Jump to content

Search the Community

Showing results for tags 'ftc'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 22 results

  1. A group of online video creators is protesting the US Federal Trade Commission’s plan to regulate kids’ videos on YouTube, claiming new rules will hurt them financially and reduce the quality of programs on the world’s largest video site. On Nov 5, producers of prominent children’s YouTube channels will appeal to the FTC to change its recent settlement with the video service and will circulate a new petition online urging certain changes. In September, the FTC fined YouTube and its parent, Alphabet Inc’s Google, US$170mil (RM702.28mil) for violating privacy laws by tracking children online. With the settlement, YouTube also agreed not to run "personalised” advertisements – which rely on web browsing behaviour and other targeting data – on videos it decided are aimed at kids. "Shutting off personalised ads on creators’ content will cause more harm than good, especially for children,” reads the Change.org petition. "Quality family-friendly content will shrink, while more mature content will grow – yet kids will still be watching.” The petition was started by Jeremy Johnston, a creator whose channel, J House Vlogs, has nearly 2 million subscribers. Johnston said he has met with multiple FTC commissioners about the issue. "I was surprised about how little they knew about the YouTube creator perspective,” he said. Johnston described his meetings with the agency as "really productive”. Videos for kids are among the most-watched on YouTube. Cocomelon, a channel of nursery rhymes, is the third-most-popular channel on the site, according to SocialBlade. Like Nastya, a child video blogger, ranks fifth. Tough spot The popularity of kids’ programming has put YouTube in an uncomfortable position. The company has maintained that the site isn’t for children, and doesn’t allow viewers under the age of 13. It created a separate app for kids, but its audience is about 1% the size of YouTube’s total reach. The Internet obliterated many of the safeguards on children’s media. While television networks have strict regulations about what material they can and can’t show – and some kids’ TV networks don’t accept advertising – there are no such rules online. The FTC is in the process of reviewing how technology companies collect data on minors, a practice regulated under the Children’s Online Privacy Protection Act, or COPPA. The agency fined ByteDance Inc, which owns the video app TikTok, US$5.7mil (RM23.54mil) earlier this year. The law was also used in the case against YouTube. The FTC now is weighing updates to COPPA. Many video creators are anxious about those updates and the new restrictions on YouTube, which go into effect in January. The rules place the onus on the creator to identify if their programming is for kids, rather than YouTube. And the creators could face significant fines for not complying. When the restrictions on personalised ads go into effect, some YouTubers may see a decline in their revenue from the video service. Those rule punish creators unfairly, Johnston said. ”The truth of the matter is that parents aren’t as concerned about personalised ads as the FTC makes it out to be,” he said. A YouTube spokeswoman declined to comment. An FTC representative couldn’t be reached for comment. The creators behind the petition want the FTC to delay enforcement of any new laws and keep them from applying to a wider swath of videos. Of particular concern is the way the agency defines a video for children. During an FTC public meeting last month, agency staff discussed a shift in the definition from online media "directed to kids” and those that attract minors. "‘Child-attractive’ could be anything on YouTube,” said Melissa Hunter from Family Video Network, another organiser behind the petition. "We feel that’s way too broad. And that shows a lack of understanding about YouTube.” YouTube has said it will comply with the new rules, but it has also encouraged creators to express their views. The company sent a notice to creators over the summer informing them of a workshop with the FTC. "It is important they hear from creators and small businesses that could be deeply impacted by potential changes,” a YouTube representative wrote, according to an email viewed by Bloomberg News. Source: YouTubers are lobbying FTC to fight child privacy law expansion (via The Star Online)
  2. But who knows when that will happen On Wednesday, the Federal Trade Commission settled an investigation into the Google-owned video platform YouTube, resulting in the largest fine ever weighed on a tech company for violating children’s privacy law. But the $170 million in penalties and new restrictions over children’s data, critics argue, do little to incentivize the company to change its behavior. Over the past few months, the FTC has settled a handful of prominent cases in which companies like Facebook, Equifax, and YouTube have mishandled the data of their customers and users. But in each of these cases, consumer advocacy groups and politicians have cried out, asking for the only agency with the authority to protect user privacy, the FTC, to be tougher on these companies. The FTC pulled the curtain back on this practice, but it did not go far enough to put in place critical new rules for accountability,” Sen. Ed Markey (D-MA), who authored the law that Google allegedly violated, said in a statement. “The FTC let Google off the hook with a drop-in-the-bucket fine and a set of new requirements that fall well short of what is needed to turn YouTube into a safe and healthy place for kids.” “We are very disappointed that the Commission failed to penalize Google sufficiently for its ongoing violations of COPPA and failed to hold Google executives personally responsible for the roles they played,” the Center for Digital Democracy’s executive director Jeff Chester said. “A paltry financial penalty . . . sends a signal that if you are a politically powerful corporation, you do not have to fear any serious financial consequences when you break the law.” The Republican commissioners, like Chairman Joe Simons, touted the historic nature of the settlement in an attempt to counter much of the criticism — and they’re not entirely wrong. Yes, it is the largest monetary penalty ever imposed as a result of Children’s Online Privacy Protection Act (COPPA) violations, but what the agency received in relief this week is miles away from the statutory maximum. For violating COPPA, companies can be fine $42,530 per violation, and those fines can be handed out on a per-child and per-day basis. Democratic Commissioner Rohit Chopra called attention to this in his dissenting statement on Wednesday, writing that the agency should have issued a penalty in the billions just to cover the revenue Google made in ill-gotten gains from this behavior over the years. “The terms of the settlement were not even significant enough to make Google issue a warning to its investors,” Chopra wrote. “Google earned – and will continue to earn – enormous sums by illegally tracking kids in many ways.” But in order to receive a larger payout and more significant structural changes from Google, the FTC would have had to take it to court. That kind of case could last years, and the commissioners wouldn’t have any certainty on the amount of relief they would receive in the end. The FTC is a small organization compared to Google. Taking the company to court would trouble the FTC far more than it would Google, a company with billions of dollars in profit and full-time legal staff. Without a federal law that outlines how the FTC should police privacy, the agency is effectively making up the rules as it goes along with its own prior consent decrees and decisions as their baseline for enforcement. In Google’s case, there was a law, COPPA, but it has never been challenged in court. There’s no precedent. So commissioners felt better using their prior COPPA settlements, like the one with TikTok, to guide a deal. For months, FTC officials, including Simons, have been begging Congress for the ability to act in response to initial offenses. In a statement following the agency’s settlement announcement with Facebook in July, Simons said, “I renew my call for Congress to enact federal data security legislation that gives the FTC authority to seek civil penalties for first-time violations.” He continued, “Fortunately, other agencies were able to fill in the gap—this time. But under different circumstances, future breaches might not always be subject to civil penalties, which sends absolutely the wrong signal regarding deterrence.” A clear privacy law like COPPA is something agency officials have been begging lawmakers to write for years. Currently, the FTC generally can’t issue fines or penalties for first-time privacy offenses since there is no federal privacy law. Under COPPA, the FTC can issue these fines for a company’s first offense of the law because once it was approved, it empowered them with the authority to do so, but only when children’s privacy is being mishandled. The Senate Commerce Committee has been working on a privacy bill for months. Last we heard from the chairman, Sen. Roger Wicker (R-MS), legislation was expected to be introduced by Labor Day, but that holiday has come to pass. The House Energy and Commerce Committee is also expected to draft a bill, but little has come of its discussions so far. There are a handful of other privacy measures that have already been introduced, but they’ve found little momentum. But until Congress does something, there will be little consequences for Big Tech when it violates the privacy of its users. YouTube’s fine for allegedly breaking the law may only add up to a few days in profit, but the structural changes implemented by the FTC will hurt the most. Now, YouTube is prohibited from serving children targeted ads, which is the most lucrative form of advertising for them on videos that receive tens of millions of views. Source
  3. The use of influencers and whether it targeted minors The Federal Trade Commission is reportedly investigating Juul Labs, the e-cigarette startup, over its marketing practices, according to a report in The Wall Street Journal. The government agency is particularly interested in whether Juul used deceptive marketing that targeted minors. It’s also looking into Juul’s hiring of influencers to sell its products. The FTC might seek monetary damages. In a statement to the Journal, Juul said it used influencers in a “small, short-lived pilot” that ended last year. The company paid less than $10,000 to fewer than 10 adults over the age of 30 who were current or former smokers, the spokesperson told the paper. The investigation apparently has been in the works since last year, even before tobacco conglomerate Altria Group invested more than $12 billion to take a 35 percent stake in the startup. The first FTC letter requesting marketing information was sent to Juul in September. News of this investigation joins prior reports that the Food and Drug Administration along with several state attorneys general are also investigating Juul’s marketing practices. The FDA asked Juul to turn over information that could explain why the devices are popular with young people, and then it inspected the company’s office looking for related documents. Meanwhile, in an interview today, Juul Labs CEO Kevin Burns warned nonsmokers to never use its company’s products. “Don’t vape,” Burns said in an interview on CBS This Morning. “Don’t use Juul.” He went on to say the product isn’t designed for people who don’t already have a “preexisting relationship” with nicotine. The US Surgeon General declared youth vaping an epidemic in 2018 and specifically noted the popularity of Juul in his advisory. A study published earlier this year found that people who started vaping in their teens were more likely to smoke cigarettes later in life. Juul is now working to backpedal out of the youth market that it says it never wanted in the first place. It’s created a Bluetooth-enabled e-cigarette that requires users to submit government-issued photo identification to use the product. It’s also pushing retailers to install an electronic age-verification system on their point-of-sale software. The company is willing to offer up to $100 million in incentives to get them to do so. Source
  4. The terms of the proposed truce aren't clear. AT&T has reached a truce in an FTC lawsuit accusing it of deceptive data throttling practices. A newly published federal court ruling has revealed that the two parties reached a settlement on August 2nd, and requested a 90-day stay while the FTC reviewed and voted on the settlement. The terms of the deal haven't been disclosed, though, so it's not clear how much (if anything) AT&T would concede if the settlement received approval. The case very nearly didn't go forward in the first place. An appeals court effectively tossed the lawsuit in 2016 on the grounds that AT&T's common carrier status exempted it from disclosing its throttling activity. In 2018, however, a federal court decided that the FTC could proceed with the case after noting that AT&T's data services weren't part of its common carrier status. The lawsuit alleged that AT&T misled legacy unlimited data customers about its throttling plan, failing to adequately inform them that they'd see dramatic slowdowns after using a certain amount of data each month. This wasn't really the unlimited service they'd signed up for, the FTC argued. AT&T balked at the lawsuit, arguing that few people were affected and that it notified customers of imminent throttling through text. There's no doubt that the wireless landscape has changed a lot since the lawsuit began. Like it or not, throttling is a staple of many US carriers (including Engadget parent Verizon), whether it's after a given amount of general usage or for specific services like video. A settlement might not carry much weight unless it forces substantial changes to existing disclosure practices. Source
  5. (Reuters) - Qualcomm Inc won a partial stay against the enforcement of a sweeping antitrust ruling in a lawsuit brought by the U.S. Federal Trade Commission (FTC), according to a court filing on Friday. The company on May 21 lost in an antitrust lawsuit and has been fighting to have the ruling put on hold while it pursued an appeal. The San Diego-based company argued that letting the ruling stand could upend its talks with phone makers over chips for 5G, the next generation of wireless data networks. In the ruling issued on Friday, the 9th U.S. Circuit Court of Appeals put on hold the provisions of the earlier ruling that required Qualcomm to grant patent licenses to rival chip suppliers and end its practice of requiring its chip customers to sign a patent license before purchasing chips. The earlier ruling would have required Qualcomm to renegotiate all of its existing chip and patent deals, as well as make new deals conform to the requirements. The stay granted Friday puts on hold the effect of parts of the ruling while the appeals process, which could take a year or more, plays out. The Qualcomm antitrust case was unique in that different parts of the U.S. government weighed in with differing views. The Department of Justice - the other primary antitrust regulator in the United States - said during the initial trial that it disagreed with the FTC’s legal theory. And after the trial judge handed down a decision, the Pentagon and the Department of Energy both made filings saying that enforcing the decision would harm national security. “The government itself is divided about the propriety of the judgment and its impact on the public interest,” the appeals court wrote in its ruling. Shares rose briefly after the news but then dropped 3.7% to $74.29 in afternoon trading on the Nasdaq. Shares have been volatile this year, rising from the mid-$50 range to above $85 after Qualcomm settled a major lawsuit with Apple Inc, but then dropping to the mid-$60 range after its loss of the case brought by the FTC. The company has not formally filed its appeal in the FTC lawsuit. After Qualcomm files its arguments, the appeal will take place in January. In a statement, Qualcomm general counsel Don Rosenberg said the company believes “the district court decision will be overturned once the merits of our appeal have been considered.” Source
  6. The chair of the Federal Trade Commission, Chairman Joe Simons, acknowledged in an interview on Tuesday that perhaps maybe, just maybe, one outcome of an FTC task force inquiry into whether tech giants violated anticompetition laws could be forcing them to break up into smaller companies, according to reports in Reuters and Bloomberg. The likes of Facebook probably aren’t quaking in their bootsies yet. Simons—who perhaps has his hands tied by the ongoing status of his agency’s broad review of the tech sector, but whose agency was accused of coddling Facebook in a recent privacy settlement—more or less merely acknowledged that it was technically within his power to pursue corporate breakups. “If you have to, you do it,” Simons told Bloomberg. “It’s not ideal because it’s very messy. But if you have to you have to.” As Bloomberg noted, the FTC task force has seemed particularly interested in whether Facebook secured its current form as a globe-spanning behemoth by buying up subsidiaries like Instagram and WhatsApp for the sole purpose of eliminating competition. The Department of Justice has launched its own antitrust investigation of the tech sector that appears to have overlap with the FTC one, though Simons offered few details about how the agencies were coordinating. “It’s possible for sure that we could be investigating the same company at the same time but just for different conduct,” Simons told Bloomberg. However, he did reiterate to Bloomberg that Facebook’s 2012 acquisition of Instagram is a particularly open question to the FTC as of now: Simons didn’t confirm details of the Facebook investigation beyond what the company disclosed in July, when it said that the FTC had initiated a broad probe into several business lines — social media, digital advertising and mobile applications. Any inquiry into its past acquisitions would focus on what would have happened to those companies if they hadn’t been bought by Facebook, Simons said. “There’s a question about what caused Instagram to be as successful as it is,” Simons said. “Was it the fact that the seed was already there and it was going to be germinated no matter what or was the seed germinated because Facebook acquired it?” The consolidation of the tech sector in recent years and growing hostility to companies like Amazon, Apple, Facebook, and Google in D.C. certainly seems to have put the issues of scale and competition in the spotlight, and both leading Democratic candidates for the presidency such as Elizabeth Warren and Donald Trump’s administration have urged regulators to step in. (In the case of Trump, the anger clearly has more to do with conspiratorial and baseless accusations that tech companies are secretly backing Democrats than it does... any other coherent motive.) But there’s reason to be skeptical whether this is all just talk or the FTC and DOJ investigations will actually result in breakups anytime soon. As the Verge noted, the growing backlash to tech consolidation follows a long time period in which competition and antitrust watchdogs did basically nothing to stop it—and the pendulum is only slowly swinging back in the other direction. In June, New Street Research analyst Blair Levin told the Information that “any concrete action and coherent thinking on these things” is likely to take at least a year and a half to materialize, meaning the next presidential administration. Source
  7. Experts say the deal raises serious antitrust concerns Last year, Amazon cut a deal with Apple to bring direct iPhone sales to its platform for the first time. Now, that deal is coming under scrutiny from the Federal Trade Commission, The Verge has learned. The deal was first announced last fall, ostensibly as a way for Apple to sell on Amazon in an official capacity and cut down on counterfeit or misleadingly marketed products. However, it had the effect of kicking off hundreds of legitimate sellers that were offering low-cost and refurbished Apple products that were no longer for sale by the company itself. One seller, a Minnesota man named John Bumstead who specializes in refurbished MacBooks, was contacted earlier this month by a group of FTC officials. Bumstead told The Verge that he was interviewed by FTC lawyers and an economist about the impact of the Amazon-Apple deal on his business. The group did not disclose the broader purpose of the interview, but at least one member of the group is listed as belonging to the FTC’s newly formed Tech Task Force, a division launched in February to police anti-competitive behavior on tech platforms. The FTC officials were curious about the role Amazon’s Marketplace played in Bumstead’s business and how much his business suffered from being kicked off. When Apple secured the deal in November, Bumstead was given a couple months’ notice before he was forced off the Marketplace platform, which is the leading US e-commerce website for third-party sellers. “They wanted to know how Amazon works, how eBay works. I went into describing how a listing works on Amazon. Amazon is interesting in that you don’t necessarily create a listing. You just sort of tag on to an existing listing,” Bumstead tells The Verge. “If that listing gets deleted, chances are you’re not allowed to sell that product. That’s how Amazon did this. They created a bunch of renewed listings from the people who were certified, and they let those people sell on those listings, and they abandoned everyone else.” Earlier this week, regulatory news organization MLex reported that the FTC had subpoenaed Amazon Marketplace seller data on products not sold by the company itself, although it’s unclear whether the two efforts are related. The FTC did not respond to a request for comment. Still, experts say the Apple-Amazon deal could easily be grounds for an antitrust complaint. According to Sally Hubbard, an antitrust expert and the director of enforcement strategy at the OpenMarkets Institute, the practice of cutting a deal with a brand to shut out third-party sellers who may be peddling counterfeit products or simply just lower-cost versions is called “brand gating.” It’s rampant on Amazon, and it may be illegal, she argues. “You put a gate around the brand and say all the third-party sellers of whatever that brand is get a notice saying you can no longer sell this product on our platform unless you get authorization from the brand,” Hubbard tells The Verge. “But of course the brand is not going to let you sell if you’re under the [minimum advertised price]. Problem is that it’s illegal under antitrust law.” Specifically, Hubbard believes the Amazon-Apple deal could be a violation of antitrust laws that deal with anti-competitive conduct like price-fixing and illegal market allocation. “You’re not allowed to agree with another firm to set a floor on your pricing,” she says. “When you have these brands and a dominant retailer like Amazon, and Amazon says, ‘We’re going to make sure anyone who sells below your prices can’t be authorized to sell on your platform anymore,’ it’s basically a price-fixing agreement between a dominant retailer and a brand. And that’s illegal under Section 1 of the Sherman Antitrust Act.” Amazon’s deal didn’t push third-party sellers off of Marketplace entirely, but it set conditions that made it impossible for smaller refurbishers to remain on the platform. Amazon still offers refurbished Apple products sold through the company’s “Amazon Renewed” program, but according to Bumstead, the program is limited to purchasers of roughly $10 million in inventory a year. He was never able to qualify for the program, and like many other refurbishers, he has left Amazon Marketplace as a result. Now, Bumstead says a significant amount of low-cost Apple products have disappeared from Amazon. “When they deleted those listings, they deleted consumer access to the majority of old MacBooks,” Bumstead says. “[Amazon] only created those renewed listings for newer machines.” In other words, the lowest price of a used or refurbished Apple computer on Amazon suddenly jumped by hundreds of dollars. The investigation comes amid unprecedented antitrust scrutiny of Amazon for prioritizing its own products and by using proprietary sales data to target competitors. European regulators opened an investigation into those issues earlier this month. In Germany, the company has already changed its terms of service for sellers like Bumstead, possibly as a concession to local regulators. The FTC is also stepping up its regulatory investigations of tech giants, as led by the Tech Task Force. Earlier this month, Facebook settled with the FTC over privacy violations for a $5 billion fine, and the commission is also officially investigating the social network for antitrust violations. According to The Washington Post, the FTC has been granted informal jurisdiction into any investigation into Amazon in addition to Facebook. Amazon declined to comment. Apple did not respond to a request for comment. Source
  8. Controversial app developer also settles As the Federal Trade Commission imposes a landmark $5 billion fine against Facebook, the agency also announced separate action today against controversial data-mining company Cambridge Analytica. The FTC said in an administrative complaint that Cambridge Analytica deceptively harvested the information of Facebook users through a personality test app. The company has since filed for bankruptcy and has not settled the agency’s complaint. The agency said it also reached settlements with two individuals: former Cambridge Analytica CEO Alexander Nix and former University of Cambridge professor Aleksandr Kogan. Kogan was responsible for developing the app used by Cambridge Analytica to harvest data from Facebook users in the guise of a harmless personality test. The app, the FTC’s complaint confirms, took information from at least 250,000 Facebook users who used it, as well as at least 50 million of their friends on the social network. The FTC alleges that the app falsely told users that it would not “download your name or any other identifiable information.” Cambridge Analytica used the information to power its voter profiling and ad targeting services, according to the FTC. Facebook has since restricted the ability of apps on its platform to harvest data. Under the FTC settlements, Nix and Kogan will be required to destroy any personal information they still hold. They will also be restricted from making any false or deceptive statements in the future about personal information. The FTC has not yet published the text of the agreements. While the $5 billion action today against Facebook will likely generate the most headlines, the FTC’s move against Cambridge Analytica and settlement with two of the scandal’s major players follows a global controversy that ultimately tanked the data-mining firm. Source
  9. Facebook CEO Mark Zuckerberg was not deposed as part of the Federal Trade Commission investigation into allegations of privacy violations, according to a report in The Washington Post on Tuesday. The report said the settlement would say Facebook deceived consumers about privacy. The company will reportedly not admit guilt. Federal regulators are reportedly accusing Facebook of misleading consumers about their privacy in its $5 billion settlement but did not question CEO Mark Zuckerberg as part of the high-profile investigation — a decision that is likely to draw intense criticism. On Tuesday, The Washington Post published a report with more details of an impending Federal Trade Commission settlement, which is the outcome of a lengthy investigation by the US regulatory body. The full settlement has not yet been formally announced or made public, and spokespeople for Facebook and the FTC did not immediately respond to Business Insider's requests for comment. According to the report, the settlement will highlight that Facebook used phone numbers that users submitted for security purposes to subsequently let advertisers find and target them with ads, a move that was widely criticized after it was revealed last year. It will also "allege that Facebook had provided insufficient information to users — roughly 30 million — about their ability to turn off a tool that would identify and offer tag suggestions for photos," according to The Washington Post. Following earlier leaks about the nature of the settlement, the FTC has faced criticism from those who believe it should have pursued tougher sanctions against Facebook over the privacy violations it's accused of. The Washington Post's report has two additional details that may further inflame the FTC's detractors. First, Zuckerberg — the CEO and ultimate decision-maker at Facebook who has absolute control over the company because of its unconventional stock structure — was never deposed for questioning by the FTC. And secondly, Facebook will not have to admit guilt as part of the settlement — a not uncommon outcome in FTC settlements that may nonetheless add to the perception that Facebook has been able to avoid meaningful punishment for its alleged transgressions. Source
  10. The Federal Trade Commission (FTC) reportedly finalized a settlement with Google after launching an investigation into YouTube over whether its handling of children’s videos violated federal data privacy laws. The settlement concludes that Google did not adequately shield children who were using the platform and collected their data in violation of the Children’s Online Privacy Protection Act (COPPA), The Washington Post reports, citing two sources. Under COPPA, websites must obtain parental consent before collecting data on children under the age of 13. The FTC has faced mounting scrutiny from critics who claim it is unwilling to enforce the law. The company is expected to pay a multimillion-dollar fine following the FTC settlement, but the exact amount is unknown, The Post reports. The FTC did not immediately respond to a request for comment from The Hill. Google declined to comment. The reported settlement comes after consumer advocates, including the Center for Digital Democracy and the Campaign for a Commercial-Free Childhood, have pushed for the FTC to come down hard on YouTube’s handling of children’s privacy. The FTC said this week that it is looking to update its rules on internet privacy for children amid such concerns. YouTube has said it is working to address such issues, saying it removed more than 800,000 videos in the first quarter of 2019 that violated their child safety rules. In June, it announced other changes, such as restricting minors from live-streaming without an adult to disabling comments on videos with minors. Source Updated: 12:15 p.m.
  11. Sen. Chuck Schumer and the DNC says the fact that Russia is involved is a problem. The viral hit FaceApp is facing further scrutiny from US Senate Minority Leader Chuck Schumer. The senator has asked the FBI and the Federal Trade Commission to open a national security and privacy investigation into the Russian-developed AI photo-editing app. In a public letter to FBI Director Christopher Wray and FTC Chairman Joe Simons, Schumer said he has "serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it." Schumer asked the FBI to assess whether any data uploaded to FaceApp could find its way into the hands of the Russian government. He also asked the FTC to examine whether there are "adequate safeguards" in place to protect the privacy of the users. The FTC confirmed it received Schumer's letter but declined to comment further. The FBI didn't immediately respond to a request for comment. The Democratic National Committee sent a security alert to 2020 presidential campaigns on Wednesday urging them not to use the app, according to CNN. "This app allows users to perform different transformations on photos of people, such as aging the person in the picture. Unfortunately, this novelty is not without risk: FaceApp was developed by Russians," said the security alert from Bob Lord, the DNC's chief security officer. Released in 2017, FaceApp has seen a new surge of popularity with the #AgeChallenge. The app lets you take a selfie, or choose an existing photo, and apply an AI filter that makes you look old. The app's maker responded to privacy concerns over how it handles users' photos in a statement Wednesday denying any mishandling of user data. FaceApp didn't immediately respond to a request for comment. Originally published July 18 at 6:23 a.m. PT. Update, at 6:57 a.m. PT: Adds response from FTC and news about the DNC security alert. Source
  12. The FTC looks to change children's privacy law following complaints about YouTube The U.S. Federal Trade Commission is considering an update to the laws governing children’s privacy online, known as the COPPA Rule (or, the Children’s Online Privacy Protection Act). The Rule first went into effect in 2000 and was amended in 2013 to address changes in how children use mobile devices and social networking sites. Now, the FTC believes it may be due for more revisions. The organization is seeking input and comments on possible updates, some of which are specifically focused on how to address sites that aren’t necessarily aimed at children, but have large numbers of child users. In other words, sites like YouTube. The FTC’s announcement comes only weeks after U.S. consumer advocacy groups and Senator Ed Markey (D-Mass.) sent complaint letters to the FTC, urging the regulators to investigate YouTube for potential COPPA violations. The advocacy groups allege that YouTube is hiding behind its terms of servicewhich claim YouTube is “not intended for children under 13” — a statement that’s clearly no longer true. Today, the platform is filled with videos designed for viewing by kids. Google even offers a YouTube Kids app aimed at preschooler to tween-aged children. According to the letter written by the Campaign for a Commercial-Free Childhood (CCFC) and the Center for Digital Democracy (CDD), Google has now collected personal information from nearly 25 million children in the U.S., and it used this data to engage in “very sophisticated digital marketing techniques.” The groups want YouTube to delete the children’s data, set up an age-gate on the site, and separate out any kids content into its own app where YouTube will have to properly follow COPPA guidelines. These demands are among those pushing the FTC to this action. The Commission says it wants input as to whether COPPA should be updated to better address websites and online services that are not traditionally aimed at children but are used by kids, as well as whether these “general audience platforms” should have to identity and police the child-directed content that’s uploaded by third parties. In other words, should the FTC amend COPPA so it can protect the privacy of the kids using YouTube? “In light of rapid technological changes that impact the online children’s marketplace, we must ensure COPPA remains effective,” said FTC Chairman Joe Simons, in a published statement. “We’re committed to strong COPPA enforcement, as well as industry outreach and a COPPA business hotline to foster a high level of COPPA compliance. But we also need to regularly revisit and, if warranted, update the Rule,” he added. While YouTube is a key focus, the FTC will also seek comment on whether there should be an exception for parental consent for the use of educational technology in schools. And it wants to better understand the implications for COPPA in terms of interactive media, like interactive TV (think Netflix’sMinecraft: Story Mode, for example), or interactive gaming. More broadly, the FTC wants to know how COPPA has impacted the availability of sites and services aimed at children, it says. The decision to initiate a review of COPPA was a unanimous decision from the FTC’s five commissioners, which includes three Republicans and two Democrats. Led by Simons, the FTC in February took action against Musical.ly (now TikTok), by issuing a record $5.7 million fine for its COPPA violations. Similar to YouTube, the app was used by a number of under-13 kids without parental consent. The company knew this was the case, but continued to collect the kids’ personal information, regardless. “This record penalty should be a reminder to all online services and websites that target children: We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law,” Simons had said at the time. The settlement with TikTok required the company to delete children’s videos and data and restrict underage users from being able to film videos. It’s unclear why the FTC can’t now require the same of YouTube, given the similarities between the two services, without amending the law. “They absolutely can and should fine YouTube, not to mention force YouTube to make significant changes, under the current regulations,” says Josh Golin, the Executive Director for CCFC. “As for the YouTube decision – by far the most important COPPA case in the agency’s history – it’s extremely concerning that the Commission appears to be signaling they do not have the authority under the current rules to hold YouTube accountable,” he says. “COPPA rules could use some updating but the biggest problem with the law is the FTC’s lack of enforcement, which is something the Commission could address right away without a lengthy comment period,” Golin adds. The FTC says it will hold a public workshop on October 7, 2019 to examine the COPPA Rule. Image Credits: Christopher Winton-Stahle / Getty Images Source: The FTC looks to change children's privacy law following complaints about YouTube
  13. Multiple vaping companies were sent letters by federal regulators this week over posts by social media influencers that did not include necessary warnings about the vape products. The warning letters—which were sent to Artist Liquids Laboratories, Humble Juice Co., Hype City Vapors, and Solace Technologies—stated that the posts in question were reviewed by the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) and found to lack the required warning statement that the product both contains nicotine and that nicotine is an addictive chemical. According to the letters, the posts by influencers in partnership with the respective companies were shared to Facebook, Instagram, and Twitter, platforms on which some of the influencers had tens of thousands or more followers. In some cases, the letters said, posts by the companies themselves on social media or their websites failed to communicate the required warning language. “Given the significant risk of addiction, the failure to disclose the presence of and risks associated with nicotine raises concerns that the social media postings could be unfair or likely to mislead consumers,” the letters read. “The FTC urges you to review your marketing, including endorsements by your social media influencers, and ensure that necessary and appropriate disclosures are made about the health risks of nicotine.” Lorenzo De Plano, a co-founder of Solace, told Gizmodo in a statement by email that the letter his company was sent was related to a post by a single influencer who did not include necessary warnings in their post, adding that the company is no longer working with that individual. “All of Solace Vapor’s internal packaging, marketing and nicotine warnings are compliant with FDA standards,” Plano said. “Solace Vapor does not condone the use of our products by anyone who previously was not a tobacco and or cigarette user. We will be reviewing and terminating any and all 3rd party influencers who may not be compliant with our marketing policies. We hope that all other companies in our industry do the same.” The letters stated that the companies would be required to submit a written response within 15 working days of receipt that outlined their timeline for corrective actions. Spokespeople for Artist Liquids, Humble Juice, and Hype City Vapors did not immediately return requests for comment. The FDA and FTC said that the warning letters come as part of the FDA’s Youth Tobacco Prevention Plan, which among other initiatives is aimed at cutting off access by kids to tobacco products but also includes policing ads and marketing that may target youth. Vape giant Juul previously came under fire for its own marketing, which has been accused of attempting to lure teens to its products and contributing in large part to the widespread use of vape products among kids. The company has since folded many of its social media accounts, including Instagram. “Years of progress to combat youth use of tobacco is now threatened by an epidemic of e-cigarette use by kids, and unfortunately research shows many youth are mistaken or unaware of the risks and the presence of nicotine in e-cigarettes,” Acting FDA Commissioner Ned Sharpless said in a statement this week. “That’s why it’s critical we ensure manufacturers, retailers and others are including the required health warning about nicotine’s addictive properties on packages and advertisements—especially on social media platforms popular with kids.” Source
  14. Facebook, FTC reportedly negotiating massive fine to settle privacy issues The multibillion-dollar fine would be the largest ever imposed by the FTC, according to The Washington Post. Facebook CEO Mark Zuckerberg. Facebook and the Federal Trade Commission are negotiating a multibillion-dollar fine to settle an investigation into the social network's privacy practices, The Washington Post reported Thursday. It'd be the largest fine ever imposed by the agency, according to the Post, though the exact amount hasn't yet been determined. Facebook was initially concerned with the FTC's demands, a person familiar with the matter told the publication. If the two parties don't come to an agreement, the FTC could reportedly take legal action. A Facebook representative said the company isn't commenting on the Post report, but added: "We are cooperating with officials in the US, UK, and beyond. We've provided public testimony, answered questions, and pledged to continue our assistance as their work continues." The FTC didn't immediately respond to a request for comment. The FTC began investigating Facebook last year after it was revealed that Cambridge Analytica, a digital consultancy linked to the Trump presidential campaign, improperly accessed data from as many as 87 million Facebook users. The agency is looking into whether Facebook's actions violated a 2011 agreement with the government in which it pledged to improve its privacy practices. Facebook has said it didn't violate the consent decree. Under the agreement, Facebook agreed to get permission from users before sharing their data with third parties. In addition, the tech giant is required to have a third party conduct audits every two years for the next 20 years to ensure the program is effective. Facebook reportedly could reach a deal with the government by agreeing to pay a fine and altering some of its business practices. A judge would have to approve the settlement, according to the Post. The FTC could impose new rules forcing Facebook to go through more stringent, regular checkups to ensure it's in compliance with the settlement, people familiar with the matter told the Post. Alternatively, the tech giant could reportedly opt to challenge the FTC over its findings and suggested penalties. The FTC's last record-setting fine against a tech company for breaking a privacy agreement was reportedly against Google in 2012, for $22.5 million. Source
  15. US Senator says Google is profiting off advertising fraud and has no interest in addressing it. A US senator has blasted the Federal Trade Commission for failing to crack down on Google's lack of effort in reducing ad fraud on its advertising network. Virginia Democrat Senator Mark Warner says Google is directly profiting by letting ad fraud run rampant at the expense of the companies who buy or sell ads on its platform. However, Warner is just as mad about the FTC as he is about Google, claiming the FTC has failed to take action against the Mountain View-based company for more than two years since he and New York Democrat Senator Chuck Schumer first wrote the agency about Google's ad fraud problem. "The FTC's failure to act has had the effect of allowing Google to structure its own market," said Sen. Warner in a letter sent to the FTC yesterday. "Through a series of transactions, the company has accomplished a level of vertical integration that allows it in effect to act as the equivalent of market-maker, commodities broker, and commodities exchange for digital advertising -- in the process creating a range of conflicts of interest," he said. "While the company controls each link in the supply chain and therefore maintains the power to monitor activity in the digital advertising market from start to finish, it has continued to be caught flat-footed in identifying and addressing digital ad fraud." Sen. Warner also called out Google for proving unwilling to address misuse of its advertising platform for the "rampant proliferation of online disinformation" --referring to how various foreign entities have used Google ads to push political agendas, both in the US and other countries of the world. "As long as Google stands to profit from the sale of additional advertisements, the financial incentive for it to voluntarily root out and address fraud remains minimal," Sen. Warner added. Both Google and the FTC have not replied to requests for comments for this article. Google did publish a blog post after our inquiry entitled "Tackling ads abuse in apps and SDKs" that described the company's latest efforts in addressing Android and Google Play Store ad fraud, which has been a serious problem for the company in the last few months. This is the third letter Sen. Warner has sent the FTC about Google's ad fraud problem. He sent a first in 2016, another one in October, and a third yesterday. In yesterday's letter, Sen. Warner also criticized the FTC's reply to the second letter. In its answer, available here, the FTC told Sen. Warner that they don't have the authority to go after Google for its practices, but instead opted to tackle online ad fraud through "workshops and education campaigns." Sen. Warner disagreed and reminded the FTC that they themselves lobbied Congress for additional authority related to online businesses and the digital age, which they received. "Section 5 of the Federal Trade Commission Act was written in broad terms precisely for this purpose," Sen. Warner said. Source
  16. The federal investigation into Facebook’s Cambridge Analytica data-sharing scandal—in which prior versions of Facebook’s advertising API allowed the shady election data firm to partner with an app to harvest data on at least 87 million users without their consent—has expanded to include a multi-agency inquiry into the social network’s data practices. Per the Washington Post, five people familiar with the investigation said the Department of Justice is now joined by “representatives for the FBI, the SEC and the Federal Trade Commission... in its inquiries about the two companies,” and specifically Facebook’s “actions and statements” over a period of years. The paper wrote the multi-agency inquiry is focused on what Facebook knew years ago and what it failed to tell “users or investors,” as well as whether there were “discrepancies in more recent accounts” like executives’ testimony before Congress. The Post wrote that CEO Mark Zuckerberg’s evasive congressional testimony is considered part of the investigation: Cambridge Analytica has attracted considerable attention not just for the data harvesting, but for undercover news investigations that caught executives bragging about scummy campaign tactics, role working on Donald Trump’s campaign, and possibly illegal use of foreign contractors to work on US elections. It has since shut down, though the DOJ and FBI are reportedly still looking into its practices. According to the New York Times, while the DOJ and FBI investigations into Facebook primarily branch from those ongoing inquiries into Cambridge Analytica, Facebook representatives admitted the SEC one focuses on “the social network’s public statements about Cambridge Analytica.” SEC investigators want to know whether when Facebook said Cambridge Analytica duped them by claiming its project was only harvesting data for academic purposes, it knew full well what was going on. The Times wrote: The FTC involvement is notable because in March 2018, the agency disclosed that it had learned of “substantial concerns about the privacy practices of Facebook” and launched an investigation as a result. The Post confirmed that said investigation concerns a 2011 consent decree on user privacy that Facebook signed with the FTC—violations of which could potentially result in mind-boggling fines in the billions of dollars, though the agency’s approach to monitoring such breaches of agreements has historically been toothless. It’s not clear whether the agencies currently are considering whether the investigation could result in “criminal charges or civil penalties” for Facebook or Cambridge Analytica, the Post wrote. “The fact that the Justice Department, the FBI, the SEC and the FTC are sitting down together does raise serious concerns,” former FTC Bureau of Consumer Protection chief David Vladeck told the Post, adding that the number of agencies involved “does raise all sorts of red flags.” Former FTC chief technologist Ashkan Soltani told the Times that the growing number of agencies involved in the inquiry is “very significant because it means the government is not just interested in harms to privacy, but is interested in a broad array of harms.” So this all certainly sounds like bad news for the social media giant. But Electronic Frontier Foundation senior staff attorney Nate Cardozo told Gizmodo in April that it’s not clear authorities have the appetite to hand down more than token punishments for Facebook’s corporate practices in current climate. While President Donald Trump’s administration has “made it clear that it is no friend of Silicon Valley,” Cardozo said, it has similarly “made it clear that it doesn’t like government regulation and the administrative state.” Of course, while investigators may determine Facebook’s historical data-sharing policies do not constitute civil or criminal matters, they could always conclude otherwise about anything the site did to cover those issues up. Source
  17. The Federal Trade Commission reached a settlement this week with a notorious scammer who worked with telemarketers to pose as large technology firms and offer fake tech support services to the elderly. A headset hangs on a cubical wall after the last telemarketing shift at Spectrum Marketing Services, Inc. September 26, 2003 in Philadelphia, Pennsylvania. Parmjit Singh Brar—the operator of Genius Technologies, LLC and Avangatee Services, LLC—agreed to a $7.5 million fine, though he will only pay $136,000 due to an inability to pay the full amount. The scammer will also be banned from offering any tech support services in the future, effectively stomping out his two businesses. Per the FTC, here’s how Brar’s scam worked: he set up agreements with telemarketers in India who would contact consumers via cold calls and pop-up ads disguised to look like security alerts. They are the kinds of ads that say things like “Critical update required” or “Your computer is at risk” and look believable to a person who doesn’t know any better. When the telemarketers got a person on the phone, they would claim to be from well-known tech companies and would attempt to convince the consumer that there was something wrong with their computer. If the person went along with the call, the scammer would try to convince them to provide remote access to their computer. Once connected to the computer, they would claim to discover malware or some other threat, at which point the tech support scammer would try to sell the victim on some expensive, “high-quality” computer software to solve the problem. Of course, there was no high-quality software. According to the FTC, the scammers would instead install out-of-date software on the device and use the installation process to steal personal information from the consumer’s computer without their permission. For their troubles, the victims were charged between several hundred dollars to tens of thousands of dollars for the phony service. The FTC’s original case against Brar noted that several people paid more than $50,000 and one person paid $400,000 over several years to the scammers. The complaint notes that “millions of dollars” have been wired to accounts associated with Brar’s businesses. Brar was the mastermind behind the scam, and by all accounts seems to have been pretty good at ripping people off. One of his business fronts, Genius Technologies, maintained a pretty clean image. The company has a CrunchBase page that describes Genius Technologies as an “IT firm delivering high quality, cost effective, reliable web software solutions.” His other operation, Avangatee Services, have a far less positive public-facing profile. The company has an F rating from the Better Business Bureau and a lot of bad reviews on the consumer watchdog site Ripoff Report. A number of user-submitted complaints on the site lay out a similar scheme carried out by callers: a telemarketer warns that hackers are trying to steal personal information and gain access to their bank account. The caller offers protection, then charges the victim thousands of dollars for the service. Inevitably, the victim’s device eventually gets infected by actual malware despite promises that it would be safe. Brar is just the latest tech support scammer to get hit with scrutiny from the FTC. The agency has made an effort to crack down the schemes in recent months, taking down call center operators in Florida that scammed people out of $25 million last month. The podcast Reply All documented tech support calls like the ones Brar and other scammers have made, if you’d like to hear the scams in action. Source
  18. WASHINGTON (Reuters) - AT&T Inc (T.N) said on Thursday that it is negotiating with the U.S. Federal Trade Commission to resolve a 2014 complaint that claimed the company offered deceptive “unlimited” mobile phone data plans. “We have decided not to seek review by the Supreme Court, to focus instead on negotiating a fair resolution of the case with the Federal Trade Commission,” AT&T spokesman Mike Balmoris said. The FTC had charged that the company misled millions of consumers by charging them for unlimited data plans but reducing data speeds or “throttling” them if they reached certain data usage levels. The FTC did not immediately comment. A federal appeals court in San Francisco in February reinstated the FTC lawsuit, which had been thrown out after AT&T argued that it was exempt from FTC regulations and that the Federal Communications Commission had jurisdiction. The Federal Communications Commission separately in June 2015 proposed a $100 million fine for AT&T for misleading millions of customers about unlimited data plans. The FCC has never moved to finalize the fine. The FCC said at the time that it was the largest such fine proposal. AT&T, which said it would “vigorously dispute the FCC’s assertions,” said that the FCC had previously deemed the practice a legitimate and reasonable way to manage its network and that it had been “fully transparent with our customers, providing notice in multiple ways and going well beyond the FCC’s disclosure requirements.” AT&T said it had disclosed its slowdown practices to consumers over bill statement notifications, text messages and other means. In February, FCC Chairman Ajit Pai said the appeals court decision “reaffirms that the Federal Trade Commission will once again be able to police Internet service providers” after the Trump administration’s rollback of the Obama-era net neutrality rules takes effect. The 2015 net neutrality rules will expire on June 11. Source
  19. The FTC says that if companies don't change their warranty practices, it may take 'legal action.' The Federal Trade Commission put six companies on notice in early April for illegally telling customers that getting third-party repairs voids the warranty on their electronics. You’ve seen the stickers before and read the messages buried in end user license agreements. Plastered on the back of my PlayStation 4 is a little sticker that says “warranty void if removed.” That’s illegal. Motherboard has obtained copies of the letters via a Freedom of Information Act request and has learned the names of the six companies that were warned. They are Sony, Microsoft, Nintendo, Hyundai, HTC, and computer hardware manufacturer ASUS. The letters were sent by Lois Greisman, the FTC’s associate director of marketing practices, on April 9; the FTC has given each company 30 days to change its official warranty policies and says that it may take legal action against the companies. “This letter places you on notice that violations of the Warranty and FTC Acts may result in legal action,” the letters state in bold, adding that the FTC had reviewed warranty language on each manufacturers’ websites and found it to be infringing. “ FTC investigators have copied and preserved the online pages in question, and we plan to review your company's written warranty and promotional materials after 30 days. You should review the Warranty and FTC Acts and if necessary, revise your practices to comply with the Acts' requirements. By sending this letter, we do not waive the FTC's right to take law enforcement action and seek appropriate injunctive and monetary remedies against [company name] based on past or future violations.” The FTC believes all six companies are violating the 1975 Magnuson-Moss Warranty Act, which states that no manufacturer charging more than $5 for a product may put repair restrictions on a device its offering a warranty on. Despite being illegal, many companies have such restrictions. Apple, noticeably absent in this round of of warning letters, often steers customers away from third-party repair services. “Warranty language that implies to a consumer acting reasonably under the circumstances that warranty coverage requires the consumer to purchase an article or service identified by brand, trade or corporate name is similarly deceptive and prohibited,” the FTC letters said. The only difference between the letters is that each calls out the specific language from each manufacturer that violates federal law, for example, Microsoft’s Xbox One warranty states “Microsoft is not responsible and this warranty does not apply if your Xbox One or Accessory is...repaired by anyone other than Microsoft.” The FTC letter specifically states that this type of language is illegal. In three cases, the letters also specifically say that the use of warranty-void-if-removed stickers or “seals” break the law; language in the Playstation 4, HTC, and Asus warranties mention that the warranties are void if a seal is removed, something that the FTC mentioned it is “particularly concerned” about. Nintendo, HTC, Microsoft, HTC, ASUS, Hyundai, and the FTC did not immediately respond to our request for comment. Full Document By the FTC Source
  20. The United States Federal Trade Commission is sick and tired of illegal robocalling, and it’s hosting a contest this year at the DEF CON hacker conference in Las Vegas in an attempt to do something about it. The consumer protection agency’s weariness likely stems from the more than 150,000 complaints it receives about automated telephone calls each month. The contest, known as “Zapping Rachel,” calls on DEF CON attendees to develop honeypot systems designed to attract and identify the perpetrators of illegal automated calling schemes. The FTC says that technological advances such as auto-dialers are fueling an increase in malicious robocalls. Not only can criminals fire off thousands of calls every minute with less money and computer resources, but they can also easily obfuscate themselves and their locations by spoofing caller identification information. “The FTC and our law enforcement partners are particularly interested in the development of robust, cutting-edge robocall honeypots (an information system designed to attract robocallers), which can help experts and authorities understand and combat illegal calls”, wrote Lois Greisman, the associate director of the FTC’s marketing practices division. She goes onto explain that there are robust security products and technologies available to fight Web-borne spam but that there are a serious lack of such solutions protecting users from telephone spam. “Unfortunately, the technical distinctions between a telephone call and an email have made it difficult to use internet security tactics in the battle against robocalls,” Greisman writes. “We hope to change that by inspiring DEF CON experts to apply there knowledge and creativity on behalf of the millions of people frustrated by these illegal calls.” The FTC clearly doesn’t see robocalling as a mere nuisance. They claim the practice invades user privacy, peddles costly scams, and , in extreme cases, poses serious threats to critical infrastructure by enabling telephone denial of service attacks. To this point, the FTC has primarily fought telephone spam in the courtroom. However, in 2012, the commission hosted a similar contest offering $50,000 to anyone who could develop a means of mitigating robocalls. A new business emerged among the winners of that contest – called Nomorobo – who has commercialized an anti-robocalling product that it clams has blocked more than four million automated calls. An FTC spokesperson confirmed in a phone interview with Threatpost that there will be a cash prize for the winners of the contest. The specific rules and payout will be posted on the FTC website at a later time. “You’ve probably gotten robocalls about candidates running for office, or charities asking for donations. These robocalls are allowed,” the FTC explains on a robocalling fact sheet. “But if the recording is a sales message and you haven’t given your written permission to get calls from the company on the other end, the call is illegal. In addition to the phone calls being illegal, their pitch most likely is a scam.” In the same fact sheet, the commission explains that purely informational calls are perfectly legal. This could include automated calls about flight cancellations, appointment reminders, delayed school openings and more. However, the business behind the call is not allowed to promote the sale of any goods or services. Prerecorded messages from a business that is contacting you to collect a debt also are permitted, but messages offering to sell you services to reduce your debt are barred. “Other exceptions include political calls and calls from certain health care providers. For example, pharmacies are permitted to use prerecorded messages to provide prescription refill reminders. Prerecorded messages from banks, telephone carriers and charities also are exempt from these rules if the banks, carriers or charities make the calls themselves.” Source
  21. The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being sent over secure SSL connections, but the apps had disabled the validation process. The settlements with the FTC don’t include any monetary penalties, but both companies have been ordered to submit to independent security audits every other year for the next 20 years and to put together comprehensive security programs. “Consumers are increasingly using mobile apps for sensitive transactions. Yet research suggests that many companies, like Fandango and Credit Karma, have failed to properly implement SSL encryption,” said FTC Chairwoman Edith Ramirez. “Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps.” The FTC complaint against Fandango alleges that the Fandango Movies app on iOS, which enables users to buy movie tickets, included an assertion during checkout telling users that their sensitive information was being sent over a secure connection. However, the app didn’t validate those connections, so users’ financial information was exposed during transmission. “Before March 2013, Fandango did not test the Fandango Movies application to ensure that the application was validating SSL certificates and securely transmitting consumers’ sensitive personal information. Although Fandango commissioned limited security audits of its applications starting in 2011, more than two years after the release of its iOS application, respondent limited the scope of these security audits to issues presented when the ‘code is decompiled or disassembled,’ i.e., threats arising only from attackers who had physical access to a device. As a result, these audits did not assess whether the iOS application’s transmission of information, including credit card information, was secure,” the FTC complaint says. The FTC also said that Fandango didn’t have a good process for responding to vulnerability reports from security researchers, leading to the company missing an advisory from a researcher who had discovered the SSL vulnerability. “In December 2012, a security researcher informed respondent through its Customer Service web form that its iOS application was vulnerable to man-in-the-middle attacks because it did not validate SSL certificates. Because the security researcher’s message included the term “password,” Fandango’s Customer Service system flagged the message as a password reset request and replied with an automated message providing the researcher with instructions on how to reset passwords. Fandango’s Customer Service system then marked the security researcher’s message as “resolved,” and did not escalate it for further review,” the complaint says. The problems with the Credit Karma app were similar, as it did not validate SSL certificates during supposedly secure connection attempts. The FTC alleges in its complaint that the company failed to validate SSL certificates on both its iOS and Android apps. “During the iOS application’s development, Credit Karma had authorized its service provider, the application development firm, to use code that disabled SSL certificate validation ‘in testing only,’ but failed to ensure this code’s removal from the production version of the application. As a result, the iOS application shipped to consumers with the SSL certificate validation vulnerability. Credit Karma could have identified and prevented this vulnerability by performing an adequate security review prior to the iOS application’s launch,” the complaint says. “In February 2013, one month after addressing the vulnerability in its iOS application, Credit Karma launched the Android version of its application, again without first performing an adequate security review or at least testing the application for previously identified vulnerabilities. As a result, like the iOS application before it, the Android application failed to validate SSL certificates, overriding the defaults provided by the Android APIs.” The FTC’s complaint against Credit Karma also alleges that the app was storing users’ authentication tokens and passcodes in the clear on users’ devices. Source
  22. After being caught paying for false praise and negative comments about competitors, Samsung has been fined just over $340,000. The issue first arose internationally in April, when Taiwan's Fair Trade Commission (FTC) announced it was opening an investigation into the allegations. That investigation found the allegations were true: the FTC says Samsung used a "large number of hired writers and designated employees" to post in Taiwanese forums. The commission does add that the company did this through a third-party marketing company, just as Samsung originally claimed. Two local marketing firms were fined a combined total of over $100,000 for their part in the marketing ploy. When news first broke of Samsung's behavior, HTC was presented as the victim of a campaign of defamation from the Korean company's army of commenters, but the FTC's report into the matter doesn't mention the Taiwanese company by name. Instead, it only notes that the company paid people to "highlight the shortcomings of competing products." The commission did dig up a lot more nefarious activity related to Samsung's commenters, though. The list of infractions includes the "disinfection of negative news about Samsung products," "palindromic Samsung product marketing," and the positive evaluation of Samsung products. Both individually and collectively, these types of covert marketing are known in the industry as "astroturfing." While Samsung is by no means the first company to engage in astroturfing, it's been caught in the act twice this year alone. In relation to a later case, Samsung told The Verge that it remains "committed to engaging in transparent and honest communications with consumers." : - source - :
  • Create New...