In announcing the event, dubbed PrivacyCon, the FTC requested proposals for presentations about new research in the fields of privacy and security, including papers on “new vulnerabilities and how they might be exploited to harm consumers, as well as recent research in areas such as big data, the Internet of Things, and consumer attitudes toward privacy.”
Example topics listed on the conference website included drones, educational technology, health and fitness gadgets, and smart-home appliances—all of which have played major roles in recent debates about the trade-offs between connectivity and privacy.
The conference will take place on Jan. 14, 2016, at the FTC’s offices in the Constitution Center in Washington, D.C.
The federal government has largely been caught unprepared as companies devise increasingly sophisticated technology in these and other fields—sometimes without preparing for, or even considering, the privacy implications. The Federal Aviation Administration (FAA), for example, has struggled to regulate commercial and private drones, earning criticism from hobbyist groups and e-commerce giants alike.
In announcing PrivacyCon, the FTC seemed to be reinforcing its commitment to grappling with the privacy consequences of new technology by relying on expert advice.
“Due to the unique role that whitehat researchers, academics, and information security specialists have played in raising awareness about privacy and data security issues, the FTC is particularly interested in enlisting their participation in this effort,” the commission said on the conference website.
Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, told the Daily Dot that his technical experts were considering submitting proposals about techniques for catching companies violating their users’ privacy.
“Obviously that’s an area, both on the Internet and in the mobile space, that’s especially difficult for ordinary users to combat,” he wrote in an email, “and even regulators and legislators, because technical expertise is important to understanding what the companies are doing.”
But Tien also cautioned that many of the practices under the FTC’s purview were about corporate ethics, not technical vulnerabilities that could be highlighted in IT experts’ research papers.
“Important privacy (or anti-privacy) activity isn’t very ‘high tech’ at its ethical or moral core,” he said. “We often get all starry-eyed about the new ways of collecting and analyzing ‘big data,’ but buying and selling lists, profiles and dossiers is just marketing personal data.”
Joseph Hall, chief technologist at the Center for Democracy & Technology, a consumer advocacy group, called PrivacyCon “a fantastic idea.”
“The FTC has been increasingly focused over the past decade and a half on making sure that they have a good understanding on the state of the art as compared to what is available and practical in the market,” Hall wrote in an email to the Daily Dot. “This is a natural extension of that work to do it in one event that hopefully happens each year.”
The announcement comes as the FTC celebrates a majority court victory that affirmed its authority to sue companies that don’t adequately protect customers’ personal data.
Tien stressed that the FTC should use the conference to study corporate behavior to arm itself for future lawsuits. “Investigation and research into what companies are or aren’t doing to protect our data comes before litigation,” he said. He also noted that the FTC was not the only watchdog in the country. State attorneys-general often have similar enforcement powers.
Regardless of what FTC officials learn at PrivacyCon, Tien said the commission needed more than information—it also needed money.
“You can’t do this well on a shoe-string [budget],” he wrote. “If Congress truly cares about the data security of ordinary citizens, it needs to give the FTC and others the resources to enforce the laws currently on the books.”
Photo via cote/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III