The Federal Trade Commission (FTC or Commission) is a federal agency with two objectives (“What We Do”). The FTC mission is to protect U. S. consumers and to encourage fair competition among businesses in the community to enhance the American economy. The FTC conducts investigations, files law suits, establishes actions that seek payment of civil penalties, develops policy, promulgates rules, collaborates with its partners in law enforcement, creates research tools, and offers educational workshops and conferences to help consumers and businesses fully appreciate the world of trade. The FTC’s jurisdiction is both domestic and international. Consumer protection comes in the form of preventing deceptive, unfair or illegal practices that use fraud at their base to deceive and manipulate consumers. The FTC receives consumer complaints on topics such as identity theft, use of deceptive advertising measures, and Do Not Call violations. The FTC provides the information that it receives to the appropriate law enforcement agencies, domestic and abroad. The Commission promotes competition by enforcing antitrust laws. Through this process of ensuring markets are open and free, consumers benefit because prices are lowered, and services provided to consumers are of a higher standard, while quality and choice is enhanced. The FTC combats anticompetitive mergers and oversees practices that violate the consumer’s right to not suffer payment of high prices, acceptance of low quality products, selection of limited choices or blocks to potential innovation.
Lifelock, the well known identity theft protection company, recently settled an order enforcement action by the FTC (“Lifelock to Pay $100 Million”). The FTC alleged that the company was in violation of certain aspects of a 2010 federal court order demanding that the company provide data security for the sensitive personal information of its customers and prohibition of engaging in any forms of deceptive advertising. The FTC’s allegations included both issues. First, that Lifelock did not create and retain an information security program to protect sensitive data, like, a customer’s social security number, bank account information and credit card numbers during the period from October 2012 through March 2014. The second allegation was that Lifelock engaged in false advertising, during this same period, when it stated that it made use of the same safeguards employed by financial institutions. The FTC’s third allegation was that Lifelock stated in its advertising that it sent out immediate alerts to customers, if there was any indication of possible identity theft. Finally, the FTC alleged that Lifelock failed to comply with its court ordered recordkeeping requirements (“Lifelock to Pay $100 Million”).
The settlement between Lifelock and the FTC required that Lifelock deposit $100 million with the U.S. District Court for the District of Arizona (“Lifelock to Pay $100 Million”). Approximately seventy percent of the judgment would be used to repay fees received from class action litigants only and any remaining balance would be forwarded to the FTC to use in additional consumer satisfaction. Also, the original recordkeeping requirements prescribed in the 2010 order have been extended for an additional thirteen years from the court order date (“Lifelock to Pay $100 Million”).
Another FTC action to protect consumers was brought against Apple, Inc (“Apple Inc. Will Provide”). The FTC alleged that Apple was in violation of the provisions of the Federal Trade Commission Act, when it failed to provide parent’s notice that they were giving permission for the single purchase that they were aware of, but also any additional purchases made by the child for the next 15 minutes, without the intervention and authorization of the parent. This default period could easily and often did result in the child racking up an inordinate amount of charges the parent was not aware of. The nature of the charges took place while the child was in the midst of gameplay, thus is referred to as an in-app charge. The fees could run anywhere from a low of $9.99 to a high of $99.99 per charge (“Apple Inc. Will Provide”).
The 15 minute default period represented an unfair billing mechanism which account holders were not advised of (“Apple Inc. Will Provide”). Also, Apple sometimes rendered a screen requesting that the parent enter their password in the child’s app, but did not detail to the account holder that by entering their password they would be agreeing to a purchase at all. Apple settled the case by agreeing to give consumers full refunds, for a total settlement amount of $32.5 million. The technology device maker must also revise its billing practices to make sure that express consent of the cardholder is obtained. The clear signal to the business community is that it is illegal to charge people for things that they did not consent to (“Apple Inc. Will Provide”). Apple had received thousands of complaints from parents about unauthorized charges to their credit cards made by their children. One consumer stated that her child charged over $2,000 to her card, while another charged over $500. The settlement requires that the company advise parents that they can get refunds for the accidental or unauthorized charges made to their accounts, must provide explicit instructions on how to obtain those refunds, and must make the refunds promptly when requested by the account holder. In the event that Apple refunds parents less than the full $32.5 million required, then the remaining balance of the $32.5 million must be given to the FTC.
Herbalife recently settled a complaint filed against them by the FTC ("Herbalife Will Restructure”). In addition to paying $200 million to compensate many of their distributors, the company will be forced to restructure its business and no longer bamboozle consumers into the false belief that they can earn a substantial living selling their nutritional supplements, dietary products and personal care merchandise. Further, the FTC alleged that Herbalife’s multi-level marketing scheme was an unfair business practice, because rather than rewarding individuals for their product sales, the company rewarded distributors for recruiting new distributors, who were then required to buy product to participate and advance in the business opportunity, causing major economic injury to those who attempted to fulfill these requirement ("Herbalife Will Restructure”).
FTC Chairwoman Ramirez said that Herbalife will have to restructure its business methods to reward those that sell product, rather than recruit new members ("Herbalife Will Restructure”). The company will be forced to operate in a legitimate fashion, limit their marketing to making claims that are based on fact, and compensate consumers who have lost money as a result of Herbalife’s deceptive practices. Herbalife has been in operation since 1980, and has engaged in precisely the same multi-level marketing scheme for years:
as stated in the complaint, the average amount that more than half the distributors known as “sales leaders” received as reward payments from Herbalife was under $300 for 2014. According to a survey Herbalife itself conducted, which is described in the complaint, Nutrition Club owners spent an average of about $8,500 to open a club, and 57 percent of club owners reported making no profit or losing money ("Herbalife Will Restructure”).
As a $3.8 billion company, the $200 million settlement likely pales in comparison to what unsuspecting distributors have lost over the years. The fact that Herbalife will be required to re-structure its operations will at least help those who will come in the future. In addition to the settlement’s financials, the company is required to pay for an Independent Compliance Auditor. The Auditor will oversee the company’s efforts to comply with the settlement agreement compensation restructuring and its honesty in marketing plan. The Herbalife settlement is also a harbinger of doom for the numerous other multi-level marketing companies that share Herbalife’s business format. There may be consequences soon to come for companies like Amway, another MLM company that sells health care products, beauty care, and products for the home and that distributors say is similar in format to Herbalife ("Herbalife Will Restructure”).
As if malware, viruses, Trojan Horses, worms and spyware were not enough, there is a new cyber malicious program on the horizon – ransomware. Ransomware is a type of malware that attacks a person’s computer system, then prevents them from getting access to it ("Common Malware Types”). The ransomware encrypts the users’ files on their drive, or displays messages telling the user to pay money to the malware creator, to be provided a key that can remove the restrictive constraints. The malware acts like a worm, accessing the person’s computer through a file that was either downloaded or gained entry through a network vulnerability. The ransomware problem is a difficult one to address and the FTC has planned an event to gather experts together and look into the problem ("FTC Announces Agenda”). The event is expected to host three panel discussions regarding how consumers and businesses can protect themselves and what to do if they find themselves victims of ransomware.
FTC Chairwoman Edith Ramirez will give the opening remarks at the September 7, 2016, Federal Trade Commission Ransomware Event ("FTC Announces Agenda”). Panel one will provide guests with statistics accumulated on the ransomware issue. Cisco Talos, Flashpoint and PhishLabs, threat intelligence and education companies, will make presentations. The second panel will explore the best way to prevent ransomware, with FTC Chief Technologist Lorrie Cranor in attendance along with threat protection companies Symantec , Red Canary, and Cylance. The Children’s National Medical Center will also present on the panel. The third panel will examine potential consumer responses to the hackers’ demands and will include the FBI, PricewaterhouseCoopers, Sylint, and Charles River Associates. The FTC’s Office of Technology Research and Investigation and New York University’s Computer Science Department will present research on ransomware variants.
A new ransomware attack targeting hospitals been discovered (Palmer). The name of the ransomware is Locky. There has been an extreme increase in the number of attacks in August, and the vast majority of the attacks have been aimed at healthcare facilities. Hospital data is so crucial to the needs of operations, that hackers believe that focusing on hospitals is a good strategy. This year, a Los Angeles hospital paid $17,000 in Bitcoin, a form of digital currency, to get the hacker to remove the malware from its system. In this recent spate of attacks, the malware has been transferred by Microsoft Word documents. Researchers indicate that Locky ransomware is on the rise and that hackers are continuously changing their modus operandi. The expectation is that there will be a particular increase against corporations and the public sector (Palmer).
Fortunately the Federal Trade Commission is keeping an eye on the situation and trying, along with cybersecurity firms, to find workable solutions.
"Apple Inc. Will Provide Full Consumer Refunds of At Least $32.5 Million to Settle FTC Complaint It Charged for Kids’ In-App Purchases Without Parental Consent." U.S. Federal Trade Commission. 15 January 2014. Web. 21 August 2016. <https://www.ftc.gov/news-events/press-releases/2014/01/apple-inc-will-provide-full-consumer-refunds-least-325-million>.
"Chairwoman Edith Ramirez Media Statement on Google’s Settlement With FTC Over In-App Billing Practices." U.S. Federal Trade Commission. 4 September 2014. Web. 21 August 2016. <https://www.ftc.gov/public-statements/2014/09/chairwoman-edith-ramirez-media-statement-googles-settlement-ftc-over-app>.
"Common Malware Types: Cybersecurity 101." Veracode. 12 October 2012. Web. 21 August 2016. <https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101>.
"FTC Announces Agenda for Sept. 7 Event on Ransomware." U.S. Federal Trade Commission. 15 August 2016. Web. 21 August 2016. <https://www.ftc.gov/news-events/press-releases/2016/08/ftc-announces-agenda-sept-7-event-ransomware>.
"Herbalife Will Restructure Its Multi-level Marketing Operations and Pay $200 Million For Consumer Redress to Settle FTC Charges." U.S. Federal Trade Commission. 15 July 2016. Web. 21 August 2016. <https://www.ftc.gov/news-events/press-releases/2016/07/herbalife-will-restructure-its-multi-level-marketing-operations>.
"LifeLock to Pay $100 Million to Consumers to Settle FTC Charges it Violated 2010 Order." U.S. Federal Trade Commission. 17 December 2015. Web. 21 August 2016. <https://www.ftc.gov/news-events/press-releases/2015/12/lifelock-pay-100-million-consumers-settle-ftc-charges-it-violated>.
Palmer, Danny. "'Massive' Locky ransomware campaign targets hospitals." ZDNet. CBS Interactive. 19 August 2016. Web. 21 August 2016. <http://www.zdnet.com/article/a-massive-locky-ransomware-campaign-is-targeting-hospitals/>.
"What We Do." U.S. Federal Trade Commission. n. d. Web. 21 August 2016. <https://www.ftc.gov/about-ftc/what-we-do>.