Slashdot Mirror

An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them.

To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes."

"For instance, if Verizon Wireless says it doesn't collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice," TechCrunch adds. "Of course it's rarely that simple (though don't rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices."

An anonymous reader quotes a report from The New York Times: Facebook and the Federal Trade Commission are discussing a settlement over privacy violations that could amount to a record, multibillion-dollar fine, according to three people with knowledge of the talks. The company and the F.T.C.'s consumer protection and enforcement staff have been in negotiations over a financial penalty for claims that Facebook violated a 2011 privacy consent decree with the agency, said the people, who spoke on the condition of anonymity because the investigation is private. In 2011, Facebook promised a series of measures to protect user privacy after an investigation found it had harmed consumers with its handling of user data. The current talks have not yet reached the F.T.C.'s five commissioners for a vote and it is unclear how close the two sides are to wrapping up the nearly 11-month investigation. The commissioners met in mid-December and were updated by staff members that they had at that point found considerable evidence of violations of the 2011 consent decree. The FTC investigation into Facebook began after it was reported that the information of 87 million users had been harvested by a British political consulting firm, Cambridge Analytica, without their permission. The agency could seek up to $41,000 for each violation found.

The Federal Trade Commission has sent out a flare to warn Netflix users that there are some grinches out there looking to take advantage of everyone's holiday bliss and vulnerability. From a report: In a post on the FTC's website, they warned us of scammers using household company names to dupe consumers. In a specific example, they cited a phishing email sent to a Netflix customer that claimed the user's account is on hold because Netflix is "having some trouble with your current billing information." The email invites the user to click on a link to update their payment method. The FTC sent the cautionary message out to all Netflix users so that they won't be victim to phishing.

Lobby groups on behalf of Comcast and Charter are asking the FTC to preempt state and local broadband regulations. "In comments filed this week, cable industry lobby group NCTA told the FTC that 'there is plainly no reasonable basis in today's marketplace for singling out ISPs for unique regulatory burdens,'" reports Ars Technica. "The FTC should let 'market forces' prevent bad behavior and avoid specific net neutrality or privacy regulation for the broadband industry, the lobby group said." From the report: The comments were filed in an FTC proceeding titled "Competition and Consumer Protection in the 21st Century." The FTC is planning to hold hearings on the communications industry, the FTC's enforcement processes, and other competition and consumer protection topics. "The FTC should ensure that the Internet is subject to uniform, consistent federal regulations, including by issuing guidance explicitly setting forth that inconsistent state and local requirements are preempted," the NCTA wrote.

The FTC should endorse and reinforce the FCC's ruling by issuing guidance to state attorneys general and consumer protection authorities reaffirming that they are bound by FCC and FTC precedent in this arena," NCTA argued. NCTA's filing focused mostly on potential privacy regulation, saying that the FCC should continue its "technology-neutral approach to privacy and data security." Net neutrality concerns are best addressed by existing antitrust laws, the filing said.

According to MarketWatch's Leslie Albrecht, people are using the peer-to-peer payment app Venmo to find out if their spouse is cheating. Some are even saying the app is more effective than Facebook at this sort of investigation. "What you're seeing on Instagram or Facebook is what they want you to see," said Abby Faber, a 19-year-old freshman at Indiana University. "They're edited pictures that they put up. But with Venmo, it's very normal casual interactions. It's what they were doing and spending money on." From the report: Some users seem to forget that their transactions are public by default, and their payment activity provides an unfiltered paper trail of what's really happening in their lives. In [Faber's] case, she checked up on her ex-boyfriend and saw he was spending money on pizza and the popular video game Fortnite -- and making regular payments to one girl, who Faber guessed is his new hook-up.

Venmo has had a social component since it launched in 2009. Users see a feed of both their own friends' payments and total strangers' activity every time they open the app, and it's easy to look up users. Exact amounts aren't listed, but you can see who's paying who and which words or emoji they use to describe the payment. The social feed is Venmo's "secret sauce," said Erin Mackey, a spokeswoman for Venmo and its parent company PayPal. In fact, it's usually the reason people are logging on. "Our most active users check Venmo daily and the average user checks Venmo two to three times per week -- and it's not for payments, but to see what their friends and family are doing." The report mentions a settlement Venmo reached with the FTC last year over its public-by-default social component. The FTC accused (PDF) Venmo of "misleading" users about the fact that they needed to change two separate privacy settings to make their transactions completely private. "Venmo reached a settlement with the FTC, and a company spokesperson noted that users now have three options for controlling who can see their payments," reports MarketWatch.

lod123 shares a report from Threatpost: Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this week against BLU and the company's co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users' text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.

Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act's section pertaining to "deceptive representation regarding disclosure of personal information." The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed "to adequately assess the privacy and security risks of third-party software installed on BLU devices" resulting in "common security vulnerabilities that could enable attackers to gain full access to the devices." Security researchers at Kryptowire first reported in 2016 that several models of BLU phones actively transmitted user and device information to Adups.

lod123 shares a report from Threatpost: Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this week against BLU and the company's co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users' text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.

Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act's section pertaining to "deceptive representation regarding disclosure of personal information." The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed "to adequately assess the privacy and security risks of third-party software installed on BLU devices" resulting in "common security vulnerabilities that could enable attackers to gain full access to the devices." Security researchers at Kryptowire first reported in 2016 that several models of BLU phones actively transmitted user and device information to Adups.

Nicholas Confessore reports via The New York Times: An auditing firm responsible for monitoring Facebook for federal regulators told them last year that the company had sufficient privacy protections in place, even after the social media giant lost control of a huge trove of user data that was improperly obtained by the political consulting firm Cambridge Analytica. The assertion, by PwC, came in a report submitted to the Federal Trade Commission in early 2017. The report, a redacted copy of which is available on the commission's website, is one of several periodic reviews of Facebook's compliance with a 2011 federal consent decree, which required Facebook to take wide-ranging steps to prevent the abuse of users' information and to inform them how it was being shared with other companies. The accounting firm, formerly known as PricewaterhouseCoopers, effectively gave Facebook a clean bill of health. "Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy" of users, said the assessment, which stretched from February 2015 to February 2017. But during that period, Facebook was aware that a researcher based in Britain, Aleksandr Kogan, had provided Cambridge Analytica with private Facebook data from millions of users.

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

schwit1 writes: The Federal Trade Commission put six companies on notice today, telling them in a warning letter that their warranty practices violate federal law. If you buy a car with a warranty, take it a repair shop to fix it, then have to return the car to the manufacturer, the car company isn't legally allowed to deny the return because you took your car to another shop. The same is true of any consumer device that costs more than $15, though many manufacturers want you to think otherwise.

Companies such as Sony and Microsoft pepper the edges of their game consoles with warning labels telling customers that breaking the seal voids the warranty. That's illegal. Thanks to the 1975 Magnuson-Moss Warranty Act, no manufacturer is allowed to put repair restrictions on a device it offers a warranty on. Dozens of companies do it anyway, and the FTC has put them on notice. Apple, meanwhile, routinely tells customers not to use third party repair companies, and aftermarket parts regularly break iPhones due to software updates.

The Federal Trade Commission announced that refunds are now available for parents whose children made in-app purchases without their knowledge. Amazon dropped its appeal of last year's ruling by a federal judge who sided with the Federal Trade Commission in the agency's lawsuit again Amazon. According to a TechCrunch report, "the FTC's original complaint said that Amazon should be liable for millions of dollars it charged customers, because of the way its Appstore software was designed -- that is, it allowed kids to spend unlimited amounts of money in games and other apps without requiring parental consent." CNNMoney reports: According to the FTC, more than $70 million in charges may be eligible for refunds on in-app purchases made between November 2011 and May 2016. In 2014, Apple and Google refunded customers whose children made purchases in their mobile app stores, and the companies were forced to be more explicit about in-app purchases. Both firms no longer call apps "free" when they are free to download but have upgrades you can buy. Amazon sent eligible consumers an email to receive a refund. If you didn't get one and think you should be eligible, you can click here, or go to the Message Center to find out more information.

Amazon will refund millions of dollars worth of unauthorized in-app purchased made by kids, having dropped its appeal of last year's ruling by a federal judge who sided with the Federal Trade Commission in the agency's lawsuit against Amazon. "The FTC's original complaint said that Amazon should be liable for millions of dollars it charged customers, because of the way its Appstore software was designed -- that is, it allowed kids to spend unlimited amounts of money in games and other apps without requiring parental consent," reports TechCrunch. From the report: The issue had to do with the way the Amazon Appstore's in-app purchasing system worked. The Amazon Appstore is the store that comes preloaded on Amazon mobile devices, like Kindle Fire tablets, for example, though there is a way to load it onto other Android devices, too. In Amazon's Appstore, which launched back in 2011, the company didn't originally require passwords on in-app purchases. This allowed kids to buy coins and other items to their hearts' content. One particularly awful example involved a game called "Ice Age Village" that offered an in-app purchase of $99.99. Amazon introduced password-protected in-app purchases in March 2012, but then only on those where the purchase exceeded $20. In early 2013, it updated the system again to require passwords, but also allowed a 15-minute window afterwards where no password was required. The FTC said Amazon didn't obtain "informed consent" until July 2014. To make matters worse, parents complaining weren't told how to get a refund and Amazon had even suggested at times that refunds weren't possible, the FTC's complaint had said. More than $70 million in in-app charges made between November 2011 and May 2016 may be eligible for refunds, the FTC notes. It's not likely that all affected customers will take the time to make their requests, however.

Amazon will refund millions of dollars worth of unauthorized in-app purchased made by kids, having dropped its appeal of last year's ruling by a federal judge who sided with the Federal Trade Commission in the agency's lawsuit against Amazon. "The FTC's original complaint said that Amazon should be liable for millions of dollars it charged customers, because of the way its Appstore software was designed -- that is, it allowed kids to spend unlimited amounts of money in games and other apps without requiring parental consent," reports TechCrunch. From the report: The issue had to do with the way the Amazon Appstore's in-app purchasing system worked. The Amazon Appstore is the store that comes preloaded on Amazon mobile devices, like Kindle Fire tablets, for example, though there is a way to load it onto other Android devices, too. In Amazon's Appstore, which launched back in 2011, the company didn't originally require passwords on in-app purchases. This allowed kids to buy coins and other items to their hearts' content. One particularly awful example involved a game called "Ice Age Village" that offered an in-app purchase of $99.99. Amazon introduced password-protected in-app purchases in March 2012, but then only on those where the purchase exceeded $20. In early 2013, it updated the system again to require passwords, but also allowed a 15-minute window afterwards where no password was required. The FTC said Amazon didn't obtain "informed consent" until July 2014. To make matters worse, parents complaining weren't told how to get a refund and Amazon had even suggested at times that refunds weren't possible, the FTC's complaint had said. More than $70 million in in-app charges made between November 2011 and May 2016 may be eligible for refunds, the FTC notes. It's not likely that all affected customers will take the time to make their requests, however.

An anonymous reader writes: "The spam problem would not only be significantly reduced, it'd probably almost go away," argues Paul Edmunds, the head of technology from the cybercrimes division of the U.K.'s National Crime Agency -- suggesting that more businesses should be using DMARC, an email validation system that uses both the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). "Edmunds argued, if DMARC was rolled out everywhere in order to verify if messages come from legitimate domains, it would be a major blow to spam distributors and take a big step towards protecting organizations from this type of crime..." reports ZDNet. "However, according to a recent survey by the Global Cyber Alliance, DMARC isn't widely used and only 15% of cybersecurity vendors themselves are using DMARC to prevent email spoofing.
Earlier this month America's FTC also reported that 86% of major online businesses used SPF to help ISPs authenticate their emails -- but fewer than 10% have implemented DMARC.

Last year in November, the Federal Trade Commission issued an enforcement policy statement that requires over-the-counter (OTC) homeopathic drugs and product makers to disclose in their advertisement and labeling that there is no evidence that homeopathic products are effective. At around the same time the FTC issued the statement, the Food and Drug Administration was investigating homeopathic teething gels and tablets, which may have been improperly diluted, thus causing serious harm to infants. The FDA investigated 10 infant deaths and more than 400 reports of seizures, fever, and vomiting and confirmed Friday that belladonna, also known as deadly nightshade, was the prime suspect. When the FDA notified the products' maker, Hyland's, the company would not agree to recall the products. Ars Technica reports: Hyland's has been defensive since the FDA first opened the investigation last September. In an October press release, the company referred to agency's warnings as a source of "confusion" and assured consumers that the products are safe and effective. Still, the company discontinued distribution in the U.S. The National Center for Homeopathy, which has ties with Hyland's, slammed the FDA, calling the agency's warnings "arbitrary and capricious." In an "action alert," the organization went on to suggest that warning was prompted by "groups interested in seeing homeopathy destroyed" and led to "fear mongering" by the media. As before, the FDA is urging parents to avoid the homeopathic teething products and toss any already purchased. The FDA does not evaluate or approve the homeopathic products, which have no proven health benefit. Belladonna is an active ingredient in those products, but is supposed to be heavily diluted. Homeopaths belief that ailments and diseases can be cured by trace amounts or "memories" of toxic substances that mimic or cause similar symptoms. Homeopathy is a pseudoscience that has been squarely debunked, offering no more than a placebo effect. In its announcement Friday, the FDA said it had found inconsistent amounts of belladonna in Hyland's products. Some of the amounts were "far exceeding" what was intended.

The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters: The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...

Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.
Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."

Billions of robocalls came from two groups selling extended auto warranties, SEO services, and home security systems over the last seven years -- many to numbers on the "Do Not Call" list -- but this week the Federal Trade Commission took action. Trailrunner7 shares this report from OnTheWire: Continuing its campaign against phone fraud operations, the FTC has dismantled two major robocall organizations... They and many of their co-defendants have agreed to court-ordered bans on robocall activities and financial settlements... The FTC and the FCC both have been cracking down on illegal robocall operations recently. The FCC has formed a robocall strike force with the help of carriers and also has signed an agreement to cooperate with Canadian authorities to address the problem.
"The law is clear about robocalls," says one FTC executive. "If a telemarketer doesn't have consumers' written permission, it's illegal to make these calls."

An anonymous reader writes: America's Federal Trade Commission has announced a $25,000 prize for whoever creates the best tool for securing consumers' IoT devices. The so-called "IoT Home Inspector Challenge" asks participants to create something that will work on current, already-on-the-market IoT devices, with extra points also awarded for scalability ad easy of use.

"Contestants have the option of adding features, such as those that would address hard-coded, factory default, or easy-to-guess passwords," according to the official site, but "The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software." The winning submission can't be just a policy (or legal) solution, and will be judged by a panel which includes two computer science professors and a vulnerability researcher from Carnegie Mellon University's CERT Coordination Center.
Computerworld points out that "This isn't the first time the FTC has offered cash for software tools. In 2015, it awarded $10,500 to developers of an app that could block robocalls."

An anonymous reader writes: America's Federal Trade Commission has announced a $25,000 prize for whoever creates the best tool for securing consumers' IoT devices. The so-called "IoT Home Inspector Challenge" asks participants to create something that will work on current, already-on-the-market IoT devices, with extra points also awarded for scalability ad easy of use.

"Contestants have the option of adding features, such as those that would address hard-coded, factory default, or easy-to-guess passwords," according to the official site, but "The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software." The winning submission can't be just a policy (or legal) solution, and will be judged by a panel which includes two computer science professors and a vulnerability researcher from Carnegie Mellon University's CERT Coordination Center.
Computerworld points out that "This isn't the first time the FTC has offered cash for software tools. In 2015, it awarded $10,500 to developers of an app that could block robocalls."

An anonymous reader writes: America's Federal Trade Commission has announced a $25,000 prize for whoever creates the best tool for securing consumers' IoT devices. The so-called "IoT Home Inspector Challenge" asks participants to create something that will work on current, already-on-the-market IoT devices, with extra points also awarded for scalability ad easy of use.

"Contestants have the option of adding features, such as those that would address hard-coded, factory default, or easy-to-guess passwords," according to the official site, but "The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software." The winning submission can't be just a policy (or legal) solution, and will be judged by a panel which includes two computer science professors and a vulnerability researcher from Carnegie Mellon University's CERT Coordination Center.
Computerworld points out that "This isn't the first time the FTC has offered cash for software tools. In 2015, it awarded $10,500 to developers of an app that could block robocalls."

An anonymous reader quotes a report from Network World: Some 2.7 million ATT customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government's years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as "mobile cramming," according to the FTC. From an FTC press release: "Through the FTC's refund program, nearly 2.5 million current ATT customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC's complaint, ATT placed unauthorized third-party charges on its customers' phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that ATT kept at least 35 percent of the charges it imposed on its customers." The matter with ATT was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.

An anonymous reader quotes a report from VICE News: In a lot of ways, unlikely presidential debate star Ken Bone is a marketer's dream. He is undecided on his political leanings (for now), inoffensive, instantly recognizable, and affable on TV and social media. So it makes sense that Uber asked him to send a promotional tweet for this week's launch of Uber's black car uberSELECT service in St. Louis, site of the debate Sunday night that launched him to fame. But there's one problem: Bone may have violated Federal Trade Commission guidelines for advertising on social media by not marking his tweet as an ad or mentioning that Uber paid him for making the tweet. "[The tweet] needs to disclose that he was compensated," said lawyer Rick Kurnit, of Frankfurt, Kurnit, Klein + Salz PC. "He and Uber are in violation of FTC guidelines, because Uber is also responsible for what their influencers do." The guidelines that Kurnit is referencing are pretty straightforward, and the FTC offers specific advice for how to craft sponsored posts on Twitter. "The FTC isn't mandating the specific wording of disclosures," an FTC guidelines FAQ states. "However the words 'Sponsored' and 'Promotion' use only 9 characters. 'Paid ad' only uses 7 characters. Starting a tweet with 'Ad:' or '#ad' -- which takes only 3 characters -- would likely be effective." Kurnit added that while the FTC "doesn't like" using simple hashtags for disclosures, he agrees that it might have sufficed. When VICE News initially reached out to Uber asking whether Bone was paid for the tweet, a spokesperson said the company is "providing him with Uber credit for his role in the launch." And although Bone and Uber wouldn't be fined for violating the FTC Act (Section 5 of which prohibits "deceptive advertising"), the guidelines say that "law enforcement actions can result in orders requiring the defendants in the case to give up money they received from their violations."

An anonymous reader quotes a report from VICE News: In a lot of ways, unlikely presidential debate star Ken Bone is a marketer's dream. He is undecided on his political leanings (for now), inoffensive, instantly recognizable, and affable on TV and social media. So it makes sense that Uber asked him to send a promotional tweet for this week's launch of Uber's black car uberSELECT service in St. Louis, site of the debate Sunday night that launched him to fame. But there's one problem: Bone may have violated Federal Trade Commission guidelines for advertising on social media by not marking his tweet as an ad or mentioning that Uber paid him for making the tweet. "[The tweet] needs to disclose that he was compensated," said lawyer Rick Kurnit, of Frankfurt, Kurnit, Klein + Salz PC. "He and Uber are in violation of FTC guidelines, because Uber is also responsible for what their influencers do." The guidelines that Kurnit is referencing are pretty straightforward, and the FTC offers specific advice for how to craft sponsored posts on Twitter. "The FTC isn't mandating the specific wording of disclosures," an FTC guidelines FAQ states. "However the words 'Sponsored' and 'Promotion' use only 9 characters. 'Paid ad' only uses 7 characters. Starting a tweet with 'Ad:' or '#ad' -- which takes only 3 characters -- would likely be effective." Kurnit added that while the FTC "doesn't like" using simple hashtags for disclosures, he agrees that it might have sufficed. When VICE News initially reached out to Uber asking whether Bone was paid for the tweet, a spokesperson said the company is "providing him with Uber credit for his role in the launch." And although Bone and Uber wouldn't be fined for violating the FTC Act (Section 5 of which prohibits "deceptive advertising"), the guidelines say that "law enforcement actions can result in orders requiring the defendants in the case to give up money they received from their violations."

An anonymous reader quotes a report from USA Today: Companies that operate popular kids websites like nickjr.com and barbie.com agreed to a $835,000 settlement and to change their practices after an investigation found the sites were enabled with technology that tracked kids' internet activities. New York Attorney General Eric Schneiderman announced his office reached settlements with Viacom, Mattel, Hasbro and JumpStart Games after an investigation into the companies found violations of the Children's Online Privacy Protection Act. The investigation, called "Operation Child Tracker," found that websites operated by the companies enabled third-party vendors, such as marketing and advertising companies, to track children's online activity -- which violated federal law. Federal law prohibits the unauthorized collection of children's personal information on websites aimed at children under age 13. Viacom will pay $500,000; Mattel will pay $250,000; and JumpStart will pay $85,000. [Hasbro will not pay a penalty because it is part of a "safe harbor program" through the Federal Trade Commission that already requires more disclosures of web activity, Schneiderman said.]

Slashdot reader chicksdaddy quotes an article from Security Ledger: The Federal Trade Commission is warning consumers to beware of new 'connected car' features that allow rental car customers to connect their mobile phone or other devices to in-vehicle infotainment systems. "If you connect a mobile device, the car may also keep your mobile phone number, call and message logs, or even contacts and text messages," the FTC said in an advisory released on Tuesday. "Unless you delete that data before you return the car, other people may view it, including future renters and rental car employees or even hackers."

The Commission is advising renters to avoid syncing their mobile phones to their rental car, or to power devices via a USB port, where settings on your device may allow automatic syncing of data. Consumers who do connect their device should scrutinize any requests for permissions.
Security researchers have also discovered another car-related vulnerability. The software connecting smartphones to in-vehicle "infotainment" systems could also make cars vulnerable to remote attacks.

An anonymous reader quotes a report from The Verge: The Federal Trade Commission has reached a settlement with Warner Bros. over claims that the publisher failed to disclose that it had paid prominent YouTubers for positive coverage of one of its video games. The FTC charge stated that Warner Bros. deceived customers by paying thousands of dollars to social media "influencers," including YouTube megastar PewDiePie, to cover Middle Earth: Shadow of Mordor without announcing that money had changed hands. Under the terms of the agreement, Warner Bros. is banned from failing to disclose similar deals in the future, and cannot pretend that sponsored videos and articles are actually the work of independent producers. Warner Bros.' deal with the influencers involved stated that they had to make at least one tweet or Facebook post about the game, as well as produce videos with a string of caveats to avoid showing it in a negative light. Those videos could not express negative opinions about the game or Warner Bros. itself, could not show any glitches or bugs, and must include "a strong verbal call-to-action to click the link in the description box for the viewer to go to the [game's] website to learn more about the [game], to learn how they can register, and to learn how to play the game," according to Ars Technica. Influencers were advised to disclose the video's sponsored status under YouTube's "Show More" section, but some did not, and the FTC says this would not have been enough to skirt the rules anyway, as the disclaimer would not have been visible on videos watched through Twitter, Facebook, or other social media sources.

Mobile advertising firm InMobi will be paying a fine of $950,000 and revamp its services to resolve federal regulators' claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users' ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn't given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a "geocorder" database to infer the phone user's latitude and longitude, even when an end user hadn't provided permission for location to be tracked through the phone's dedicated location feature.

Trailrunner7 quotes a report from On The Wire: The Federal Trade Commission has sent comments to the Department of Commerce, outlining a list of concerns about the security and privacy of connected and embedded devices, saying that while many IoT devices have tangible benefits for consumers, "these devices also create new opportunities for unauthorized persons to exploit vulnerabilities." One of the key security problems that researchers have cited with IoT devices is the impracticality of updating them when vulnerabilities are discovered. Installing new firmware on light bulbs or refrigerators is not something most consumers are used to, and many manufacturers haven't contemplated those processes either. The FTC said the lack of available updates is a serious problem for consumers and businesses alike. "Although similar risks exist with traditional computers and computer networks, they may be heightened in the IoT, in part because many IoT chips are inexpensive and disposable, and many IoT devices are quickly replaceable with newer versions. As a result, businesses may not have an incentive to support software updates for the full useful life of these devices, potentially leaving consumers with vulnerable devices. Moreover, it may be difficult or impossible to apply updates to certain devices," the FTC comments say. In early May, the FTC issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security patches.

Mark Harris, reporting for The Guardian: An investigation by the Guardian has found that despite Amazon marketing the Echo to families with young children, the device is likely to contravene the US Children's Online Privacy Protection Act (COPPA), set up to regulate the collection and use of personal information from anyone younger than 13. Along with Google, Apple and others promoting voice-activated artificial intelligence systems to young children, the company could now face multimillion-dollar fines. "This is part of the initial wave of marketing to children using the internet of things," says Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group that helped write the law. "It is exactly why the law was enacted in the first place, to protect young people from pervasive data collection."

coondoggie quotes a report from Networkworld: The Federal Trade Commission today said it issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices. Apple, BlackBerry, Google, HTC America, LG Electronics, Microsoft, Motorola Mobility, and Samsung must provide the following: The factors that they consider in deciding whether to patch a vulnerability on a particular mobile device, detailed data on the specific mobile devices they have offered for sale to consumers since August 2013, the vulnerabilities that have affected those devices, and whether and when the company patched such vulnerabilities.

An anonymous reader shares a Gizmodo report: A federal judge has ruled Amazon is liable for billing unwitting parents after their children made unauthorized charges in apps. The court will decide exactly how much money Amazon owes customers in the coming months. The federal judge's decision asserts that Amazon received several complaints from customers about in-app purchases that they were unaware of, mostly incurred by children. The decision points out that Amazon promoted apps as free but failed to inform parents about in-app charges that could be incurred.

Reader Freshly Exhumed writes: Telemarketers in Canada and the USA have essentially been bypassing each nation's do-not-call registry by basing their efforts from the other or from off-shore locations, while cross border spam remains rampant. Now the CRTC, Canada's telecom and broadcast regulator, has announced it signed a partnership agreement with the Federal Trade Commission of the United States to fight against spam and calls from pesky telemarketers. The Memorandum of Understanding (MOU) consists of all unsolicited telecommunications, unsolicited commercial email (spam), and other "illegal electronic threats" that cover anti-spam laws in the United States and Canada.

An anonymous reader writes: The US Federal Trade Commission (FTC) has fined a software vendor for lying about its product's encryption capabilities, despite being publicly warned by US Computer Emergency Readiness Team (CERT) not to do so. The software vendor is Henry Schein, who deliberately ignored CERT and FTC warnings and continued to sell its CRM for dentists, even if it knew it did not comply with HIPAA rules. The vendor got "only" a $250,000 fine.

sciencehabit writes: Lumos Labs, the company that produces the popular 'brain-training' program Lumosity, yesterday agreed to pay a $2 million settlement to the Federal Trade Commission (FTC) for running deceptive advertisements. Lumos had claimed that its online games can help users perform better at work and in school, and stave off cognitive deficits associated with serious diseases such as Alzheimer's, traumatic brain injury, and post-traumatic stress.

The $2 million settlement will be used to compensate Lumosity consumers who were misled by false advertising, says Michelle Rusk, a spokesperson with the FTC in Washington, D.C. The company will also be required to provide an easy way to cancel auto-renewal billing for the service, which includes online and mobile app subscriptions, with payments ranging from $14.95 monthly to lifetime memberships for $299.95. Before consumers can access the games, a pop-up screen will alert them to the FTC's order and allow them to avoid future billing, Rusk says.

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.

itwbennett writes: The US Federal Trade Commission has appointed Lorrie Faith Cranor as Chief Technologist. Cranor is the director of the Carnegie Mellon Usable Privacy and Security Laboratory and a member of the Electronic Frontier Foundation (EFF) Board of Directors. She was previously a researcher at AT&T Labs Research and has also taught at the Stern School of Business at New York University. She will succeed Ashkan Soltani at the FTC. "Cranor has authored over 150 research papers on online privacy and usable security, and has played a central role in establishing the usable privacy and security research community."

schwit1 writes: Several federal agencies, including the U.S. Department of Justice, have announced criminal and civil actions related to unlawful advertising and sale of dietary supplements. "Six executives with USPlabs LLC and a related company, S.K. Laboratories, face criminal charges related to the sale of unlawful dietary supplements. Four were arrested on Tuesday and two are expected to surrender, the Justice department said. The indictment says that USPlabs used a synthetic stimulant manufactured in China to make Jack3d and OxyElite Pro but told retailers that the supplements were made from plant extracts." The FTC is working on this as well, and their press release has more details. The DoJ's case involves "more than 100 makers and marketers" of these supplements. It's about time.

An anonymous reader writes: You may remember LifeLock — it's the identity protection company whose CEO published his social security number and dared people to steal his identity. Predictably, 13 different people succeeded. LifeLock was later sued for deceptive marketing practices, and eventually settled with the U.S. Federal Trade Commission to the tune of $12 million. Part of that settlement, of course, required that they refrain from misrepresenting their services in the future. Now, the FTC is taking action against them again, saying they failed to live up to that promise. The FTC claims (PDF) LifeLock falsely advertised that it "protected consumers' sensitive data with the same high-level safeguards as financial institutions" and also failed build systems to protect the data they held.

An anonymous reader writes: You may remember LifeLock — it's the identity protection company whose CEO published his social security number and dared people to steal his identity. Predictably, 13 different people succeeded. LifeLock was later sued for deceptive marketing practices, and eventually settled with the U.S. Federal Trade Commission to the tune of $12 million. Part of that settlement, of course, required that they refrain from misrepresenting their services in the future. Now, the FTC is taking action against them again, saying they failed to live up to that promise. The FTC claims (PDF) LifeLock falsely advertised that it "protected consumers' sensitive data with the same high-level safeguards as financial institutions" and also failed build systems to protect the data they held.

An anonymous reader writes: You may remember LifeLock — it's the identity protection company whose CEO published his social security number and dared people to steal his identity. Predictably, 13 different people succeeded. LifeLock was later sued for deceptive marketing practices, and eventually settled with the U.S. Federal Trade Commission to the tune of $12 million. Part of that settlement, of course, required that they refrain from misrepresenting their services in the future. Now, the FTC is taking action against them again, saying they failed to live up to that promise. The FTC claims (PDF) LifeLock falsely advertised that it "protected consumers' sensitive data with the same high-level safeguards as financial institutions" and also failed build systems to protect the data they held.

itwbennett writes: The FTC has weighed in on the contentious issue of the proposed sale of consumer data by RadioShack, recommending that a settlement with failed online toy retailer Toysmart.com be adopted as a model for dealings going forward. Director of the FTC's bureau of consumer protection Jessica L. Rich wrote in a letter to a court-appointed consumer privacy ombudsman that the agency's concerns about the transfer of customer information inconsistent with RadioShack's privacy promises "would be greatly diminished if certain conditions were met." These include: that the data was not sold standalone, and if the buyer is in the same lines of business, they agree to be bound by the same privacy policies.

crazyhorse44 that the Federal Trade Commission announced this week that it is launching two new robocall contests challenging the public to develop a crowd-source honeypot and better analyze data from an existing honeypot. A honeypot is an information system that may be used by government, private and academic partners to lure and analyze robocalls. The challenges are part of the FTC's long-term multi-pronged effort to combat illegal robocallers and contestants of one of the challenges will compete for $25,000 in a top prize. As part of Robocalls: Humanity Strikes Back, the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls received on landlines or mobile phones, and block and forward those calls to a honeypot. A qualifying phase [launched Wednesday] and runs through June 15, 2015 at 10:00 p.m. ET; and a second and final phase concludes at DEF CON 23 on Aug. 9, 2015.

lightbox32 writes Dish Network has been found guilty of violating the Do Not Call list on 57 million separate occasions. They were also found liable for abandoning or causing telemarketers to abandon nearly 50 million outbound telephone calls, in violation of the abandoned-call provision of the Federal Trade Commission's Telemarketing Sales Rule. Penalties for infringing on the Do Not Call list can be up to a whopping $16,000 for each outbound call.

mpicpp sends this quote from the BBC: A "deeply personal" picture of every consumer could be grabbed by futuristic smart gadgets, the chair of the U.S. Federal Trade Commission has warned. Speaking at CES, Edith Ramirez said a future full of smart gadgets that watch what we do posed a threat to privacy. The collated data could create a false impression if given to employers, universities or companies, she said. Ms Ramirez urged tech firms to make sure gadgets gathered the minimum data needed to fulfill their function (PDF). The internet of things (IoT), which will populate homes, cars and bodies with devices that use sophisticated sensors to monitor people, could easily build up a "deeply personal and startlingly complete picture" of a person's lifestyle, said Ms Ramirez."

mpicpp sends this report from the Houston Chronicle: "Hundreds of thousands of people who bought the handheld gaming console PlayStation Vita are in line for a partial refund from Sony because of questionable claims in its advertising. The Federal Trade Commission said Tuesday it had reached a settlement with Sony Computer Entertainment America, the U.S.-based arm of the PlayStation business, over advertising claims that the government contended were misleading.

As part of the proposed settlement, Sony will provide refunds to those who bought the PS Vita console before June 1, 2012. They'll be eligible for either a $25 cash or credit refund — or a $50 merchandise voucher from Sony. ... Among the claims challenged by the FTC: That the pocket-sized console would revolutionize gaming mobility by allowing consumers to play their PlayStation 3 games via "remote play" on the console anywhere with a Wi-Fi connection, [and] that people could engage in "cross-platform" play by starting a game on a PlayStation 3, pausing it, and continuing the game with the PS Vita from where they left off. Not really true, the FTC said.

An anonymous reader writes The U.S. Federal Trade Commission today announced it is suing AT&T. The commission is charging the carrier for allegedly misleading millions of its smartphone customers by changing the terms while customers were still under contract for "unlimited" data plans that were, well, limited. "AT&T promised its customers 'unlimited' data, and in many instances, it has failed to deliver on that promise," FTC Chairwoman Edith Ramirez said in a statement. "The issue here is simple: 'unlimited' means unlimited." How apropos.

First time accepted submitter dibdublin writes The Federal Trade Commission announced today that AT&T will pay $105 million for hiding extra charges in cellphone bills. The best part of the news? $80 million of it will go back into the pockets of people bilked by AT&T. The FTC announcement reads in part: "As part of a $105 million settlement with federal and state law enforcement officials, AT&T Mobility LLC will pay $80 million to the Federal Trade Commission to provide refunds to consumers the company unlawfully billed for unauthorized third-party charges, a practice known as mobile cramming. The refunds are part of a multi-agency settlement that also includes $20 million in penalties and fees paid to 50 states and the District of Columbia, as well as a $5 million penalty to the Federal Communications Commission."

coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.

coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.

Charliemopps writes The Federal Trade Commission has filed suit against Amazon for illegally billing parents for in-app purchases of digital goods prior to requiring a password for making purchases. "The FTC's complaint, filed Thursday, asks the court to force Amazon to refund the money to those customers. In-app purchases typically involve virtual goods bought within an app, like extra coins or energy in a game, according to the FTC. Some bills totaled hundreds of dollars, and some virtual goods cost as much as $99.99." We recently told you about Amazon's refusal to reach a settlement over these FTC complaints.