Today, the Securities and Exchange Commission (“SEC”) issued an investor bulletin and an investigative report. The investigative report found that companies involved in sales of digital assets via distributed ledger or blockchain technology may be engaged in conduct subject to federal securities laws. While this report is the first of its kind to address initial coin offerings (“ICO”) or token sales and securities regulation, companies looking to launch their own ICOs can learn from the unique circumstances addressed in today’s report.
The SEC began investigating token sales in light of The DAO hack last summer. The DAO and related entities are a “virtual” organization running on blockchain technology. To fund its own development, The DAO developed DAO Tokens, which were then issued to investors through an initial token sale. This sale gave customers a chance to invest in the company by spending their Ether, an Ethereum, blockchain-based cryptocurrency, to purchase DAO Tokens. The revenues from the coin sale funded various projects at The DAO, and investors could make money if their projects were profitable. Additionally, investors could resell their DAO Tokens on secondary platforms. These activities came to the SEC’s attention after a hack caused The DAO to lose a third of its investments (although this was ultimately recovered via a technological solution that reversed the blockchain of The DAO, which was permissible because a majority of the DAO Token holders voted in favor of the reversal).
In its investigative report, the SEC concluded that the DAO Tokens were subject to SEC regulations, even though it chose not to file charges at this time. Specifically, the Commission concluded that all elements of a security, as defined in federal securities law, were met in the sale of the DAO Tokens: (1) Investors used money – in the form of Ether – to invest in The DAO, (2) with a reasonable expectation of profit, (3) that was derived from the managerial efforts of others.
The management of The DAO appears to have been a central concern in the SEC’s evaluation. The DAO was run by others and subject to their oversight. Those people were referred to as “Curators,” and they had a significant amount of control over the projects that would be funded by The DAO. Token holders could only vote on projects that the Curators pre-approved. Further, on top this management problem, the SEC expressed concerns that given the pseudonymous purchases of DAO tokens, the ability of investors to organize to “effect change or to exercise meaningful control.”
At this time and presumably because the ICO industry is new and developing, the SEC has declined to pursue an enforcement action against The DAO and related entities. However, it has used The DAO matter as a case study to examine this novel issue and provide guidance to others involved in ICOs and blockchain-based investments.
This is an innovative and developing area, as noted by SEC Chairman Jay Clayton, who stated today: “The SEC is studying the effects of distributed ledger and other innovative technologies and encourages market participants to engage with us. We seek to foster innovative and beneficial ways to raise capital, while ensuring – first and foremost – that investors and our markets are protected.” (In addition to the report, the SEC also published an investor bulletin on ICOs.)
Companies interested in funding their ventures through ICOs must take note of this opinion. While the final report notes that the applicability of laws to a token sale “depend[s] on the particular facts and circumstances,” this SEC investigative report should serve as official notice to all companies working in this emerging field that federal securities laws may apply to them. However, the DAO situation is unique and the SEC’s findings are quite narrow, so this report won’t be controlling precedent for every ICO in the future. Because The DAO’s coin sale was purely for investment, denying investors meaningful input into the company, DAO Tokens were classified as securities under the applicable federal laws. In contrast, a company offering coins in a less centralized system where investors have more freedom to manage their coins would avoid being classified as a security.
The Chairman’s statement makes clear that the Commission is still in the learning phase and open to guidance from industry experts. Leaders must take this opportunity to not only educate the regulators, but also to listen to and adapt to regulatory concerns. This is not at all a fatal blow to the market, but companies must ensure their offerings comport with federal securities law while also providing attractive, innovative options to new investors.
In 2015, Amazon filed suit against over 1,000 unnamed individuals for allegedly offering to sell fake online reviews (positive or negative) on Fiverr.com (“Fiverr”). The unnamed defendants offer to provide 5-star reviews and some defendants even encourage sellers to provide their own text to use in the review. In order to avoid detection, defendants offer to submit reviews from multiple IP addresses, utilize multiple Amazon accounts, and to complete a Verified Review (which means the reviewed has purchased the product, even though they don’t always require the actual product to be shipped for review). In short, the allegations are that these reviews for sale violate Amazon’s Customer Review Guidelines (which prohibit paid reviews), Fiverr’s own Terms of Service (which requires compliance with third party guidelines), and deceptively provides false reviews to consumers (which violates consumer protection laws).
Interestingly, Amazon did not name Fiverr as a party to the complaint. Instead, Amazon went after the individual sellers and indeed explicitly stated in the complaint that “Amazon will amend this complaint to allege their true names and capacities when ascertained.”
In contrast to Amazon’s approach, the Metallica Plaintiffs in a previously filed case against Napster, sued Napster directly and not the individual users (and eventually obtained their desired result). Indeed, Amazon has not always omitted operators from its case captions. Last April, Amazon filed a similar lawsuit against a number of companies that operated websites to promote the sale of Amazon reviews. That lawsuit contained very similar allegations to this recent suit against individuals and alleged selling positive reviews, offering a Verified Review, a slow posting of reviews to avoid detection by Amazon, etc. Similar as well to the Napster case, the first Amazon lawsuit also yielded a successful result because the websites targeted in that case were all closed down.
So why is Amazon now going after the individual sellers? And why did Amazon omit Fiverr in this lawsuit?
One possible explanation is that Amazon, like Napster, first attempted to take down the providers (i.e. the website owners) that enabled the fraudulent review process. While that was successful, Amazon likely realized that it was insufficient because the individual reviewers would easily migrate to sites like Fiverr to continue their activities. So, Amazon was forced to file suit against the individual users.
At the same time, Amazon did not include Fiverr as a named defendant because it is more likely to get Fiverr’s cooperation in providing the identities of the unnamed defendants, and, because Fiverr is a legitimate global online marketplace offering tasks and services- in sharp contrast to the defendants in the prior Amazon lawsuit that operated sites and companies for the sole purpose of providing fraudulent Amazon reviews (and further antagonized Amazon by utilizing the Amazon logo on their sites). Additionally, as noted in the current Amazon complaint, Fiverr itself prohibits paid reviews and has tried to prevent them- again in sharp contrast to the companies in the first Amazon lawsuit, whose entire business was selling Amazon reviews.
Or it may be that Amazon has embarked on a process to stop paid reviews and these are the first steps in that ongoing process. As noted in this complaint against the Fiverr sellers, the lawsuit is “the next step in a long-term effort to ensure these providers of fraudulent reviews do not offer their illicit services through other channels.” Thus, Amazon may have simply first pursued the enablers (i.e. the company websites dedicated to fraudulent reviews) and then it pursued the individual reviewers on Fiverr.
The extent to which Amazon will continue to pursue questionable reviews remains to be seen. In 2015, Amazon limited its lawsuits regarding fraudulent reviewers to paid reviewers. In 2016, we may see an assault on the groups of independent people who exchange positive reviews on Amazon (i.e. each party agrees to submit a positive review of the other’s product). This type of arrangement also violates Amazon terms and poses similar concerns to the reliance of consumers on Amazon reviews. Amazon may also question whether this prohibited practice merits attention.
It’s quite clear that the Federal Trade Commission and the Federal Communications Commission view existing federal consumer protection and communications statutes as fully applicable to new modes of communication such as texting. One excellent recent example is the FTC’s stipulated settlement, including a payment of $1 million, with a debt collection agency that had sent out text messages in order to collect debts.
The FTC had filed suit under the Fair Debt Collection Practices Act (FDCPA) against National Attorney Collection Services, Inc., National Attorney Services LLC, and Archie Donovan (as an individual). This appears to be the first FTC complaint alleging the illegal use of text messaging to collect consumer debts. In addition, the defendants were also alleged to have violated the FDCPA in more traditional ways by publicly revealing consumer debts to family members and co-workers, sending mailings that had a picture on the envelope of an outstretched arm shaking out an upside-down consumer to empty the money in their pockets, and falsely portraying themselves as law firms or attorneys in phone calls and mailings, as well as in text messages. Of course, the “older” methods of violations were troublesome in and of themselves, but there were two specific points that we see as trend-setting in FTC enforcement.
The first point is the FTC’s emphasis that the medium of text messages does not change disclosure obligations under the FDCPA. The FTC has continued to crack down on illegal behavior that may be carried out by non-traditional means. As Jessica Rich, director of the FTC’s Bureau of Consumer Protection, has said, “No matter how debt collectors communicate with consumers — by mail, by phone, by text or some other way — they have to follow the law.”
The consumer protections in the FDCPA that require the disclosure in initial communications that the company is a debt collector and that any communications may be used to collect a debt apply equally to text messages, even though there may be significant space and size limitations. Likewise, any follow-up text message must state that the communication comes from a debt collector.
The second noteworthy point was the level of consent required by the stipulated order. The stipulated order provides that “express consent” shall mean that prior to sending a text message to a consumer’s mobile telephone: “(i) the Defendants . . . shall have clearly and prominently disclosed that the debtor may receive collection text messages on mobile phone numbers . . . in connection with the transaction that is the subject of the text message; and (ii) the individual has taken an additional affirmative step, including a signature or electronic signature, that indicates their agreement to receive such contacts.”
The FTC appears to have adopted a more stringent definition of consent (similar to the FCC) and is using the stipulated order as a means of notifying companies and consumers of the higher standard. Of course, it is possible to argue that the FTC is only requiring these particular defendants to meet the higher standard because of their alleged prior bad acts. However, we believe it more likely that the FTC is attempting to enforce a standard of express consent similar to that which the FCC has recently promulgated. Consequently, all companies are well advised to meet this higher standard of consent.
The FTC has now put the industry on alert to ensure that their text messages comply with any applicable law. The idiosyncrasies of modern methods of communication do not limit the compliance obligation. Ignorance is not a defense, even though Donovan’s attorney said that “the companies are now in compliance,” and that “nobody was intending to violate the law.”
On April 3, 2013, the Federal Trade Commission issued a press release that marks yet another step in its continuing trend of actions involving data brokers and data providers. As we have noted in earlier blog posts, the agency is making a concerted effort on a number of fronts to enforce the laws that protect consumer data and privacy.
The FTC’s current action involves a letter that it sent to a number of data brokerage companies that provide tenants’ rental histories to landlords. The letter is simply a notification to the companies that they may be considered credit reporting agencies under the Fair Credit Reporting Act (FCRA) and that they thus may be required to ensure that their websites and practices comply with that law.
The FTC letter also listed some of the obligations of credit reporting agencies to take reasonable steps to ensure the fairness, accuracy, and confidentiality of their reports — such as (1) ensuring that landlords are actually using the report for tenant screening purposes and not as a pretext, (2) ensuring the maximum possible accuracy of the information in the tenant reports, (3) if the company is a nationwide provider, providing consumers with a free copy of their report annually, and (4) ensuring that all obligations are met concerning notifications to landlords (e.g. letting consumers know about a denial based on a tenant report, the right to dispute information in the report, and the right to get a free copy of the report).
The FTC letter specifically noted that the agency has not evaluated whether the company receiving the letter is in compliance with the FCRA but that “we encourage you to review your websites and your policies and procedures for compliance.”
We have discussed FTC actions against data brokers before. In March, we discussed the FTC’s announcement of a settlement with Compete, Inc., a web analytics company. Compete sells reports on consumer browsing behavior to clients looking to drive more traffic to their websites and increase sales. Compete obtained the information by getting consumers to install the company’s web-tracking software in their computers. The FTC alleged that the company’s business practices were unfair and deceptive because the company did not sufficiently describe the types of information it was collecting from its users.
We are confident that the companies that received the letter regarding tenant information are reviewing their websites and polices, as encouraged by the FTC. However, what really intrigues us is the motivation behind the FTC sending the letters to the companies.
Of course, part of that motivation is to help ensure that the companies follow rules for privacy protection. Nonetheless, it is also interesting to note that there is a significant consequence under the FCRA – namely, individuals are permitted to seek punitive damages for deliberate violations of the FCRA. Thus, the letter arguably provides notice for the companies to become compliant immediately since future violations may be considered deliberate breaches that warrant punitive damages.
In the past couple of years, a wide variety of computer viruses and other malware have allegedly been used by one nation against another. This secretive form of warfare even briefly plastered names like Stuxnet, Duqu, Flame, and Gauss across the front pages. In partial response to the threat posed to U.S. interests by hostile foreign countries and/or individuals, different cybersecurity bills are percolating through the halls of Congress, including the SECURE IT Act of 2012, the Cybersecurity Act of 2012, and others.
No one can dispute the very real danger posed by cybersecurity threats and the potentially disastrous results if they are unleashed upon a country or upon an industrial or financial system. In a recent Wall Street Journal op-ed, President Obama wrote that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” The president also stated that “foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day.”
President Obama then pushed for the passage of the Cybersecurity Act of 2012, which would require the sharing of information between the private and public sector, develop cybersecurity standards, and other protections. In support of that bill, President Obama wrote that “Congress must pass comprehensive cybersecurity legislation” and that “We all know what needs to happen.”
However, in early August the U.S. Senate rejected cybersecurity legislation, with Republican members concerned that the bill would impose burdensome obligations on businesses.
The president has indicated that he is considering imposing the same cybersecurity measures by executive order.
“In the wake of Congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed,” Presidential press secretary Jay Carney said.
This possibility does concern us.
Although computer malware poses a real and credible danger to U.S. interests, we also need to discuss how cybersecurity is going to be achieved. The use of an executive order to bypass the legislative process is of questionable constitutionality because it may violate the separation of powers mandated by the Constitution.
A step that creates such an extensive public-private partnership and involves the government so much in private decisions to provide security at least deserves approval after full discussion by a majority of both houses of Congress. We hardly think that the threat has risen to the level of “war” that would permit the president to engage in unilateral emergency actions to protect national security.
As the tech editor of the Daily Caller wrote recently: “The failed cyber security bill, which could be revived by Sen. Majority Leader Harry Reid when the Senate comes back from recess in September, would have given federal agencies in charge of regulating critical infrastructure industries like power companies and utilities the ability to mandate cybersecurity recommendations … An executive order would be another action from the Obama administration to extend executive branch authority over a largely free and open Internet.”
Whether you or not you are an avid gamer, you have probably realized that a significant segment of the general population takes gaming quite seriously. Probably a little too seriously sometimes.
It seems that the ending to the popular game Mass Effect 3 (“ME3”), which is produced by BioWare, disappointed many devoted players so much that they filed a petition with the FTC for deceptive advertising. According to the petition, the company’s advertising convinced the players that they were able to change the game’s ending, but in reality, there were only three different endings and they were relatively similar.
Unsurprisingly, the FTC did not comment on the petition. One can only imagine the “parade of horribles” that would happen if the FTC acted on the petition. We might see petitions against any movie that was not as good as advertised, against ball clubs for not being as competitive as advertised, against colleges for not being as good as advertised, and the like.
Generally, the FTC takes the reasonable position that consumers have a certain amount of responsibility for their purchases and should understand that even legitimate advertising is meant to persuade the consumer to purchase something. (On the other hand, BioWare’s co-founder, Dr. Ray Muzyka, did take the petition seriously and released a statement that “the team are hard at work on a number of game content initiatives that will help answer the questions, providing more clarity for those seeking further closure to their journey.”)
However, the same argument can be applied to some of the advertising campaigns that the FTC has criticized. For example, one could argue that a reasonable consumer should understand that Google is not going to hire him to work from home and compensate him handsomely, with absolutely no experience, and even without any job interview. Likewise, one could persuasively argue that the government is obviously not giving out grants to nearly every applicant for any random cause, just so long as you sign up for the monthly fee. Yet the FTC does oppose these forms of suggestive/misleading advertising.
One wonders if the true distinctions are the targeted audience of the advertising and the nature of consumer loss. If the targeted audience represents a more unfortunate and vulnerable segment of society, then the FTC is more likely to step in to protect the unfortunate and vulnerable consumer. If the targeted audience is more able to fend for themselves, however, the FTC is less likely to step in to protect them.
In addition, the consumer who is taken in by a misleading work-at-home scheme has, at the very least, lost valuable time and money. The consumer who plays ME3 has had a game experience for his or her money, just one that is perhaps not as exciting as he or she expected. There is a difference.
As a final note, there is a bright side to this petition. In an effort to draw attention, an online petition to redo the ending of ME3 also started a donation drive for Child’s Play, which provides video games for patients at children’s hospitals worldwide. In less than two weeks, the drive reached its goal and raised slightly more than $80,000. We are confident that even the FTC can agree that the charity drive was a good thing!
The Federal Trade Commission has obtained an order from the federal court for the Central District of California for a preliminary injunction and asset freeze against all the defendants in an alleged mortgage modification scam.
The complaint was filed against California-based Sameer Lakhany and a number of related corporate entities for violating the Federal Trade Commission Act and the Mortgage Assistance Relief Services Rule, now known as Regulation O. This was the first FTC complaint against a mortgage relief scheme that falsely promised to get help for homeowners who joined with other homeowners to file so-called “mass joinder” lawsuits against their lenders.
The complaint listed two separate alleged schemes that collected over $1 million in fees and used images of President Obama to urge consumers to call for modifications under the “Obama Loan Modification Programs.”
The first scheme was a loan modification plan under which the defendants allegedly promised substantial relief to unwary homeowners from unaffordable mortgages and foreclosures. Their website featured a seal indicating that it was an “NHLA accredited mortgage advocate” and that NHLA is “a regulatory body in the loan modification industry to insure only the highest standards and practices are being performed. They have an A rating with the BBB.” Unfortunately, the NHLA is not a “regulatory body” and it actually has an “F” rating with the BBB.
The defendants reinforced their sales pitch by portraying themselves as nonprofit housing counselors that received outside funding for all their operating costs, except for a “forensic loan audit” fee. According to the FTC, the defendants told consumers that these audits would uncover lender violations 90 percent of the time or more and that the violations would provide leverage over their lenders and force the lenders to grant a loan modification. The defendants typically charged consumers between $795 and $1595 for this “audit.” Also, if the “audit” did not turn up any violations, the consumers could get a 70 percent refund. Unfortunately, there were often no violations found, any “violations” did not materially change the lender’s position, and it was nearly impossible to actually get a refund for this fee.
The second alleged scheme was that the defendants created a law firm, Precision Law Center, and attempted to sell consumers legal services. Precision Law Center was supposed to be a “full service law firm”, with a wide variety of practice areas. It even claimed to “have assembled an aggressive and talented team of litigators to address the lenders in a Court of Law.” However, the FTC charged that the firm never did anything besides for filing a few complaints, which were mostly dismissed.
To assist Precision Law Center in getting new clients, the defendants sent out direct mail from their law firm that resembled a class action settlement notice. The notice “promised” consumers that if they sued their lenders along with other homeowners in a “mass joinder” lawsuit, they could obtain favorable mortgage concessions from their lenders or stop the foreclosure process. The fee to participate in this lawsuit was usually between $6,000 to $10,000. The material also allegedly claimed that 80 to 85 percent of these suits are successful and that consumers might also receive their homes free and clear and be refunded all other charges.
The defendants’ direct mail solicitation also contained an official-looking form designed to mimic a federal tax form or class action settlement notice. It had prominent markings urging the time sensitivity of the materials and it requested an immediate response.
Obviously, these defendants employed many egregious marketing techniques that crossed the FTC’s line of permissibility. However, in light of the FTC’s renewed focus on Internet marketing, even a traditional marketing campaign should be carefully crafted with legal ramifications in mind.
As a final note, it is always smart not to antagonize the FTC by proclaiming (like the defendants here did) that they are “Allowed to Accept Retainer Fees” because it was “Not covered by FTC.” We couldn’t think of a better way to get onto the FTC’s radar screen!