The fateful policy decision by the FTC/DOJ to exclude privacy as a factor in antitrust enforcement has fostered a perverse market dynamic where many online advertising companies now effectively compete on the basis of who can most take advantage of consumer privacy fastest, rather than compete on the basis of who can best protect consumer privacy.
- Consumers' online privacy Waterloo was the FTC's failure in its 2007 review of Google-DoubleClick to fundamentally understand the online advertising business model, i.e. that consumers are not the "customer" of online advertising, but the "product" that Google and DoubleClick effectively sell to advertisers and publishers.
- In getting it wrong that consumers are the real "customer" in Google's online advertising brokering-triangle of advertisers, publishers and users, when users don't pay Google at all, the FTC fundamentally misunderstood consumers' real interests.
- The FTC unwittingly aimed the worst part of this business model's privacy arbitrage at consumers' vulnerabilities rather than aiming it at protecting consumers' privacy.
This analysis will show:
- The implications of exempting privacy from antitrust enforcement;
- Why privacy is an antitrust issue;
- How consumers are harmed by exempting privacy from antitrust enforcement; and
- In conclusion, how Google has become the "poster child" of this problem.
I. Implications of exempting privacy from antitrust enforcement.
The decision to not consider privacy a non-price factor in antitrust analysis has created a de facto antitrust safe harbor for mass privacy abuse on the Internet, by ensuring that there is no antitrust accountability, risk, or cost for dominant players' mass abuse of consumer privacy for anti-competitive gain.
- This FTC/DOJ decision also has amounted to unilateral disarmament of law enforcement power in an entire area of antitrust oversight -- privacy -- perversely encouraging an anything-goes-environment and systemic abuse of consumer privacy by the small subset of companies with market power and no specific privacy regulation.
- (The light bulb should be turning on now as to why Google and Facebook seem to be the only companies to have serial consumer privacy problems.)
- (The FTC/DOJ disastrous bipartisan decision that created a de facto online privacy no-antitrust-enforcement-zone is eerily akin to the disastrous bipartisan decision made in 1999 to effectively create a safe harbor for financial derivatives from law enforcement or accountability, a decision that ultimately contributed substantially to the cause of the 2008 financial crisis and the Great Recession.)
- Law enforcement that is committed to maximizing the effect of deterrence, signal neither the exact time and place of their police patrols, nor where they won't patrol.
- However, with privacy and antitrust, authorities have unwittingly telegraphed to the marketplace exactly where they won't provide accountability, so potential bad actors know they can get away with abusing consumers' privacy with relative impunity.
- Silicon Valley elite VCs routinely target this privacy enforcement gap, promoting "bait and switch" web 2.0 business models that are specifically designed to:
- Most-rapidly build market power via a free product/service;
- Collect massive amounts of private information on users that will be valuable for personalized advertising later; and
- Then ultimately leverage the market power lock-in of having accumulated a dominant network of users and vast amounts of private information, to monetize via personalized advertising.
- The Silicon Valley VC elite push targeted online advertising business models because they can Napster-ize privacy with the tacit unwitting consent of antitrust authorities.
- A Zogby-Precursor national poll last month showed that consumers overwhelmingly oppose this "bait and switch" abuse of their online privacy:
- "Nine in ten (88%) believe that tracking where Internet users go on the Internet without their permission is an unfair business practice, while 7% believe it is a fair practice."
II. Why is privacy an antitrust issue?
Privacy is the hidden and undisclosed "price" that consumers pay for many online services.
- Users of Google's free services "pay micropayments of personal information" according to Greg Conti, the Author of "Googling Security: How much does Google know about you?"
When the FTC/DOJ exclude privacy as a factor in its analysis of market power and anti-competitive behavior, they are fundamentally ignoring the implicit consideration by the consumer in the online advertising transaction.
- This is a stupefying consumer protection blindspot when antitrust authorities are supposed to be protecting consumers.
Moreover, since violating privacy norms is the best way for Google to optimize personalized, pay-per-click online advertising, excluding privacy from the antitrust enforcement equation is the functional equivalent of a prosecutor declining to consider motive in prosecuting an alleged crime.
- Essentially, Google's personalized, results-based, pay-per-click business model makes arbitrage of consumers' privacy into a core competency and competitive advantage.
Furthermore, abuse of consumer privacy creates competitive barriers to entry.
- That's because subsidizing free services in return for collection of private information without permission, effectively increases switching costs.
- The consumer ends up with multiple free services, with all the personalized "cookies" that come along with them, which results in more sticky locked-in users.
III. How are consumers harmed by exempting privacy from antitrust enforcement?
Privacy is central to safety and security.
- Traditionally privacy has been the first and best line of defense of consumers from fraud and harm, because it enables people to quickly discern friend from foe by what information they are privy to.
- Now bad actors have the ability to impersonate good guys by using private information to get more information, access and trust.
- The single most successful form of online fraud is abuse of private information to deceive consumers into letting them into their "circle of trust" -- to defraud or steal from them.
- It is ironic and exceptionally noteworthy that the biggest data breach/hack, maybe in the history of the Internet, was the hack and theft of Google's password system code (per the New York Times), which was done via a Facebook phishing scam that tricked Google engineers.
- Gmail alone has a quarter of a billion users with passwords to their private emails.
- Given the world-wide popularity of all of Google's free services that involve a password to protect private information, literally many hundreds of millions of Internet users private information potentially was breached or is vulnerable to breach in the future.
Massive collection of private information by Google and others also creates competitive information asymmetry that harms consumers.
- In the offline world, consumers as buyers can use anonymity and privacy to keep relevant negotiating information from sellers, like the intensity of their interest, their knowledge of best available alternatives, and their ability to pay.
- The purpose of much targeted advertising is to leverage the intimate knowledge in a permission-less personal profile to secretly influence a consumer to click on a particular ad.
- The unfettered collection, aggregation and analysis of massive amounts of a consumer's private information, like the personal dossiers Google and Facebook have assembled without express permission to use in this way, puts a consumer-buyer potentially at a dramatic asymmetric disadvantage to the seller in transactions -- relative to the normal instance where a consumer has reasonable expectations of initial privacy of their intentions, concerns and means in a commercial transaction.
Consumers can also be harmed by no privacy antitrust enforcement by being more susceptible to deceptive "bait and switch" tactics.
- Knowing they are in a de facto no privacy enforcement zone, it is in the interests of Google, Facebook and others to amass as many deep personalized profiles of users as quickly as possible without the consumers' knowledge, so that intimate targeting information can be quietly exploited at a later date, when the customer would not remember what information they may have previously revealed in their searches or surfing.
IV. Conclusion: Why Google is the "poster child" of this problem.
Google's serial privacide scandals, titanic security flaws, monopoly power, and total information awareness power, inevitably will make Google the "poster child" of the FTC/DOJ's ill-advised exclusion of privacy as an antitrust factor.
If the FTC/DOJ continue to fail to factor privacy into its antitrust analysis, expect the EU to fill that breach over time.
- Few appreciate the extent to which the EU's privacy and antitrust concerns will naturally coalesce around Google.
In the EU's recent Article 29 directives on data protection, privacy, and behavioral advertising, the EU has drawn at least two lines in the sand with Google and others:
- That consumers have a right to control their own private information and to withdraw their consent to use their information; and
- EU consumers' private data should be stored only in EU jurisdictions (when Google does not and cannot tell EU authorities where EU data is stored at any given time because of the dynamic virtualization algorithm of Google's BigTable database.)
The EU appreciates that Google has little interest in fully complying with these EU directives (because they seriously conflict with Google's business and technology models), so the EU ultimately will need to find additional leverage to bring Google into compliance on EU data protection and privacy directives.
- France's determination that Google is a monopoly in its Navx decision, combined with the EU investigation of "search neutrality," complaints by the UK's Foundem, France's ejustice.FR, and Italy's Ciao, could provide that additional EU leverage, because Google clearly has gotten the attention of the EU's antitrust head, Joaquin Almunia.
The EU also appreciates that: "If Brussels rules Google is dominant in its market, it would put the company on notice to act with “special responsibility” – a vague requirement in European law that could force it to re-examine many of its business practices..." (FT).
- In other words, if the EU confirmed France's finding that Google is dominant (and Mr. Almunia's mention of Google having a 95% share of Internet usage suggests that's the direction the EU antitrust authority may be going), an EU finding that Google is dominant effectively would give the EU the benefit of an enforcement "two-fer" -- in antitrust and data protection.
This convergence of interests in the EU for pursuing antitrust and privacy action against Google, will also add an international jurisdictional pincer dynamic for Google as well.
- One strong reason the Obama Administration and DOJ Antitrust Division Chief Christine Varney have signaled their intent to have stronger U.S. antitrust enforcement, is that the U.S. DOJ does not want the locus of world antitrust enforcement of U.S. companies to move away from the U.S., where it should be, to Europe -- because of weak U.S. antitrust enforcement.
- Moreover, the EU's interest in data protection and privacy naturally will put pressure on U.S. authorities to revisit their ill-advised decision to exclude privacy from antitrust analysis.
In a word, the days of pervasive permission-less profiling of consumers to amass, maintain, and extend market power via mass arbitrage of consumers' privacy -- are numbered.