FTC Regulation of Cybersecurity and Surveillance

Chris Jay Hoofnagle, FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law, David Gray and Stephen Henderson, eds., Cambridge University Press 2017

UC Berkeley Public Law Research Paper

21 Pages Posted: 3 Aug 2017 Last revised: 17 May 2018

See all articles by Chris Jay Hoofnagle

Chris Jay Hoofnagle

University of California, Berkeley - School of Law; University of California, Berkeley - School of Information

Date Written: September 1, 2017

Abstract

The Federal Trade Commission (FTC) is the United States’ chief consumer protection agency. Through its mandate to prevent unfair and deceptive trade practices, it both regulates surveillance and creates cybersecurity law. This chapter details how the FTC regulates private-sector surveillance and elucidates several emergent properties of the agency’s activities. First, private-sector surveillance shapes individuals’ reasonable expectations of privacy, and thus regulation of the private-sector has effects on the government as surveillant. The FTC’s activities not only serve dignity interests in avoiding commercial inference in one’s life, they also affect citizens’ civil liberties posture with the state. Second, surveillance can make companies directly liable (for intrusive web monitoring, for tracking people offline, and for installing malware) or indirectly liable (for creating insecure systems, for using deception to investigate, and for mediating the surveillance of others) under the FTC Act. Third, the FTC’s actions substitute plaintiffs’ litigation for privacy, as the class action is burdened in novel ways. Fourth, the FTC’s actions increase the quality of consent necessary to engage in surveillance, and in so doing, the FTC has made some kinds of surveillance practically impossible to implement legally. Finally, the FTC’s actions make companies more responsible for their surveillance technologies in several ways—by making software vendors liable for users’ activities, by imposing substantive security duties, and by narrowing internet intermediary immunity.

Keywords: cybersecurity, consumer protection, CDA 230, encryption, quality of consent, software product liability

JEL Classification: K14, K23, K42

Suggested Citation

Hoofnagle, Chris Jay, FTC Regulation of Cybersecurity and Surveillance (September 1, 2017). Chris Jay Hoofnagle, FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law, David Gray and Stephen Henderson, eds., Cambridge University Press 2017, UC Berkeley Public Law Research Paper , Available at SSRN: https://ssrn.com/abstract=3010205

Chris Jay Hoofnagle (Contact Author)

University of California, Berkeley - School of Law ( email )

341 Berkeley Law Building
Berkeley, CA 94720-7200
United States
‭(510) 666-3783‬ (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

University of California, Berkeley - School of Information ( email )

212 South Hall
Berkeley, CA 94720-4600
United States
510-643-0213 (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
531
Abstract Views
4,625
Rank
102,769
PlumX Metrics