Federal Trade Commission

Protecting consumers’ privacy and personal data has long been a priority at the Federal Trade Commission. Over the years, we’ve helped millions of identity theft victims recover from that crime. We created the National Do Not Call Registry to limit unwanted telemarketing, and we continue to fight illegal robocalls. And we’ve brought more than sixty cases against companies that didn’t take reasonable steps to protect people’s data. But we’re not living in the past. Among our recent cases: a settlement with Ashley Madison over the company’s lax data security and misleading claims; our first case against an education lead generator for misleading people about how their information would be used; and a case against a company that marketed internet routers with serious security flaws. On Wednesday, January 25, at 3 p.m. EST, we’ll be participating in a Data Privacy Day Twitter chat for businesses sponsored by the National Cyber Security Alliance.

As I finish my year as Federal Trade Commission Chief Technologist, I wanted to take one more opportunity to encourage researchers to conduct research relevant to consumer protection and share it with the FTC. In this blog post, I share some thoughts on research in nine areas that I believe would be useful to the FTC. At the end I provide information about how to get in touch with FTC staff to discuss research.

Privacy and Security: Privacy and security are important to the FTC’s consumer protection mission. Research that investigates how consumers value privacy, the way consumers balance privacy interests with other interests, how companies assess and manage security risks, and the way consumers are impacted by privacy and security breaches would provide valuable information.

Ads and marketing: The FTC regulates advertising and marketing practices to protect consumers from those that are unfair or deceptive. Research related to new advertising and marketing practices and research that provides insights into how advertising and marketing practices are used in new media would aid FTC staff.

The Federal Trade Commission filed a complaint in federal district court charging Qualcomm Inc. with using anticompetitive tactics to maintain its monopoly in the supply of a key semiconductor device used in cell phones and other consumer products. Qualcomm is the world’s dominant supplier of baseband processors – devices that manage cellular communications in mobile products. The FTC alleges that Qualcomm has used its dominant position as a supplier of certain baseband processors to impose onerous and anticompetitive supply and licensing terms on cell phone manufacturers and to weaken competitors. Qualcomm also holds patents that it has declared essential to industry standards that enable cellular connectivity. These standards were adopted by standard-setting organizations for the telecommunications industry, which include Qualcomm and many of its competitors. In exchange for having their patented technologies included in the standards, participants typically commit to license their patents on what are known as fair, reasonable, and non-discriminatory, or “FRAND,” terms.

The Federal Trade Commission announced a crackdown on two massive robocall telemarketing operations, both of which have been blasting robocalls to consumers on the National Do Not Call (DNC) Registry since at least 2012. Many of the defendants in the two cases, FTC v. Justin Ramsey, et. al. and FTC v. Aaron Michael Jones, et. al., have agreed to court orders that permanently ban them from making robocalls, making any calls to numbers listed on the Do Not Call Registry, violating the TSR, and/or assisting others in doing so. The settling defendants also will pay the Commission a total of more than $500,000.

The two ringleaders of the operations—Justin Ramsey and Aaron Michael (“Mike”) Jones—have previously been sued by state attorneys general for telemarketing violations and the FTC’s litigation against them continues. According to the FTC’s complaint in the Ramsey action, the defendants illegally blasted millions of robocalls in 2012 and 2013 to consumers on the DNC Registry selling home security systems or generating leads for home security installation companies. In just one week in July 2012, the defendants allegedly made more than 1.3 million illegal calls to consumers nationwide, 80 percent of which were to numbers listed on the DNC Registry.

Federal Trade Commission Chairwoman Edith Ramirez announced her resignation from the FTC, effective February 10, 2017. Ramirez became Chairwoman on March 4, 2013, and has served as an FTC Commissioner since April 5, 2010, following her appointment by President Barack Obama. Chairwoman Ramirez prioritized protecting consumers and promoting competition in the technology and healthcare sectors, safeguarding consumer privacy and data security in the online world, and protecting diverse communities from deceptive and unfair practices and scams.

Under her leadership, the FTC brought nearly 400 law enforcement actions covering a range of consumer protection issues and approximately 100 enforcement actions challenging anticompetitive mergers and business conduct in major sectors of the economy, including the healthcare provider, pharmaceutical, retail, and energy markets. A priority for Chairwoman Ramirez has been expanding the FTC’s role in studying markets and emerging trends, and issuing reports that provide best practice recommendations to companies. For example, the FTC has issued reports on a wide range of key topics, including patent assertion entities, the sharing economy, the Internet of Things, and big data, among other topics.

The Federal Trade Commission filed a complaint against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its US subsidiary, alleging that inadequate security measures taken by the company left its wireless routers and Internet cameras vulnerable to hackers and put US consumers’ privacy at risk.

In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras. The complaint filed is part of the FTC’s efforts to protect consumers’ privacy and security in the Internet of Things (IoT), which includes cases the agency has brought against ASUS, a computer hardware manufacturer, and TRENDnet, a marketer of video cameras.

The Federal Trade Commission announced that it is challenging the public to create an innovative tool that will help protect consumers from security vulnerabilities in the software of home devices connected to the Internet of Things. The agency is offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for up to three honorable mention winner(s). The FTC is asking IoT Home Inspector Challenge contestants to develop a tool that would address security vulnerabilities caused by out-of-date software in IoT devices. An ideal tool might be a physical device that the consumer can add to his or her home network that would check and install updates for other IoT devices on that home network, or it might be an app or cloud-based service, or a dashboard or other user interface. Contestants also have the option of adding features such as those that would address hard-coded, factory default or easy-to-guess passwords. Submissions will be accepted as early as March 1, 2017 and are due May 22, 2017 at 12:00 p.m. EDT. Winners will be announced on or about July 27, 2017.

The defendants who operated a Florida-based tech support scheme that the Federal Trade Commission and State of Florida charged deceived thousands of consumers, will pay $10 million for consumer redress to settle the action. According to the complaint, defendant Inbound Call Experts, doing business as Advanced Tech Support along with other defendants, used high-pressure sales pitches to telemarket tech support products and services falsely claiming to find viruses and malware on consumers’ computers. The stipulated final court order prohibits the defendants from misrepresenting that they have identified performance or security issues on consumers’ computers and from making any other misrepresentations while selling a product or service.

Turn Inc, a Redwood City (CA) company that enables sellers to target digital advertisements to consumers, has agreed to settle Federal Trade Commission charges that it deceived consumers by tracking them online and through their mobile applications, even after consumers took steps to opt out of such tracking. “Turn tracked millions of consumers online and through mobile apps even if they had taken steps to block or limit tracking,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s order will ensure the company honors consumers’ privacy choices.”

According to the FTC’s administrative complaint, Turn’s privacy policy represented that consumers could block targeted advertising by using their web browser’s settings to block or limit cookies. In fact, the complaint alleges that Turn used unique identifiers to track millions of Verizon Wireless customers, even after they blocked or deleted cookies from websites. In addition, the agency charged that Turn’s opt-out mechanism only applied to mobile browsers, and did not block tailored ads on mobile applications as the company claimed.

The Federal Trade Commission announced the agenda for its second PrivacyCon, a public forum that will continue and expand collaboration among leaders from academia, research, consumer advocacy, and industry on the privacy and security implications of emerging technologies.

PrivacyCon 2017 will take place in Washington (DC) on Jan. 12, 2017 and include opening remarks from FTC Chairwoman Edith Ramirez. The conference will feature 18 presentations of original research on important consumer privacy and security issues and a closing panel moderated by Jessica Rich, Director of the Bureau of Consumer Protection. The event will cover five major topic areas: the Internet of Things (IoT) and big data; mobile privacy; consumer privacy expectations; online behavioral advertising; and information security. During each session, panelists will present their privacy research and then participate in a discussion addressing the broader issues raised by the research.