Why the Location Privacy Protection Act is a commonsense consumer protection

chisbealsBy Christopher Beal, Public Policy Intern

With the seemingly ceaseless increase in the number of mobile internet devices finding their way into the hands (and pockets) of consumers, geolocation data (broadly, any information that can be used to identify the location of a person using a device) is becoming ever easier to collect and transmit without consumer awareness or consent. As such, a cohesive set of protections affording consumers with control and knowledge as to the collection and sharing of their sensitive private data is long overdue. The Location Privacy Protection Act of 2014 (“LPPA”) promises to do just that. Accordingly, NCL is pleased to offer its support for this legislation.

It doesn’t take much of a search to uncover that industry standards and established governmental protections are ineffective or easily circumvented. Many of the currently applicable laws were drafted in a time prior to the prevalence of internet-enabled cellphones and other mobile devices and, as such, don’t speak to the practice of sharing (or selling) geolocation data with commercial entities. As a result, companies can collect information which in any other context would be deemed irrefutably private (for example, visiting a therapist or going to a church) and share or sell that information to other companies (including advertisers). And beyond that, recent history shows that some companies participate in practices like this despite their privacy policy stating otherwise (for example, in May 2014 the FTC settled an enforcement action with Snapchat over their collecting geolocation data in contradiction of their privacy policy).

The LPPA requires that companies alert consumers to the act of geolocation collection and sharing, and to require individual consent before either may occur (with reasonable exceptions for emergencies, parental supervision of children, and the like). It also requires that companies in the practice of collecting geolocation data must disclose the kinds of data collected, the ways in which it is shared and used, and companies must tell consumers how they can stop this collection or sharing. The LPPA also has provisions targeting the practice of GPS stalking and of the collection of geolocation data without a user’s knowledge.

NCL — along with many other privacy and consumer groups and the FTC — supports a comprehensive privacy protection law that encompasses all consumer data. Absent such a law, consumers deserve to at least have their most sensitive data, such as location information — protected. On Wednesday, June 4, NCL Executive Director Sally Greenberg will be testifying before the Senate Judiciary Subcommittee on Privacy, Technology and the Law in support of the LPPA. To watch the hearing live, click here.



It’s time for broadcasters to step up on deceptive advertising

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud

If you’ve turned on the television or radio recently, chances are that you’ve heard at least one advertisement that made you sit up and say “what the…?” From bogus weight-loss products, to suspicious tax “advice” firms, to “free” cruises to the Bahamas, it often seems difficult to avoid ads that are misleading, if not outright fraudulent.

At the federal level, the Federal Trade Commission (FTC) is charged with protecting consumers from unfair and deceptive advertising. Over the years, the agency has brought hundreds of cases against companies that have made dubious claims in their advertisements. In addition, in cases where there is evidence of fraud the FTC can also shut down operations under its “unfair and deceptive acts or practices” authority. State attorneys general also have authority to go after deceptive advertising and fraudulent operations.

Unfortunately, given the limited resources at their disposal, regulators are often only able to go after the most egregious cases of deception and fraud. The result? Ads for all kinds of deceptive and fraudulent products and services continue to proliferate on the public airwaves and on cable TV.

So what can be done to better police the airwaves for deceptive and fraudulent content? As part of its recent enforcement action against four bogus weight-loss companies, the FTC sent a letter to publishers and broadcasters asking them to refer to the FTC’s guidance on spotting phony weight-loss claims when advertisers submit ads.

While this action is a step in the right direction, we think the broadcasting and publishing industries can and should do more to vet the ads they run before they run. The FTC has largely steered clear of putting pressure on publishers and broadcasters to take this common-sense step. The Commission’s last significant effort on this was back in 2003, when former chairman Tim Muris asked cable television advertisers to strictly screen weight-loss ads.

As the Washington Post’s Lydia DePillis noted in a recent article on this topic, publishers and broadcasters usually cite two big reasons for resisting ad screening: their First Amendment right to publish and broadcast what they wish and the expense of setting up a screening program. With the proliferation of Internet-based advertising, the problem becomes even harder to control.

That said, we don’t think that these excuses are reason enough for the industry not to even try. Consumers tend to trust the ads they see on the radio or on television to a greater extent than online ads. When a fraudulent or deceptive ad runs, it undermines confidence in the advertising industry generally. More concretely, when a deceptive advertiser goes under due to enforcement actions, it can leave media outlets holding the bag. For example, when “tax resolution” company TaxMasters went bankrupt in 2012 after being investigated by the Texas Attorney General’s office, it owed CNN and Fox News Channel more than $3.5 million in unpaid advertising.

Doing a better job of screening out deceptive ads is not only the right thing to do from a public interest point of view, but it makes good business sense too. That being the case, why aren’t more companies doing it? Consumers deserve no less.


Did you know another American falls victim to ID theft #every3seconds?

clock graphicBy John Breyault, Vice President of Public Policy, Telecommunications and Fraud

NCL’s “State of ID Theft” Conference To Put National Spotlight on Continuing Problem

For thirteen years, the crime of identity theft has generated more complaints to the Federal Trade Commission than another other fraud. In 2012, more than 12 million Americans were affected by identity theft, costing the U.S. economy $20.9 billion. Every three seconds, a consumer’s identity is comprised by this pernicious crime.

Seven years ago, President George W. Bush, recognizing the seriousness of the threat of ID theft, created the federal Identity Theft Task Force. Made up of eighteen federal agencies, the task force was charged with implementing a range of recommendations to address the threat of ID theft. The task force made thirty-one recommendations, from reducing the use of Social Security Numbers by federal agencies, to improving coordination by law enforcement, to passing a national data breach notification standard, to name a few. The implementation of these recommendations by the federal government, as well as improved anti-fraud procedures in the private sector, have done much to make life harder on ID thieves.

Despite these advances, ID theft is still a major threat to consumers, business and the government. According to one conservative estimate, more than 1.1 billion records have been comprised by identity theft. Data breaches, which put information on millions of consumers in the hands of fraudsters, are still occurring at a rate of at least one per day.

Just as troubling, it appears that we may be on the cusp of a new wave of ID theft. With ever larger amounts of data being collected about consumers by government and the private sector, data breaches become more likely. Identity thieves are shifting towards scams that are harder to detect, such as tax-related ID theft and medical ID theft. And the criminal themselves — often located overseas — are becoming more professional and organized.

How will these new factors affect consumers’ vulnerability to identity theft? What can we learn from the last seven years of fighting this problem? What should consumers expect from regulators, law enforcement and the private sector as this crime evolves?

To examine these and other questions, the National Consumers League will be hosting our first State of ID Theft conference on December 12 in Washington, DC. The event will bring together some of the brightest minds in the country for panel discussion examining the continuing threat of ID theft and what can be done to better protect consumers. Headlining the conference will be a lunchtime conversation between FTC Chairwoman Edith Ramirez and Former Chairwoman Deborah Platt Majoras, who co-chaired the federal Identity Theft Task Force from 2006-08.

Registration is free but space is limited. Please RSVP here. For more information please contact John Breyault at johnb@nclnet.org.

Additional consumer protections could help prevent more Jamster’s

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud

The Federal Trade Commission (FTC) today announced its second major enforcement action against a wireless cramming scheme – a $1.2 million settlement with Jesta Digital, a.k.a. Jamster. While enforcement actions may give some scammers pause, the dozens of FTC enforcement actions against landline cramming scammers since the early 2000’s show that enforcement alone isn’t the answer. As the FTC itself has stated, wireless cramming is a “significant consumer problem,” demanding action by federal regulators.

We couldn’t agree more. Based on data reported by the California Public Utilities Commission, the Federal Communications Commission (FCC) and the Vermont Attorney General’s office, we estimated that wireless cramming fraud is costing consumers as a much as $887 million per year. As we have said before, the Jamster case as well as Wise Media and JAWA before it, are likely just the tip of a very large iceberg when it comes to wireless cramming.

Unfortunately, the wireless industry seems determined to defend its assertion that there is not a significant wireless cramming problem in the U.S. For example, in June, CTIA, the wireless industry’s association, published an industry-funded study the called into question the results of an earlier study by the Center for Rural Studies at the University of Vermont. The Vermont study found that 60% of third-party charges on consumers’ wireless phone bills were unauthorized. An earlier analysis by the Illinois Consumer Utility Board found that 44% of third-party charges were unauthorized.

Continue reading

Join us in a twitterchat about online and mobile safety while traveling #ChatSTC


By Nikola Sirovica, Communications Intern

School is out, graduations are over, and the time for your summer vacation has arrived! You have your sunscreen, your giant cooler, and the beach chairs – all you need is that dream destination. Whether you are embarking on a last-minute getaway with friends or a family vacation planned months in advance, keeping your mobile devices safe and secure in unfamiliar places can be a challenge. Join us this Thursday, July 18 for a Twitterchat to discuss how to keep yourself safe online when traveling.

There are many tricks that criminals use to defraud vacationers via their mobile devices. How do you know if your Wi-Fi network is secure? What do you do if you lose your phone away from home? Should you change your privacy settings when traveling?

As consumers, it is very important to know your rights and take extra precautions while traveling. Be extra wary of any prizes and sweepstakes telling you that you’ve won a trip to the Bahamas, Florida, or any other dream location. These scams will ask you to pay a fee up front before you can receive your prize. Anyone who pays the fee will unfortunately find out the trip doesn’t exist and they have fallen victim to a scam.

On Thursday, NCL will be a guest expert in a Twitterchat organized by the National Cyber Security Alliance’s (NCSA) global cyber security campaign Stop. Think. Connect. Among the topics covered will be how to spot travel scams, how to identify reliable Wi-Fi connections, safe online banking, and which apps can be helpful to protect you when you are on the road. Ask questions in advance using the hashtag #ChatSTC, and the panel of experts will answer. Or, follow the conversation live at #ChatSTC.

When: Thursday, July 18th at 3 p.m. EDT/noon PDT

Who: National Consumers League (@ncl_tweets), STOP. THINK. CONNECT. (@STOPTHNKCONNECT), the U.S. Department of Homeland Security (@cyber), McAfee (@McAfeeConsumer), the FCC (@FCC).

Google’s Transparency Report reveals widespread global malware




By Sam Hamer and R.J. Smith, Public Policy Interns

Last week, tech giant Google released its semiannual Transparency Report, which for the first time included data about malware and security threats drawn from the company’s Safe Browsing program. The program began in 2006 as a way to identify infected sites and warn browser users who attempt to access them. According to Google:

“Our security team built Safe Browsing to identify unsafe Web sites and notify users and webmasters so they can protect themselves from harm. By providing details about the threats we detect and the warnings we show, we hope to shine some light on the state of web security and encourage safer web security practices.”

As part of the Safe Browsing program, Google scans a fraction of sites in each country and utilizes the data to indicate the prevalence of sites hosting malware. A country-by-country breakdown of the prevalence of malware-infected sites shows, for instance, that approximately 2 percent of the over 14 million sites in the United States contain malware or phishing scams. By comparison, roughly 15 percent of sites in India tested positive for malware, one of the highest rates in the world. Google’s worldwide tracker identifies as many as 90,000 unsafe Web sites per week, notifying webmasters each time fraudulent code is discovered. In addition to delivering a warning page to browser users who attempt to access these infected sites, webmasters receive a report notifying them of the corruption and instructing them to fix the problem.

Google’s disclosure of malware infection data has received significant media coverage, with the New York Times, NBC News, and CNN covering the release, in addition to a smattering of online magazines and tech blogs. Many credit Google with increasing popular awareness of “just how unsafe the Internet has become,” as the New York Times put it. Google’s Dorothy Chou disclosed in an email that, “the coverage has been fairly neutral to positive.” But, she notes, “[it is] probably too early to know what people are doing with the data release yet.”

Indeed, while Google’s collection of malware and phishing data over the past half-decade has provided greater certainty of where malicious online activity persists, just what the vanguards of online security should do with the data is less certain. As privacy blogger John Hawes notes on the blog Naked Security, webmasters can now monitor the Safe Browsing site for data about their site provider service. If Google’s data show that a particular site provider comes up as a host for a number of infected sites, then webmasters will know that they should start asking questions, Hawes suggests. Moreover, webmasters can better inform themselves about which site providers have a clean record, and flag those providers who host numerous infected sites.

If anything, the Safe Browsing program has contributed to a heightened awareness of Internet scams among the general populace. While many Internet users have heard of the words “phishing” and “malware,” Google has shed additional light on the scope of the problem. As Google engineer Niels Provos put it, “[Safe Browsing] is about making the Internet a safer environment… We want to make as much information available about the state of the Web as we see it…By putting [the data] out there, we want to educate Web masters that this is very real, that the danger of you getting infected is very large.”

Wireless cramming: The tip of a very large iceberg

By John Breyault, Vice President of Public Policy, Telecommunications and Fraud

Wireless cramming is at the top of the Federal Trade Commission’s agenda today, as government officials, advocates and industry representatives gather to discuss the issue and potential solutions at the FTC’s Mobile Cramming Roundtable. I am honored to present at the event, along with a number of other experts on the topic. For those loyal readers unable to watch the live webcast, I can sum up my comments thusly: Wireless cramming is a big problem and is only going to get worse without action by regulators to protect consumers.

Cramming fraud has been around for decades. Beginning in the late 1990s, enterprising scam artists learned that they could get small charges placed on consumers’ landline phone bills. With doctored “authentications” and poor policing by the phone companies and billing aggregators, scammers made millions of dollars. As consumers increasingly adopted wireless phones, the scam artists moved to those bills. Wireless cramming is proving to be just a lucrative for the fraudsters. In its first enforcement action against alleged wireless cramming outfit Wise Media, the FTC stated that the company made millions of dollars in less than two years of operation.

Wise Media is likely just the tip of a very large iceberg. While there is precious little data about the scope of the wireless third-party billing market generally and the cost of wireless cramming on consumers, we can make some educated estimates based on the data that is available.

Continue reading