. It is pointed out that personalized content that we all see on various online platforms is curated by both humans and algorithmic technology. However, the potential for harm from algorithms can be particularly difficult for Congress to address, and thus we should be focusing on it. Professor Kearns, in your testimony you point out that machine-learning-based algorithms can be used to determine a consumer's emotions at any given point in time. How do you monetize that? Dr. Kearns. Well, the short answer is I don't know. But certainly, if I can shape people's moods and it seems plausible people might be more willing to shop if they are in a good mood rather than a bad mood, that might be one way that I could monetize it. I think more generally, though, knowing detailed, fine-grained information about people's mental and emotional states in addition to, for instance, knowing about medical facts about them and their fitness level and their financial health, et cetera, I mean, it has clear sources of monetization. And some of my colleagues on the panel have mentioned some of the negative ones already, such as targeting groups that are particularly vulnerable at a particular time. There is a great deal of documentation, for instance, on kind of predatory loan practices online in the arena of for-profit education, for example. Mr. Green. OK, thank you. Professor Pasquale, if a person often does online searches for phrases that might signify challenging financial circumstances such as financial counseling, how might that change the ads and the search results that they see online? Mr. Pasquale. Oh, that is a terrific question. And one of the big worries that a lot of advocates have is that we can route people into different opportunities. So, for example, if you have exactly the type of searches that you are mentioning, someone might be routed towards payday loans, others might be routed away from them. Now to Google's great credit, I think, 1 or 2 years ago, working actually with Georgetown, they started some self-regulation where they said, ``We are not going to have certain ads on that are over 36 percent APR.'' And I think that is very important, but I also worry that, you know, kind of competition concerns might arise if, for example, Google owned its own finance company that had a business model that would be advantaged by that particular rule. So I think we have to balance, you know, we have to both encourage tech giants to try to self-regulate to avoid the type of tracking that you are invoking, but we also have to have outside authorities to be able to watch that self-regulation, as well. Mr. Green. Or just so the consumer knows that, you know, that is being done and you might not be getting some other offers, that somebody else is making that decision on what they are presenting to you. Another question I have, you mentioned in your testimony that in 2016 after Facebook was found to be enabling discriminatory housing ads, it promised to change the system to address that issue but has not done so. Could you talk about efforts that Facebook and who might require Facebook to fix this problem, and why they may not be successful? Mr. Pasquale. Yes. I think that the issues here are, it is a complex ad ecosystem and so there are lots of different moving parts in the ads, but I think that what is disappointing is that there was this expose in ProPublica, there was a lot of attention to it. There were pledges to do better, but we just saw in the past week or so that the same people that exposed the original problem, that they are saying it hasn't been solved. So I think that is, again, another example where we have to empower either State or Federal regulators to actually have some teeth and to impose some of the penalties that would actually lead to a positive response. Mr. Green. As I found out in this job, everybody needs the boss and has to answer to someone. So we don't have an agency that can do that right now with Facebook if they agree to do something and do not do it? Mr. Pasquale. I think that there are possibilities with respect to, say, the deceptiveness or unfairness authority at FTC. I would also have to research with respect to the Department of Housing and Urban Development and its own enforcement practices, but that is not something that I have personally looked into, so I would have to look into that. Yes. And I could send that later on to the committee, yes. Mr. Green. Professor Kearns, you advocate for a policy approach to the extraction of consumer data that is technologically neutral and accounts for the sensitivity of the data collected. My question, can you elaborate on what you think that policy might look like? Dr. Kearns. Yes. I mean, first of all, maybe let me take the opportunity to say one thing that I think has been running through my head but I haven't been able to get out yet, which is especially on issues of discriminatory behavior by algorithms, I do think that there are scientific things that can be done to address this and there is a, you know, not small and growing community of AI and machine-learning researchers who are trying to design algorithms explicitly that meet the various fairness promises and guarantees. And it is still very early days, but this sort of idea of endogenizing some kind of social norm like fairness or privacy inside of an algorithm I think is extremely important, because while regulatory and watchdog agencies will always be very important, you know, the way a computer scientist would put it is they don't scale, right. So, if instances of malfeasance or privacy or fairness violations have to be caught by human organizations looking at, you know, specific instances or behaviors, they just won't keep up, right, because the tech companies are doing this at massive scale in an automated way. In terms of what can be done, you know, I think it is possible to audit algorithms for various kinds of behaviors without compromising the proprietary nature of the models or algorithms used. And a rough analogy I would offer are kind of the stress tests that banks have been subjected to on Wall Street where, you know, you have to demonstrate certain properties of behavior of your algorithm, but you are not, you know, releasing the source code for it. And I, you know, without having super-specific suggestions in that regard, I think that that is a promising general direction for policy and one that can balance between, you know, a company's legitimate right to preserve their intellectual property and consumer and societal concerns about the behavior of those algorithms. Mr. Green. Thank you. Mr. Chairman, I know I am over time. I appreciate your courtesies. Mr. Lance [presiding]. Thank you very much, Mr. Green, and I recognize myself. Ms. Klonick, in your testimony you mentioned choice as a key part of regulators' decisions not to pursue Title II-like regulations for online platforms. Title II-style regulations may be inappropriate for edge providers or for others in the internet ecosystem, as well. However, some have argued there are fewer choices among online platforms because each website or application serves a specific audience with a specific service. Would you please comment on that? Thank you. Ms. Klonick. Yes. I agree with that statement generally, that specific platforms speak to a specific audience. But there is an enormous and incredibly important distinction to be made here, and that is that there is a huge difference between companies that have kind of natural monopolies like ISPs and then content platforms like Facebook and Twitter. And the former kind of a piece of the pipe, or to put it in terms of speech, they are kind of the printing press and you don't want the printing press rearranging letters or blocking out sentences. You want it to be content-neutral to a certain extent, but you do want the paper or the writers or the editors who use that printing press to be able to make decisions based on the content, and that is something why what we are talking about today is so important. Mr. Lance. Thank you. If there are fewer choices among these platforms, how does that change the evaluation of the platform's ability to moderate content? Does it make it more or less troublesome in your judgment? Ms. Klonick. Yes. I think that as Representative Doyle said earlier, that one of the issues here is that there is a lack of choice between certain types of providers, but on these platforms right now there is just a plethora of choice. I mean, Twitter might have a monopoly over 280 characters of text and Facebook might have a monopoly over a kind of like a relatively safe, family-safe community, but there are plenty of other presences that are currently online. Of course, if that changes in the future and the taxonomy of what these different platforms are able to provide and what users use them for and how they end up having a monopolization or not over broader areas, then I think that that is something that can be revisited. Mr. Lance. Thank you very much. Professor Ben-Shahar, as many of the online platforms we are discussing today offer their services free of charge to consumers, how do we as lawmakers evaluate the appropriate balance between personal privacy against convenience? Dr. Ben-Shahar. Thank you very much for the question. I was hoping to be able to say a few words about that. I think we should be very careful not to change this grand bargain, people paying for excellent services that they like very much not with money but with their data. And it would be a, I think, disaster of consumer protection if we changed that, if you ask consumers in the aftermath of some reform that removed that bargain and made them pay for things like Google, Facebook, and other things with money, if they feel that they were helped, I think they would say in unison, ``No, don't do this.'' In that sense, I think the bargain and the underlying bargain is an excellent bargain. Now, there are worries that of course arise, and I think this is the ultimate, the foundational problem of data policy. It is not privacy or security, it is competition. It is the fact that there are very few companies that dominate the central forum in which these exchanges occur--Google, Amazon, Facebook, and maybe a few more small players. I am not so worried about the ISPs. They, notwithstanding the fact that on broadband there is some local monopolies, there is great competition from mobile, but these big three, or big four if you throw in Apple, big five if you throw in Microsoft, have a lot of power, and the FTC has failed, for example, last year, to intervene in something that the Europeans thought, I think rightly, as raising antitrust concerns. So to conclude, I think that the concern for consumers will arise from lack of competition and concentration, not from privacy and security. Mr. Lance. Thank you very much, and I yield back 42 seconds and I recognize Mr. McNerney of California. Mr. McNerney. Well, I thank the chairman and I thank the witnesses. Sorry, I missed some of your testimony a little earlier. Professor Moy, what do you think the benefits of the current FCC rules for consumers and small businesses are regarding net neutrality? Ms. Moy. Great, yes. So I mean that is a great question. I appreciate that question. The current rules enable small businesses to reach consumers. That is the short answer to the question. You know, if we didn't have rules that prevented ISPs from paid prioritization and blocking, then it would be much more difficult, potentially, for small businesses to reach consumers. Mr. McNerney. So you would agree--or I don't want to put an answer in your mouth--would you agree that it would be harder for small businesses to innovate if the FCC Chairman's proposal is adopted? Ms. Moy. Yes. You know, and it might even be very difficult for a business to know whether or not it is being throttled if it is being throttled. The draft order has transparency provisions in it, but it is unclear whether the transparency provisions would be consumer-facing or in fact if some companies could fulfill those by just turning over information about their practices directly to the FCC. Mr. McNerney. Well, that sort of leads, already answered my next question. But the new rules or the new regime would require or ask businesses if they feel like they have been subject to anti-competitive practice to go to the FCC to resolve their problems. How quickly do you think the FCC could response to those sorts of requests? Ms. Moy. I mean, if it could respond at all, I mean, well, I think the question is whether it could respond at all, right. So there are many practices that might seem anticompetitive but not raise to the level of an antitrust violation. So, for example, if an ISP were throttling a service that an innovator is introducing into the market but that doesn't compete directly with the ISP service of a phone or internet provision, then that practice might look anticompetitive but might not be considered an antitrust violation. Also if, you know, if a company were to try to bring an action in court, you know, I think there is this idea that companies might be able to bring antitrust actions in court, but antitrust actions in court take many years and may cost potentially millions of dollars to mount against a major incumbent. And that can be, you know, that is a barrier that really creates impossibility for a small business or---- Mr. McNerney. Sure. And what sort of penalties could the FTC impose, and would they be effective? Ms. Moy. Right. I mean, so again the FTC's primary authority when it comes to enforcing something like net neutrality, if it could enforce net neutrality again, you know, and I think for all of the reasons that we have discussed repeatedly, including the FTC's lack of authority over common carriers, it is questionable whether they have the authority at all, but most of their authority would come from the ability to prohibit unfair and deceptive trade practices, and there is no civil penalty authority in that area. Mr. McNerney. So under Chairman Pai's plan, broadband providers are not required to disclose the practices at the point of sale or on their website, but they can give those practices to the FTC and the FCC, and they would in turn put them on their website. Is that sort of disclosure viable? Ms. Moy. So, you know, I mean, I think I would say again, you know, I think as an initial matter it is worth remembering that the disclosures alone are not necessarily, are not going to be sufficient, particularly when it comes to when you are in a situation where a consumer only has access to one broadband provider. But when there is a choice that is available to the consumer and they might rely on disclosures to make a choice between two different providers or between multiple providers, that information really does need to be consumer-facing. I was, in fact, on the task force at the Consumer Advisory Committee, the FCC's Consumer Advisory Committee that designed the so- called broadband nutrition label that Chairman Pai is planning to do away with, you know, and we did think that in a situation where a consumer might be considering adopting one of two different services or one of two different service plans, it would be extremely important for them to have easy-to-read information about the actual performance of that service package. Mr. McNerney. I had a couple of questions for Professor Kearns. With regard to machine learning, there are going to be benefits in all sorts of areas, but are there areas where machine-learning techniques should not be used? Dr. Kearns. Well, yes, I think so. And there is, you know, a large and growing community of AI and machine-learning researchers who are trying to debate those sorts of issues. You know, one logical extreme, there is the notion that any decision that really, you know, should lie with a human just because of moral agency shouldn't be made by an algorithm. So one example that is commonly offered is in automated warfare, that even if we could design algorithms or learn models that, you know, made more accurate decisions about whether to fire on an enemy, that perhaps we shouldn't do that because the decision to do that should always lie with a human who has the moral responsibility for that decision. So I think, you know, that is an extreme that I think I would agree with. The harder cases, I think, are cases in which, you know, machine learning is demonstrably effective yet making difficult moral decisions like in criminal sentencing and to, you know, one could arguably ask about things like, you know, college admissions or loan decisions and the like. And so, you know, my view right now is that we are at the very beginning of a very difficult debate about the extent to which decisions that have been made historically by humans and, by the way, you know, historically also exhibited biased privacy decisions, et cetera, when they were being made by humans and turning over them to machines where the tradeoffs are going to be different, but there will be tradeoffs, right. And there is always this tension in machine learning between accuracy, which is, you know, right now essentially what is almost always optimized for, and other things like privacy or fairness, right. Mr. McNerney. Well, I have really gone over my time. Dr. Kearns. OK, yes. Mr. McNerney. So I am going to have to interrupt you and yield back. Thank you. Mr. Lance. Thank you very much. The Chair recognizes Mr. Johnson. Mr. Johnson. Thank you, Mr. Chairman. Mr. Pasquale, when we talk about how companies interact with consumers and handle consumer data, we often talk about transparency, that is, being transparent with business practices. In some industries there are actually transparency rules that require companies to disclose certain information. For example, ISPs have to disclose a slew of information about their business and network practices. Are there any rules that require companies that use algorithms to be transparent about how they work? Mr. Pasquale. So it is a very narrow range of requirements. So, for example, if you look at the online lending space, there has been some caution about certain forms of automated underwriting using what is called fringe or alternative data, data beyond, you know, what is usually used by FICO or other entities like that because under FCRA it can be a requirement of explanation under the Fair Credit Reporting Act with respect to some of these, like giving the reason codes for why an automated decision was made. But in general it is a zone of great opacity. We just don't know. That is why I titled my book ``The Black Box Society,'' because there are so many rules there, so little sense of what is going on there. Yes. Mr. Johnson. OK, all right. Mr. Kearns, Professor Swire from Georgia Tech--my alma mater, by the way, it is where I learned about networking-- concluded that applications such as search engines and social networking services collect data providing greater consumer insight than ISPs. Do you agree with that conclusion? Dr. Kearns. Yes, I do. Mr. Johnson. OK, care to expand? Dr. Kearns. Well, in addition to the aforementioned encryption that, you know, occurs with the vast majority of data that ISPs carry, you know, there is the additional fact that I don't think it has been mentioned yet that it is at the packet level. And the way internet routing, packet routing works is that longer messages, whether they are actual text messages or they are a web search or they are an audio call, are divided into these tiny little fixed-size packets which then travel possibly different paths through the network. So, you know, just going back to a comment I made earlier, this sort of actionability of data at that level, if half or more of it is encrypted and it is also traveling in these little bite-sized pieces and you are carrying a phenomenal amount of that data over your network, if you ask me whether if I am trying to figure out who somebody is and what to sell them and what their mental and psychological condition is, I would much rather have search engine data or Facebook data than packets at the network level. So this is basically what I mean by, I think, you know, from a privacy perspective it is less concerning to me than the data that is being collected by the edge services. Mr. Johnson. OK, all right. Continuing with you, Mr. Kearns, then, my understanding is that approximately 80 percent of internet traffic is encrypted. You just talked about encryption a little bit. That limits what ISPs see regarding consumers' online activities. In contrast, by their very nature, don't edge providers largely have to interact with consumers' unencrypted data? Dr. Kearns. By definition, yes. Mr. Johnson. Yes. Well, doesn't that give edge providers much greater insight into consumers' preferences, habits, choices, beliefs, that kind of stuff? Dr. Kearns. Yes, it does. I mean, I think the right way to think about it, let's say, back in the old days of telephony is, you know, would you rather see the raw analog signal and try to figure out what the conversation is from that, or would you rather have that analog signal rendered through a speaker so that you could actually listen to the conversation, right? And this is an imperfect metaphor, but I think it is a good one. You know, another thing I might offer is, if I am just trying to describe an image to you, would you rather I go pixel by pixel through the image and tell you the color value of it, or would you rather me describe it to you and say, well, ``It is an outdoor image''? ``There are trees. There is a lake. There is a family picnicking.'' And so, you know, by definition, what the end services are getting and what users want to give to those end users are this much-higher-level data that is easy for humans to understand and model. Mr. Johnson. They want to see it all put back together again. Dr. Kearns. Yes, exactly. And you are just kind of not easily getting that at the network level because of the encryption and because of the fragmentary nature of packet routing. Mr. Johnson. Right, right. OK. Well, Mr. Chairman, I yield back a full 10 seconds. Mr. Lance. Thank you, Mr. Johnson. The Chair recognizes Ms. Eshoo. Ms. Eshoo. Thank you, Mr. Chairman, and thank you to the witnesses. I read all your testimony last night, listened to all of you today, and I want to make some comments about this hearing. The title of it is very interesting, and it is an area that needs to be examined. The word ``privacy'' has come up many times, certainly net neutrality and references to it have come up. Strong enforcement has come up. But when you look at the backdrop and the broader stage on which this hearing sits, look what is happening in our country. In a flash, like lightning, privacy was ripped away, the privacy protections were ripped away from the internet. So all of the happy talk of some of my colleagues on this committee about privacy and the sanctity of it, that was forgotten when that vote was taken and the American consumer, I think, has really been hammered as a result of it. I think that, Professor Moy, you made a very important point when you said that the last thing we should do is to repeal, and that has happened. It was very interesting to hear the description of what has taken place in Europe with what they have done with the internet and what we have done and how the internet has flourished in our country just on the eve of the Chairman of the Federal Communications Commission getting ready to rip away the protections that are there that have made it open, free, accessible. So I think there is some political cross-dressing here today, with all due respect, not by the panelists, but I think by some of the Members. And the term ``a strong enforcement'' has been referred to, but I don't think strong enforcement is something that you pick and choose, because we are lawmakers and, unless there is enforcement, then the law is not worth the paper that it is written on. I take heart from what Professor Kearns spoke of because, in this whole issue of algorithms--and let's keep in mind these social platforms are free. They are free. They are not like the ISPs. In the ISPs there must be, I think, only three happy outfits in the entire Nation on the eve of what Chairman Pai is doing relative to net neutrality, and that is Comcast, AT&T, and Verizon. They are the happiest. I don't know anyone else that is for what he is planning to do to the internet. But I do think that it is very interesting to me that you have raised the issue of auditing algorithms. Now, I think that truth has always required transparency. We don't, I don't think, as a committee, really know how to get socks on the octopus, so to speak, here because it is complicated. Free speech is central to us, but we also know that there are bad actors that have used the best of what we have invented to divide us, and something needs to be done about that. There is no question in my mind, and the chairman of the full committee raised that, as well. So how close, Professor Kearns, do you think we are to this what you raised, the auditing of algorithms? Dr. Kearns. So I think we are close. So in particular, you know, many of the instances of discrimination, for instance, in algorithmic behavior were actually discovered by groups of researchers who are effectively doing their own auditing, you know, doing kind of field experiments using services that have algorithms underlying them, testing their behavior and demonstrating, for instance, they have some particular type of bias. There is good research being done on, again, internalizing notions of fairness inside of algorithms. And just to be clear here, I think most instances of discrimination in algorithmic behavior are not the result of any evil by the researchers and scientists at these companies. It is just that, when you optimize your model for predictive accuracy, you shouldn't expect it to have any other nice properties, either, so you need to actually specifically put those properties in your code if you want them to have it. You know, in the privacy arena there is a very strong notion of, you know, kind of internal privacy of an algorithm known as differential privacy that is kind of starting to finally get out of the lab and be used, for instance, in the latest version of Apple's iOS. So this stuff is happening, and the tech companies are participating in, you know, the dialogue and in developing some of the science. It just needs to be kind of taken seriously at scale by those companies. Ms. Eshoo. Well, I am encouraged by what you have just described, and I want to pursue it, as well. If there is more information that you can get to us on it, I certainly would welcome it. And with that, Mr. Chairman, I yield back. Mr. Lance. Thank you very much. The Chair recognizes Dr. Bucshon. Mr. Bucshon. Thank you, Mr. Chairman. Professor Kearns, this is a little bit different line of questioning but important. Is it feasible for your cell phone or an app on your cell phone to listen in on your conversation and collect data? Dr. Kearns. Yes. Mr. Bucshon. And are you aware that that is happening in our country, in everywhere? I will give you an example of why I think that this is happening, and it is an issue that we really haven't touched on today as part of data collection. Dr. Kearns. My default assumption is that, unless I have taken explicit pains to arrange otherwise, that when I use an app on my mobile phone, it is recording at least the data of my interaction with that app and possibly many other aspects of my usage of the phone, as well. Mr. Bucshon. How about when you are talking? Like right now my phone is sitting here, and there is a speaker and I am talking, and is that data, is what I am saying potentially being collected? Dr. Kearns. With or without the microphone on. Mr. Bucshon. Correct, with or without. Well, the question is the definition of ``on,'' right, because that is being made by the company that makes the phone. I mean, it has been shown recently and it has been on, I think, Wall Street or somebody reported that you can turn off essentially everything on your phone and you are still being tracked. So the speaker is important. Let me just say this, and this is the reason this came to me is because my son, who is 24, he lives in Chicago, he was standing around with some, a couple, with a friend at work, a person at work. Nobody was on the internet. He was talking about, and I can't remember specifically what it was, but it was about shoes or something and the next day he had ads for that exact thing on his feed. He didn't do a Google, he didn't do any search. I don't want to single out a company, but he didn't do any search at all. All he did was talk in the presence of his microphone on his phone. Do we know if that is happening? Dr. Kearns. I am not a security expert, but I do know that there are more instances these days of situations in which, you know, the operating system on your mobile phone communicates with beacons in retail stores, and this is how one often experiences, you know, why even though I didn't do a search on some product at all, but I happened to be in the store yesterday, the physical retail store---- Mr. Bucshon. Yes, they can do that. Dr. Kearns [continuing]. Am I not, you know, and this is because they are now starting to install so-called beacons in these stores that interact with the operating system on your phone, and so then the retailer knows that you were there. Mr. Bucshon. If you were in a shoe store, they know you were in a shoe store. Dr. Kearns. So, you know, my feeling about these things is that the way technology is, is anything is possible, right. And then the question is, is it widespread and who is doing it, and is it kind of for deliberately nefarious purposes or is it, you know, just advertising, quote unquote? Mr. Bucshon. I mean, it is important because I am a Member of Congress and I have confidential conversations all the time with my phone, and I am not on the internet. And so that is a question. I had mentioned this to my staff, by the way, when I went back to the office, and they go, ``Oh yes, that has happened to me.'' I mean, all the young people are like, ``Oh yes, that happened to me before.'' So I just thought that was something that we need to, really, also as far as collecting data and then analyzing like you have described, I mean, I think what we really need to think about, not only when you are actively on your phone but whether or not through your--and I am not a conspiracy theorist or anything, right--through your actual speaker that you can be monitored. Dr. Kearns. Yes. I mean, and I think we are also voluntarily heading this direction in the form of home devices like, you know, Echos and, you know---- Mr. Bucshon. Yes, right. That is obvious, right. Dr. Kearns [continuing]. In which, you know, are kind of sitting there all the time recording. Mr. Bucshon. Right. Professor Ben-Shahar, you stated that consumers ignore privacy disclosures. How would you suggest we inform consumers that they have given consent to their data being collected? How can we do that? Dr. Ben-Shahar. I think consumers understand in general what is going on, and indeed a lot of the surveys suggest that they know that a lot of their information is being collected. They are not surprised when they find out that yet another practice is prevalent, for example, that now these home butlers, the Google Home or Alexa is listening to everything that is going on. I think that consumers by now have figured out that this is going on, and so there is not much that we can tell them that they don't know. Now there are specific things that are going on that defy consumers' expectation. And if the expectation is created in an affirmative way by your smart phone or by Google or by other service, for example, they give the consumer the impression that they can turn on or turn off some kinds of surveillance or some kinds of data collection and it turns out that they can't, that even if they did what they were supposed to do and had the reasonable understanding that they are not going to tracked in a particular way, they still are, that is an FTC issue. That is an issue of---- Mr. Bucshon. Well, that has happened. It has just been written in the papers recently that it has happened. Dr. Ben-Shahar. To the extent that that is happening, that should be--I think that there are tools in our law, both in contract law and in consumer protection statutory law, to take care of these kind of things. I don't know, you know, maybe other panelists know better. I don't think these things happen too much, for the simple reason that it all costs nothing for the services to let consumers know what is going on. Consumers don't care. They are not going to bother, change the settings or re-change the settings every time there is a new version of the software. Mr. Bucshon. Thank you. I am out of time. I yield back. Mr. Lance. Thank you very much. The Chair recognizes Congressman Flores. Mr. Flores. Thank you, Mr. Chairman. I appreciate all the panelists for joining us for this important hearing today. The first question I ask, I mean, one of the things that is obvious is that data is pulled from everywhere, whether it is data services, your mobile phone, your Alexa, whatever, operating systems, and social media platforms. So my question is this, for all of the panel. I am going to start with Professor Kearns, and then I am going to ask a couple of other questions, and we will come back to the panel if we have time about this issue. So the question is simply this: What are your thoughts as to whether or not Congress or policymakers need to establish a consistent legal and regulatory framework for how this data is obtained and used? Dr. Kearns. Well, I will be brief so other people can talk, too. But, I mean, as per my earliest remarks, as a scientist, so I am not a policymaker, I am not a lawyer---- Mr. Flores. Right. Dr. Kearns [continuing]. But from a scientific perspective, to me the most important thing is not sort of, you know, how much data you have measured in petabytes. It is not kind of whether the data came from this service or that service or this app or that ISP. It is, what are the actionable insights about consumers and what are the facts about their lives that you can infer from that data? And as a scientist I don't see an easy way to carve that up into little subdomains and say, like, ``Oh, well, you know, because we just--'' the truth is, we don't know, right. These companies themselves are figuring out just now how powerful AI and machine-learning techniques applied to all kinds of data are. Mr. Flores. Right. Well, the challenge is, is that policymakers and regulators typically move way behind the speed of technological change. And so what I am trying to figure out is how do we get in front of this, or do we need to even worry about it? And I will come back to the rest of the panel on this question in just a minute, but I do have two other questions for Professor Pasquale first. In your testimony, you noted that bottlenecks can threaten competition at any layer of the network, not just the physical layer provided by the ISPs. And so the question is this: Can you elaborate on the potential bottlenecks other than the ISPs, beyond the ISPs? Mr. Pasquale. Sure. So I did a 2008 article called ``Internet Nondiscrimination Principles,'' and what I tried to do is to say that the same type of concerns that are motivating people to advocate for net neutrality should also be looked at, at the social layer, at the search engine, at the app store level. And particular examples, there are two examples related to China that I think are really interesting and I discuss in my book. One is that someone developed an app called ``In a Permanent Save State,'' and it was a game that was also a critique of Apple and its use of certain Chinese factories and labor. And the Apple app store rejected it over and over again, and they couldn't really understand why that was happening. Similarly, there is a case called Langdon v. Google where someone wanted to buy an ad titled ``China is Evil,'' and there was, I thought, a relatively arbitrary decision by Google to say, ``No, we are not going to sell you that ad.'' And so I think those are very concrete examples of a much larger problem, where I think that we have to be much more imaginative as academics and as policymakers in seeing the connections rather than seeing the separations between these different entities. Mr. Flores. Well, that sort of goes to my next question, because we have talked a lot about how content is filtered online, but we need to consider how content is filtered through other platforms, even voice service devices. It has been reported that voice service devices prioritize certain content and services and they have even excluded certain products from their platforms. So the first question is, are there anti-competitive concerns associated with this type of prioritization? Mr. Pasquale. Congressman Flores, I have to confess I am not familiar with that niche of the market, so I will have to pass. Mr. Flores. OK. That is fine. Let's move back to my initial question, if we can. I would like to get the comments from the rest of the panel. Again, the question was this: What are your thoughts as to whether policymakers need to establish a consistent legal and regulatory framework for how this data may be obtained and used? Let's start with Ms. Tucker. Dr. Tucker. So I think it is very difficult--and Europe has taught us this--to have a consistent framework governing technology. On the other hand, I think it is possible to identify areas where we are particularly concerned about privacy, be it health, be it kids, and make sure the policy is focused on protecting those outcomes we really care about. Mr. Flores. OK. Dr. Ben-Shahar? Dr. Ben-Shahar. My answer, with all due respect, is a resounding no. I don't think that policymakers should tell business what data to collect and how to use it. Mr. Flores. In the interest of time, I appreciate the short answer, OK. Dr. Ben-Shahar. And maybe just set red lines. Mr. Flores. Ms. Klonick, sorry. Ms. Klonick. Yes. I think that regulation, Section 230 and any regulation that kind of curtails the ability of these businesses and platforms to self-regulate, is probably not in the best interest of the public. Mr. Flores. OK, thank you. And, in the interest of time, I will yield back the balance of my time. Mr. Lance. Thank you very much. The Chair recognizes Congresswoman Walters of California. Mrs. Walters. Thank you. And thank you for holding this hearing, and thanks to the witnesses for being here. We can all agree that protecting consumers' information is paramount and that consumers deserve a clear understanding of their privacy expectations when using the internet. It is important we have this discussion so we can better understand how consumers benefit from current practice and examine ways to protect against the misuse of consumer information. Professor Tucker, what is the best way to protect my constituents' privacy to make them feel secure and confident in the use of their data without impeding future innovation and America's leadership in the technology sector? Dr. Tucker. So, over the various sectors and various time periods, my research has repeatedly shown that the best way of introducing privacy protections is to give a sense of control back to consumers. Now, that is distinct from transparency. It is distinct from disclosures. Instead, it is about restoring a sense of control. And what is more, my research has actually shown that that kind of policy is in from self-interest. And if you try and do the kind of microsegmentation using really personalized data, for example, preferences of someone over shoes, then using that kind of data for advertising only works if there is a parallel sense of control among consumers. Mrs. Walters. OK, thank you. Professor Ben-Shahar, what protections do existing legal schemes provide for consumers to protect them from the theft or loss of their data, and are those legal schemes sufficient? Dr. Ben-Shahar. Well, I think that, again, I am not a data security expert, but my understanding is that there are very few protections that are granted to consumers. Many of the things that were recommended that people do after, for example, the Equifax breach were fairly limited. I mentioned before in my testimony that I think that the reason there are so few remedies and recourses is because largely there is no evidence for the fact that consumers are suffering in a magnitude of harm that requires greater a remedy in this context. Mrs. Walters. OK. And then I have another question for you. How does the use of algorithms to deliver content impact consumers' experiences online, and is there a benefit we see to the practice of collecting data? Dr. Ben-Shahar. I think that benefit is enormous, and it has been, you know, measured in many different ways. But I will just recommend to try one time to disconnect all the knowledge about you from your smart phone and see what happens. When you open Google Maps and want to go something and it no longer recognizes after the first letter where it is that you wanted to go and the inconvenience that you will say, ``Ah, no, I wish the data service was still on, the recognition was on.'' I think in many contexts personalization delivers astronomical value that has not yet been tapped. In my own research I am looking about at ways in which we can personalize legal rules and other things, but the only reason that we think about these new areas is because existing areas have proven to be enormously beneficial--education, insurance, medicine, and the like. Mrs. Walters. OK, thank you. And Professor Tucker, some digital platforms would say that, when third parties are permitted to use their platform, that platform gives consumers the tools to control their experience. Are we putting too much of the onus on the consumer to review the permissions the developer is requesting and forcing the consumer to choose which information to share? Dr. Tucker. So I think this is a very good distinction to make in that, let's be clear, whenever we have actually studied search logs of how consumers behave when they are confronted by control, rather than opting out and, you know, protecting their privacy, they tend to actually go in and try and improve the data, because there is nothing more irritating--I don't know if this has happened to you, that you are looking at a web service which thinks you are a 25-year-old man, and you are like, ``Why do you think that?'' Consumers tend to try and improve the quality of data, intriguingly. The one distinction I do want to make, though, is that there are some categories of consumers where perhaps there isn't that level of control exerted. For example, we have a study right now which looks at apps which are targeted at toddlers. I don't know if you have ever been to a restaurant where parents are using these to quiet down their toddlers, but we saw there a vast quantity of data being collected. And there I think it is fair to assume that those toddlers are not really actually exerting any control on whether their location is being tracked or their use of the sort of My Little Pony app or whatever it is. Mrs. Walters. Thank you, and I yield back the balance of my time. Mr. Lance. Thank you very much. The Chair recognizes Congressman Costello. Mr. Costello. Thank you. I want to share some reflections I have here and allow each of you to correct my understanding or enhance it, whatever terminology you may wish to use. From my perspective, browser history in some respects is a commodity, but it is very invisible and at this point there is no regulatory framework for when and how it can be incorporated into an algorithm. I take, and this is not a precise corollary, but if I made a phone call to you and the content of our discussion was transcribed and it was then sold or utilized for proprietary or commercial gain, there are some similarities between that and how an ISP is able to gather some of that content and then incorporate that into an algorithm or into how advertising would make its way into my internet searches, or if I go to a news website, all of a sudden up pops laundry detergent if I was Googling laundry detergent. Someone made the comment about editorializing content or raise concerns on the political side. It may have been Ms. Moy in her written testimony. I read everyone's written testimony. The trouble, the thing that I am grappling with on the concerns related to what kind of political content shows up and how you might be able to shape one's opinion of things is, what is the difference between that and picking up a newspaper in the morning? And I don't really know how to distinguish between-- you can distinguish between the two, but in some respects I don't know that you should distinguish between the two. As it relates to the Federal Trade Commission, if we are talking about, particularly on political content, but even amongst other things, how would the FTC go about adjudicating equal time if we were to get into talking about political content, and how does it get, how do you determine, oh, well, you put too much left-leaning or too much right-leaning content? I think that that can get deeply problematic. And I believe, also, Ms. Moy mentioned something about adding protections for consumers, if you could share with me what kind of protections you might be speaking about. The gentleman, I believe it was Dr. Ben-Shahar, I agree with your testimony. I don't think that these waivers or disclaimers or--it doesn't mean a hill of beans. I totally agree with you. I am not sure, I think that is just more about indemnification or protecting one's liability, and that is fine. I mean, I don't think we should expect more from that. I don't know how you could expect more from it. But the final thing I want to say for comment relates to Ms. Tucker's testimony. And in the final two paragraphs, you talk about how different types of data can have different consequences and that any regulation, rather than treating all the data the same, needs to distinguish between what kinds of data may be actively harmful to consumers and what data may not be. And it seems to me that we are really talking about values here, right. We want algorithms to be able to be helpful to the consumer and, candidly, in some respects helpful to those who are going to use that data to make sure that you have information that you may be more predisposed to wanting to see. We don't want that data to be harmful. See, I am going on way too long. How do we create a clear yet evaluative standard and entrust everyone to follow it with enough tools for the FTC to embrace that kind of framework if we were to do it? I have spoken way too long. Comments? Mr. Pasquale. I mean, I just want to--I have two quick responses, one being that I do think that, you know, in terms of thinking about what data is sensitive and what is not, that can be a strength of a privacy regime. But if we also look at the work on big data proxies, how like Nicholas Terry has described, how you can have, say, location could be a proxy for race or the very data that you don't think is terribly sensitive could be a proxy for other data that is sensitive, that is where I would turn sort of Dr. Kearns' work against Dr. Tucker's work in a way and sort of say that there is a way in which, you know, it is because of these sort of inferences you can make from somewhat insensitive data to sensitive that is important. With respect to Google and the newspaper, the difference that I would make is that I would say that what we are concerned often with respect to unfair algorithmic influence on political activity would be something that was a lot more subtle. So, for example, imagine if Facebook decided it was only going to encourage Democrats to vote. We do have studies that have shown that that can lead to I think it is a 0.63 or a small increase on the margin of the people whose feed is spiced with get-out-the-vote advertisements. So that is something I think we definitely have to look for because, when a newspaper says ``Vote for X,'' I can see that. But when Facebook, you know, suddenly spices the feed of the people that, say, it likes, then we can't see that. Mr. Costello. Fair point. Ms. Moy. So yes, and I will just add, you know, when it comes to--so a couple things. One, you know, when it comes to the FTC's enforcement authority, at the risk of sounding like a broken record, the enforcement authority really is limited to deception, unfair and deceptive practices, and there is no civil penalty authority. But, you know, on your question of paid political ads, specifically, you know, I think that this is a really hard challenge that I suspect we don't have a lot of really good answers for yet on how to deal with. You know, one thing, though, is that there is very little transparency about what ads are being paid for and even when they contain political content. The FEC is conducting a rulemaking right now to at least explore the possibility of increasing transparency when it comes to labeling of political content on platforms, but--or online, I should say. You know, but I think also this is a question where it might be extremely difficult to identify some political content, for example, when it relates to issues as opposed to candidates, without human eyeballs. And there is a tremendous amount of content that gets posted online and not nearly enough human eyeballs reviewing some of that content to determine whether and to what extent it might have a political effect. Mr. Costello. I am just going to read this, something real quick into the record. I know you are ready to get out of here, Mr. Chairman. When someone states, quote, ``I could slow down''--well, we talked a lot about power that exists in the hands of those that are not ISPs. For instance, just last weekend, Matthew Prince, the CEO of Cloudflare, signaled he would look into taking up a challenge to slow down the FCC Chairman's internet speed at his home. These apparently are not the least of the threats to Chairman Pai's home life. When someone states, quote, ``I could do this in a different but equally effective way''--and I would like to submit the entire string of tweets for the record--isn't it clear there is a great deal of power in those that are not governed by the same rules in the internet ecosystem? And how would your reaction be different if an ISP did this rather than an edge provider? We don't have time, but if we could take any comments for the record on that, because we are dealing with this larger net neutrality issue, and I think some of the concerns are that it is not just ISPs that we should be looking at. There are some others that aren't governed that clearly have the power to do things that we all have concerns about. I yield back. [The information appears at the conclusion of the hearing.] Mr. Lance. Thank you very much, Congressman Costello. Seeing there are no further Members wishing to ask questions, I thank all of our witnesses for being here today. Before we conclude, I include the following documents to be submitted for the record by unanimous consent: a paper from the 21st Century Privacy Coalition, a letter from the Electronic Privacy Information Center.\1\ --------------------------------------------------------------------------- \1\ The paper has been retained in committee files and also is available at http://docs.house.gov/meetings/IF/IF17/20171129/106659/ HHRG-115-IF17-20171129-SD004-U4.pdf. The letter appears at the conclusion of the hearing. --------------------------------------------------------------------------- Pursuant to committee rules, I remind Members that they have 10 business days to submit additional questions for the record and I ask that witnesses submit their response within 10 business days upon receipt of the questions. Without objection, the subcommittee is adjourned. [Whereupon, at 12:47 p.m., the subcommittee was adjourned.] [Material submitted for inclusion in the record follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] [all]