On May 28, BusinessWeek Online technology reporter Jane Black spoke to Chairman Muris about the FTC's efforts to protect personal privacy and what still needs to be done. Here are edited excerpts from their conversation:
Q: What's the greatest threat to individual privacy?
A: The most serious danger is one that can lead to physical harm through stalking or some other event. That's fairly rare, but when it happens it's very serious. And it can happen as a result of the misuse of personal information.
The most serious economic danger is from identity theft. But you can have other problems, too, such as disruptions in your life from spam [junk e-mail] and telemarketing calls. That's why we're focusing on these issues.
Q: Who are the culprits? Whom should we be most afraid of?
A: There are a lot of people who could misuse information. Government itself collects a lot of information and, on occasion, it has collected information it doesn't need. I think that's a serious problem.
At the FTC, we look mostly at commercial transactions. With identity theft, we work closely with criminal authorities. The Justice Dept. recently brought a whole raft of identity-theft cases, and we participated in that sweep.
We also just held a workshop with the business community and consumer groups on improving the security of information. That's something that many businesses need to do a better job of. Some consumers, those with home computers, need to do a better job of keeping their information secure, as well.
Q: What can individuals actually do? How much responsibility do you think they should have to take on?
A: It's up to the person. But if the individual chooses to, he or she can do a lot. You can be very careful in simple ways: Be careful with your credit-card receipts. Read your credit-card bills to make sure that no one has stolen your identity. With your computer at home, be careful who you give your information to. Read Web sites' privacy policies. You can vote with your feet, or with your mouse.
Q: The Fair Credit Reporting Act is often cited as a model for new privacy legislation. Do you agree?
A: I think it's a brilliant statute. And let me tell you why. All over the U.S., there's a phenomenon that I call the "miracle of instant credit." It means that you can walk into a car dealer, and if you have good credit, you can borrow, in an hour, $10,000 or $15,000 from a stranger and drive out with a new car.
It happens because we have this clever statute, the Fair Credit Reporting Act. And what it says is, you can't hide your credit-payment record. In other words, if you have a bad credit record, you can't keep businesses from getting that information. But the statute also tells businesses that they can only use that information for a legitimate purpose, such as when someone wants to borrow money. It's an excellent statute that benefits both consumers and businesses.
Q: But you've gone on record saying we don't need more regulation, we need more enforcement.
A: What I've said is that we don't need the kind of online legislation that people have suggested that deals with "notice" [of how information on them is used] and "choice" [limiting access to personal data]. I do think we could use more identity-theft legislation. We're also looking at the possibility of more legislation dealing with [how to protect] Social Security numbers.
I think the legislation we have on the books for specific problems -- defending against identity theft, protecting children, dealing with problems in credit reports -- is excellent. It's the kind of legislation we should enforce.