Terrell McSweeny | Vox Our world has too much noise and too little context. Vox helps you understand what matters. 2019-03-06T10:16:40+00:00 https://www.vox.com/authors/terrell-mcsweeny/rss https://platform.vox.com/wp-content/uploads/sites/2/2024/08/vox_logo_rss_light_mode.png?w=150&h=100&crop=1 Terrell McSweeny Mignon Clyburn <![CDATA[Let’s not stack the deck against consumers and innovators by rolling back the Open Internet Order]]> https://www.vox.com/2017/1/5/14178744/fcc-ftc-net-neutrality-privacy-internet-data-innovation-protection 2017-01-24T07:56:42-05:00 2017-01-05T14:00:02-05:00
FCC Chairman Tom Wheeler holds hands with FCC Commissioners Mignon Clyburn (L) and Jessica Rosenworcel during an open hearing on net neutrality, Feb. 26, 2015 in Washington, D.C. | Mark Wilson / Getty

As two of the members of the Federal Communications Commission and the Federal Trade Commission, we have helped shape how our government has responded to the rapid shifts in our economy and our relationship to technology. From our vantage point, we have come to realize that the main component of our innovation economy is not data or communication networks, but is instead the trust of the American consumer.

When a consumer trusts that their data will be secure as it travels across the internet or that they can access new online services without discrimination, they become part of the virtuous cycle that drives an idea to an invention and ultimately to adoption.  Undermining this ecosystem threatens our continued innovation.

Let’s not stack the deck against consumers and innovators, or undermine the technological revolution at our fingertips.

This is why efforts to roll back the Open Internet Order would be harmful to consumers and to innovators. Ensuring that the internet remains a fountain of innovation and disruption is at the heart of open internet policy. The elimination of clear rules protecting a free and open internet would put us in uncharted territory and would create uncertainty for ISPs, edge providers and consumers alike.

The FCC also took an important step in protecting consumers’ privacy, following in large part the standards that the FTC has long set in its own privacy cases. These rules come at a time when consumers need and want more and better privacy choices. Both agencies bring complementary expertise and differentiated authorities to what, for many consumers, is a largely frustrating feature of their online lives.

Having both the FTC and the FCC on the privacy beat provides consumers with protections for their sensitive data from the moment they receive broadband service to when they update their favorite social media post. While joint privacy enforcement is good for the American consumer, more can be done. This is why we both support efforts in Congress to pass meaningful privacy legislation, and encourage our commissions to work together with other agencies to formulate a unified approach to privacy and data security protection.

In many ways, what the FTC and the FCC have accomplished these past eight years aligns with the promises of the next administration — standing up for the little guy, unleashing the power of the entrepreneur, and making sure that America continues to be the most dynamic economy in the world. Let’s not stack the deck against consumers and innovators, or undermine the technological revolution at our fingertips. Let us instead focus on preserving a ‎free and open internet and privacy protections to the benefit of all consumers.

Terrell McSweeny is a commissioner at the Federal Trade Commission. McSweeny began her service at the FTC in April 2014, after serving as chief general counsel for Competition Policy and Intergovernmental Relations for the U.S. Department of Justice Antitrust Division. She joined the Antitrust Division after serving as deputy assistant to the president and domestic policy adviser to the vice president from January 2009 to February 2012. She also worked as an attorney at O’Melveny & Myers LLP. Reach her @TMcSweenyFTC.

Mignon Clyburn is a commissioner at the Federal Communications Commission. Clyburn began her service at the FCC in August 2009, after spending 11 years as a member of the sixth district on the Public Service Commission (PSC) of South Carolina. She served as its chair from July 2002 through June 2004. Reach her @MClyburnFCC.

This article originally appeared on Recode.net.

]]> Terrell McSweeny <![CDATA[Hampering Innovations in Data Security Could Harm Consumers]]> https://www.vox.com/2016/2/25/11588226/hampering-innovations-in-data-security-could-harm-consumers 2019-03-06T05:12:37-05:00 2016-02-25T11:00:25-05:00

On Tuesday, the Federal Trade Commission announced an important data security case involving routers.

Routers are the first line of defense for home networks and the backbone for connecting and operating our Internet-connected devices. The security of our routers is necessary for the security of the Internet of Things. If a router is insecure, it can create a significant vulnerability exposing our networks and all the information we have on them. Indeed, in this case, attackers could reconfigure vulnerable routers to control and redirect consumers’ Web traffic, and could gain unauthorized access to thousands of people’s personal files on attached storage devices.

There’s a lot at stake for consumers in this debate, because it could affect how companies secure the IoT products permeating our daily lives — the microphones, sensors and cameras in our homes, our connected cars, the fitness trackers we’re wearing and, of course, our phones.

There were several problems with the router manufacturer’s approach to security that led to these breaches — for example, the manufacturer allegedly did not perform reasonable security testing and did not have an adequate system for receiving and addressing vulnerability reports. Once the manufacturer knew about serious vulnerabilities in its products, it not only failed to remediate them, it also failed to notify customers of them. Moreover, in spite of marketing a cloud feature on its routers as “a way to safely secure and access your treasured data through your router,” the company allegedly failed to encrypt data in transit.

Over the last decade, the FTC has brought more than 50 data security consumer protection cases. These cases have shaped reasonable security measures for consumer products Encryption is one such measure. Earlier this year, the FTC brought a case against a company that makes software for dental practices that claimed it was using industry-standard encryption when it was not. The FTC also brought enforcement actions when encryption wasn’t configured properly, leaving consumers vulnerable to man-in-the-middle attacks, and where the agency alleges that information wasn’t kept securely throughout its life cycle.

The use of encryption and types of security measures in consumer products is getting a lot of attention due to the San Bernardino iPhone case. While the FTC has stopped short of dictating what type of technology companies should use to secure consumer information, it has pointed to encryption as a way that companies can store and transmit sensitive information securely. With good reason: Last year the FTC found that the IoT sector was rife with security risks. Our growing connectivity is putting wonderful innovations at our fingertips — but it can also make more of our private information vulnerable.

These issues are too important to be decided around the exigencies of one case.

So, is the FTC pushing companies to use strong security measures at the same time the FBI is taking them to court for doing so? The San Bernardino case involves the FBI asking for Apple’s help to create tools to disable features that strengthen the phone’s passcode security system. It raises the question of whether this type of request is reasonable for law enforcement to make. Among the issues in the policy debate swirling around the San Bernardino iPhone case are whether companies should be required to implement encryption in insecure ways. There is a lot at stake for consumers in this debate, because it could affect how companies secure the IoT products permeating our daily lives — the microphones, sensors and cameras in our homes, our connected cars, the fitness trackers we’re wearing and, of course, our phones. Chilling innovation in the security of these products would be unfortunate.

These issues are too important to be decided around the exigencies of one case. Some have suggested that the government should convene a commission made up of law enforcement, industry, technologists, civil liberties advocates and national security experts to make thoughtful recommendations. That may be a good approach — especially if it stops misguided attempts to require back doors or weaken the security of consumer products. A careful and balanced approach is necessary in order to avoid a major setback for consumer privacy and data security.

Terrell McSweeny is a commissioner at the Federal Trade Commission. Prior to joining the Commission, McSweeny served as Chief Counsel for Competition Policy and Intergovernmental Relations for the U.S. Department of Justice Antitrust Division. Her government service also includes her work as Sen. Joe Biden’s deputy chief of staff, and policy director in the U.S. Senate. The views expressed in this article are her own and do not necessarily reflect those of the Federal Trade Commission or any other commissioner. Reach her @TMcSweenyFTC.

This article originally appeared on Recode.net.

]]> Terrell McSweeny <![CDATA[Security Is a Must for the Internet of Things]]> https://www.vox.com/2015/1/27/11558088/security-is-a-must-for-the-internet-of-things 2019-03-06T04:50:05-05:00 2015-01-27T06:26:25-05:00

My kitchen of the future will be smart. My refrigerator will be able to tell me what I need from the store — and maybe even order it. I will be able to turn on my coffeepot when I switch on my bedside lamp in the morning and preheat my oven as I head home. My counter will helpfully suggest recipe options when I place ingredients on it. My lights will gradually adjust depending on the time of day.

These innovations — and much more — will be possible because our appliances will connect to the Internet and each other, and our homes will be filled with sensors.

The shorthand moniker that describes this evolution of household products — light bulbs, toasters, etc. — into Wi-Fi enabled, cloud-connected devices is the “Internet of Things,” or IoT. Today, the Federal Trade Commission released a report identifying some of the opportunities and complications presented by the expanding IoT universe.

There is one area where an ounce of prevention will be worth a pound of cure: Security.

Security — or the lack of it — will largely determine the success or failure of widespread adoption of Internet-connected devices. As the Future of Privacy Forum has noted, “Inadequate security presents the greatest risk of actual consumer harm in the Internet of Things.”

Troublingly, the FTC report finds a wide range of security practices in IoT products. Some companies have already adopted relatively mature security frameworks, while others have not.

It is unlikely that insecure appliances will become targets just for the data they contain. Why would someone take the time and effort to hack my refrigerator only to figure out that I need to buy milk?

The real risks are threefold. First, a compromised device may not work properly. A bit of malware or a virus might cause my refrigerator to turn off. At a minimum, this could be an inconvenience. However, the danger posed by an attack could escalate swiftly from a mere nuisance to a serious safety risk or even a life-threatening situation, depending on the device. A hacked connected insulin pump might send incorrect data or fail to dispense properly, potentially causing grave physical harm. Or a family’s home security system may be turned off by an intruder.

Second, a vulnerability in one of the devices in my kitchen of the future — let’s say my coffee pot — might provide a gateway to my entire home network and all the data stored on it, including sensitive financial and medical information.

Finally, poorly secured connected devices could be launching points for attacks, such as Distributed Denial of Service actions or breaches into other networks — causing serious consequences far beyond the originally compromised “thing.”

The number of Internet-connected devices that may be vulnerable to attackers is increasing exponentially. The possibility of many devices — such as thousands of connected meters, cars or kitchen appliances — simultaneously suffering from the same attack could threaten public health and safety.

Vulnerable IoT products may also undermine public trust in adopting these new technologies. In fact, a recent poll found that only 22 percent of consumers believe that the benefits of smart devices outweigh privacy and security concerns.

To mitigate security risks, the FTC recommends that IoT device manufacturers incorporate security into the design of connected products. Properly implemented, security by design requires manufacturers to consider security throughout the entirety of a product’s lifecycle.

This means, for example, incorporating security practices into the culture of a corporation, bringing security expertise into the design phase of a product, working with vendors who prioritize it, and establishing breach protocols that can be implemented when flaws are discovered or attacks occur. Specific security measures required may depend on a number of factors, including the sensitivity of the information collected by a device and the costs of remedying security vulnerabilities.

For some manufacturers — particularly those that previously never needed to consider security in product design — properly securing connected consumer products will require changes in how they bring products to the marketplace and manage them once there. The FTC report, along with the NIST cyber security framework, provides useful guidance for security best practices. But it is unclear whether sufficient incentives exist for IoT product manufacturers to voluntarily adopt best practices.

We are on the cusp of a rapid expansion of the IoT. Many of the products in my kitchen of the future are available today. Now is the time to insure there is a clear set of ground rules for the security of these products — before the marketplace and our homes fill with exploitable devices. Congress should pass comprehensive data security legislation establishing the basic requirements for how to notify consumers when breaches occur and creating a technology-neutral security framework that will provide clarity to consumers and innovators.

Terrell McSweeny is a commissioner at the Federal Trade Commission. Prior to joining the Commission, McSweeny served as Chief Counsel for Competition Policy and Intergovernmental Relations for the U.S. Department of Justice Antitrust Division. Her government service also includes her work as Sen. Joe Biden’s deputy chief of staff, and policy director in the U.S. Senate. The views expressed in this article are her own, and do not necessarily reflect those of the Federal Trade Commission or any other commissioner. Reach her @TMcSweenyFTC.

This article originally appeared on Recode.net.

]]> Terrell McSweeny <![CDATA[Broadband Competition Should Be Encouraged, Not Restricted]]> https://www.vox.com/2015/1/13/11557724/broadband-competition-should-be-encouraged-not-restricted 2019-03-06T05:16:40-05:00 2015-01-13T13:22:51-05:00

There are vast disparities in Americans’ access to fast, affordable broadband service. In part, this is a result of demographic differences: Denser, richer neighborhoods present a more attractive opportunity for investment by broadband providers than areas that are either less populous or less affluent. But another important factor is the presence (or absence) of meaningful competition in a particular market. In a number of cities and towns across America, new entry — often by a municipal service or public-private partnership — has increased competition and led to faster speeds and cheaper prices.

Chattanooga, Tennessee, is home to the first gigabit fiber network in the U.S. EPB, the local public utility that built the network, offers gigabit service to Chattanooga consumers for $70 per month, with even cheaper plans for those who don’t quite need 100 times the average U.S. broadband connection speed. With gigabit broadband service, you can download a three gigabyte HD movie in 24 seconds (versus 40 minutes with a 10 megabits per second connection).

In response, the incumbent cable broadband provider put up billboards around Chattanooga touting its service, and began offering highly discounted introductory packages and gift cards to customers willing to switch back from EPB. It also lowered its cable prices and increased the speed of its fastest broadband packages. Consumers in Chattanooga now benefit from more choices and faster speeds.

They aren’t alone. Kansas City also boasts a gigabit fiber network. As in Chattanooga, a new entrant — in this case, Google — built the next-generation network. Following Google’s entry, the incumbent cable companies both announced they would increase Internet speeds for their Kansas City customers — without any increase in prices.

Similar stories have played out in other communities. In some places, incumbents initially decline requests by local governments to upgrade networks. However, when a new provider enters the market, these same incumbents invest in upgrades and deploy new technologies.

The experiences of Chattanooga, Kansas City, and other cities and towns like them concretely demonstrate the benefits of broadband entry for consumers. The Open Technology Institute found that consumers have better options and faster speeds in communities where three or more providers compete.

But according to a December 2014 report by the U.S. Department of Commerce, less than one in 10 Americans is served by three or more wireline providers capable of providing 25 Mbps service — the new threshold for broadband service proposed last week by Chairman Tom Wheeler of the Federal Communications Commission. The majority of Americans face (at best) a broadband duopoly.

In spite of this, rather than lowering barriers for new broadband entry, many states are raising them. Twenty states have enacted laws that restrict municipal broadband projects in one form or another. More states may join these ranks, as state legislatures return for 2015 sessions and consider restrictions. In some states, these restrictions take the form of outright bans — including bans on public-private partnerships. Other states don’t formally ban municipal offerings, but hinder municipal entry as a practical matter.

Proponents of laws restricting municipal broadband frequently assert that public investment in municipal broadband infrastructure is unfair to private companies and discourages investment by the private sector. They note, in some cases correctly, that local broadband projects are expensive and can fail — and if they do, taxpayers can end up on the hook.

But broadband networks are infrastructure that generates public benefits related to education, health and economic development. As such, they are textbook cases for public support. Because a private company cannot monetize the full value of its broadband network, it will tend to underinvest in broadband deployment.

Not surprisingly, a recurring story told by cities and towns that have built their own fiber networks is that they did so only after the incumbent providers declined to make those investments themselves. In these cases, the city or town stepped in where the market failed to meet the demand for more modern infrastructure.

The experience of cities like Chattanooga demonstrates that the prospect of new broadband entry actually appears to spur investment by incumbents. Competition — whether provided by a private entity or a municipality — works. It is important that legislators and policy makers considering restrictions recognize the vital role competition plays in achieving better, faster Internet services.

Terrell McSweeny is a commissioner at the Federal Trade Commission. Prior to joining the Commission, McSweeny served as Chief Counsel for Competition Policy and Intergovernmental Relations for the U.S. Department of Justice Antitrust Division. Her government service also includes her work as Sen. Joe Biden’s deputy chief of staff, and policy director in the U.S. Senate. The views expressed in this article are her own, and do not necessarily reflect those of the Federal Trade Commission or any other commissioner. Reach her @TMcSweenyFTC.

This article originally appeared on Recode.net.

]]>