FTC Regulation of Cybersecurity and Surveillance

Chris Jay Hoofnagle, FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law (David Gray and Stephen Henderson, eds)(Cambridge University Press 2017)

25 Pages Posted: 3 Aug 2017  

Chris Jay Hoofnagle

University of California, Berkeley - School of Information; University of California, Berkeley - School of Law

Date Written: September 1, 2017

Abstract

The Federal Trade Commission (FTC) is the United States’ chief consumer protection agency. Through its mandate to prevent unfair and deceptive trade practices, it both regulates surveillance and creates cybersecurity law. This chapter details how the FTC regulates private-sector surveillance and elucidates several emergent properties of the agency’s activities. First, private-sector surveillance shapes individuals’ reasonable expectations of privacy, and thus regulation of the private-sector has effects on the government as surveillant. The FTC’s activities not only serve dignity interests in avoiding commercial inference in one’s life, they also affect citizens’ civil liberties posture with the state. Second, surveillance can make companies directly liable (for intrusive web monitoring, for tracking people offline, and for installing malware) or indirectly liable (for creating insecure systems, for using deception to investigate, and for mediating the surveillance of others) under the FTC Act. Third, the FTC’s actions substitute plaintiffs’ litigation for privacy, as the class action is burdened in novel ways. Fourth, the FTC’s actions increase the quality of consent necessary to engage in surveillance, and in so doing, the FTC has made some kinds of surveillance practically impossible to implement legally. Finally, the FTC’s actions make companies more responsible for their surveillance technologies in several ways—by making software vendors liable for users’ activities, by imposing substantive security duties, and by narrowing internet intermediary immunity.

Keywords: cybersecurity, consumer protection, CDA 230, encryption, quality of consent, software product liability

JEL Classification: K14, K23, K42

Suggested Citation

Hoofnagle, Chris Jay, FTC Regulation of Cybersecurity and Surveillance (September 1, 2017). Chris Jay Hoofnagle, FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law (David Gray and Stephen Henderson, eds)(Cambridge University Press 2017). Available at SSRN: https://ssrn.com/abstract=3010205

Chris Jay Hoofnagle (Contact Author)

University of California, Berkeley - School of Information ( email )

212 South Hall
Berkeley, CA 94720-4600
United States
510-643-0213 (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

University of California, Berkeley - School of Law ( email )

344 Boalt Hall
Berkeley, CA 94720-7200
United States
510-643-0213 (Phone)

HOME PAGE: http://hoofnagle.berkeley.edu

Paper statistics

Downloads
78
Rank
260,868
Abstract Views
789