FTC Privacy Law and Policy Now Available on Amazon, at Cambridge, and Electronically on Kindle, eBook, and Play


“Chris Hoofnagle has written the definitive book about the FTC’s involvement in privacy and security. This is a deep, thorough, erudite, clear, and insightful work – one of the very best books on privacy and security.”
Daniel J. Solove, John Marshall Harlan Research Professor of Law, George Washington University, Washington DC
“A landmark work for anyone interested in privacy or consumer protection law.”
Paul M. Schwartz, Jefferson E. Peyser Professor of Law, Berkeley Law School
“This well-written, comprehensive history of the Federal Trade Commission shows once again the primary importance the agency has played in shaping the regulatory environment of the United States. It is essential reading for anyone who deals regularly with the FTC, and is a good primer for those coming in contact with the agency for the first time. Clear, thoughtful and engaging.”
Kirstin Downey, Editor, FTC:WATCH
“A timely and insightful analysis of the FTC as a key actor in protecting information privacy. The historical context provides a solid basis for Hoofnagle’s well-supported policy recommendations.”
Priscilla M. Regan, George Mason University, Virginia
“A welcome perspective on challenges facing a great agency designed to “rein in” the American market.”
Norman I. Silber, Hofstra University, New York
“This book offers a fascinating, informed exploration into the dangers of the Internet and the problems and potentials of the FTC in effectively dealing with them. It is well worth our attention.”
William L. Wilkie, Aloysius and Eleanor Nathe Professor of Marketing Strategy, University of Notre Dame, Indiana
“This book offers a fascinating, informed exploration into the dangers of the Internet and the problems and potentials of the FTC in effectively dealing with them. It is well worth our attention.”
William L. Wilkie, Aloysius and Eleanor Nathe Professor of Marketing Strategy, University of Notre Dame, Indiana
“Chris Hoofnagle has done an enormous public service by writing a comprehensive and critical guide to the Federal Trade Commission’s consumer protection efforts, which started over a century ago in reaction to a changing economy and industrialization. Invasive new technologies and influential internet platforms make the agency more relevant than ever, but it remains a mystery to most citizens and is often maligned by business interests. Those of us who care about privacy and fairness in the digital age must pay attention to the FTC’s crucial role in information policy, and we could not ask for a better primer than this incisive and informative book.”
Astra Taylor, author of The People's Platform
“Hoofnagle makes sense of the recent challenges to the FTC’s data security authority and suggests a long-term, structural strategy for addressing information-age security risks.”
Bruce Schneier, author of Data and Goliath: The Hidden Battles to Collect your Data and Control your World
“Chris Hoofnagle, UC Berkeley, has written an excellent book about the FTC and its approach to privacy. In part, it is an institutional history… I think the book also would make a great foundational text in a seminar on consumer law.”
Katie Porter, Professor of Law, UC Irvine
“This is a detailed, clearly written guide to the FTC, with specific attention to its privacy practices but including an extensive discussion of its overall history and jurisdiction…I learned a lot, and I’m going to recount some of the highlights…”
Rebecca Tushnet, Professor of Law, Georgetown
“Chris Hoofnagle has put together an impressive, authoritative and useful treatise on the law of consumer privacy in the U.S. and the role of the Federal Trade Commission.  This book is an excellent read for all those interested in consumer privacy, and should prove to be a valuable resource for years to come.”
Dee Pridgen, Professor of Law, University of Wyoming
…Through his analysis of the role played by the courts, Congress, and the Commission itself, he illustrates the doctrines and dynamics that have contributed to shaping this agency. This makes the book a valuable tool for European privacy experts who wish to better understand the US regulatory approach to privacy protection and understand how political and social forces have affected the powers given to the Commission.
Alessandro Mantelero, Professor of Private Law and of Innovation & International Transactions Law at the Polytechnic University of Turin
…Overall, Chris Hoofnagle’s Federal Trade Commission Privacy Law and Policy is a fascinating read and a treasure trove of useful references for further research.
Bilyana Petkova, Max Weber Fellow, European University Institute
2016Wednesday, November 16

On Kenneth Rogoff’s The Curse of Cash

November 16th, 2016|

Professor Kenneth Rogoff’s Curse of Cash convincingly argues that we pay a high price for our commitment to cash: Over a trillion dollars of it is circulating outside of US banks, enough for every American to be holding $4,200. Eighty percent of US currency is in hundred dollar bills, yet few of us actually carry large bills around (except perhaps in the Bay Area, where the ATMs do dispense 100s…). So where is all this money? Rogoff’s careful evidence gathering points to the hands of criminals and tax evaders. Perhaps more importantly, the availability of cash makes it impossible for central banks to pursue negative interest rate policies—because we can just hoard our money as cash and have an effective zero interest rate.

What to do about this? Rogoff does not argue for a cashless economy, but rather a less cash economy. Eliminate large bills, particularly the $100 (interesting fact–$1mm in 100s weighs just 22 pounds), and then moving large amounts of value around illegally becomes much more difficult. Proxies for cash are not very good—they are illiquid, heavy, or easily detectable. And what about Bitcoin?—not as anonymous as people think. Think Rogoff’s plan is impossible? Well, India Prime Minister Modi just implemented a version of it, eliminating the 500 and 1,000 rupee notes.

As you might imagine, Rogoff’s proposal angers many privacy advocates and libertarians. His well written, well informed, and well argued book deserves more than its 2 stars on Amazon.

My critique is a bit different from the discontents on Amazon. I think Rogoff’s proposal offers a good opportunity to think through what consumer protection in payments systems might look like in a less-cash world—this is a world I think we are entering. Yet, Rogoff’s discussion shows a real lack of engagement in the payments and especially the privacy literature. For Rogoff’s proposal to be taken seriously, we need to revamp payments to address the problems of fees, cybersecurity, consumer protection, and other pathologies that electronic payments exacerbate.

The Problem of Fees

One immediately apparent problem is that as much as cash contributes to crime and tax evasion, electronic payments […]

2016Saturday, September 17

FTC PL&P Reviewed in ICON

September 17th, 2016|

I am honored and delighted to have my book reviewed by EUI’s Bilyana Petkova, who wrote in part:

…the work of Hoofnagle stands out by offering both a welcome description of the applicable law and a broad contextual framework…Chris J. Hoofnagle takes over fifteen years of experience in American consumer protection, information, and privacy law and converts them into an absorbing, in-depth institutional analysis of the agency.
Overall, Chris Hoofnagle’s Federal Trade Commission Privacy Law and Policy is a fascinating read and a treasure trove of useful references for further research.

The full cite is: Bilyana Petkova, Book Review: Federal Trade Commission Privacy Law and Policy, 14(3) Int J Constitutional Law 781–783 (2016) doi:10.1093/icon/mow053

2016Friday, September 2

LifeLock’s Non-Public Initial Assessment

September 2nd, 2016|

In LifeLock, the FTC alleged that the company “failed to establish and maintain a comprehensive information security program…” as required by a 2010 order. Lifelock settled the case for over $100M, despite the fact that the company claimed it had a clean bill of health from a reputable third party PCI assessor, and according to Commissioner Olhausen, LifeLock suffered no breach. Much of LifeLock was sealed, and so the case is a bit of a puzzle–how could it be the case that a company that receives a clean PCI-DSS assessment could also fail to establish a security program?

I hear we’re going to learn more specific details on the case soon, but in the meantime, the FTC just released to me LifeLock’s initial (2010) assessment. It contains a comical “public version” which is completely redacted and a largely unredacted “non-public” version.

More to come soon, but bear in mind that the FTC gave Wynhdam a kind of safe harbor if the company obtains a clean PCI assessment. If other respondents ask for similar treatment, these assessments are going to become more important than ever.

2016Friday, September 2

On Cathy O’Neil’s Weapons of Math Destruction

September 2nd, 2016|

Few have shed as much light on data science than Cathy O’Neil. The former Barnard math professor, author of Doing Data Science, and hedge fund quant has now published Weapons of Math Destruction (Crown 2016).

Weapons of Math Destruction (WMDs) are perversions of data science that increasingly influence our lives. O’Neil shows how sloppy mathematical processes, designed for efficiency and lacking any consideration of fairness, are being used to sort people. Why is this a problem? WMDs are focused on the poor, while the rich get to rely on old-school methods reputation and decisionmaking—the letter of recommendation, the personal interview, and so on. Why are WMDs worse than ordinary human decisionmaking, with all of its foibles? O’Neil argues that WMDs lack feedback loops and that WMD users are much more concerned about doing things well enough rather than correctly. To demonstrate these points, O’Neil walks the reader through anecdotes including the scoring of teachers based on student exam performance, the pathologies that have arisen from U.S. News & World Report’s rankings of colleges, the online advertising that leads people to subprime loans and for-profit colleges, use of algorithms to sentence criminals, use of predictive policing to allocate cops on the beat, the use of information to set personalized insurance rates, and Facebook’s potential to influence our mood and votes.

Our livelihoods increasingly depend on our ability to make our case to machines

O’Neil points out time and again that people learn to game the algorithm. So, why isn’t that enough to solve the problems that O’Neil elucidates? The gaming creates perverse incentives and gross outcomes. Teachers help their students cheat in order to perform well on test-score-based algorithms; the honest who do not get fired. Colleges “hire” highly-cited professors on a part-time basis only to list them on their website in order to improve the school’s ranking.

In other cases, individuals cannot game the system and they suffer for it. Poor neighborhoods with nuisance crimes get more and more police attention, and in turn, more arrests, which feeds into other systems that predict that the poor are more likely to be recidivists. […]

2016Monday, August 8

15 Cromulent Neologisms From Joshua Cohen’s Book of Numbers

August 8th, 2016|

I am so delighted with Joshua Cohen’s Book of Numbers that here I’ve picked out my favorite neologisms from the work (earlier post on the book here).

  • Adverks sales: The industrial activity of advertising—onvertising, online advertising
  • Recs, rectards, rectarded, recy: One of the most colorful and widely used descriptors in the book. Techs are sophisticated users, and then there’s recs, recreational ones. For instance, Principal describes the company’s new New York office as being filled with “Divisions requiring minimal intelligence. Minimal skill. Not techs but recs.” And Principal’s father as having subscribed to a “cruft of rectarded netservices whose chief goal was to keep their users within the walled garden by providing a sense of community, along with local news and weather, only so as like not to lose them to the wilds of the web…”
  • Lusers: Loser users
  • Plastiwicker: Those cheap plastic chairs formed to look like wicker
  • Laptopped: Your probable current condition, dear reader
  • Fannypackers: Wearers of fanny packs
  • Acqhires: Workers “hired” through acquisition of their company
  • Lotused: Something that Steve Jobs might do
  • Comptrasting: To both compare and contrast
  • Octalfortied: Forgotten
  • Concentives: The name Cohen gave to a mystery shopper company. Seems perfect for a social media marketing company
  • Crustaceate: A crabwalk. To index internet sites like a crab, compare with “spider” or “crawl”
  • Glomars: Presumably a reference to the Glomar Explorer—a project so secret that one cannot disclose its existence or non-existence. We learn from the book that Tetration is spying on its users and perhaps framing them for crimes by suggesting content.
  • Lynchrims: “…situations in which one human hangs lynched without clothes from a tree while another human stands just below and rims their anus.”
  • Compocalypse: Computer related disaster

Useful words I learned from Book of Numbers





Verbigeration 🙂


2016Sunday, August 7

On the “Influencers”–Nothing New Under the Sun

August 7th, 2016|

Bloomberg reports, FTC to Crack Down on Paid Celebrity Posts That Aren’t Clear Ads. Yes, the FTC is saber-rattling on this issue, with its native ads workshop, statements on the issue, and enforcement actions. And the media coverage runs into the same old arguments.  First, “we didn’t intend to mislead.”

We’re venturing into a little bit of ridiculous territory with the FTC saying these things because influencers really want to follow the rules,” Pomponi said. “They want to do a good job — they want to be seen as useful to brands and don’t want to do anything that would jeopardize their relationships.”

That’s great and all, but as an advertiser, you hold the duty to ensure that your messaging is not misleading. You are in control of it. You draft it. You have to anticipate how a reasonable consumer right interpret it. FTCA liability does not require an intent to deceive. The issue is whether endorsements are likely to mislead, even if the deception was an unintentional mistake.

There’s a basic tension here. The point of endorsements, like native advertising, is to create a friendly engagement with the product. However, that friendly engagement may disarm the consumer. When the consumer recognizes material as advertising, it causes the consumer to more skeptically evaluate (or avoid) an advertising claim. Thus, the benefits of secret endorsement are in tension with the goal of enabling consumers to be self-reliant in recognizing commercial persuasion.

Second, there’s something new and different about influencers and ads:

Some advertisers say influencer posts don’t deserve such careful disclosure, because they are not the same thing as a traditional ad. Lauren Diamond Kushner, a partner at Kettle, a creative agency in New York, has worked on influencer campaigns with brands including Sunglass Hut. She said the Instagram stars and YouTubers often only work with the brands that they genuinely like and use.

Wrong! So, before the internet, there was this thing called TV. And on TV, there were celebrities who did ads. Those celebrities too screened products and only did endorsements that were not too embarrassing. (In many cases, real celebrities limit ads so that […]

Load More Posts