Keynote Address, Jim Hood, Attorney General, State of Mississippi, President, National Association of Attorneys General (NAAG)
Law enforcement has to be moving to the internet, where crime is going. Worked with ISPs on child porn/hash screening. We do hacking, extortion, data breach, IP theft. He fears in our lifetime a hacker will shut down our electric grids. Survived Katrina; carried a gun the first few weeks thereafter. Law-abiding people will steal water, gasoline, whatever they need to protect their families if the electrical grid is shut down.
AGs have multistate working groups. If you have a data breach, and call my office as GC, I have a direct link to that company. If you hire a large firm with a data breach practice, most AGs will think “this is the defense firm we have to deal with” and their eyes glaze over. Work with the AG instead. If you hire a defense firm, we assume you’re guilty, that’s our law enforcement action. BP oil spill: initially well handled, GC reached out; then they figured out they were really in trouble. If you have a small data breach, work with AG’s office. Hard to point a finger when we may not have protected our own gov’t systems as we should. Compare to your competitors—big box store may need different procedures than a bank. AGs are putting together a manual with suggestions; not necessarily best practices. Primarily for small businesses suffering a data breach.
Most AGs want federal legislation to be as stringent as the most stringent state legislation. Probably will see some movement in the next year or two. We fight federal preemption every day, Democrats and Republicans. There is a lot of overreach—federal district judges in particular haven’t respected state sovereignty as they should. (Heh.) CAFA: 49 AGs said “exempt AG actions from this act,” and Senators said they wouldn’t be covered, but the 5th Circuit said that AGs were covered anyway; SCt reversed 9-0. There’s a constant battle. But we’ll probably reach agreement on data breach.
We just appealed the Google decision. The Sony hack: I didn’t have a clue they knew Mississippi had an AG; I didn’t know anything about operation Goliath or any of this stuff. They acted like the movie theaters got an AG to go after them, but I’ve been doing it for 6-8 years. Motion picture industry has been involved since the 1920s when people stole film off trucks. Counterfeit items hurt our consumers. Drugs, etc.
After Google entered into a plea w/fed. gov’t, paid $500 million to avoid conviction, b/c DOJ found that marketing division was getting around their system to allow Canadian pharmacies to advertise—really dope dealers in South America and Russia. Google folded b/c DOJ got their emails. Complaints from parents: investigators made buys online, like oxycodone. Autocomplete used to complete “prescription” with “buy prescription drugs without prescription.” We bought from their ads. Monetizing the sale of illegal drugs is a problem. YouTube videos would say “here’s how to buy drugs w/o a prescription.” (§230?)
IP theft is important—Mississippi has an inordinate number of artists and writers—but the AGs weren’t badgering Google out of nowhere. We bought pain and birth control pills; often we got ripped off, or got counterfeits—during Google’s 2 year probationary period and we provided that information but the fed gov’t hasn’t done anything so far. Engaging on these tech issues is not new. 3-D printers are an emerging issue. Will change business more than the internet. Will be able to print a cellphone. Won’t need Chinese labor. Also IP theft. Guns, drugs.
Encryption: will you get sued if you don’t encrypt? You can’t encrypt w/in business, but if you send it to someone else, they need to decrypt. Apple iOS: Now we have digital info in almost every criminal case—texting, photos, emails. We rescue kids by working with Facebook: we find them if they’ve run away. FB works with us. Law enforcement access saves lives. Crooks want privacy protection—helps sell phones. (So much for data breach concerns.) If we can’t get cellphone companies to keep some code for us, we need a law to give us the best evidence. What if a guy gets shot and the video on the phone is the only evidence?
Q: in the past, NAG has cooperated w/FTC. What’s it like now, and how do you see it going forward? What are the priorities in consumer protection, and do they match those of the FTC?
A: have a good relationship w/FCC and FTC. Antitrust can be slow, but generally they deal with a bigger bureaucracy. Ads to kids: higher standards. Particularly online, all the apps targeted at kids.
Q: why aren’t you boycotting Indiana? Aren’t civil rights a critical issue as well?
A: Governor of Conn. banned state funds for travel there. They’re going to have to deal with their own problem.
Q: distinguishing between ads and content—are the AGs involved?
A: not as much, but in the area of Google ads/AdWords, when we see “how to murder your wife” for a YouTube video, we notice that. Have to disclose where you place ad. We will look at putting legit ads beside illegit ads.
Q: self-regulation, including on piracy: ecosystem challenge is where the liability should be put. There’s a challenge in putting liability on intermediaries. We’ve come out on having advertisers do contracts and push down limitations on ads delivered on pirate sites.
A: companies have a role here. Talk to the AGs but AGs can’t carry all your water. A lot of times competitors come to us. We try to stay out of individual class actions.