Federal agencies regularly use statistics to demonstrate their relevance and justify their exorbitant budgets. The Justice Department, for instance, boasts about the billions it brought in from False Claims Act lawsuits last year. The Environmental Protection Agency brags about the amount of fines and years in jail resulting from its enforcement actions in 2016. But the public is rarely provided concrete evidence of how those incarcerations and billions in fines, say, actually reduce contracting fraud or improve the environment.
So, too, with the Federal Trade Commission. In recent years, FTC hasn’t missed an opportunity to tout its statistical successes to the public and congressional appropriators. In the process of piling up the number of cases brought and fines extracted trumpeted by Chairwoman Edith Ramirez in her resignation press release, however, a critical limitation on FTC’s mission and authority has taken a backseat: the need to prove consumer harm.
This backsliding has been most evident in FTC’s drive to become the nation’s top data privacy and security cop. The Commission relies upon its broad authority under § 5 of the Federal Trade Commission Act to pursue charges against businesses suffering a data breach. Enforcement targets can be accused of committing “unfair or deceptive acts or practices.” What, in the context of a data breach, is unfair? The answer to that is quite troubling: enforcement targets can discover the term’s meaning in the nearly 60 settlement agreements FTC has reached with other parties accused of unfair practices after a data breach. The terms of these private settlements, FTC claims, have created a common law of unfairness (for a compilation of these supposed standards, see Washington Legal Foundation’s January 2017 Working Paper). As Antonin Scalia School of Law Professor James Cooper brilliantly observed in a Forbes.com post, this is “tantamount to according plaintiffs’ complaints in settled civil cases the status of judicial opinions.”
Settlements relieve FTC of having to prove a critical statutory element of unfairness: the conduct must cause substantial consumer injury. Over the past several years, only two commissioners have consistently pushed back when FTC brought data-security claims where consumer harm has been sorely lacking: former Commissioner Joshua Wright and Commissioner (now Acting Chairwoman) Maureen Ohlhausen. Ohlhausen penned a notable dissent from FTC’s settlement with Nomi Technologies, arguing the Commission could not demonstrate consumer harm. She also dissented on similar grounds when FTC slapped LifeLock, Inc. with a $20 million penalty and harsh, new requirements when it supposedly failed to follow a 2010 data-security consent decree. And when, on the eve of a new administration, FTC filed a § 5 unfair and deceptive practices action against D-Link, Ohlhausen voted against filing the complaint. D-Link argues in its motion to dismiss that the complaint offers no evidence that consumers suffered identity theft or any monetary loss (see a February 22 WLF Legal Pulse guest commentary for more on the D-Link case).
Commissioner Ohlhausen also dissented from a consent decree FTC entered into with Uber on January 19, 2017, just one day before President Trump’s inauguration. The company paid $20 million to settle deceptive advertising claims involving Uber drivers’ earnings expectation. Ohlhausen found that the settlement amount was not “tied to an estimate of consumer harm,” which led to an agreement “uncalibrated to the consumer injury that may deter beneficial commercial activity.”
A January 13, 2013 Ohlhausen dissent from a consent decree involving standard-essential patents emphasized a further reason for FTC to vigorously apply its consumer harm requirement in consumer-protection cases. The consumer harm alleged, Commissioner Ohlhausen wrote, was speculative at best. In addition, FTC improperly treated “sophisticated technology companies,” instead of end-users, as the consumers in need of protection. She added:
That runs counter to the historical, and in my view correct, approach that we have taken in pursuing our consumer protection mission, which is to protect end users of products or services. Departing from this approach makes the FTC into a general overseer of all business disputes simply on the conjecture that a dispute between two large businesses may affect consumer prices, which is a great expansion of our role and is far afield from our mission of protecting consumers. (Emphasis added)
Commissioner Ohlhausen’s statement also provides a powerful reason why FTC must bring the same focus on substantial consumer harm to its competition policy and enforcement activities. Failure to do so will likely send the Commission down a path where greater attention is placed on “oversee[ing] … business disputes” that market competitors bring to FTC’s attention.
As Europe’s experience with competitor-focused antitrust policy has shown, that is a perilous path for free enterprise and consumer welfare. The European Union’s sabre rattling at US technology companies became so aggressive last year that President Obama openly speculated that “commercial interests” were driving the EU’s antitrust activism. Competition policy can easily be used as a protectionist device or a means to favor one competitor over another. Rather than predicating government action on evidence of difficult-to-prove consumer harm, regulators can rely instead on easily manipulated market definitions and market shares or amorphous concepts such as “market structure.” A competitor-focused competition policy reduces competition, encourages inefficiency at “preferred” businesses, and curtails consumer choice in the marketplace.
The US has long considered itself an international leader in antitrust and consumer protection, promoting a consumer-centric approach to such regulation, and explaining the hazards of using antitrust as a tool of industrial policy. Any US drift away from a mission emphasizing mitigation of consumer harm imperils that leadership role.
Acting Chairwoman Ohlhausen fills her public appearances with references to her guiding mantra: regulatory humility. Regulators, she believes, must target their limited resources (which will no doubt become even more limited in the coming years) at actual problems and use only the specific tools that Congress has given them. Such a philosophy dictates that regulation cannot solve every potential problem and that, generally speaking, private disputes should remain private.
Humble regulators don’t measure success by their agency’s tally of enforcement actions or fines. They understand, as head of the British Secret Intelligence Service “M” told James Bond in the movie Spectre, “A license to kill is also a license not to kill.”
Also published by Forbes.com on WLF’s contributor page.