In his first public speech on privacy today, Muris said, "It is too soon to conclude that we can fashion workable legislation," to ensure consumer privacy rights online.
Muris also said he was reluctant to recommend privacy laws that would not also affect bricks-and-mortar companies, and that the commission needs more specific data on the costs and benefits of privacy legislation.
The new FTC chief said he would dedicate 50 percent more resources to stronger enforcement of several recently passed privacy laws, including the Gramm-Leach-Bliley financial services act and legislation designed to shield young children from online marketers. Muris also promised a crackdown on deceptive spam, identity theft, telemarketers and companies that do not adequately protect the security of their customer data or live up to their own privacy policies.
While fellow FTC commissioners clearly support his push for stronger enforcement of exiting statutes, the agencys two minority members say Muris was wrong to reverse his predecessors recommendation that Congress pass more stringent privacy laws.
"I do not believe that he has made the case for the Commission to depart from its earlier legislative recommendation," said FTC Commissioner Sheila Anthony, one of two Democrats on the five-member commission. "Absent federal legislation that sets standards to be followed by everyone, it is unlikely that consumers privacy can be adequately protected from identity theft, commercial harassment, and hucksterism."
Commissioner Mozelle Thompson said that without legislation forcing companies to post privacy policies and stand by those promises, self-regulation would fail because the FTC can only prosecute companies that violate their stated privacy pledges.
"By not having some standards to go after the bad guys, it puts us in this anomalous position that looks like were actually going after people doing good things, while people not doing good things are free to do what they want," he said.
Marc Rotenberg, executive director of the Washington, D.C.-based Electronic Privacy Information Center, said in some respects there is more urgency today for privacy legislation given the increased pressure from law enforcement agencies for easier access to Internet-based communications in the wake of the Sept. 11 attacks.
"The constitutional way to address that challenge is to put in place a legal framework, so that if law enforcement goes to businesses operating over the Internet there will be a clear legal standard in place," Rotenberg said. "All of those questions need to be answered in the context of statutes, and cant be resolved with self-regulation."
Stewart Baker, a Washington, D.C. lawyer who consults with companies on technology policy matters, said existing privacy laws arent giving consumers what they want. The Gramm-Leach-Bliley financial services legislation of 1999, for example, gave consumers the right to opt out of having their financial information shared with third-party companies. While the opt-out notices banks mailed to consumers this summer costs millions of dollars to process, most were so complicated to read that consumers simply threw them away.
"The recent experience with Gramm-Leach-Bliley privacy notices should give everyone pause about whether we know enough to implement effectively broad-based legislation based on notices," Muris said Thursday. "Acres of trees died to produce a blizzard of barely comprehensible privacy notices.
Muris comments likely will be embraced by many in the business community who have said privacy legislation will come only at a heavy price for companies -- and ultimately consumers. One study released earlier this year estimated new privacy laws could cost U.S. businesses as much $30 billion
But EPICs Research Director Sarah Andrews notes that such studies dont take into account the cost to business of failing to protect customer privacy.
"Few of these studies examine how businesses could actually boost sales if there was more broad-based consumer protection," she said.
Yet even before Muris speech, and before the Sept. 11 attacks that have busied lawmakers with anti-terrorism legislation, the push to enact even the most basic of dozens of privacy bills presently before Congress had begun to lose steam.
Andrews called Muris renewed enforcement pledge "an encouraging development," but said she was surprised to hear that Muris would ask the FTC to reverse its recommendation for privacy legislation.
Still, she noted, Muris is not a lawmaker and his role is simply to enforce the laws before him.
"He has said privacy is going to be given much more focus at the FTC than before," Andrews said. "And if one day we manage to get new privacy laws, then at least well have the structure in place to enforce them."
Brian Krebs, Newsbytes
