Mozilla Wants FTC to Fine Big Tech Surveillance Giants • The Register

Marshall Erwin, Mozilla’s Chief Security Officer, called on federal regulators to crack down on internet giants and web browser makers that don’t protect their users’ privacy — and punish them for bad behavior.

“Internet privacy is a mess, consumers are stuck in this vicious circle where their data is collected, often without their understanding, and then used to manipulate it,” Erwin said today during a US Federal forum Trade Commission (FTC) on commercial surveillance and data security. “We see this rulemaking process as a real opportunity to break this cycle.”

The FTC is considering imposing stricter privacy rules on companies to prevent unwanted online surveillance and shoddy data security. Thursday is public session was an early step in this rulemaking process.

In August, the regulator issued an “advance notice of proposed rulemaking” and is now looking until October 21 for public comment on the “damages” related to companies’ collection, analysis and monetization of information.

While each proposed rule is put to a vote by the FTC commissioners, it’s worth noting that those of the regulator choice of words – using the term “monitoring” instead of a euphemism like “data collection” – along with a current one legal action against data broker Kochava – seem to indicate that he is inclined to codify some sort of privacy regulation to curb companies’ appetites for information-gathering.

Again, politics comes into play: democrats today control the commission, and its Biden-appointed chair, Lina Khan, is an outspoken critic of big tech, which bodes well for privacy advocates rather than big corporations.

observing the observers

Erwin, speaking at an “Industry Perspectives” panel on the subject, unsurprisingly touted Mozilla’s privacy-friendly Firefox browser. “However, we know that many companies are not taking Mozilla’s approach and more than half of consumers today use browsers that do not offer strong tracking protection or strong privacy protections,” he said.

Speaking of tracking, Meta was supposed to contribute to the industry body, but for some reason “was no longer able to participate,” according to the FTC. Strange, one would think it would have something to add.

However, last month the US giant offered Pay $37.5 million to settle a lawsuit alleging that its social media platform, Facebook, was illegally collecting location data, even when users have specifically not consented. And days later, it done a second lawsuit for an undisclosed amount, filed as a result of Cambridge Analytica’s bulk stripping of profile data.

Another industry panelist, Jason Kint, CEO of trade group Digital Content Next, also advocated “increased restrictions on large companies” as simply asking internet users for their consent is not enough, he said.

“Do you really consent when you use a search engine and then consent to their ad tech business? Somehow you have to impose tighter restrictions on companies that dominate across browsers, operating systems and search engines,” Kint said.

Erwin, like Kint, did not name any of the offending search-slash-ad giants during his testimony. But even as these companies have improved their per-user privacy controls, “there are a number of problems that technology alone cannot solve,” Erwin added.

“Consequence Free Zone”

This is where the Feds need to step in, Erwin said: “So what we want to see is regulators taking parallel action to impose costs against bad actors in the space.

“Bad behavior is too easy and there are no consequences for it. Basically, it’s a consequence-free zone.”

He later added, “Fines are a sensible way to move the needle.”

We note that Google bank roll Mozilla pays hundreds of millions of dollars a year to make its search engine the default option in Firefox.

Erwin called “dark patterns,” which he dubbed the “bread-and-butter bluff,” an area ripe for regulation. This also happens to be the subject of a Google lawsuitin which a group of US states sued the search engine giant for allegedly using this type of deceptive user interface design to obtain customer location data without proper consent.

Other particularly egregious privacy violators are makers of sophisticated cross-site trackers used to deliver targeted ad content to individual users and opaque algorithms that appear to be discriminate against people based on their race and gender, according to Mozilla’s security chief.

“We really need a set of rules to address this damage,” Erwin said. “The damage that occurs when the data is collected at all and the damage that occurs when this data is misused.” ®