Thank you for this warm reception and the kind introduction, Randy. Facing a room full of experienced and brilliant attorneys is always a daunting task for me, not being a Member of the Priesthood. However, I am usually in my office, a relatively small room, and the odds are sort of even - me against six of you. This setting is ridiculous!! I feel a need to call in the Marines.
The Role of Government
First, I would like to share with you some personal, philosophical perspectives that influence my approach to being an executive in government, an honor I have had on four occasions. Before I begin that discussion, however, let me point out that my remarks today are my own and do not necessarily reflect the views of the Federal Trade Commission or of any other Commissioner.
I believe our Founding Fathers had it right: government should play only a minimal role in our lives, should not be intrusive, and should avoid being unreasonably burdensome. Those of us serving in government should begin each day mindful of our modern distillation of the Hippocratic Oath: "Above all, do no harm." I add a personal challenge to this approach before making final decisions by asking myself and my staff, "Does this make sense?"
I believe limited government is essential to assuring Americans the privilege of making their own decisions about virtually every aspect of their lives. As Ronald Reagan said, "The . . . inescapable truth is: government does not have all the answers. In too many instances, government does not solve problems; it subsidizes them."(1) On another occasion he suggested that "when government decides to solve something, we have learned to be wary. The cure may not always be worse than the disease, but it is usually bigger and it costs more."(2)
When private markets are permitted to operate without, or with minimal, government intervention or control, they generally produce more and better products at lower prices for all Americans. For the most part, private markets should be left alone to work their magic. Nevertheless, there is a persistent temptation among some in government to think that the government can produce "better" outcomes if it controls, directs, regulates or otherwise alters decisions made in the marketplace. No better example of this exists today than the Senate's recently-passed anti-spam bill that directs the FTC to prepare a plan to implement a "Do Not Spam Registry," notwithstanding opinions from the FTC and from countless industry experts that this is not a good idea.
Although I am an advocate for less government intervention and more private sector self-regulation, I do not wish to leave you with the impression that I believe there is no role for government, and especially for the FTC. Quite to the contrary. First of all, my experience at the FTC only reinforces my belief that too often the heavy hand of government involvement is a direct reaction to the misdeeds and excesses of those in the private sector. Profit is a great motive and driving force in our economic system, but greed tarnishes us all. In recent years, we have certainly seen sufficient examples of greed that begs for some higher authority to act forcefully. Our experiences at the FTC remind us daily that there are firms and individuals attempting to fix prices, lessen competition, and otherwise illegally manipulate the marketplace and to engage in unfair, deceptive, and fraudulent practices - all of which cause (or can cause) considerable harm to consumer welfare.
The FTC is a law enforcement agency. For the most part, it is not tasked with - nor should it seek responsibility for - controlling, managing, or directing private decision making. Of course, there are limited circumstances, to which we can apply the shorthand description "market failures" - or, especially in the consumer protection arena, amounting to outright fraud - where the Commission must act. However, we should be persuaded that government intervention is clearly required before we intervene in private decision making. I think this view is consistent with the FTC Act's requirement that the Commission proceed only when it has reason to believe that the law is being violated and that an enforcement action would be in the public interest.
Consumer Protection
The times when the government must take action are especially evident in the FTC's consumer protection role. If consumers are being deceived - or, to put it bluntly, if they're being scammed - the government must often get involved, especially when the damage to consumers is egregious. It's as simple as that.
As you all know, the Commission has an administrative adjudication process it can use for law enforcement. After the Commission issues a complaint alleging that a company or an individual has engaged in unfair or deceptive practices, an ALJ hears the evidence and issues an initial decision. Any appeals of that decision are heard by the full Commission. This process allows the Commission to examine and expound on the more subtle issues of the law, a truly useful process.
On a day-to-day basis, however, much of what we face in our consumer protection role is outright fraud. For example, telemarketers target consumers with poor credit, and guarantee that they can receive a MasterCard or Visa credit card - with a $2500 credit limit. You just have to pay an advance fee of $200. Many consumers believe this and pay the fee. Needless to say, no one receives a credit card. If consumers get anything for their money, it's often just a plastic "stored value" card (which is essentially a debit card, which you can use as long as you have cash to put on the card).(3)
The administrative process doesn't lend itself well to cases like this. The FTC must act quickly to stop the fraud and to obtain money to redress the victims. Fortunately, the FTC has the authority to proceed in federal district court, to seek temporary restraining orders and asset freezes, and to obtain consumer redress. Actually, for many of these frauds, I continually say that "we need a good hanging." How's that for someone who advocates minimal government intrusion?
Although our law enforcement cases demonstrate the importance of aggressive government action, they also demonstrate a troubling reality: government can't solve all the problems. We get involved only after consumers are scammed.
In the advance fee credit card area, we have brought case after case after case. Another hot topic these days is weight loss. What's the newest potion, pill or gadget designed to make consumers lose weight fast - and without diet or exercise? Over the last decade, the Commission has taken an unprecedented number of law enforcement actions against weight loss frauds, and yet the number of facially deceptive weight loss ads has increased.(4)
Here are a couple of recent examples. The FTC alleged that the marketers of Slim Down Solution, a dietary supplement product, falsely claimed that the product causes significant weight loss. To quote from the infomercial: "Just one tiny Slim Down tablet can reduce the amount of fat in a slice of chocolate cake down to the fat in a fruit cocktail."(5)
And who will forget Fast Abs exercise belts? The infomercials for these products claimed that consumers could lose inches and get washboard abs by simply using the electronic pulse belts. The FTC alleged that these claims were false, and the principals of the company paid $5 million in consumer redress to settle the case.(6)
But scammers are like cockroaches. You might kill one, but there are plenty more out there. It is quite frustrating to see the same types of cases over and over again. But it's not surprising. Look at whom the fraud artists are targeting: people who are desperate, whether it's desperate to get credit or desperate to lose weight. And it's no wonder that many fraud artists target the elderly, who are often lonely and easily fall victim to scams.
Recognizing this phenomenon, the FTC augments its enforcement role with a strong push toward consumer education. In my view, this is one of the most important roles the Commission should play. Consumers will always be their own best line of defense.
We initiate numerous consumer education campaigns, disseminate print publications and online brochures, translate information into Spanish to reach a larger audience, and provide information on a variety of topics to consumers who call our toll-free telephone number or visit our website. In developing and disseminating our consumer education messages, we work in partnership with numerous other groups, including other federal government agencies, state and local authorities and law enforcement, businesses, trade associations, and consumer groups. It is a continuing challenge to reach consumers, raise awareness, and provide information to help consumers make informed purchasing decisions and avoid fraud - in other words, to be equipped to be their own best line of defense. As the precinct sergeant on Hill Street Blues used to say, "It's [truly] a jungle out there!"
Beyond taking case-by-case enforcement actions, the FTC is a regulatory agency. We issue regulations pursuant to Congressional mandates and under the authority in the FTC Act to prohibit patterns of deceptive or unfair practices. My main focus as a Commissioner has been to ensure that we regulate only when absolutely necessary. Let me give you two examples I hope will illustrate this distinction: online privacy legislation, which I vehemently opposed, and the recently implemented national Do Not Call registry, which I wholeheartedly supported.
First, the privacy debate. In the '90s, the Internet emerged as an incredible tool for information, entertainment, and commerce. Not surprisingly, with technological innovations and increased Internet use came increased privacy concerns. Personal information can be collected and shared easily in an online setting.
The FTC became intensely involved in Internet privacy issues. The Commission conducted a number of privacy surveys to identify the privacy practices employed by online firms. The FTC also held workshops and hearings - bringing together parties with different interests - to examine and learn about privacy issues.(7) And then the Commission took a position on the need for legislation. In 2000, a majority of the Commission recommended that Congress require that all consumer-oriented commercial websites provide notice, choice, access, and security to their customers.(8) The majority concluded that our privacy surveys showed that online firms were making little improvement in implementing privacy policies, that the lack of such privacy policies would hinder the growth of e-commerce, and that nothing would change without legislation.
I dissented from this recommendation.(9) I believe that the market can best fix most problems and that we should not create new regulatory burdens without consideration of the problems legislation may create by, for example, imposing costs or other unintended consequences that could severely stifle e-commerce.
One of my main criticisms of the majority's legislative recommendation was that the Commission made no effort to account for the relative costs and benefits associated with new legislation. Also, little thought was given to regulation's unanticipated effects on competition and consumer choice. If government were to mandate "the answer" to consumer privacy concerns by requiring firms to take certain steps, then there would be a disincentive for industry to develop further technological solutions. Legislation could actually give consumers fewer choices and, as technology changes, less privacy.
Instead, I believed that industry was much better suited than government to "get it right." In this emerging area, the role of government should be to encourage self-regulation, educate consumers on how to protect themselves through privacy-enhancing technologies, and then provide an essential enforcement backstop. If you lie to consumers about what information you collect and what you do with it, then you pay the price with an FTC lawsuit, not to mention the severe punishment that can be meted out by dissatisfied customers.
Fortunately, legislation was not implemented. Now, under Chairman Muris's leadership, we have followed the path I suggested and focused on enforcing existing laws and protecting consumers from harm. And the marketplace is working.
Let's contrast privacy legislation with the national Do Not Call registry. In 1994, Congress recognized abuses in the telemarketing industry and required the FTC to issue rules that prohibit deceptive and abusive telemarketing practices.(10) We issued such a rule - the Telemarketing Sales Rule, or "TSR" - in 1995.(11) Among other things, the TSR required companies to maintain their own specific do not call lists. If a consumer asked not to be called again, the company had to place the consumer's number on the list and could not call the consumer again.
In 2000, the FTC began a mandatory process of reviewing the TSR.(12) As a result of this process, the Commission proposed making some changes to the TSR, including the establishment of a national Do Not Call registry.
As with other agencies, our rulemaking proceedings involve requesting public comment on the proposals and holding workshops. We received over 60,000 comments - the most we have ever received in a rulemaking proceeding. The vast majority of these comments supported the national Do Not Call registry.
As I'm sure you've all heard, the FTC amended the TSR and established the national registry.(13) I was quite happy being one of the biggest supporters of this decision. The Commission had already tried a narrow approach to solving the problem, and there was an existing self-regulatory regime. But according to thousands of consumers, it wasn't working. There was a growing market failure. The sheer volume of telemarketing calls rose exponentially, and consumers were unable to avoid these intrusions into their homes. In establishing the registry, we were quite cognizant of the issues raised by industry members about its effects on their businesses. And the Commission took these concerns into account in drafting the rule: for example, a business can continue to call customers with whom it has an existing relationship.
The end result (subject, of course, to the ongoing legal battles) is an operating Do Not Call registry with over 54 million telephone numbers on the list. With 54 million numbers, we must be doing something right! The FTC has received nearly 63,000 consumer complaints against telemarketers who have continued to call them notwithstanding their listing on a registry that became operational about a month ago. We are reviewing these complaints carefully and will take action against telemarketers who disregard the registry.
Competition
Before I mention a few of the Commission's key efforts on the competition side, I just want to offer my personal observation, based on nearly six years of experience in dealing with antitrust matters at the FTC. The firms and the types of conduct and transactions with which we deal strike me as overwhelmingly above-board and above reproach. Of course, once in a while the Commission investigates behavior of a brazenly collusive nature that may be hard to evaluate without adding a moral compass to our usual legal and economic toolbox. In general, though, we're talking about mergers, acquisitions, and various species of business conduct that may sometimes be illegal but can rarely be considered "wrong" in an ethical sense. I have great respect for virtually all of the companies and executives that I encounter in our antitrust work, and I merely urge them - and their lawyers - to be vigilant as they assess their conduct and plans under the requirements of the antitrust laws.
Now to the cases. A good example of our commitment to challenge collusive arrangements that threaten consumer welfare is the Commission's recent opinion and order in PolyGram Holding (also known as "The Three Tenors").(14) Upon superficial inspection, this case may not appear to involve issues of earth-shattering economic significance. After all, the Commission's complaint questioned the legality of an agreement between PolyGram and Warner to refrain from discounting and promoting a couple of earlier Three Tenors albums during the release period for the 1998 album - not quite the same, in terms of sheer economic scope, as our challenge to the arrangement in Mylan Laboratories or the Justice Department's challenge to the vitamin cartel.
But PolyGram illustrates precisely one of the key virtues of an administrative agency: the ability to deal in depth with a complicated legal issue and to further the development of the law. The case, which involves important issues in the area of horizontal restraints, afforded the Commission an opportunity to craft an opinion that lays out a framework for evaluating such restraints and applies that analytical framework in considerable detail to the case at hand. Our opinion surveys the evolution in judicial treatment of horizontal restraints throughout antitrust history and subjects the PolyGram/Warner agreement to an analysis that draws upon pertinent Supreme Court jurisprudence. In my judgment, our conclusion that the agreement violated Section 5 of the FTC Act rested solidly on precedent and on the principles we enunciated.
Another benefit that an administrative agency can bring to the table is the knowledge that the agency gains from dealing with specific industries - or specific practices - day in and day out. Some of you probably know that the Commission has been very active in recent years in the pharmaceutical industry, especially in cases involving issues stemming from the Hatch-Waxman Act (which regulates FDA approval of generic drugs). For instance, we have challenged some agreements between branded and generic companies to settle patent litigation on what we viewed as anticompetitive terms.(15)
We have also attacked what we perceived to be branded companies' attempts to manipulate the Hatch-Waxman Act by obtaining multiple 30-month stays of generic approval.(16) We alleged that both of these practices can harm consumers by keeping lower-priced generic products off the market.
As a result of the cases we brought, Congress granted the FTC the authority to conduct an industry-wide study to assess the effectiveness of generic entry under Hatch-Waxman. Based on this study, we made a number of legislative recommendations geared toward facilitating generic entry and thus better achieving the goals of the Hatch-Waxman Act.(17) In fact, many of the study's legislative recommendations are under consideration in both the Senate and the House.
Although a good deal of the FTC's antitrust work in the last couple of years has been of the non-merger variety, we have grappled with some complex mergers as well (even in this era of relatively quiet merger and acquisition activity).
Just yesterday, for example, we issued a consent order against Nestlé and Dreyer's to preserve competition in the super-premium ice cream market.(18) On the surface, the Nestlé/Dreyer's merger case might seem like an odd one to challenge. In fact, we came under some criticism for challenging this transaction: some questioned why other types of ice cream (beyond "super-premium") were not included in the Commission's product market, while others wondered why protecting competition for super-premium ice cream mattered at all. In the last analysis, however, the Nestlé/Dreyer's transaction was typical of any merger case that the Commission investigates. Our careful market analysis led us to conclude that the market was correctly defined as super-premium ice cream, and it was apparent that the merger would substantially lessen competition and harm consumers in that market. As a result, the Commission required the parties to divest certain assets to a new entrant, so that consumers may continue to enjoy the level of competition that prevailed before the merger.
Another merger case - this time, one that we didn't bring - got nearly as much attention as many of the transactions that we challenge. And again, part of this stems from the FTC's character as a multi-member administrative body. I refer to the Cruise Lines investigation that we closed 13 months ago by a 3-to-2 vote.
The Commission's investigation of the two transactions involved in this matter - a proposed dual-listed company arrangement between Royal Caribbean Cruises and P&O Princess Cruises, and a competing hostile tender offer by Carnival Corporation for Princess - was one of the most painstaking and exhaustive I have seen at the FTC. I don't really have to dwell on the minute details of what the investigation unearthed, because - as many of you no doubt know - the five members of the Commission spelled out their reasons for and against closing the investigation in rich detail in two statements that we issued publicly.(19) In an unprecedented way, those statements threw open to public scrutiny the reasoning process we went through in deciding whether to pursue or close a case. In my view, we fulfilled our obligation to the public that we serve by shining a bright light on how we conduct the legal and economic analysis of a merger.
Workshops, Hearings, and a Continuing Dialogue
In both the competition and the consumer protection areas, sometimes government does not need to enforce the law or issue regulations to be effective. Sometimes, as I like to say, we just need to have a "prayer meeting" with those who can make a difference. Well, we don't really call them prayer meetings; the public knows them as "workshops." But they often serve as a springboard to exploring new issues, encouraging best practices in the industry, and working together - government, industry, consumer groups, and academia - to solve problems. Listening to others and continuing a dialogue are essential. It really is amazing what we can all do when we work together.
In the competition area, for example, the Commission held a series of workshops to explore the intersection between antitrust law and intellectual property. Based on a record containing the testimony of hundreds of witnesses, roughly a hundred written submissions, and thousands of pages of transcripts, the Commission recently issued an extensive report examining the patent system's role in promoting innovation.(20) The report made a number of recommendations geared toward fostering greater innovation through the patent system. And we are not done yet. In cooperation with the Department of Justice, the Commission also plans to issue a report with similar recommendations for antitrust law.
We've also held workshops and continue to engage in a continuing dialogue with industry and others on many consumer protection issues. Two examples involve online issues - online information security and spam.
The FTC is actively involved in promoting online security practices - or, in other words, promoting a "culture of security." We recognize the importance of online security as we become more and more dependent upon information systems in our critical infrastructure as well as our personal activities. Recent security incidents like the SoBig and Slammer attacks illustrate the point.
To achieve a culture of security, we must change perceptions and bring attention to the fact that all users of information technologies - government, industry, and the general public - play a role. The FTC held a workshop to explore the issues in this area in May of last year.(21) We have also worked on this issue internationally through our participation in updating the OECD's security guidelines,(22) which promote the concept that we all have a role to play in the practice of safe computing, by being aware and accountable and by taking action pursuant to a set of common-sense principles. And most important, we have focused on consumer education. Last year we launched a website (www.ftc.gov/infosecurity) dedicated to providing practical online security tips to consumers and featuring our mascot, Dewie the E-Turtle. To disseminate this message, we have partnered with the private sector and with other government agencies, including the Department of Homeland Security.
As with many issues, the FTC uses its law enforcement authority in connection with our broader outreach efforts. For online security, this means taking action against firms that misrepresent their online security practices to consumers. For example, the FTC alleged that Eli Lilly had breached its promise to consumers to keep personal information confidential and secure by inadvertently disclosing the names of consumers who used certain prescription drugs for depression.(23) Our complaint alleged that Lilly failed to take appropriate steps to ensure the security of consumers' information - especially in light of the sensitivity of that information. Similarly, Microsoft settled FTC allegations that the company falsely claimed that it would maintain a high level of security for its Passport and Passport Wallet systems of accounts.(24) Even though there was no breach of consumer data, the complaint alleged that Microsoft failed to take reasonable and appropriate measures under the circumstances to maintain security.
Another example of this multi-pronged approach is our work involving spam. We all face an onslaught of spam daily: ISP lines are clogged, and spam causes nuisance and actual harm. To explore the nature of the problem and what can be done, the FTC held a spam forum and public workshop in April.(25) The clear conclusion is that there is no silver bullet to solve the spam problem. It will take a combination of legislation, technology, law enforcement, and consumer education.(26) Although I am encouraged by the progress of an ISP coalition formed by AOL, Microsoft, EarthLink, and Yahoo, I fear that a political feeding frenzy has developed around spam. The unanimous rush two weeks ago by the Senate to "do something" about spam could result in ineffective legislation that will create false expectations for consumers and leave the FTC holding the bag to create a "do not spam registry" that everyone recognizes will not be enforceable. This is no doubt a good example of the law of unintended consequences.
Closing
Given the variety of subjects that I've mentioned today, you would be correct if my discussion left you with the sense that the FTC is a very busy agency with a lot of complex consumer protection and competition matters on its plate. Despite our workload, however, we manage to deal thoroughly with each case that comes before us. Although a lot of what we deal with involves technical questions of law and economics, I believe that we in government have a duty to apply a generous dose of common sense to our law enforcement and regulatory activities. In my view, an approach that blends analytical rigor with a common-sense, realistic appraisal of what role government should play is the best path toward our goal at the FTC: to protect the welfare of consumers.
Thank you.
Endnotes:
1. Remarks to the U.S. League of Savings Associations, San Francisco, Nov. 14, 1974 (Peter Hannaford, The Quotable Reagan).
2. Remarks to the American Dental Association, San Francisco, Oct. 29, 1972 (Hannaford, op. cit.).
3. FTC v. Assail, Inc., et al., Civ. No. W03CA007 (W.D. Tex., Stipulated Final Order filed Sept. 22, 2003), available at <www.ftc.gov/opa/2003/09/assail2.htm>.
4. FTC Staff Report, Weight Loss Advertising: An Analysis of Current Trends (Sept. 2002), <www.ftc.gov/bcp/reports/weightloss.pdf>.
5. FTC v. Slim Down Solution, LLC, et al., Civ. No. 03-80051-Civ-Paine (S.D. Fla. complaint filed Jan. 22, 2003), <www.ftc.gov/opa/2003/01/slimdown.htm>.
6. FTC v. United Fitness of America, LLC, et al., CV-S-02-0648-KJD-LRL (D.Nev. amended complaint and stipulated final orders filed July 21, 2003), <www.ftc.gov/opa/2003/07/unitedfitness.htm>.
7. See, e.g., Workshop on Consumer Privacy on the Global Information Infrastructure (June 4, 1996); a public workshop on Consumer Privacy Issues (Mar. 4, 1997); and a Consumer Information Privacy Workshop (June 10, 1997). Information about these and other workshops can be found at <www.ftc.gov/privacy/reports.htm>.
8. Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress (May 2000), <www.ftc.gov/reports/privacy2000/privacy2000.pdf>.
9. Dissenting Statement of Commissioner Orson Swindle, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress (May 2000), <www.ftc.gov/reports/privacy2000/swindledissent.pdf>.
10. Telemarketing and Consumer Fraud and Abuse Protection Act, 15 U.S.C. §§ 6101-08.
11. Telemarketing Sales Rule, 16 C.F.R. Part 310.
12. Information about the FTC's review of the TSR and the subsequent rulemaking proceeding can be found at <www.ftc.gov/bcp/rulemaking/tsr/tsr-review.htm>.
13. Statement of Basis and Purpose, Final Amended Rule, 68 Fed. Reg. 4580 (Jan. 29, 2003).
14. PolyGram Holding, Inc., Dkt. No. 9298, 2003 WL 21770765 (July 24, 2003), <www.ftc.gov/os/2003/07/polygramopinion.pdf>.
15. See e.g., Schering-Plough Corp., Dkt. No. 9297 (initial decision dated June 27, 2002) (appeal pending), available at <www.ftc.gov/os/2002/07/scheringinitialdecisionp1.pdf> and <www.ftc.gov.os/2002/07/scheringinitialdecision2.pdf>; Schering-Plough Corp., Dkt. No. 9297 (consent order as to American Home Products Corp. issued Apr. 2, 2002), available at <www.ftc.gov/os/2002/04/scheringplough_do.htm>; Hoechst Marion Roussel, Inc., Dkt. No. 9293 (consent order May 8, 2001), complaint available at <www.ftc.gov/os/2000/03/hoechstandrxcomplaint.htm>; Abbott Laboratories, Dkt. No. C-3945 (consent order May 22, 2000), complaint available at <www.ftc.gov/os/2000/05/c3945complaint.htm>; Geneva Pharmaceuticals, Inc., Dkt. No. C-3946 (consent order May 22, 2000), complaint available at <www.ftc.gov/os/2000/05/c3946complaint.htm>.
16. See, e.g., Bristol-Myers Squibb Co., Dkt. No. C-4076 (consent order Apr. 14, 2003), complaint available at <www.ftc.gov/os/2003/03/bristolmyerscmp.pdf>; Biovail Corp., Dkt. No. C-4060 (consent order Oct. 2, 2002), complaint available at <www.ftc.gov/os/2002/10/biovailcmp.pdf>.
17. Federal Trade Commission, Generic Drug Entry Prior to Patent Expiration: An FTC Study (July 2002), available at <www.ftc.gov/os/2002/07/genericdrugstudy.pdf>.
18. Nestlé Holdings, Inc., et al., Dkt. No. C-4082 (consent order Nov. 6, 2003), available at <www.ftc.gov/os/2003/11/0210174do.pdf>.
19. Statement of the Federal Trade Commission Concerning Royal Caribbean Cruises, Ltd./P&O Princess Cruises plc and Carnival Corporation/P&O Princess Cruises plc, FTC File No. 021 0041, available at <www.ftc.gov/os/2002/10/cruisestatement.htm>; Dissenting Statement of Commissioners Sheila F. Anthony and Mozelle W. Thompson, Royal Caribbean/Princess and Carnival/Princess, File No. 021-0041, available at <www.ftc.gov/os/2002/10/cruisedissent.htm>.
20. Federal Trade Commission, To Promote Innovation: The Proper Balance of Competition and Patent Law and Policy (Oct. 2003), available at <www.ftc.gov/os/2003/10/innovationrpt.pdf>.
21. Consumer Information Security Workshop (May 2002), <www.ftc.gov/bcp/ workshops/security/index.html>.
22. These guidelines are more formally known as the Guidelines for the Security of Information Systems and Networks Towards a Culture of Security.
23. Eli Lilly and Co., Dkt. No. C-4047 (consent order May 8, 2002), available at <www.ftc.gov/os/2002/05/elilillydo.htm>.
24. Microsoft Corp., Dkt. No. C-4069 (consent order Dec. 20, 2002), available at <www.ftc.gov/os/2002/12/microsoftdecision.pdf>.
25. Information about the spam forum can be found at <www.ftc.gov/bcp/workshops/spam/index.html>.
26. For example, the FTC takes action against false or deceptive spam messages. See, e.g., FTC v. Brian D. Westby, Civ. Action No. 03 C 2540 (N.D. Ill. Stipulated Order of Preliminary Injunction issued Apr. 22, 2003), available at <www.ftc.gov/os/2003/04/brianwestbyord.pdf>.