IP: suggested ftc action, unlikely; don't seem motivated, or capable

[David Farber <dave () farber net>]

White I disagree with his point suggesting automatic updating (VERY 
DANGEROUS) , the rest makes sense djf


> Date: Sat, 22 Dec 2001 08:34:08 -0500
> To: dave () farber net
> From: Paul Foldes <pfoldes () eidmgt com>
>
> As Louis Mamakos correctly noted yesterday in a posting excerpted 
> below,  the FTC's Bureau of Consumer Protection (where I was employed in 
> 70's, at a time when the Commission took a more pro-active stance to 
> protect consumers) has the statutory authority under Sec 5 of the FTC Act 
> prohibiting unfair <emphasis added> and deceptive practices to inquire 
> into whether Microsoft is adequately informing non-technically savvy 
> online consumers regarding the safe use of its products.
>
> Given the realities, as Microsoft has just publicly acknowledged: 
> "individuals design software, and therefore it can never be perfect' -- 
> adequate notice as suggested below (similar to one required by the FTC 
> regarding car mileage disclosures with which I was intimately involved) 
> does not seem unreasonable.
>
> Unfortunately, the FTC does not currently seem much inclined to 
> pro-actively protect consumers, Based on my experience recently it does 
> not seem capable of timely recognizing, or responding to a clear and 
> present danger; even when such danger is pointed out plainly, and clearly 
> in a fax sent directly to its Chairman.
>
> On October 26th, in a letter addressed to the current Chairman I urged the 
> FTC to undertake an immediate, high visibility, and importantly - average 
> adult online user understandable - consumer education campaign to 
> facilitate safer online eCommerce and eGovernment given post 9/11 realities.
>
> This call for immediate action was prompted by the anthrax related 
> concerns using surface mail which was causing major interruptions with 
> traditional communications channels between consumers and businesses. The 
> President's urging of citizens to help maintain the economy's strength  by 
> continuing to shop meant that  consumers would need help in safely 
> communicating online more than ever.
>
> What better role to play for the FTC than to help the economy by helping 
> consumers become more confident (armed with reliable, understandable 
> information) of using the Internet for responding to the inevitable 
> increase in online marketing, and need for increased safe and secure 
> online order fulfillment.
>
> For starters, as a good number of consumers unknowingly use older browser 
> versions with 40 key encryption instead of 128 key encryption to access 
> sites requiring submission of credit card ( other important 
> information,  such as social security number, etc) I urged a prompt 
> campaign to educate consumers how to timely upgrade their browsers to more 
> secure encrypted browsers. And to facilitate increased responsiveness to 
> marketing, a campaign to educated consumers on how to use cookies more 
> safely, and effectively. The proposed effort was considered not only 
> directly supportive of the national interest to encourage safer use of the 
> Internet, but was long overdue as well.
>
> My experience with the responsiveness of the current FTC has not been 
> comforting.
>
> Instead of receiving substantive response from either the Chairman's 
> office, or from the head of the Bureau of Consumer Protection, I have so 
> far received 3 duplicate form letters from the FTC's correspondence unit 
> assuring me that the Commission has received my 'complaint about invasion 
> of my personal privacy'.
>
> Considering that I faxed my letter directly to the Chairman's office (and 
> called to make sure it was received) so that it would not be delayed, or 
> lost as a result of the anthrax induced radical changes then underway in 
> handling of surface mail in the Washington area, there is no excuse for 
> the lack of substantive acknowledgment at least.
>
> It would we a welcome development if the FTC, after taking notice of the 
> reputably noted security flaws found in Microsoft products with some 
> frequency, and in light of Microsoft's dominance of software used to 
> access information using the Internet - required:
>
> 1) Notice on all software (not just Microsoft), every time it booted 
> up:  "warning, no software is assured to be free of possible bugs which 
> might compromise user's personal information" therefore, user is advised 
> to check for latest online security 'patches' at < 3rd party resource 
> url > for automatic up to date security updates
>
> and/or, in the alternative,
>
> 2) Every time software is booted up, automatically check at a third party 
> (vendor neutral) site and download from that site, and automatically 
> install any required security updates, (along Symantec's subscription 
> based automatic virus update model)
>
> < In light of the post 9/11 realities, automatic downloads from a 
> government or similarly 'trusted party' well secured site may be more 
> acceptable to the software industry than previously >
>
> Given the inevitable large increase in use of 'bill presentment' , other 
> similar critical communications between business and consumers; and 
> government agencies (ie CDC and local health departments, hospitals for 
> updates on 'best practices' in recent anthrax situation) and citizens in 
> the foreseeable future as result of:
>
> 1)  future terrorist related interference with surface mail (bio, chemical 
> or other source); and
> 2)  cost / benefit drivers to adoption by both businesses and government 
> agencies
>
> the FTC's apparent disinterest in timely helping educate consumers how to 
> effectively and safely use the Internet, even in time of a National 
> Emergency, is not confidence enhancing.
>
> By way of background: Since 1996 I have been teaching a course at a local 
> community college on how to use the Internet effectively and safely 
> (preserving privacy, using cookies, frequently updating virus protection, 
> etc) to advance work and personal goals. My students - even those who have 
> been online for a while, who can well be described as 'average adult 
> consumers'  - generally have no real understanding of what cookies are, 
> how to avoid unintentionally compromising their personal identifiable 
> information at web sites, how to download and successfully update their 
> lvirus updates, etc.
>
> They are terrified by what they hear about lack of security or privacy on 
> the Internet; but feel much more confident about using the 'Net when they 
> are empowered by practical knowledge of how to keep their anti-virus 
> software updated, how to chose which cookies they will accept, etc.
>
> Paul Foldes  JD, BE(EE)
> Business Consultant, InterHelp Inc.
> Adj Professor, Business, Management, Info-Science, Montgomery College
> Former FTC BCP/DIv of National Advertising Attorney
>
>
> From: "Louis A. Mamakos" <louie () TransSys COM> posted on IP... (portions 
> snipped for brevity)
> > The government's rare interest in the problems with Windows XP
> > software,  which is expected to be widely adopted by consumers,
> > illustrates U.S.  concerns about risks to the Internet.
>
> If there are concerns about the general internet infrastructure, then
> that's a fine thing to worry about.  The fact that Windows is enabling
> end-users to get screwed is different issue, probably one that the
> FTC should start getting worried about.
>
> --------------------------------------------------------
> Paul Foldes       InterHelp, Inc.
> Email: pfoldes () eidmgt com
> Tel: + 1 ( 703 ) 370 0008
> Fax #, IM, Encryption Info - As Needed

For archives see:
http://www.interesting-people.org/archives/interesting-people/