Federal Trade Commission

FTC Seeks Comment on Safeguards Rule

The Federal Trade Commission is seeking public comment on Standards for Safeguarding Customer Information (the “Safeguards Rule”) as part of its systematic review of all FTC rules and guides. The Safeguards Rule, which took effect in 2003, requires financial institutions to develop, implement and maintain a comprehensive information security program for handling customer information.

The FTC seeks comments on a number of questions, including the economic impact and benefits of the Rule; possible conflict between the Rule and state, local or other federal laws or regulations; and the effect on the Rule of any technological, economic or other industry changes. The Commission vote approving the Federal Register Notice was 3-0. The notice will be published shortly and instructions for filing comments appear in the Notice. Comments must be received on or before November 7, 2016.

FTC Approves Final Order in ASUS Privacy Case

After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against ASUSTeK Computer, Inc., charging that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The settlement was first announced in February 2016. In its complaint, the FTC alleged that ASUS failed to take reasonable steps to secure the software on its routers, despite making promises to consumers about their security.

Under the terms of the consent order, ASUS is required to establish and maintain a comprehensive security program subject to independent audits for the next 20 years. In addition, ASUS must notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through e-mail, text message, or push notification). The consent order also prohibits the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software. The Commission vote to approve the final order and letters to commenters was 3-0.

What happens when the sun sets on a smart product?

A recent Federal Trade Commission investigation into one company’s decision to stop providing support for an Internet of Things (IoT) device illuminates some pitfalls IoT businesses should avoid in introducing and marketing these innovative products.

In that case, a company acquired the marketer of a “Smart Home Hub” and then decided to shut down support for the device, thereby rendering it inoperable. Although we closed that investigation, it raises broader issues about what happens when an IoT product or service, or the updates and support for them, stops. First, there are serious issues at play when consumers purchase products that unexpectedly stop functioning due to a unilateral decision by the company that sold it. Second, when a company stops providing technical support, including security updates, for an IoT device, consumers may be left with an out-of-date product that is vulnerable to critical security or privacy bugs. So, if you’re an IoT business, product designer, or marketer, this scenario should make a light bulb go on in your head.

Ask yourself:

  • Are you selling a device, a service, or both? What are you telling consumers you’re selling?
  • Are consumers getting a fixed-term rental or subscription, or are they getting something they will own and can rely on for the life of the device?
  • Would reasonable consumers expect to be able to keep using the device – and have it be fully functional – if the company, even many years later, rides off into the sunset? Would they expect the device to have an “expiration date”?
  • Could consumers keep using your device in the ways they would reasonably expect based on their experience with similar devices?
  • What did you tell consumers at the outset – or what would they otherwise expect – about the security you would provide for the life of the device?

FTC and Florida Charge Tech Support Operation with Tricking Consumers Into Paying Millions for Bogus Services

The Federal Trade Commission and State of Florida have taken action against defendants who ran an international tech support operation and allegedly misrepresented to consumers that malware or hackers had compromised their computers and that the operation was associated with or certified by Microsoft and Apple to fix their computers. A federal court has temporarily shut down the defendants’ operation, frozen their assets, and placed control of the businesses with a court-appointed receiver. The complaint alleges that defendants, based in Florida, Iowa, Nevada, and Canada, relied on a combination of deceptive online ads and misleading, high-pressure sales tactics to frighten consumers into spending hundreds of dollars for dubious computer “repairs” and antivirus software.

“Scammers like these use incredibly deceptive tactics that make consumers think they are receiving warnings from legitimate technology companies,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “We are proud to work with the Florida Attorney General’s Office to put an end to these fraudulent practices.” According to the complaint, the defendants caused consumers’ computers to display advertisements designed to resemble security alerts from Microsoft or Apple. These ads warned consumers that their computers could be infected with malware and urged them to call a toll-free number in the ad to safeguard both their computer and sensitive personal information stored on it.

Russian hackers might have your info -- now what?

You may have heard about it in the news: reports that Russian hackers have stolen more than a billion unique username and password combinations, and more than 500 million e-mail addresses, grabbed from thousands of websites. What should you do about it?

  • Once you have strong passwords, you need to keep them safe. Think twice when you’re asked to enter usernames and passwords, and never provide them in response to an email.
  • If you see charges that you don’t recognize, contact your bank or credit card provider right away and speak to the fraud department.
  • By taking these steps, you can lessen the odds scammers will get a hold of your information, and also minimize the consequences if they do.

FTC Approves iKeepSafe COPPA “Safe Harbor” Oversight Program

Following a public comment period, the Federal Trade Commission has approved the Safe Harbor Program of iKeepSafe, also known as the Internet Keep Safe Coalition, as a safe harbor oversight program under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule.

The FTC’s COPPA Rule requires operators of online sites and services directed at children under the age of 13 to provide notice and obtain permission from a child’s parents before collecting personal information from that child.

The COPPA safe harbor provision promotes flexibility and efficiency by encouraging industry members and others to develop their own COPPA oversight programs, known as “safe harbor” programs.

Many Apps Fail to Provide Information On Payment Dispute Mechanisms, Privacy

A new staff report issued by the Federal Trade Commission finds that many mobile apps for use in shopping do not provide consumers with important information -- such as how the apps manage payment-related disputes or handle consumer data -- prior to download.

The report, “What’s the Deal? An FTC Study on Mobile Shopping Apps,” looked at some of the most popular apps used by consumers to comparison shop, collect and redeem deals and discounts, and pay in-store with their mobile devices. The report makes a number of recommendations to companies that provide mobile shopping apps to consumers:

  • Apps should make clear consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions.
  • Apps should more clearly describe how they collect, use, and share consumer data.
  • Companies should ensure that their data security promises translate into sound data security practices.
  • Beyond recommendations for companies, the report also urges consumers to closely examine the apps’ stated policies on issues like dispute resolution and liability limits, as well as privacy and data security and evaluate them in choosing which apps to use.

Acc-cen-tuate the negative?

The Restore Online Shoppers’ Confidence Act (ROSCA) is a new law that makes it illegal to charge a consumer for goods or services sold in an Internet transaction through any negative option method -- including trial conversions, continuity plans, or automatic renewals -- unless the business:

  1. clearly and conspicuously discloses all materials terms of the transaction before getting consumers’ billing information;
  2. gets consumers’ express informed consent before charging their accounts; and
  3. offers simple ways for people to stop the recurring charges.

Top billing: 5 best practices for the mobile industry

Mobile Cramming: A Federal Trade Commission Staff Report suggests five best practices for the payment option known as “carrier billing.”

  • Consider giving consumers the option to block third-party charges.
  • Honor long-standing truth-in-advertising principle.
  • Charges shouldn’t be placed on consumers’ bills unless they’ve given their express, informed consent.
  • Charges for third-party services should be clearly shown on consumers’ bills.
  • Carriers should set up effective ways for consumers to dispute charges.

Who profits from cramming? FTC challenges T-Mobile's role in bogus billing

The Federal Trade Commission accused T-Mobile of making hundreds of millions of dollars by charging mobile phone customers for "premium" SMS subscriptions that, in many cases, the consumers never authorized.

It was an all-too-common occurrence. People’s mobile phone bills included unexplained -- and unauthorized -- monthly charges. It’s called cramming and the Federal Trade Commission has brought a series of cases against companies that had fees for ringtones, horoscopes, “love tips,” etc., placed on cell phone bills without consumers’ consent. The crammers took a chunk of the cash, but you might be surprised to learn who the FTC says pocketed a 35-40% piece of the action.

A just-filed lawsuit pulls back the curtain on the role the FTC alleges that mobile phone carrier T-Mobile USA played in deceptive and unfair billing. Furthermore, according to the complaint, T-Mobile didn’t respond well to consumer complaints. In many cases, the company flat-out refused to give refunds for unauthorized charges or offered only partial refunds.

Count I of the lawsuit alleges that T-Mobile violated Section 5 of the FTC Act by making deceptive representations about charges on consumers’ phone bills. Count II focuses on allegedly unfair billing practices. What's the FTC asking for? A court order to prevent T-Mobile from engaging in mobile cramming, refunds for consumers, and disgorgement of T-Mobile’s ill-gotten gains.