ZeroAccess is one of the world’s largest botnets – a network of computers infected with malware to trigger online fraud. Recently, after having eluded investigators for months, ZeroAccess was disrupted by Microsoft and law enforcement agencies.
Earlier this month, armed with a court order and law enforcement help overseas, Microsoft took steps to cut off communication links to the European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Microsoft also took control of 49 domains associated with ZeroAccess. Although Microsoft does not know precisely who is behind ZeroAccess, Microsoft’s civil suit against the operators of ZeroAccess may foreshadow future enforcement efforts against operators alleged to have illegally accessed and overtaken people’s computers.
ZeroAccess, also known as max++ and Sirefef, is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system. Victims’ computers usually fall prey to ZeroAccess as the result of a drive-by download or from the installation of pirated software. Essentially, ZeroAccess hijacks web search results and redirects users to potentially dangerous sites to steal their details. It also generates fraudulent ad clicks on infected computers then claims payouts from duped advertisers.
The Microsoft lawsuit, originally filed under seal in Texas federal court, alleges, among other things, violations of the Computer Fraud and Abuse Act (“CFAA”) (18 U.S.C. §1030), the Electronic Communications Privacy Act (18 U.S.C. §2701), and various trademark violations under the Lanham Act (15 U.S.C. §1114 et seq.). Microsoft secured an injunction blocking all communications between computers in the U.S. and 18 specific IP addresses that had been identified as being associated with the botnet. The company also took control of 49 domains associated with ZeroAccess. Microsoft took action against ZeroAccess in collaboration with Europol’s European Cybercrime Centre, the FBI, and other industry partners. As Microsoft enacted the civil order obtained in its case, Europol coordinated law enforcement agency action in Germany, Latvia, Luxembourg, the Netherlands and Sweden to execute search warrants and seize servers associated with the fraudulent IP addresses operating within Europe.
The federal statutes on which Microsoft relied in its lawsuit may be broad enough to capture the gravamen of the complaint here. For example, the CFAA was enacted in 1986 to protect computers that there was a compelling federal interest to protect, such as those owned by the federal government and certain financial institutions. The CFAA has been amended numerous times since it was enacted to cover a broader range of computer related activities and there has been recent discussion on Capitol Hill of amending it further. The CFAA now prohibits accessing any computer without proper authorization or if it is used in a manner that exceeds the scope of authorized access. The law has faced steep criticism for being overly broad and allowing plaintiffs and prosecutors unfettered discretion by allowing claims based merely on violations of a website’s terms of service. In those cases in which ZeroAccess has accessed a user’s computer entirely without permission, there will likely be no dispute about whether the CFAA applies; however, in any follow-on cases in which the authority to access the computer was less clear, Microsoft may have more difficulty in relying upon this statute.
According to Microsoft, more than 800,000 ZeroAccess-infected computers were active on the internet on any given day as of October of this year. Although the latest action is expected to significantly disrupt ZeroAccess’ operation, Microsoft has not yet been able to identify the individuals behind the botnet, which is still very much intact. Microsoft’s attack is noteworthy in that it represents a rare instance of significant damage being done to a botnet that is controlled via a peer-to-peer system. But ZeroAccess has come back to life once before after an attack on it, and it would not be surprising if it recovered from this attack as well. Unless Microsoft or Europol can identify the “John Does 1-8”referenced in the complaint, this and other botnets will keep on operating without fear of reprisal.
The big question at this point is whether Microsoft’s actions will have an enduring impact beyond ZeroAccess. Will Microsoft’s actions spur other private companies to take steps of their own to stop malicious software? That answer remains to be seen.
The FTC held a workshop on Wednesday to examine the blurring lines of advertisements and content in digital media today. Executives from a myriad of professions gathered to discuss how sponsored content in digital publications takes form and affects the consumer.
Native advertising, or sponsored content, is the practice of masking advertising to look like news articles and features of the publications where they appear. The Internet has witnessed this practice grow aggressively in the past few years, and the FTC has already issued a warning to advertisers, saying it won’t hesitate to enforce rules against misleading advertising.
One of the main issues discussed during the panels today was how consumers were affected by native advertisements. Staff attorneys from the FTC repeatedly stressed that marketers bear the responsibility to ensure that the original source of the advertisement is transparent to the consumer. Often times, especially on social media outlets such as Twitter, links are tweeted or retweeted along with other links, causing confusion. Marketers like this because their native advertisements will become blurred and perceived as actual content. Studies have shown that native advertisements actually receive more views than naturally occurring ads. Bob Garfield, MediaPost columnist, said of native ads, “Native advertising is not deception, it’s a conspiracy of deception that’s becoming harder and harder to spot. This is unfair for the consumer.”
Sponsored content run by various websites is already being carefully watched by the agency. FTC Chairwoman, Edith Ramirez, said of native advertising, “The delivery of relevant messages and cultivating user engagement are important goals. But it’s equally important that advertising not mislead consumer by presenting ads that resemble editorial content.”
But not everyone at the workshop on Wednesday was convinced this is a problem for the consumer. David Franklyn, University of San Francisco law professor, claimed that studies at his university showed 35 percent of consumers could not identify a sponsored advertisement. Additionally, nearly half of the consumers studied did not know what ‘sponsored content’ meant. “How can consumers have a problem with something that they don’t even know exists,” asked Franklyn. Lastly, and perhaps most importantly, a third of the consumers reported they did not care if something was an advertisement.
Another popular topic at today’s workshop was the deceptive advertising in themarketing of diet pills and the supplement industry as a whole. The FTC is beginning to crack down on the practices of this industry. The agency described their ‘endorsement guides’ as they pertain to advertising – certain principles must be met between the marketer and the buyer. Along the same lines, in an internal FTC memo, the agency noted that another recent problem with search engines was the ambiguity behind search results and the fake testimonials that came with the diet pill ads. The FTC stressed that consumers have the right to know what search results were ‘naturally occurring’ opposed to paid results.
Native advertising is by no means a phenomenon that exists only in obscure corners of the internet. Sites such as the Huffington Post, Proctor and Gamble and BuzzFeed have all been engaging in these native advertisement practices. Additionally, 73 percent of online publishers reported they have offered sponsored content opportunities on their sites. Other online publications, such as The New York Times, are considering offering these types of ads in 2014.
Even though many consumers seem to be at peace with sponsored content, based on results found from studies at the University of San Francisco Law School, consumers are still being exposed to deceptive advertising practices. And any time that happens, the enforcement side of the FTC is likely to get involved. Will we see an enforcement case on native advertising as early as 2014? That’s unclear, but if more companies, like the Times, plan to engage in these practices, there is a high probability we will see the FTC take action sooner rather than later.
For-profit education needs rebranding. With the recent appointment of Michael Dakduk as key advisor to the Association of Private Sector Colleges and Universities, the sector has made a step in the right direction. The onslaught of negative news against for-profit educators has severely impacted industry growth. Recent reports on drops in enrollment (and thus earnings) at Bridgepoint Education, Inc.,Strayer Education, Inc., Education Management Corp. and Apollo Group Inc. demonstrate just how hard the sector has been hit.
A central problem is for-profit education’s extreme unpopularity among government regulators – thanks, largely, to some bad actors overselling their programs and pressuring prospective students. Regulators both perceive and characterize for-profit educators as unscrupulous opportunists. Unfortunately for the industry, this is a characterization regulators like to broadcast to the public without much qualification. (Query: since when did it become okay for government representatives to lambast whole industries – and imperil jobs in those industries – for the actions of a few?). Most recently, the FTC has launched a campaign to warn veterans about for-profit education:
- “Colleges are there to help you, right? Hmm, not so fast. Not every school has got your back. Some for-profit schools may care more about boosting their bottom line with your VA education benefits. Some may even stretch the truth to persuade you to enroll, either by pressuring you to sign up for courses that don’t suit your needs or to take out loans that will be a challenge to pay off.” (http://www.consumer.ftc.gov/blog/veterans-dont-get-schooled)
- “[S]ome schools manipulate the data or lie about how well their graduates fare.” (http://www.consumer.ftc.gov/articles/0395-choosing-college)
The FTC’s campaign, published in a news release and articles on the FTC’s consumer page, provides the above warnings about for-profit schools, offers questions to ask when choosing a school, and furnishes a link to filing a complaint with the FTC, should a consumer believe a school hasn’t lived up to its promises. The hyperlink to a consumer complaint page suggests that the FTC is actively seeking cases to pursue against for-profit educators. Any FTC enforcement action would likely involve allegations that a school deceived students about the cost, quality, or outcome of its program offerings – as the FTC is charged with protecting consumers from deception and unfairness in the marketplace. (Section 5 of the FTC Act broadly prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’)
The FTC’s campaign follows statements made by President Obama this summer that “soldiers and sailors and Marines and Coast Guardsmen, they’ve been preyed upon very badly by some of these for-profit institutions.” The message publicly broadcast over and over decries the supposed predatory practices of for-profit institutions. It is an unfair stereotype with a significant impact on these educators, harming their enrollment numbers and forcing institutions to lay off employees and shutter campus locations. Yes there have been bad actors; but both state and federal enforcement agencies have been active in investigating and addressing predatory and/or deceptive practices. Blackening the eyes of all for-profit educators, which results from statements such as those of the President or the FTC, is overreach.
Part of the problem for government regulators maybe their difficulty accepting that educators could legitimately make money while students earn a degree. They may have the same reservations expressed by a representative from Student Veterans of America: “I am always professionally skeptical about any institution that must answer to shareholders and investors before students and customers.” But having to answer to shareholders and investors is not necessarily a bad thing. It can serve as a check on institutions to ensure they are running their programs effectively and efficiently; it can motivate institutions to be innovative and find better ways to meet their consumers – i.e. their students – needs and demands. For-profit educators are responsible for advancements in online education and other innovations that make education more accessible.The result: for-profit educators are to thank for opening education opportunities to many underserved groups, like single mothers.
For-profit educators are in definite need of some effective marketing to promote their benefits and to dispel the negative conceptions presumed by and relayed by government regulators and outspoken detractors. They are making steps in the right direction with APSCU’s recent appointment of Mr.Dakduk. Dakduk is a former Marine and the former executive director of Student Veterans of America.
APSCU President Steve Gunderson said Dakduk’s hiring “builds on our member institutions’ commitment to excellence in post secondary education for military and veteran students.” With Dakduk’s presence, the industry may better overcome the flinching bias of so many regulators. Dakduk has built a reputation for success in his work advocating for veterans’ education. While at SVA, he grew the organization from a small group to one with chapters at over 900 campuses nationwide.
Dakduk’s move to APSCU is even a little ironic: In one of the FTC’s articles that warn veterans about for-profit education, the agency suggests veterans consult the SVA on the credibility of schools they are considering. Dakduk’s replacement at the SVA, D. Wayne Robinson, is a graduate of Trident University, a for-profit school.
For-profit education has had its bad actors, but problems in higher education span the spectrum of colleges and universities, and it is unfair – and ultimately detrimental to students and communities – to single out for-profit institutions. Dakduk understands this and should help for-profit educators improve their image.
LegalZoom and Rocket Lawyer Case over Misleading Advertising Heads to Trial – When is “Free” Really “Free”?
Last week, a federal judge in California declined to grant a summary judgment motion to LegalZoom.com, Inc., in its lawsuit accusing rival Rocket Lawyer, Inc. over claims of trademark infringement, unfair competition, and false and misleading advertising that focus on the use of the word “free” in advertisements by Rocket Lawyer.
LegalZoom and Rocket Lawyer are the two biggest names in the online legal services industry. Both companies provide users online legal services, including incorporation documents, and documents establishing divorces, trusts, and wills, for a small fraction of the price that it would likely cost if a lawyer handled these matters. LegalZoom began offering products in 2001 and has used the model of charging for legal forms. Rocket Lawyer came along in 2008 and has made forms free and charged for legal and advisory services to help people complete the forms.
On Rocket Lawyer, users are able to sign up for a free seven day trial that allows them free access to all services on the site. If the subscription is not cancelled within the seven day window, then it is converted to a paid subscription. In the complaint, LegalZoom alleges that ads run by Rocket Lawyer used the term “free” which it said violated federal law because users still had to pay state filing fees to finalize their incorporations, divorces and other filings, or sign up for a subscription to access the service.
Not long after the complaint was filed in this case, Charley Moore, the Founder and Executive Chairman of Rocket Lawyer, authored an insightful blog about why Rocket Lawyer is fighting LegalZoom in the case. Moore emphasized that many small businesses and individuals cannot afford the cost of traditional legal services and “free access to the basic tools of the legal system can both shield us and provide greater chances for success in the modern economy.”
In its decision last week, the district court held that genuine issues of material facts remain and denied LegalZoom’s summary judgment motion. The court was unwilling at this point in the litigation to rule that the advertisements by Rocket Lawyer regarding its “free” services were false as a matter of law because “a jury could reasonably conclude that the advertisements, when considered in context, are not literally false within the meaning [of the statute].” The court also held that at this point LegalZoom failed to carry its burden of proving that Rocket Lawyer’s advertisements actually deceive consumers.
The denial of summary judgment means that the case will proceed towards trial. This lawsuit could have potential implications for other businesses that use the term “free” in their advertisements as well as offering consumers a negative option enrollment plan. We will continue to follow the case here.
Google recently announced that it would be taking action to demote websites that profit from the use of mugshot photos. These mugshot sites compile booking photographs taken after people’s arrests and publish them along with the arrestees’ names and information concerning the charges against them. Individuals who want their mugshot and arrest record deleted from the site usually must pay a fee ranging anywhere from $10 to $400. Until recently, when a Google user searched the Internet for the name of a recent arrestee, the search hits would include, and often prioritize, mugshot sites. Owners of those sites were content with that outcome; many others were not.
New York Times writer David Segal was one of the latter. In a recent article, Segal took Google to task for not penalizing mugshot sites, which many believe traffic in exploitation. Segal argued that Google should take corrective action because it had prioritized the sites in contravention of its own stated corporate goal that favors original web content. Mugshots do not offer original content; instead, they gather and use images and text from third-party sources.
Before his article ran, Segal contacted Google to discuss the issue. Google responded that it had been working to address the problem in a consistent way. Days later, a Google spokesperson confirmed that mugshot sites do not comply with one of the search giant’s guidelines. To address the problem, Google amended its algorithm, presumably to disfavor sites without original content.
Consequently, mugshot sites are now pushed off the front page of Google search results. People digging for dirt now have to look a little bit harder.
Others who object to mugshot sites have taken the fight to regulators and legislators. On October 7, the Maryland Consumer Protection Division settled its case against the owner of Joomsef.net for false and deceptive advertising. Joomsef’s owner, Stanislav Komsky, published information on the site about traffic offenses, but added statements falsely suggesting there had been an arrest. Persons identified on the site had to pay $40 to $90 to have the information removed. As part of the settlement, Komsky must take down the site, return all payments to consumers, and pay a penalty of $7,500.
Other states are addressing the problem through legislation. Segal points out that Oregon and Georgia have passed laws this year giving site owners 30 days to take down an image, free of charge, if an individual proves that he or she was exonerated or that the individual’s record has been expunged. Utah attacked the problem another way. There, sheriffs are prohibited from giving out headshots to websites that charge for deleting them. Lawmakers in other states, like Florida Representative Carl Zimmerman, have introduced legislation targeting the sites, but many of those bills died from lack of support.
These acts of government are constrained, as they should be, in view of free-speech guarantees under the First Amendment. By contrast, the private sector is not so limited and, therefore, may end up striking the decisive blow against mugshot sites. Things are heading in that direction. MasterCard, Discover, American Express, and PayPal recently pledged to sever all ties with mugshot sites, and Visa has asked merchant banks to investigate the practices of the sites.
A great way to make money is to develop a product or service that responds to a consumer want or demand, and then to stay ahead of prospective competitors by offering better pricing or quality. A not-so-great way to make money is to convince consumers to buy a product or service that they don’t really want or need, at inflated rates. A highly dubious way to make money is to trick consumers into paying for something they didn’t want and didn’t mean to buy.
Businesses operating in this third category, which may include a scareware marketer or two, have to consider risk versus reward. Is the reward of temporary profits worth the risk of legal action; what is the likelihood of legal action; and what is the potential cost of such action?
Someone who operates on tricks over treats, or by pure scareware tactics, may expect business to dry up as consumers learn to avoid their traps. Such an operator must also face the looming threat of consumer legal action, government intervention, or run-ins with credit card companies alarmed by high chargeback rates.
For these types of businesses in the mobile marketing space, the cost of potential government intervention is going up. A recent settlement between the Federal Trade Commission and Jesta Digital LLC points to the severe penalties a business may face for operating on the sidelines of fair play. The consequences include a hefty fine, consumer refunds, restricted billing practices and stringent compliance measures for years to come.
Jesta (which also does business as Jamster) is known mostly for its marketplace of ringtones, photos, videos and apps. Starting in 2011, it ran a scareware campaign, purportedly for anti-virus software, that the FTC asserts crossed the line into deceptive advertising. The ads ran on the free version of the Angry Birds app for Android. Using a graphic that looks like the Android robot logo, the banner ad displayed a warning that viruses had been detected on the device – even though no virus scan was conducted. According to the FTC, when the consumers clicked on the “remove [virus]” button, or similar “warning” buttons, Jesta directed them through a number of pages about virus protection that left to very fine print a monthly service fee for ringtones and other content.
The FTC alleges that consumers were even charged at the instant of pressing a “Protect Your Android Today” button. Through the use of Wireless Access Protocol (WAP) billing, the company was able to charge consumers through their cell phone numbers without needing to obtain express authorization. (It may be that the use of the billing practice actually spurred the FTC into action as wireless carriers initiated their own penalties against Jesta for the large number of consumers demanding refunds.) The FTC also alleges that the anti-virus software often failed at download (apparently at one point, only 372 people out of 100,000 subscribers actually received some sort of anti-virus app download link).
The FTC describes numerous deceptive practices: mimicking the Android logo to confuse consumers into believing the virus warnings were credible, charging consumers without their knowledge or consent, failing to provide services charged for. The company apparently was aware that its scareware tactics crossed the line, as an email correspondence among company executives noted that the chief marketing officer was “anxious to move our business out of being a scam and more into a valued service.”
So now the company must pay the FTC a $1.2 million penalty and offer to refund consumers. The process of identifying and notifying consumers of their refund options and tracking all this to show to the FTC will be a costly undertaking. Another major cost will be the stringent and detailed billing practices that the company – and all participants, including principals and agents – must adhere to, disclosures it must make, and compliance monitoring and recordkeeping requirements it must adhere to, for 20 years. The settlement agreement is far more than a hand slap; its terms keep Jesta (and its principals!) beholden to the FTC for the foreseeable future.
Mobile marketers who may calculate risk versus reward and decide that a get-rich-quick scheme is worth the risk should think again. The FTC is making deceptive marketing tactics, like many scareware campaigns, a priority. We have seen strong action from the agency in the recent past, including hefty penalties for the company Innovative Marketing and its principal Marc D’Souza. Moreover, the newly-appointed head of consumer protection at the FTC, Jessica Rich, has noted that the FTC is expanding digital enforcement, increasing the risk of getting caught in the agency’s cross-hairs.
It’s quite clear that the Federal Trade Commission and the Federal Communications Commission view existing federal consumer protection and communications statutes as fully applicable to new modes of communication such as texting. One excellent recent example is the FTC’s stipulated settlement, including a payment of $1 million, with a debt collection agency that had sent out text messages in order to collect debts.
The FTC had filed suit under the Fair Debt Collection Practices Act (FDCPA) against National Attorney Collection Services, Inc., National Attorney Services LLC, and Archie Donovan (as an individual). This appears to be the first FTC complaint alleging the illegal use of text messaging to collect consumer debts. In addition, the defendants were also alleged to have violated the FDCPA in more traditional ways by publicly revealing consumer debts to family members and co-workers, sending mailings that had a picture on the envelope of an outstretched arm shaking out an upside-down consumer to empty the money in their pockets, and falsely portraying themselves as law firms or attorneys in phone calls and mailings, as well as in text messages. Of course, the “older” methods of violations were troublesome in and of themselves, but there were two specific points that we see as trend-setting in FTC enforcement.
The first point is the FTC’s emphasis that the medium of text messages does not change disclosure obligations under the FDCPA. The FTC has continued to crack down on illegal behavior that may be carried out by non-traditional means. As Jessica Rich, director of the FTC’s Bureau of Consumer Protection, has said, “No matter how debt collectors communicate with consumers — by mail, by phone, by text or some other way — they have to follow the law.”
The consumer protections in the FDCPA that require the disclosure in initial communications that the company is a debt collector and that any communications may be used to collect a debt apply equally to text messages, even though there may be significant space and size limitations. Likewise, any follow-up text message must state that the communication comes from a debt collector.
The second noteworthy point was the level of consent required by the stipulated order. The stipulated order provides that “express consent” shall mean that prior to sending a text message to a consumer’s mobile telephone: “(i) the Defendants . . . shall have clearly and prominently disclosed that the debtor may receive collection text messages on mobile phone numbers . . . in connection with the transaction that is the subject of the text message; and (ii) the individual has taken an additional affirmative step, including a signature or electronic signature, that indicates their agreement to receive such contacts.”
The FTC appears to have adopted a more stringent definition of consent (similar to the FCC) and is using the stipulated order as a means of notifying companies and consumers of the higher standard. Of course, it is possible to argue that the FTC is only requiring these particular defendants to meet the higher standard because of their alleged prior bad acts. However, we believe it more likely that the FTC is attempting to enforce a standard of express consent similar to that which the FCC has recently promulgated. Consequently, all companies are well advised to meet this higher standard of consent.
The FTC has now put the industry on alert to ensure that their text messages comply with any applicable law. The idiosyncrasies of modern methods of communication do not limit the compliance obligation. Ignorance is not a defense, even though Donovan’s attorney said that “the companies are now in compliance,” and that “nobody was intending to violate the law.”
The U.S. Court of Appeals for the Fourth Circuit recently ruled that the Telephone Consumer Protection Act (TCPA) does not violate the First Amendment by requiring robocallers to identify themselves when making calls.
Three months before the Maryland gubernatorial election in 2010, political consultant Julius Henson and his company Universal Elections, Inc., were hired to assist with efforts for the Republican candidate. On Election Day, Universal Elections made 112,000 robocalls to voters that did not identify the campaign as the source of the message, nor did the calls include the campaign’s phone number. The State of Maryland filed a civil suit against Henson and Universal Elections for violating the TCPA. The state alleged that the defendants violated the TCPA by failing to identify the campaign as the sponsor of the message as required under the statute.
The TCPA and its implementing regulations require that automated and prerecorded messages state clearly at the beginning of the message the identity of the business, individual, or other entity that is responsible for initiating the call. If a business or other corporate entity is responsible, the prerecorded voice message must contain that entity’s official business name. In addition, the telephone number of the business must be provided either during or after the prerecorded voice message. This disclosure applies regardless of the content of the message.
Political calls are exempt from some of the TCPA’s requirements, but other requirements do apply — including the disclosure requirement at issue here and the restrictions on autodialed or prerecorded calls or texts to wireless phones, which require prior express consent. Last year the Federal Communications Commission issued an enforcement advisory regarding political robocalls to cellphones and cited two marketing companies for making millions of illegal robocalls.
In its supplemental motion to dismiss, the defendants asserted a First Amendment defense, arguing that the TCPA is a content-based burden on political speech that cannot withstand a high strict-scrutiny standard of review. The United States intervened to defend the constitutionality of the TCPA. The district court ruled in favor of Maryland, holding that the TCPA withstands First Amendment challenges, and granted a $1 million judgment in favor of the state.
The Fourth Circuit affirmed the district court. The appeals court had previously issued the opinion in July, but as an unpublished opinion. The court issued an order amending its previous opinion to change it to a published opinion after a request from the government that it be published.
The Fourth Circuit held that the TCPA provisions requiring all automated and prerecorded telephone messages to disclose the source of the message are content-neutral and thus subject to an intermediate scrutiny level of review. Content-neutral laws that regulate speech are valid if they further a substantial governmental interest. The Fourth Circuit noted that at least three important governmental interests are advanced by the TCPA’s identity disclosure provision, including protecting residential privacy, promoting disclosure to avoid misleading recipients of recorded calls, and promoting effective law enforcement. Since the TCPA advances important governmental interests and the appellants did not raise an argument to the contrary, the Fourth Circuit affirmed that the TCPA’s identity disclosure provisions are constitutional.
TCPA litigation continues to increase, and potential liability can be significant. All businesses should review their TCPA compliance policies carefully to ensure that their procedures and scripts comply with all requirements. In addition to the identification requirements that have been in effect for many years, companies should make sure that they are prepared for the upcoming TCPA rule changes. These changes will require a called party’s prior express written consent for autodialed or prerecorded calls to wireless phone numbers and for prerecorded telemarketing calls to residential lines, among other requirements.
While Google is already subject to commitments it made to the FTC regarding the requirement to afford advertisers non-discriminatory access to its search engine, the FTC’s latest guidance makes clear that Google and other search engines must also maintain clear disclosures to the public about sponsored content in search results.
On June 24, 2013, in a series of letters to general search engines such as Google, Yahoo, and Ask.com, as well as to specialized search engines, the FTC issued updated guidance concerning disclosures regarding paid advertisements in search results.
This latest FTC action follows on the heels of the Commission’s recent updates to the Dot Com Disclosures and the updated Endorsements and Testimonials Guides. The FTC’s letters came in response to industry and consumer organizations’ requests to the Commission to update its policies on search engine results, last released in 2002. The FTC also noted that it has observed a decline in search engines’ compliance since 2002.
The FTC’s central concern, first articulated in 2002, remains the problem that consumers may be deceived in violation of Section 5 of the FTC Act unless search engines clearly and prominently distinguish advertising from natural search results.
Consumers assume that search results reflect the most relevant results. When results appear because the advertiser has paid a search engine for, say, prominent placement, that placement could be deceptive to consumers if they are unaware of the commercial relationship between the advertiser and the search engine.
The growth of mobile commerce in particular has spurred the FTC to issue new guidelines. Search results on a mobile phone screens are, by their nature, small, and consumers could be easily confused by paid search results if the “paid” nature of those results is not clear.
In the new guidance, the FTC states that if search engines continue to distinguish advertising results by giving a different background color or shading combined with a text label (such as “sponsored” or “ad”), the search engines should consider multiple factors to ensure that any labels and visual cues are sufficiently “noticeable and understandable” to consumers. The agency clarified that there is no “one size fits all” and that search engines may use various methods, provided the disclosures are noticeable and understandable.
Proper disclosures, according to the FTC, include the following:
• Visual Cues – Search engines must select hues of sufficient luminosity to account for varying monitor types, technology settings, and lighting conditions. The FTC notes that search engines should consider using web pages of different luminosities for mobile devices and desktop computers. Further, the FTC recommends that search engines should use:
o more prominent shading that has a clear outline;
o a prominent border that distinctly sets off advertising from the natural search results; or
o both prominent shading and a border
• Text Labels – The FTC asserts that text labels must be used in addition to the visual cues a search engine may use to distinguish advertising. Text labels must:
o use language that explicitly and unambiguously conveys that a search result is advertising;
o be large and visible enough for consumers to notice it;
o be located near the search results (or group of search results) that it qualifies and where consumers will see it; and
o be placed immediately in front of an advertising result, or in the upper-left hand corner of an ad block, including any grouping of paid specialized results in adequately sized and colored font.
The new guidance also recognizes that technology will continue to evolve, such as voice assistants on mobile devices (e.g., the iPhone’s “Siri”). While technology may change, the new guidance makes clear that the FTC Act’s Section 5 prohibition on deceptive practices remains. Therefore, businesses must make sure that they differentiate advertising from other information. For instance, if a voice interface is used to deliver search results (for example, “find me a Mexican restaurant”) the search engine should disclose audibly any paid advertisements in adequate volume and cadence for ordinary listeners to hear and comprehend.
The FTC continues to be vigilant in monitoring the online marketplace. Search engines and advertisers need to review their practices, keeping in mind that disclosures that may be readily apparent on a desktop may be hidden on a mobile screen. As with the “Dot Com Disclosures,” the agency is providing guidance to businesses; however, FTC enforcement remains vigilant and companies that do not clearly disclose paid advertising in search results could face an FTC investigation.
Recently, the Consumer Financial Protection Bureau, the watchdog agency of the financial industry, has proved that it has considerable bite. Created under the Dodd-Frank act to fill gaps in regulatory coverage, the CFPB’s mandate is to enforce federal regulations that, among other things, restrict “unfair deceptive or abusive acts or practices” in consumer finance. The CFPB in recent months announced two major debt relief crackdowns, the most recent of which permanently shut the doors of a Florida company.
Last month, the CFPB announced that it filed a complaint against a Florida debt-relief company that misled consumers across the country by charging upfront fees for debt-relief services without actually settling most of the consumers’ debts. According to the complaint, the defendants engaged in abusive practices by knowingly enrolling vulnerable consumers who had inadequate incomes to complete debt-relief programs. The complaint charged American Debt Settlement Solutions, Inc. (ADSS) and its owner, Michael DiPanni, with actions that were not just unfair and deceptive, but also abusive. Indeed, this case if the first time that the CFPB in its short history has enforced this prohibition on “abusive” acts or practices.
While “unfair” and “deceptive” are familiar terms to anyone who follows the Federal Trade Commission, the term “abusive” is new to Dodd-Frank and has been the subject of much consternation among Republicans in Congress, who consider it too vague. With this complaint, the CFPB provided what may be its first example of the type of conduct it will consider “abusive.” ADSS allegedly collected about $500,000 in fees from hundreds of consumers in multiple states, charging illegal upfront fees for debt-relief services and “falsely promising them it would begin to settle their debts within three to six months when, in reality, services rarely materialized.
The CFPB said the actions were “abusive” because consumers reasonably relied on the company to “act in their interest by enrolling them in a debt-relief program that they can be reasonably expected to complete, and which will therefore result in the negotiation, settlement, reduction, or alteration of the terms of their debts.” The CFPB simultaneously filed a proposed consent order that would settle the matter by halting the company’s operations and imposing a $15,000 fine.
ADSS and its owner may have walked away relatively unscathed, with only a civil penalty, but others caught in the CFPB’s cross hairs have not been as fortunate. Earlier this year, the CFPB filed suit against two lawyers and two debt relief companies in New York, alleging that they charged thousands of consumers illegal advance fees and left some worse off financially, while illegally profiting themselves. One of the lawyers, Michael Levitis, also faces mail and wire fraud charges brought by the Manhattan U.S. Attorney’s Office – the first-ever criminal charges stemming from a CFPB referral. What’s notable in this complaint is that the acts are described as both deceptive and unfair, but not as abusive.
Although a relatively new agency, the CFPB is proving that it has the chops to take down offenders in the financial industry. Both the Florida and New York cases are signs of future enforcement, and they send a stern warning to offenders – if you prey on vulnerable consumers, be prepared for a fight.