FTC Sends Message: Make Your Mobile App Secure

BY: Sarah Coffey

Mobile payments have become so commonplace that consumers rarely stop to think about whether their online payment is secure. Mobile app developers can fall into a similar trap of assuming that the necessary security measures are enabled without performing the necessary audits to assure security on a regular basis. A recent settlement between the FTC and two companies offering unsecured mobile application products gives cause to think again.

The FTC alleges that the movie ticketing service Fandango and credit monitoring company Credit Karma failed to adequately protect consumers’ sensitive personal information in their mobile apps because they failed to use Secure Sockets Layer (“SSL”) protocol to establish authentic, encrypted connections with consumers. Generally, an online service will present an SSL certificate to the app on the consumer’s device to vouch for its identity. The app then verifies the certificate to ensure that it is connecting to the genuine online service. When companies fail to use this protocol—especially if consumers use the app over a public wi-fi system—third party attackers can substitute an invalid certificate to the app, thus establishing a connection between the app and the attacker rather than the online service. As a result, any information that the consumer enters into the app will be sent directly to the attacker, including credit card numbers and other sensitive and personally identifying information.

The FTC alleged that Fandango and Credit Karma left their applications vulnerable to interception by third parties by failing to use SSL protocol. The FTC alleged that Fandango misrepresented the security of its application by stating that consumers’ credit card information would be stored and transmitted securely, despite the fact that the SSL protocol was disabled on the app from March 2009 to March 2013. The FTC alleged that Credit Karma’s app failed to validate SSL certificates from July 2012 to January 2013, leaving the app susceptible to attackers which could gather personal identifying information such as passwords, security questions and answers, birthdates, and “out of wallet” verification answers regarding things like mortgages and loan amounts.

In both cases, the online services received warnings of the vulnerabilities from both users and the FTC. In December 2012 a security researcher used Fandango’s online customer service form to submit a warning regarding the vulnerability. However, Fandango mistakenly flagged the email as a password reset request and sent the researcher a stock response on password resetting, then marked the complaint as resolved. A user sent a similar notice to Credit Karma about the SSL certificates in January 2013. Credit Karma responded by issuing a fix in the update to the iOS operating system that same month, however, one month later Credit Karma issued an Android app which contained the same vulnerability.

In both cases, the online services performed a more thorough internal audit of the apps only when issued a warning by the FTC. The FTC issued complaints against the companies for their deceptive representations regarding the security of their systems. While the complaints noted that the apps were vulnerable to third party attacks, they did not allege that any such attacks were made or that any consumer information was in fact compromised. Perhaps due to the lack of consumer harm, the FTC entered into consent agreements with Fandango and Credit Karma in which the services did not have to pay a monetary judgment, but did agree to establish comprehensive security programs and undergo security assessments every other year for the next 20 years. Fandango and Credit Karma are additionally prohibited from misrepresenting the level of privacy and security in their products or services.

SSL certificates are the default validation process that iOS and Android operating systems provide developers using the application programming interface. Therefore, mobile app developers can protect themselves and their users from this vulnerability simply by leaving the default SSL protocol enabled. What’s more, app developers can test for and identify SSL certificate validation vulnerabilities using free or very low cost tools. Therefore, all app developers should take the necessary precautions to ensure the security of their systems, and prevent harm to consumers (and potential lawsuits) down the road.

Herbalife Hit with Civil Investigative Demand – Is the FTC Finally Turning up the Heat on Multi-Level Marketers?

BY: David Deitch

For many, the announcement two weeks ago that the Federal Trade Commission has commenced a formal investigation into Herbalife was not terribly interesting.  After all, nutritional supplement company Herbalife has been the focus of intermittent media attention since December 2012 when Wall Street hedge fund manager Bill Ackman claimed that it was  an illegal pyramid scheme, and its business practices have already drawn the scrutiny of the Securities and Exchange Commission.

On the other hand, because the FTC focuses on deceptive trade practices, its investigation into Herbalife– and the allegation that it constitutes a pyramid scheme – may offer a valuable opportunity for the FTC to clarify its rules on what constitutes a pyramid scheme and what a multi-level marketing (MLM) company can or must do to protect itself from the accusation.

The MLM industry has been an established networking sales model for several decades. The FTC defines “multi-level marketing” as networking that uses individuals to sell products by word of mouth or direct sales where distributors typically earn commissions not only for their own sales, but for sales made by the people they recruit. MLM has become increasingly popular in recent years – and for good reason given that it has become extremely profitable:  A 2012 study reported the MLM industry was worth approximately $30 billion.

The sole FTC guidelines for MLM arose from litigation in 1979 when the FTC accused the MLM Amway of operating an illegal pyramid scheme.  (Amway ultimately prevailed four years later.)  The case gave rise to what is known as the “Amway Safeguard Rules”– a set of rules relating to distributors that Amway had in place that protected itself from the FTC accusation that the company was a pyramid scheme.  As described in the administrative law judge’s decision, these three critical criteria provided an “umbrella of legal protection”:

1.         Amway required its representatives to engage in retail selling, under the “ten retail customer police,” which appeared in the agreement that representatives signed upon enrollment.  This rule required that representatives make 10 sales to retain customers as a qualification for eligibility to receive commission and bonuses on sales/purchases made by other representatives in their personal sales organization.

2.         Amway required its representatives to sell a minimum of 70 % of previously purchased products before placing a new order. (Amays’ rules recognize “personal use” for purposes of the 70% rule.)

3.         Amway had an official “buy-back” policy for unsold, unopened inventory.  This policy had some reasonable restrictions, including a specified maximum length of time since the item was originally purchased by the representative and that the item was still current in the company’s product offerings to consumers.  The policy also included a minimal “restocking” fee.  (Buy-back policies are significant especially for protection of representatives who choose to terminate their affiliation with a company, and do not want to be “stuck” with unsold inventory.)

By adhering to these rules, MLM companies gain some protection from pyramid scheme accusations.  And, aside from a staff advisory opinion in 2004, the FTC has offered little or no further guidance on what it perceives as a pyramid scheme and what companies can or must do to show that their businesses are legitimate and legal.

Will the FTC use the Herbalife investigation to provide greater guidance for MLM companies?  To do so would be in the interests of MLM companies, the regulators themselves, and those in the financial services industry who have taken great interest – and large financial positions – in MLM companies.

FTC Secures Nine Figure Judgment Against Single Co-Defendant in Scareware Case

BY: Casselle Smith

After the FTC secured a $163MM judgment against Kristy Ross in the US District Court of Maryland, the 4^th Circuit affirmed, and so ends the FTC’s six-year “scareware” enforcement action. From beginning to end, this odyssey has been quite colorful, to say the least. The nine-figure judgment against Ross is no exception.

Originally, there were eight codefendants: Innovative Marketing, Inc., ByteHosting Internet Services, LLC, and five of the companies’ officers and directors, including Ms. Ross. The case was based on FTC allegations that their massive “scareware” scheme was deceptive in violation of Section 5 of the FTC Act. Specifically, the FTC alleged that the defendants falsely warned consumers that (imaginary) scans of their computers detected security or privacy issues (e.g., viruses, spyware, system errors, and pornography). After receiving the fraudulent security alerts, the consumers were prompted to purchase the Defendants’ software to remedy the (imaginary) problems.  More than one million consumers purchased the scareware – of them, roughly three thousand filed complaints with the FTC.

Ross was the only co-defendant remaining at trial, and the judgment was entered against her individually and as a member of Innovative Marketing, Inc. (IMI). Four of the eight original defendants settled with the FTC in February 2010. The same month, the trial court entered default judgments against the remaining three – IMI, Mr. Jain, and Mr. Sundin – for their failure to appear and participate in the litigation. Ross retained counsel but failed to file an answer, respond to the FTC’s discovery requests, or appear at trial. As such, the lone defendant Ross was tried in absentia. Though not explicitly expressed in the trial judge’s opinion, one can only imagine that the optics did not bode well for Ms. Ross at trial.

Before trial, the FTC moved for summary judgment. In her opposition, Ross argued that she was just an employee at IMI (not a “control person”) without requisite knowledge of the misconduct and that she could not therefore be held individually liable under the FTC Act. The court found there to be no issues of material fact with regard to whether the scareware scheme was deceptive in violation of the FTC Act. And a bench trial was ordered to determine the extent of Ross’ control over, participation in, and knowledge of IMI’s deceptive practices.

At trial, Judge Bennett found that Ross had actual knowledge of the marketing scheme, was fully aware of many of the complaints from customers, and was in charge of remedying the problems. The court issued a permanent injunction (as authorized by the FTC Act) and held her individually liable for the total amount of consumer injury (calculated by the FTC $163,167,539.95), finding that to be the proper measure for consumer redress.

On appeal, Ross asked the court to apply the SEC standard for individual liability, which essentially requires a showing of specific intent/subjective knowledge. The Fourth Circuit declined, finding that such a standard would leave the FTC “with a futile gesture of obtaining an order directed to the lifeless entity of a corporation, while exempting from its operation the living individuals who were responsible for the illegal practices in the first place.” The appeals court also rejected Ross’ arguments that district courts do not have authority to award consumer redress, noting that “[a] ruling in favor of Ross would forsake almost thirty years of federal appellate decisions and create a circuit split,” an outcome that it refused to countenance.

The factual and procedural history of this case are pretty outlandish, and it is not clear why Ross opted to take the FTC to the mat (in absentia) on case with so much weighing against her. Had she settled with the others back in 2010, maybe she would have only been on the hook for the gross revenues she received from the alleged scam. Then, almost certainly the FTC would have followed its common practice of suspending all but the amount she was able to pay. But, alas, she did not.

Electronic Cigarette Advertising Practices Draw Legislative Attention – Will Regulations Follow?

BY: Griffin Finan

Advertisements for electronic cigarettes, or “e-cigarettes,” are increasingly drawing scrutiny from consumer advocates and public health groups who are calling for the federal government to regulate these advertisements in the same manner that traditional cigarette advertisements are regulated.

The e-cigarette industry is growing at a rapid pace, particularly among younger people. Last year, the industry generated roughly $2 billion and industry sources estimate sales are on pace to hit $5 billion this year.

Currently, there are no regulations governing advertisements of e-cigarettes. In contrast, advertisements of traditional cigarettes are heavily regulated. For instance, various federal laws and regulations prohibit cigarette manufacturers from sponsoring sporting events, and advertising cigarettes on television is also barred. Under the terms of a settlement from a lawsuit in 1998, tobacco companies agreed to not use cartoon characters to market cigarettes.

For roughly 10 years, the marketing team at R. J. Reynolds used the cartoon character “Joe Camel” to promote cigarettes. After years of pushback and under pressure from a pending lawsuit, Congress and various consumer groups, R.J. Reynolds announced that it would settle the pending lawsuit out of court and voluntarily end its use of Joe Camel.

BlueCigs, a leading manufacturer of e-cigarettes, uses a cartoon character named Mr. Cool in a television advertising campaign. Industry watchdogs have criticized the television ads, particularly given the growth of the industry and the regulations faced by traditional tobacco manufacturers. Some in the industry have noted the similarity between Mr. Cool and Joe Camel and worry that these advertisements will have the same effect of luring young people to try e-cigarettes that many believe Joe Camel had with traditional cigarettes.

Last month, a group of Senate Democrats introduced legislation to prohibit e-cigarette producers from marketing their products to children. This bill marked the first legislative attempt to regulate the e-cig industry. The bill would ban marketing e-cigarettes to children based on standards promulgated by the Federal Trade Commission (FTC), and would empower the FTC and state attorneys general to enforce the advertising ban.

Additionally, the White House Office of Management and Budget has been reviewing a rule proposed by the U.S. Food and Drug Administration that would bring e-cigarettes under its jurisdiction. The regulations have been under review since October. We have previously written about FDA plans to regulate the e-cigarette industry here.

The e-cigarette industry should be aware that their marketing and advertisements are being closely monitored. Regulation and potential lawsuits could be on the horizon and companies should review their policies and practices to make sure they are prepared. The use of cartoon characters may be one advertising method to forego at this point, instead focusing on mature individuals using the product.

Investigating For-Profit Edu: Are Government Agents Going To Start Tripping Over Each Other?

BY: Nicole Kardell

Things look a bit bleak for the for-profit education industry: it seems like every other day a new federal or state agency is launching an investigation or proposing new regulations. The latest news is that a coalition of 32 state attorneys general, along with the Consumer Financial Protection Bureau, is expanding a probe into lending practices at for-profit colleges. This news follows pronouncements by the Securities and Exchange Commission, the Justice Department, the Federal Trade Commission and the Federal Communications Commission of stepped-up initiatives to combat alleged predatory practices by for-profit colleges. In the midst of this full frontal assault, the industry is facing a major new regulatory scheme under the Department of Education’s impending Gainful Employment rule. What the new regulatory scheme will cover and require remains to be determined, but the released drafts of the rule portend extensive record keeping and reporting requirements.  With mounting investigations and regulatory scrutiny, no wonder shares in for-profit education have been on the decline: how can these companies turn a profit in the midst of all this costly government intervention?

But the CFPB and the 32-state coalition could (unwittingly) be the industry’s knights in shining armor. The enforcement agencies’ expanded probe – along with action by the SEC, DOJ, FTC and the FCC – could provide a good argument for why the Education Department’s impending Gainful Employment rule may be redundant. Since there is so much disagreement over the Gainful Employment rule, not only over the prospective text,but also over the rule’s utility in the first place,it may be time to follow the cues of some in Congress who advocate abandoning the rule when the Higher Education Act is next up for re-authorization (this year).And if Congress could be persuaded to nix the rule, educators could allocate more resources to growth that would otherwise need to be focused on compliance with complex new regulations.

This argument initially may sound like a stretch, but consider some of the following points: (1) congressional infighting about the possible effects of the rule, (2) rule making failures as interested parties cannot come together on regulatory language, and (3) current law and enforcement actions that already address the goals of the prospective rule. There are only so many ways to skin a cat, and you can only have so many cat-skinners (poor analogical cat!).

(1)  Congressional Democrats are split on whether the Gainful Employment rule would protect students or negatively impact students.  Thirty Democratic members of Congress recently wrote a letter to Education Secretary Arne Duncan voicing concerns over the adverse effects a Gainful Employment rule could have on students. At the same time, 31 Democratic members wrote a letter in support of the prospective rule. During the back and forth on the Democratic side, many Republicans are advocating abandoning the rule, concerned that it would ultimately hurt students.With so much uncertainty, why press forward with a rule that has been lingering in limbo for years?

(2)  While Congress members deliberate the rule’s ultimate utility, the Education Department and its panel of negotiators have slogged through several sessions of a statutorily mandated negotiated rule making.  They have been unable to reach any consensus on what types of metrics to incorporate into the rule, let alone what metric ranges to use. After several months, three rounds of negotiations, and three very different drafts of the prospective rule, the Education Department is no closer to final language. The third and final round of negotiations, which occurred mid-December, highlighted the extent to which opposing sides remained polarized.

(3)  The Education Department has stated that its goals for the Gainful Employment rule are to:

• Define what it means for a program to prepare a student for gainful employment in a recognized occupation and construct an accountability system that distinguishes between programs that prepare students and those that do not;
• Develop measures to evaluate whether programs meet the requirement and provide the opportunity to improve program performance;
• Protect students and taxpayers by identifying GE programs with poor student outcomes and end taxpayer support of programs that do not prepare students as required; and
• Support students in deciding where to pursue education and training by increasing transparency about the costs and outcomes of GE programs.

These goals are already being addressed in current regulations and current enforcement actions. For instance, in November the FTC released marketing guidelines directed toward for-profit colleges, advising colleges against misrepresenting, for instance, their job placement and graduation rates, graduate salaries, credit transferring, etc.  The announcement was accompanied by guidelines for prospective students on choosing a school. The FTC’s guidelines send a message to the for-profit education industry: ensure integrity in your marketing and advertising or face the consequences of regulatory action. A new FCC rule, which took effect last October, restricts how for-profit educators can make recruiting calls to past, current, and prospective students.The SEC and CFPB are investigating student recruitment and private lending at various for-profit colleges for possible violations of, for instance, the Dodd-Frank Act (which prohibits violations of federal consumer financial laws and unfair, deceptive or abusive acts or practices), TILA and Regulation Z. And numerous states attorneys general have been actively investigating the industry under state laws.

The expanded probe that the CFPB and state attorneys general coalition is but a continuation of the panoply of government actions and initiatives directed at the for-profit education sector. But the probe provides an excellent basis for reconsidering the necessity of the Gainful Employment rule. The for-profit industry is not shy of regulatory oversight.  All the new regulation would achieve is more cost to industry and taxpayers in compliance and compliance reviews.

Industry, Members of Congress Take Action on FTC Process

BY: Michelle Cohen

As the Federal Trade Commission (“FTC”) continues to flex its consumer protection muscles by bringing numerous administrative lawsuits, industry and members of Congress are questioning whether there is a level playing field that allows companies to properly defend themselves against FTC charges.  Or, as some say, does the FTC have the “home court advantage” in its role as investigator and prosecutor, armed with very broad authority under Section 5 of the FTC Act –leaving many companies to decide simply to settle rather than face the Goliath FTC.  However, some companies have been bucking that trend recently and challenging the FTC’s authority (particularly in the area of regulating data security and FTC officials’ impartiality.

As background, the FTC may begin an enforcement action if it has “reason” to believe that the FTC Act is being or has been violated. Section 5(a) of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce.”  The FTC also enforces several other consumer protection statutes, including the Fair Credit Reporting Act, the Do-Not-Call Implementation Act of 2003, and the Children’s Online Privacy Protection Act.

Under Section 5(b) of the FTC Act, the FTC can challenge “unfair or deceptive acts or practices” or violations of certain other laws (such as those listed above) in an administrative adjudication. The way this works is the FTC issues a complaint putting forth its charges.  Many companies faced with such complaints inevitably settle with the FTC, rather than endure an administrative trial.  Those companies that contest the charges face a trial-type proceeding before an FTC administrative law judge.  FTC staff counsel “prosecute” the complaint.  The administrative law judge later issues an initial decision. Either party can appeal the initial decision to the full FTC for review.

Many observers, including the American Bar Association, have criticized this situation — where the FTC acts as both prosecutor and judge — as inherently unfair. After the FTC’s decision, the respondent organization (or individual)may appeal to a federal court of appeals. However, at this point, an extensive record has been made and this assumes an organization or individual has the resources to devote to a federal appeal. (In addition, the FTC can also bring consumer protection enforcement directly in court rather than through administrative litigation).

The FTC’s winning record in these administrative proceedings has many observers questioning the process and the FTC’s potential impartiality.  House antitrust chairman Spencer Bachus (R-Ala.) called out the FTC’s apparent lack of impartiality and fairness, stating “ a company might wonder whether it is worth putting up a defense at all.”

Just a couple weeks ago, however, medical testing company LabMD went on the offense and sought the disqualification of an FTC Commissioner. Facing an administrative proceeding relating to its alleged failure to secure patient information data, LabMD moved to disqualify Commissioner Julie Brill from consideration of its case.  LabMD claimed that the Commissioner made numerous statements at industry conferences prejudging its ongoing litigation. Specifically, LabMD claimed Brill stated LabMD that had violated the law, rather than indicating that LabMD was under investigation or in litigation.  The FTC opposed the disqualification. However, Commissioner Brill voluntarily recused herself from the case on Christmas Eve to avoid “undue distraction” from the administrative litigation.

As the FTC litigates in several key areas – data privacy, financial services, credit repair, telemarketing – we expect administrative litigation will increase in 2014. While some companies will continue to settle to avoid continued litigation expenses and possible further detrimental outcomes, we think others will take the LabMD route and seek relief when they believe the processes are not transparent or the FTC is exceeding its authority.

New Year Brings New Plans by the FTC to Take Down Deceptive Weight Loss Advertisers

BY: Rachel Hirsch

New year, new resolutions.  Yesterday, the FTC announced a resolution of its own: to undertake a nationwide enforcement effort to protect consumers against deceptive weight loss claims.  Dubbed “Operation Failed Resolution,” the FTC’s latest enforcement effort seeks to protect consumers who face a barrage of “opportunistic marketers” promising quick ways to shed pounds. According to the FTC, these marketing tactics cause millions of dollars of consumer injuries and encourage people to postpone important changes to diet and exercise.

To announce this new initiative, the FTC held a press conference in which it identified four significant enforcement actions: (1) Sensa – a flavored powder that claims to cause weight loss when sprinkled on food; (2) L’Occitane Inc.– a skin cream that promised to shave inches off consumers’ bodies; (3) HCG Diet Direct – a product based on the human chorionic gonadotropin hormone; and (4) LeanSpa – a dietary supplement. Collectively, these four enforcement actions total $44 million in potential recovery for consumers.

All four enforcement actions shared one common thread – claims of quick and easy weight loss that were not supported by evidence.  Many of the ads in question touted substantial weight loss without diet or exercise simply by using the product alone.  Although some of these marketers cited clinical studies that supported their claims, the FTC said that the so-called “independent” studies were largely fabricated. The FTC also took issue with consumer endorsements, which failed to disclose that the consumers were paid for their testimonials or that the consumers were related to the owner.  The FTC also scrutinized so-called physician endorsements.  According to the FTC, marketers failed to disclose that their endorsers were compensated to the tune of $1,000-$5,000 and free trips.

Yesterday’s press conference is not the first time that the FTC has taken action against deceptive weight loss claims.  In 2011, we reported on 10 lawsuits filed by the FTC against marketers behind the ubiquitous “1 Tip for a Tiny Belly” ads, which the FTC claimed were a scheme by marketers of diet and weight loss products to grab consumer credit card information and pile on additional, unapproved charges.

Although deceptive weight loss claims are not a new phenomenon, the FTC announced yesterday that it is taking a new approach to cracking down on these types of ads. The FTC is now encouraging media outlets that run these ads to conduct a “gut check” and turn down spots with bogus claims. Yesterday’s press conference was a call to action for both consumers and media outlets to help the FTC track down deceptive weight loss marketers, which can mean only one thing – more widespread enforcement efforts against marketers of dietary supplements. The FTC does not comment on non-public investigations and would not comment on whether these enforcement efforts would result in criminal enforcement from other agencies. One thing is for certain, however: If you make a claim about your weight loss product, you’d better be able to back it up.

Report From FTC Briefing – Blurred Lines: Advertising or Content?

BY: John Peters

The FTC held a workshop on Wednesday to examine the blurring lines of advertisements and content in digital media today. Executives from a myriad of professions gathered to discuss how sponsored content in digital publications takes form and affects the consumer.

Native advertising, or sponsored content, is the practice of masking advertising to look like news articles and features of the publications where they appear. The Internet has witnessed this practice grow aggressively in the past few years, and the FTC has already issued a warning to advertisers, saying it won’t hesitate to enforce rules against misleading advertising.

One of the main issues discussed during the panels today was how consumers were affected by native advertisements. Staff attorneys from the FTC repeatedly stressed that marketers bear the responsibility to ensure that the original source of the advertisement is transparent to the consumer. Often times, especially on social media outlets such as Twitter, links are tweeted or retweeted along with other links, causing confusion. Marketers like this because their native advertisements will become blurred and perceived as actual content. Studies have shown that native advertisements actually receive more views than naturally occurring ads. Bob Garfield, MediaPost columnist, said of native ads, “Native advertising is not deception, it’s a conspiracy of deception that’s becoming harder and harder to spot. This is unfair for the consumer.”

Sponsored content run by various websites is already being carefully watched by the agency. FTC Chairwoman, Edith Ramirez, said of native advertising, “The delivery of relevant messages and cultivating user engagement are important goals. But it’s equally important that advertising not mislead consumer by presenting ads that resemble editorial content.”

But not everyone at the workshop on Wednesday was convinced this is a problem for the consumer. David Franklyn, University of San Francisco law professor, claimed that studies at his university showed 35 percent of consumers could not identify a sponsored advertisement. Additionally, nearly half of the consumers studied did not know what ‘sponsored content’ meant. “How can consumers have a problem with something that they don’t even know exists,” asked Franklyn. Lastly, and perhaps most importantly, a third of the consumers reported they did not care if something was an advertisement.

Another popular topic at today’s workshop was the deceptive advertising in the marketing of diet pills and the supplement industry as a whole. The FTC is beginning to crack down on the practices of this industry. The agency described their ‘endorsement guides’ as they pertain to advertising – certain principles must be met between the marketer and the buyer. Along the same lines, in an internal FTC memo, the agency noted that another recent problem with search engines was the ambiguity behind search results and the fake testimonials that came with the diet pill ads. The FTC stressed that consumers have the right to know what search results were ‘naturally occurring’ opposed to paid results.

Native advertising is by no means a phenomenon that exists only in obscure corners of the internet.  Sites such as the Huffington Post, Proctor and Gamble and BuzzFeed have all been engaging in these native advertisement practices. Additionally, 73 percent of online publishers reported they have offered sponsored content opportunities on their sites. Other online publications, such as The New York Times, are considering offering these types of ads in 2014.

Even though many consumers seem to be at peace with sponsored content, based on results found from studies at the University of San Francisco Law School, consumers are still being exposed to deceptive advertising practices. And any time that happens, the enforcement side of the FTC is likely to get involved. Will we see an enforcement case on native advertising as early as 2014? That’s unclear, but if more companies, like the Times, plan to engage in these practices, there is a high probability we will see the FTC take action sooner rather than later.

FTC Vigilant on Children’s Privacy – Rejects Proposal for Collecting Verifiable Parental Consent Under COPPA

BY: Michelle Cohen

On November 12, 2013, the Federal Trade Commission (“FTC”), in a 4-0 vote, denied AssertID’s application for approval of a proposed verifiable parental consent (“VPC”) method under the Children’s Online Privacy Protection Rule (“COPPA”).  Under the FTC’s COPPA rule, covered online websites and services must obtain “verifiable parental consent” (“VPC”) before collecting personal information from children under 13.  The agency’s revised COPPA rule became effective in July; among other changes, it expanded the categories that can constitute “personal information.” The FTC’s COPPA rule sets forth several acceptable methods of obtaining parental consent.  Notably, the rule also allows parties to seek FTC approval of other VPC methods.

The FTC’s approval process allows organizations to present innovative VPC methods, thereby permitting flexibility and taking into account new technologies, while still ensuring that parents provide consent on behalf of their children as required under COPPA.  The FTC requires that applicants seeking approval for a unique VPC provide:  (1) a detailed description of the proposed parental consent method; and (2) an analysis of how the method is reasonably calculated in light of available technology, to ensure that the person providing consent is the child’s parent.

The FTC reviewed AssertID’s proposed VPC method following a public comment period.  AssertID’s product, “ConsentID,” would ask a parent’s “friends” on a social network to verify the identity of the parent and the existence of the parent-child relationship (“social-graph verification”).  The FTC concluded that “ConsentID” did not meet the criteria to ensure that the person providing consent is the child’s parent.  The agency determined that it is premature to approve ConsentID, since AssertID did not present sufficient research or marketplace evidence demonstrating the efficacy of social-graph verification.

The FTC also questioned the efficacy of social-graph efficacy in the “real world.”  The agency noted that relying upon social network users to confirm parental consent posed many problems including the fact that many profiles are fabricated (noting that Facebook’s SEC 10-Q indicates it has approximately 83 million fake accounts).  In conclusion, the agency found that “identity verification via social-graph is an emerging technology and further research, development, and implementation is necessary to demonstrate that it is sufficiently reliable to verify that individuals are parents authorized to consent to the collection of children’s personal information.”

The FTC has approved and denied other VPCs.  The agency’s denial of AsssertID’s application signals that while the FTC encourages the uses of new technologies to obtain VPC under COPPA, it will review new methods carefully, mandating research results and demonstrable success in a “real world” scenario rather than just a beta test.   Website operators collecting personal information of children under 13 (and “personal information” now includes geolocation information, as well as photos, videos, and audio files that contain a child’s image or voice) should review their COPPA compliance, including their methods of VPC.  The FTC continues to be especially vigilant in protecting certain categories of personal information, including children’s information, financial information, and health information.

After Being Unfairly Characterized by Regulators, For-Profit Institutions Slowly Rebranding Image

BY: Nicole Kardell

For-profit education needs rebranding. With the recent appointment of Michael Dakduk as key advisor to the Association of Private Sector Colleges and Universities, the sector has made a step in the right direction. The onslaught of negative news against for-profit educators has severely impacted industry growth. Recent reports on drops in enrollment (and thus earnings) at Bridgepoint Education, Inc.,Strayer Education, Inc., Education Management Corp. and Apollo Group Inc. demonstrate just how hard the sector has been hit.

A central problem is for-profit education’s extreme unpopularity among government regulators – thanks, largely, to some bad actors overselling their programs and pressuring prospective students. Regulators both perceive and characterize for-profit educators as unscrupulous opportunists. Unfortunately for the industry, this is a characterization regulators like to broadcast to the public without much qualification. (Query: since when did it become okay for government representatives to lambast whole industries – and imperil jobs in those industries – for the actions of a few?).  Most recently, the FTC has launched a campaign to warn veterans about for-profit education:

• “Colleges are there to help you, right? Hmm, not so fast. Not every school has got your back. Some for-profit schools may care more about boosting their bottom line with your VA education benefits. Some may even stretch the truth to persuade you to enroll, either by pressuring you to sign up for courses that don’t suit your needs or to take out loans that will be a challenge to pay off.”  (http://www.consumer.ftc.gov/blog/veterans-dont-get-schooled)
• “[S]ome schools manipulate the data or lie about how well their graduates fare.” (http://www.consumer.ftc.gov/articles/0395-choosing-college)

The FTC’s campaign, published in a news release and articles on the FTC’s consumer page, provides the above warnings about for-profit schools, offers questions to ask when choosing a school, and furnishes a link to filing a complaint with the FTC, should a consumer believe a school hasn’t lived up to its promises. The hyperlink to a consumer complaint page suggests that the FTC is actively seeking cases to pursue against for-profit educators. Any FTC enforcement action would likely involve allegations that a school deceived students about the cost, quality, or outcome of its program offerings – as the FTC is charged with protecting consumers from deception and unfairness in the marketplace.  (Section 5 of the FTC Act broadly prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’)

The FTC’s campaign follows statements made by President Obama this summer that “soldiers and sailors and Marines and Coast Guardsmen, they’ve been preyed upon very badly by some of these for-profit institutions.” The message publicly broadcast over and over decries the supposed predatory practices of for-profit institutions. It is an unfair stereotype with a significant impact on these educators, harming their enrollment numbers and forcing institutions to lay off employees and shutter campus locations.  Yes there have been bad actors; but both state and federal enforcement agencies have been active in investigating and addressing predatory and/or deceptive practices. Blackening the eyes of all for-profit educators, which results from statements such as those of the President or the FTC, is overreach.

Part of the problem for government regulators maybe their difficulty accepting that educators could legitimately make money while students earn a degree. They may have the same reservations expressed by a representative from Student Veterans of America: “I am always professionally skeptical about any institution that must answer to shareholders and investors before students and customers.” But having to answer to shareholders and investors is not necessarily a bad thing. It can serve as a check on institutions to ensure they are running their programs effectively and efficiently; it can motivate institutions to be innovative and find better ways to meet their consumers – i.e. their students – needs and demands.  For-profit educators are responsible for advancements in online education and other innovations that make education more accessible.The result: for-profit educators are to thank for opening education opportunities to many underserved groups, like single mothers.

For-profit educators are in definite need of some effective marketing to promote their benefits and to dispel the negative conceptions presumed by and relayed by government regulators and outspoken detractors. They are making steps in the right direction with APSCU’s recent appointment of Mr.Dakduk. Dakduk is a former Marine and the former executive director of Student Veterans of America.

APSCU President Steve Gunderson said Dakduk’s hiring “builds on our member institutions’ commitment to excellence in post secondary education for military and veteran students.” With Dakduk’s presence, the industry may better overcome the flinching bias of so many regulators. Dakduk has built a reputation for success in his work advocating for veterans’ education. While at SVA, he grew the organization from a small group to one with chapters at over 900 campuses nationwide.

Dakduk’s move to APSCU is even a little ironic: In one of the FTC’s articles that warn veterans about for-profit education, the agency suggests veterans consult the SVA on the credibility of schools they are considering. Dakduk’s replacement at the SVA, D. Wayne Robinson, is a graduate of Trident University, a for-profit school.

For-profit education has had its bad actors, but problems in higher education span the spectrum of colleges and universities, and it is unfair – and ultimately detrimental to students and communities – to single out for-profit institutions. Dakduk understands this and should help for-profit educators improve their image.