This is the free edition of The Wavelength. Subscribe to get content like this three other times a week.
The Federal Trade Commission (FTC) has released its detailed budget request for the coming fiscal year (FY) a few weeks after the Biden Administration sent the bulk of its budget request to Congress. Given how late in the fiscal year appropriations were enacted, the entire budget process was set back, and the FTC was among those agencies that did not release their detailed budget information in concert with the White House. Nonetheless, in the Budget Appendix, the Administration sketched out the agency’s funding request:
The 2023 Budget includes a program level for the Commission of $490 million, funded by $202.5 million from the General Fund of the U.S. Treasury and offsetting collections from two sources: $274.5 million from fees for Hart-Scott-Rodino Act premerger notification filings as authorized by 15 U.S.C. 18a and $13 million from fees sufficient to implement and enforce the Telemarketing Sales Rule, promulgated under the Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. 6101 et seq., as amended).
But, as noted, the FTC has since published its FY 2023 Congressional Budget Justification that provides much more detail on what the agency is proposing to do with $490 million. And yet, much of the budget justification functions as a recap of the FTC’s achievements from the previous year, and so should one want a good overview, this is the document to use. But, before we get into the budget request, a bit of review will contextualize the budget request.
Last year, the FTC seemed on track to land additional funding that would be more than three times its current annual funding. As introduced, the “Build Back Better Act” would have provided the FTC with $1 billion over ten years to “operate a bureau to accomplish the work of the Commission related to unfair or deceptive acts or practices relating to privacy, data security, identity theft, data abuses, and related matters.” Incidentally, this is the first bill I can recall using the term “data abuse,” a term new to the FTC and some of its commissioners on how to view the ways entities are collecting, processing, and using personal data (see here for more detail and analysis.) Eventually, the $1 billion was cut in half as the entire package was reduced in size and scope, and the FTC would have gotten $500 million for the same purposes and period (see here for more detail and analysis.) And, of course, the effort to pass the bill cratered, and even with talk about resuscitating the bill, it seems unlikely the FTC will see extra funds from this initiative.
And so, this left the annual appropriations process for FTC funding, and Congress had difficulty enacting FY 2022 appropriations near the beginning of the fiscal year on 1 October 2021. Normally, talks drag into the late fall, and funding is agreed upon and passed for all federal agencies by the end of the calendar year. Not for FY 2022, however. An omnibus bill was held up until early March 2022, five months into the fiscal year, meaning agencies had to operate under a continuing resolution, which means funding and permission only for the previous year’s programs. Agencies were frozen and could not start new programs and initiatives. Nonetheless, the FY 2022 omnibus gave the FTC $376.53 million, some $25 million more than FY 2021, but less than House and Senate Democrats had wanted. The House’s bill would have given the FTC $389.8 million, a $38.8 million increase, and the Senate Appropriations Committee Democrats would have appropriated $384 million (see here for more detail.)
Finally, last year, both the Senate and House have passed a bill that would restructure the Hart-Scott-Rodino (HSR) pre-merger review process and fee structure. The “United States Innovation and Competition Act of 2021” (S.1260) and the “America Creating Opportunities for Manufacturing, Pre-Eminence in Technology and Economic Strength Act of 2022” (aka the America COMPETES Act of 2022) (H.R.4521) both contained the “Merger Filing Fee Modernization Act of 2021” (H.R.3843/S.228), a bill that would dramatically increase the fees companies would need to file with the FTC and Department of Justice (DOJ) for merger review. Part of these increased proceeds would be available to the FTC and DOJ as the bill authorizes $252 million for the DOJ’s Antitrust Division and $418 million the FTC. Of course, the appropriations committees would have to then allow the agencies to use the increases fees. Be that as it may, the House and Senate are said to be on the verge of agreeing on a final package that melds S.1260 and H.R.4521, and since the “Merger Filing Fee Modernization Act of 2021” was in both, it seems likely a final bill will have this legislation.
And now, back to the FTC’s funding request for the next fiscal year:
And so, the agency is asking for a huge budget increase of the sort a closely divided Congress is often unwilling to grant. To put the budget request in perspective, it is a 30% increase from FY 2022, and these sorts of funding boosts are not often provided absent immediate and compelling needs. It bears some emphasis that the actual appropriations (that is funding coming from the U.S. Treasury) needed for the request is much more modest. There are two sources of funding for the FTC: appropriations and fees. If Congress enacted the budget request, the FTC’s appropriation would jump $20 million from $182 million to $202.5 million, which is significant but relatively modest. The agency is planning on its massive funding increase be borne by those that pay fees.
In the current fiscal year, the HSR and Do Not Call fees would cover most but not all of the agency’s competition work. The budget request would ask Congress to allow the agency to collect $287.5 million in these fees, an increase of $118.5 million or over 70% from the current year, and then use $47.9 million for consumer protection work. And so, the agency is essentially asking Congress to bless charging businesses more for merger and acquisition review and competition enforcement to generate more funds for consumer protection. This is likely not going to be amenable to many Republicans.
The agency justified these funding increases:
This budget request seeks to recognize and address some of the increased demand on the agency’s resources. Over the past five years, annual consumer reports to the FTC increased from 2.9 to 5.7 million. Consumer fraud reports alone increased from 1.3 to 2.8 million and reported consumer fraud losses exploded from $1.1 billion in 2017 to over $5 billion in 2021. The increased demand on our competition resources is no less dramatic: In fiscal year 2021, the FTC and DOJ received notice of an astounding 3,520 transactions. That represents a 66% increase above the 10-year high.
Not surprisingly, to help address these trends, the FTC proposes to use $65.4 million to increase the size of the agency. Specifically, the FTC wants some of the funds to hire an additional 300 Full Time Employees (FTE) on top of its current 1140 FTE. This represents a significant increase in FTE for an agency that has still smaller than it was in 1980 when judged by employees. The FTC explained:
201 FTE to be evenly distributed in [the Bureau of Consumer Protection], [Bureau of Competition], and the FTC Regional Offices. The FTC plans to leverage its Regional Office structure and promote increased use of workplace flexibilities to expand its candidate pool when recruiting for new employees, allowing for a greater diversity of perspectives and experiences and expanding the agency’s presence in affected communities. The FTC will also cross-train attorneys so they can support either mission depending on the demands of the market, which have historically fluctuated unpredictably. Building up this nimble workforce will be critical to keeping pace with evolving economic realities.
It sounds like the FTC’s leadership wants to hire from outside Washington, DC in order to avoid what is sometimes characterized as the groupthink inside the Beltway. Certainly FTC Chair Lina Khan’s mentor of sorts, former FTC Commissioner and current head of the Consumer Financial Protection Bureau Rohit Chopra, found the FTC to be an agency operating under long lasting illusions about its lack of power. Chopra was often prodding the FTC to act more aggressively, use dormant powers, and read its statutory authority as broadly as possible. For example, Chopra and Khan wrote this 2020 article, urging the agency to use rulemaking powers to address antitrust and competition policy, a creative reading of the agency’s powers. Moreover, there have been some articles on how Khan’s new approach to using the agency’s powers has ruffled feather and led to some staff leaving (see here, here, here, and here.)
However, the FTC provided even more specificity on what the 201 FTE will support:
§ identifying, challenging, and litigating anticompetitive mergers and conduct;
§ development and implementation of HSR rulemaking proposals;
§ processing and reviewing workload associated with increased HSR merger filing activity;
§ increasing the FTC’s technology enforcement capacity to meet the demands of anticompetitive practices in the pervasive technology markets when warranted;
§ conducting merger and merger remedy retrospectives;
§ increasing paralegal workforce to assist in investigations, litigation and policy projects;
§ increasingly complex consumer protection investigations, including privacy and data security issues;
§ ensuring effective compliance monitoring and enforcement investigations;
§ emerging technology in the area of marketing practices; and
§ enhancing the FTC’s ability to understand quickly evolving technological issues implicated by its casework and keep pace with litigation demands.
This list of activities would support Khan’s ambitions to make the FTC a more muscular enforcer of its mandate regarding privacy, data protection, many things related to “Big Tech,” competition, industry consolidation, and others.
Zooming back out, the FTC provided detail on how its bureaus and offices would use the proposed increase in funds with respect to its consumer protection mission:
The FTC advances its goal of protecting consumers through five law enforcement areas (Privacy and Identity Protection, Financial Practices, Marketing Practices, Advertising Practices, and Enforcement), as well as through five additional functions (Litigation Technology and Analysis, Consumer Response and Operations, Consumer and Business Education, Economic and Consumer Policy Analysis, and Management). The FTC’s eight regional offices also further this goal by bringing a variety of consumer protection cases within the five law enforcement areas and maintaining important contacts with state Attorneys General and other state and local consumer protection officials.
Then the FTC broke down how it plans to spend $250 million for consumer protection:
The first thing that jumps out is that the agency is proposing to basically double its current spending and staffing on “Privacy and Identity Protection,” which would mean more investigations of potential Section 5 and “Children’s Online Privacy Protection Act” (COPPA) violations. The FTC explained:
Privacy and Identity Protection leads nationwide efforts to protect consumers from unfair, deceptive, or other illegal practices involving the use and protection of consumers’ information. Law enforcement under Section 5 of the FTC Act is a central part of this program, including cases in which companies collect, use or share user information in ways inconsistent with user expectations, or fail to take reasonable steps to secure users’ data. Another key priority is protecting the privacy of children under age 13 by enforcing [COPPA], which requires online services that collect personal information from children to provide parents with notice and get their consent prior to collection, minimize data collection and retention, delete kids’ data upon request, and limit uses of data. In the area of financial privacy, the FTC enforces rules implementing the privacy provisions and security of the Gramm-Leach-Bliley Act including requirements that financial institutions implement reasonable administrative, technical, and physical safeguards to protect customer records and information. In addition to its enforcement efforts, the FTC issues reports and hosts workshops, such as the annual PrivacyCon, at which new research on privacy and security issues is presented.
Of course, if Congress were to pass and the President sign data protection legislation, this increased funding and staff could be used to implement and enforce the new regime since very few of the data privacy bills increased thus far include extra funding. As a result, something would have to inevitably give, and one of the agency’s priorities could receive less attention and resources.
With respect to the agency’s other mission, the FTC stated:
The FTC promotes competition through five primary law enforcement activities (Premerger Notification, Merger and Joint Venture Enforcement, Merger and Joint Venture Compliance, Nonmerger Enforcement, and Nonmerger Compliance) supported by Antitrust Policy Analysis and other direct functions.
The FTC also provided a breakdown of the how funds for promoting competition would be used:
As with consumer protection, the FTC is asking for much more funding to increase staff and its activities in competition policy. The agency explained its rationale for some of the increased funding:
§ …anticompetitive mergers or joint ventures can harm consumers significantly by raising prices, reducing output, reducing product quality, restricting consumer choice, or inhibiting innovation. The Merger and Joint Venture Enforcement Program seeks to prevent these effects in any market in which the FTC has reason to believe a merger is likely to substantially lessen competition, particularly in sectors of the economy that are important to consumers such as technology, health care (including pharmaceuticals), energy, and retail goods and services .
§ Effective merger enforcement requires the Commission to identify anticompetitive transactions and obtain appropriate relief to maintain competition in the market. To identify whether a merger is anticompetitive, staff must determine whether the merger may 1) create or enhance the ability of the remaining firms to raise prices, reduce output, diminish innovation, or otherwise harm customers, or 2) increase barriers to entry or expansion.
§ The FTC challenges a wide variety of business practices that may harm consumers by allowing firms to raise prices beyond competitive levels, or to reduce output, quality, innovation, or consumer choice. These anticompetitive practices generally fall into three broad categories: horizontal restraints, distributional restraints, and unilateral conduct. Identifying and proving these types of violations requires legal and economic analysis and thorough investigation to distinguish between conduct that may threaten the operation of open and competitive markets and conduct that promotes competition or otherwise benefits consumers.
As is clear, the agency plans on continuing its aggressive approach to anti-competitive merger and non-merger activity, which has a broader scope than the FTC has recently used.
The United States (U.S.) and 60 other nations launched the “Declaration for the Future of the Internet,” which “represents a political commitment among Declaration partners to advance a positive vision for the Internet and digital technologies.”
The Australian Competition and Consumer Commission (ACCC) issued its “fourth report in its Digital Platform Services Inquiry examined whether online marketplaces are promoting fair and competitive markets for consumers and sellers” and stated that “[c]oncerns include the use of algorithms to decide how products are ranked and displayed (including some marketplaces giving preference to their own products), the collection and use of consumer data, inadequate dispute resolution processes and a need for more consumer protections.”
The Court of Justice for the European Union (CJEU) ruled against Meta/Facebook in finding that the “the General Data Protection Regulation (GDPR) does not preclude national legislation which allows a consumer protection association to bring legal proceedings, in the absence of a mandate conferred on it for that purpose and independently of the infringement of specific rights of the data subjects, against the person allegedly responsible for an infringement of the laws protecting personal data, on the basis of the infringement of the prohibition of unfair commercial practices, a breach of a consumer protection law or the prohibition of the use of invalid general terms and conditions, where the data processing concerned is liable to affect the rights that identified or identifiable natural persons derive from that regulation” per the court’s summary.
The United States (U.S.) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) “have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022…to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.”
The California Public Utilities Commission penalized “T-Mobile USA in the amount of $5,325,000.00” because the company “falsely represented that there would be a three-year customer migration period (2020-2023) for all former Sprint Communications Company L.P. (Sprint) customers (i.e., both the former Sprint customers who would become T-Mobile customers on the new T-Mobile 5G network; and the customers of the former Sprint subsidiary, Boost Mobile, who would become customers on the new DISH Network).”
United States (U.S.) House Energy and Commerce Committee Ranking Member Cathy McMorris Rodgers (R-WA), Communications and Technology Subcommittee Ranking Member Robert Latta (R-OH), Senate Commerce, Science, and Transportation Committee Roger Wicker Ranking Member (R-MS) and Communications, Media, and Broadband Ranking Member Subcommittee John Thune (R-SD) wrote Assistant Secretary of Commerce for Communications and Information and National Telecommunications and Information Administration head (NTIA) Alan Davidson “outlining their priorities for implementation of the NTIA’s Infrastructure and Jobs Act (IIJA) broadband programs."
The Europol Innovation Lab “published its first report under its Observatory function, entitled “Facing Reality? Law enforcement and the challenge of deepfakes” and found that “[a]dvances in artificial intelligence and the public availability of large image and video databases mean that the volume and quality of deepfake content is increasing, which is facilitating the proliferation of crimes that harness deepfake technology.”
The National Telecommunications and Information Administration’s (NTIA) Institute for Telecommunication Sciences (ITS) “in collaboration with the Department of Defense (DOD), announced 5G Challenge contestants selected from Early-Bird entries…[a] prize competition [that] aims to accelerate the adoption of open interfaces, interoperable components, and multi-vendor solutions toward the development of an open 5G ecosystem” per the agency’s press release.
The National Telecommunications and Information Administration (NTIA) submitted an “information collection request to the Office of Management and Budget (OMB) for emergency review and approval in accordance with the Paperwork Reduction Act of 1995” “to ensure that the agency can meet the statutory deadlines Congress set forth for the Infrastructure Act Broadband Grant Programs” by making the “process more equitable for all of its potential applicants for the broadband grant programs enacted in the Infrastructure Act, including those with limited resources and/or technical expertise.”
The California Public Utilities Commission (CPUC) “adopted rules for a new $2 billion grant program focused on building broadband Internet infrastructure for communities without access to Internet service at sufficient and reliable speeds” according to the CPUC’s press statement.
The United States (U.S.) National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released“three related publications on trusted cloud and hardware-enabled security.”
The Joint Chiefs of Global Tax Enforcement (known as the J5), “comprised of Australian Taxation Office (ATO), the Canada Revenue Agency (CRA), the Fiscale Inlichtingen- en Opsporingsdienst (FIOD), HM Revenue & Customs (HMRC), and Internal Revenue Service Criminal Investigation (IRS-CI),” “announced the release of an intelligence bulletin today, warning banks, law enforcement personnel and private citizens of some of the dangers when dealing with Non-fungible Tokens (NFTs).”
Tweet of the Day
“Alphabet’s profit drops 8% as Google’s pandemic boom shows signs of slowing.” By Daisuke Wakabayashi — New York Times
“Microsoft reports rising revenue and profits, despite war and inflation.” By Karen Weise — New York Times
“Apple reports positive results despite shortages and economic fallout” — Associated Press
“Activision Blizzard shareholders greenlight Microsoft sale, but FTC showdown looms” By Nick Statt — Protocol
“Twitter miscounted its daily users for three years straight” By Jacob Kastrenakes — The Verge
“How to use Apple’s new repair program” By Rebecca Heilweil — recode
“Private equity executive sought to undermine NSO critics, data suggests” By Stephanie Kirchgaessner and Harry Davies — The Guardian
“Leftist gimmick accounts want their tweets to influence politics, too” By Mia Sato — The Verge
“A chilling Russian cyber aim in Ukraine: Digital dossiers” — Associated Press
“Auto-renewing subscriptions are irritating. Some states are cracking down.” By Veronica Irwin — Protocol
“Elon Musk’s Twitter takeover gives him a new type of power” By David Ingram — NBC News
“Google will let you request fewer ads about weight loss and dating” By Mitchell Clark — The Verge
“NIST Official: Revised Cybersecurity Supply-Chain Guidance Imminent” By Mariam Baksh — Nextgov
“Meta is using AI to push people to watch more Reels” — and it's working” By Sarah Roach — Protocol
§ 28 April
o The United Kingdom’s (UK) House of Lords Fraud Act 2006 and Digital Fraud Committee will hold a formal meeting (oral evidence session) regarding “what measures should be taken to tackle the increase in cases of fraud.”
o The United States (U.S.) House Appropriations Committee’s Homeland Security Subcommittee will hold a hearing titled Fiscal Year 2023 Budget Request for the Cybersecurity and Infrastructure Security Agency.
o The United States (U.S.) House Administration Committee will hold a hearing titled “A Growing Threat: The Impact of Disinformation Targeted at Communities of Color.”
o The United States (U.S.) Federal Trade Commission (FTC) will hold an open meeting with these items on the agenda:
§ Notice of Proposed Rulemaking and an Advance Notice of Proposed Rulemaking regarding the Telemarketing Sales Rule: FTC staff will provide a presentation and the Commission will vote on the Notice and the Advanced Notice. The proposed changes to the Rule reflect input from the public. They would allow the rule to better address fraudulent business-to-business telemarketing and would introduce requirements for easy cancellation methods for telemarketing sales, among other improvements.
§ Presentation on Section 13(b) of the Federal Trade Commission Act: Ahead of the one-year anniversary of the U.S. Supreme Court’s AMG Capital Management v. FTC decision, which overturned the longstanding 13(b) authority to collect monetary redress for consumers, staff will provide a presentation on the decision’s impact on the agency’s enforcement work.
§ 4 May
o The European Data Protection Board will hold a plenary meeting.
o The United States (U.S.) National Artificial Intelligence Advisory Committee will hold an open meeting.
§ 12 May
o The United States (U.S.) Federal Trade Commission (FTC) and U.S. Department of Justice will hold a listening forum on firsthand effects of mergers and acquisitions: technology.
o The European Data Protection Board will hold a plenary meeting.
§ 15-16 May
o The United States-European Union Trade and Technology Council will meet in France.
§ 16-17 June
o The European Data Protection Supervisor will hold a conference titled “The future of data protection: effective enforcement in the digital world.”