FTC Obtains Injunction, Asset Freeze on Alleged Mortgage Scam

BY: Steven Eichorn

The Federal Trade Commission has obtained an order from the federal court for the Central District of California for a preliminary injunction and asset freeze against all the defendants in an alleged mortgage modification scam.

The complaint was filed against California-based Sameer Lakhany and a number of related corporate entities for violating the Federal Trade Commission Act and the Mortgage Assistance Relief Services Rule, now known as Regulation O. This was the first FTC complaint against a mortgage relief scheme that falsely promised to get help for homeowners who joined with other homeowners to file so-called “mass joinder” lawsuits against their lenders.

The complaint listed two separate alleged schemes that collected over $1 million in fees and used images of President Obama to urge consumers to call for modifications under the “Obama Loan Modification Programs.”

The first scheme was a loan modification plan under which the defendants allegedly promised substantial relief to unwary homeowners from unaffordable mortgages and foreclosures. Their website featured a seal indicating that it was an “NHLA accredited mortgage advocate” and that NHLA is “a regulatory body in the loan modification industry to insure only the highest standards and practices are being performed. They have an A rating with the BBB.” Unfortunately, the NHLA is not a “regulatory body” and it actually has an “F” rating with the BBB.

The defendants reinforced their sales pitch by portraying themselves as nonprofit housing counselors that received outside funding for all their operating costs, except for a “forensic loan audit” fee. According to the FTC, the defendants told consumers that these audits would uncover lender violations 90 percent of the time or more and that the violations would provide leverage over their lenders and force the lenders to grant a loan modification. The defendants typically charged consumers between $795 and $1595 for this “audit.” Also, if the “audit” did not turn up any violations, the consumers could get a 70 percent refund. Unfortunately, there were often no violations found, any “violations” did not materially change the lender’s position, and it was nearly impossible to actually get a refund for this fee.

The second alleged scheme was that the defendants created a law firm, Precision Law Center, and attempted to sell consumers legal services. Precision Law Center was supposed to be a “full service law firm”, with a wide variety of practice areas. It even claimed to “have assembled an aggressive and talented team of litigators to address the lenders in a Court of Law.” However, the FTC charged that the firm never did anything besides for filing a few complaints, which were mostly dismissed.

To assist Precision Law Center in getting new clients, the defendants sent out direct mail from their law firm that resembled a class action settlement notice. The notice “promised” consumers that if they sued their lenders along with other homeowners in a “mass joinder” lawsuit, they could obtain favorable mortgage concessions from their lenders or stop the foreclosure process. The fee to participate in this lawsuit was usually between $6,000 to $10,000. The material also allegedly claimed that 80 to 85 percent of these suits are successful and that consumers might also receive their homes free and clear and be refunded all other charges.

The defendants’ direct mail solicitation also contained an official-looking form designed to mimic a federal tax form or class action settlement notice. It had prominent markings urging the time sensitivity of the materials and it requested an immediate response.

Obviously, these defendants employed many egregious marketing techniques that crossed the FTC’s line of permissibility. However, in light of the FTC’s renewed focus on Internet marketing, even a traditional marketing campaign should be carefully crafted with legal ramifications in mind.

As a final note, it is always smart not to antagonize the FTC by proclaiming (like the defendants here did) that they are “Allowed to Accept Retainer Fees” because it was “Not covered by FTC.” We couldn’t think of a better way to get onto the FTC’s radar screen!

Identity Theft Continues to Top FTC’s List of Consumer Complaints

BY: Rachel Hirsch

For more than a decade, the Federal Trade Commission has been releasing its list of the top ten categories of consumer complaints received by the agency in the previous year. This list always serves as a good indication of the areas toward which the FTC may choose to direct its resources and increase its scrutiny.

For the 12th year in a row, identity theft was the number one complaint received by the FTC. Out of more than 1.8 million complaints the FTC received last year, 15% – or 279,156 – were about identity theft. Of those identity theft complaints, close to 25 percent were related to tax or wage-related fraud. The number of complaints related to identity theft actually declined in 2011 from the previous year, but this type of fraud still topped the list.

Most identity theft complaints came from consumers reporting that their personal information was stolen and used in government documents — often to fraudulently collect government benefits. Complaints about government document-related identity theft have increased 11% since 2009 and represented 27% of identity theft complaints last year. These numbers are likely to increase as concerns about consumer data privacy continue to garner the attention of the FTC.

After ID theft, the FTC’s top consumer complaints for 2011 were as follows:

• Debt collection complaints
• Prizes, sweepstakes, and lotteries
• Shop-at-Home and catalog sales
• Banks and lenders
• Internet services
• Auto-related complaints
• Imposter scams
• Telephone and mobile services
• Advance-fee loans and credit protection or repair

While credit cards are intertwined with many of the above complaints, complaints about credit cards themselves are noticeably absent from the 2011 list. In past years, credit card fraud was a major source of complaints from consumers. The drop in credit card-fraud-related complaints, however, is not surprising given the passage of the Credit CARD Act of 2009. This landmark federal legislation banned interest rate hikes “at any time for any reason” and limited the instances when rates on existing card balances could be hiked by issuers. The law also required lenders to give customers at least 45 days advance notice of significant changes in terms to allow card users time to shop around for better terms.

With the upcoming changes to the FTC’s advertising guidelines, there may very well be new additions to the consumer complaint list next year. Those complaints that already appear on the list are also likely to receive increased scrutiny.

How Zappos Defused a Potential Online Privacy Crisis

BY: Sarah Coffey

When hackers breached the computer systems of online retailer Zappos.com in January, they gained access to the personal information of up to 24 million customers. The information included customer names, billing and shipping addresses, email addresses, and phone numbers. In a predictable response, customers immediately filed federal class action lawsuits against Zappos, and the attorneys general of nine states sent a joint letter to the company demanding more information about the breach of consumer data.

Despite the rush to accuse, much of the personal information that was taken— names, addresses, and phone numbers — is available in any phone book or internet search. Customers and state attorneys general were so quick to accuse Zappos of wrongdoing that they did not stop to consider what Zappos did right.

Thanks to Zappos’ prior planning, the hackers were unable to reach the most sensitive information, such as passwords and full credit card numbers, because they were secured, encrypted, and stored in a separate database. When the breach came to light, Zappos responded immediately by putting into effect its existing contingency plan for a data breach. Zappos quickly alerted customers to the breach via email and automatically reset the passwords of all 24 million customers. Additionally, Zappos informed its employees of the facts of the breach and trained all employees to pitch in and respond to customer inquiries.

Certainly, as the attorneys general’s letter pointed out, there are huge risks involved with any security breach. For instance, even the limited information the hackers obtained from Zappos could be used in carrying out a targeted email phishing scheme aimed at the customers. Keeping customers’ personal information secure is a huge responsibility that all online retailers must take seriously and take every step to avoid.

While Zappos will certainly have to review the circumstances of how this happened and put into place further steps to protect customers’ information, the company’s prior planning prevented a much more serious breach, and its response was swift and effective. Zappos set a good example of the precautions that online merchants should take with customers’ information, and how to respond in case of a breach.

App Industry Begins to Regulate Itself on Data Privacy – With Nudge From Government

BY: Nicole Kardell

The data free-for-all that’s been enjoyed by the app industry is over … more or less. No longer should the industry expect to collect and use customer data – so accessible and abundant in smartphones and tablets – without notice to its customers. Since the Path fiasco (and the revelation of other major data collection controversies), data collection practices by companies with mobile applications have come under increased scrutiny on a number of levels. Congress, federal regulators (like the FTC), state regulators (like the California Attorney General), consumer advocacy groups and the media are in action mode.

Initiatives by some state and federal regulators have clearly been in the works for some time. But the Path story – in which the app company acknowledged that it took users’ address book data without permission when the app loaded on an iPhone or Android machine — brought another group into the mix of those in pursuit of the app world and its data collection practices: plaintiffs’ attorneys. A class action suit was filed in federal district court in Texas in mid-March against Path, Twitter, Apple, Facebook and other companies with online services that use consumer address books. While the suit may not get very far – the complaint does not allege much in the way of damages other than privacy violations – it nonetheless is an added cost for the companies that have to defend against it.

The best way to shift the harsh light of public concern away from the app industry is for the industry to change its practices. This has been under way since the big six mobile application platforms entered into an agreement with the California Attorney General in late February. Apple, Google, Microsoft, Amazon, Hewlett-Packard and Research In Motion signed onto a Joint Statement of Principles with the attorney general that aims to “increase awareness among application developers about their obligations to respect consumer privacy and to promote transparency in privacy practices” (and to get apps to comply with the California Online Privacy Protection Act, which is basis of the AG’s agreement).

Toward this end, the Big Six agreed to help build the framework requiring privacy policies (and easy access to those policies) for mobile applications that collect personal data. The principles are as follows:

(1) Where required by law, apps that collect personal data must conspicuously post their privacy policies, providing clear and complete information on how that data is collected and used.

(2) The Big Six will require apps to demonstrate clear access to privacy policies as a part of the application submission process (for launch on the mobile app platforms).

(3) The Big Six will develop systems for customers to report apps that do not comply with their terms of service and/or laws.

(4) The Big Six will develop systems to respond to non-compliance.

(5) The Big Six will continue to work with the AG on effective privacy measures, agreeing to reconvene in six months to evaluate privacy measures.

Notably, this agreement is yet one more instance of the way in which government agents are deputizing private companies to carry out their initiatives. While exerting pressure on major players has historically been an expeditious tack taken occasionally by government regulators, in the online world, it is the default strategy.

Here, the Big Six are clearly acting as gatekeepers to carry out the California AG’s goals: they will require app developers to institute privacy policies and they will monitor and enforce compliance. Similar deputized roles are being assumed by search engines (like Google, again) through the White House’s initiatives in its Online Privacy Bill of Rights and regulatory enforcement actions.

At first glance, this may seem troubling – who wants yet another layer of oversight? But the government and major players may be right. There are two somewhat opposing issues: interest in privacy protection and interest in encouraging app industry growth. Who best to figure the balance than companies that have skin in the game?

New Agency Scrutinizes ‘Larger Participants’ in Financial Industry – But Who Are They?

BY: Nicole Kardell

There may be a legal hurdle or two for the Consumer Financial Protection Board to jump after the recess appointment of agency director Richard Cordray (the House Judiciary Committee held a hearing on the matter on February 15). But the consumer protection agency created under the Dodd-Frank Wall Street Reform Act of 2010 is pressing forward with its initiatives. Not too surprisingly, several recently proposed initiatives from the agency would stretch the agency’s authority into areas that extend beyond the industries targeted in the Dodd-Frank Act.

The day after the House Judiciary Committee debated the constitutionality of Cordray’s appointment (it doesn’t appear that the hearing was much more than some Republican caterwauling for the record), the CFPB released news of its first major regulatory proposal: to bring consumer credit reporting agencies and debt collection services under its scrutiny.

Those who are vaguely familiar with Dodd-Frank may be aware that the legislation gives the CFPB oversight of specific nonbank markets for (1) nonbank mortgage companies, (2) payday lenders, and (3) private student lenders. These are popular and understandable targets for probes of predatory lending practices. Headlining these industries as needing increased oversight is part of what made the legislation popular and easier for Congress to pass. So where do credit reporting agencies and debt collectors fit under the regulatory scheme? Quite simply, the Dodd-Frank Act also provides for CFPB oversight of other nonbank financial companies that are “larger participants of a market for other consumer financial products or services.”

Oversight of “larger participants”? What on earth does that mean? Congress doesn’t appear to have given clear guidance on what it meant by “larger participants,” leaving the term to the agency to define. As certain as the law of gravity is the law of bureaucratic power: What is not confined (by legislative delineation) necessarily will expand.

Don’t assume that the Dodd-Frank Act’s vagueness concerning what the CFPB would oversee was … well, an oversight. Congress often provides a broad policy concept and then delegates to administrative agencies the power to run with their interpretation and execution of that concept. Hence the impossibly cumbersome Code of Federal Regulations. Even so, however, the breadth of the power delegated to the new consumer protection agency is a bit much.

To the CFPB’s immense credit, it has published at least two requests for public comment to help it define “larger participants” and included an article on the agency’s blog regarding the matter. Indeed, the CFPB seems to be doing a pretty good job of explaining its steps and initiatives and of providing a user-friendly forum to keep the public apprised of their actions. And it is not entirely the agency’s fault that it is obeying the laws of bureaucratic power reach – it would be unnatural for the agency to try to constrict its authority.

What we should glean from the CFPB’s latest proposal, though, is that the CFPB will be running with its power and companies that provide any kind of consumer finance product must be aware of the possibility of government scrutiny.

EPIC Unlikely to Prevail in Challenge to FTC Stance on Google Privacy

BY: Griffin Finan

A federal judge in the U.S. District Court for the District of Columbia agreed earlier this month to fast-track a lawsuit by a privacy group against the Federal Trade Commission, arguing that the FTC has failed to enforce the terms of a settlement agreement it reached with Google last year after the FTC accused Google of violating privacy regulations in the launch of Google Buzz.

Last year, Google and the FTC agreed on a settlement stemming from allegations that Google violated its own privacy promises to consumers when it launched its social network, Google Buzz. That investigation began with a complaint filed by the Electronic Privacy Information Center (EPIC), the same group that is the plaintiff in this current case. EPIC is not suing Google and was not a party to the settlement reached between Google and the FTC. At the time of the settlement, the FTC said it “bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program and calls for regular, independent privacy audits for the next 20 years.” 

We wrote earlier about Google’s new privacy policy, set to take effect on March 1, that would streamline and consolidate about 60 disparate policies of Google products and services.  As part of the new policy Google will aggregate data it collects on users across its products, with the exception of Google Wallet and Google Books, and develop a mega-profile on each user. The data collection includes a user’s Google searches, Gmail message content, contacts, YouTube favorites, and physical location.

On February 17, the FTC filed a memorandum in opposition to the EPIC suit and a motion to dismiss it. The agency asserted that EPIC has no legal ground for its attempt to compel it to enforce the settlement and that the lawsuit “seeks to deprive the Commission of the discretion to exercise its enforcement authority.”

EPIC’s reply, filed February 21, asserted that Google’s privacy policy changes violate the FTC’s consent order and that irreparable injury is “likely.” EPIC’s brief also suggested that there is precedent allowing for judicial review of agency rulings.

Earlier this month the European Union’s data protection authorities asked Google to delay the release of its new privacy policy until it has verified that it does not violate the EU’s data protection laws. Google responded to the EU request by sending a letter saying that it has no intention of delaying the March 1 implementation of its new policy changes.

Also earlier this month Rep. Mary Bono Mack (R-Calif.) and Rep. G.K. Butterfield (D-N.C.), the top ranking Republican and Democrat on the House Energy and Commerce Committee Subcommittee on Commerce, Manufacturing and Trade, which has jurisdiction over data-privacy issues, wrote to Google asking for more answers about changes to its privacy policy.

Earlier this week, more than 30 state attorneys general wrote to Google CEO Larry Page saying that the new Google policy forces consumers to allow information to be shared across several forums without the ability to opt out or choose their preferences for how their personal information is used. The letter also points out that Google has become known as a company that put a premium on the offering users choice in the use of their information, but now that information is being “held hostage.”

EPIC alleged in its complaint that Google has misrepresented its intention to use combined data for behavioral advertising. EPIC also alleges that the agreement gives the FTC the power to stop Google from making the planned privacy changes and that Google’s new policy requires the users’ consent. A key issue in the protests against the new policy had been that account holders will not be able to opt out of it.

Google has rejected the claims by EPIC, stating that the company has taken extra steps to notify users of the changes to the privacy policy. Google also maintains that it is not changing how any personal information is shared outside of Google and that it has created a stringent compliance policy.

A key issue in this case will be whether EPIC, a non-party to the agreement, can force the FTC to take action against Google. EPIC did not bring this action under the Federal Trade Commission Act, which is the source of the vast majority of FTC enforcement actions. Instead, this suit was brought under a section of the Administrative Procedures Act allowing challenges to agency action that is “unlawfully withheld.” 

There may be strong precedent against EPIC in this case. The Supreme Court stated in 1985 in Heckler v. Chaney that “an agency decision not to enforce often involves a complicated balancing of a number of factors which are peculiarly within its expertise . . . The agency is far better equipped that the courts to deal with the many variable involved in the proper ordering of its priorities.”

Although EPIC brings an interesting argument, it is not likely to prevail. However, with the ability of Google to unilaterally enforce its privacy changes against users and Congress and the FTC failing to take action to protect consumers, it becomes unclear who will stand up to protect privacy interests of consumers. We will continue to follow any new developments in this case.

Developers of New Apps Need to Consider Privacy Issues

BY: Nicole Kardell

There’s been much talk of Google’s upcoming streamlined privacy policy. Now come new demands for cleaner, user-friendly data collection and usage disclosures in the mobile app world. Two recent events highlight changes that online advertisers and app developers need to prepare for: (1) a letter from Congressmen Henry Waxman and G.K. Butterfield to Apple regarding the security of user address books and contacts stored on iOS devices and (2) an FTC report regarding privacy disclosures for mobile apps directed at children.

The Congressmen’s letter is in response to the recent Path address book fiasco in which Path acknowledged – and apologized for – its collection of consumer address book information without notifying users. News surrounding Path’s activities led to Congressional concerns over the extent to which consumer data, especially contact information, is being collected and stored for future harvesting, all without the consumer’s knowledge or permission. The Waxman-Butterfield letter quotes the Guardian: “there’s a quiet understanding among many iOS app developers that it is acceptable to send a user’s entire address book, without their permission, to remote servers and then store it for future reference. It’s common practice, and many companies likely have your address book stored in their database.”

The congressmen called for Apple to address how its app policies and practices protect consumer privacy. Apple was swift to respond, and within the day vowed to release a software update to prevent data collection that would violate the company’s privacy policies.

On the heels of the Waxman-Butterfield letter (but in the works well beforehand) comes a report by the FTC: “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing.” The report title pretty much says it all. The FTC surveyed some 960 kid-based apps sold through Apple and Android to determine, from the various app’s promotion pages and websites, the extent to which the developers disclose what [child] consumer data is collected and how it is used. The FTC reported that it was disappointed with the results – that disclosures were scant or nonexistent.

Tying its authority over mobile apps with its authority to enforce children’s privacy protections online through the Children’s Online Privacy Protection Act (COPPA), the FTC warned that it will be reviewing more mobile apps directed at children over the next six months, but this time, it will be enforcing– not just surveying – COPPA compliance. COPPA requires operators of online services directed to children under age 13 to provide notice and obtain parental consent before collecting items of “personal information” from children.

Several times in the FTC report the agency suggested the need for clear, concise, consistent and timely information on data collection and usage. That means disclosures of how the app (or third party advertisers) will/may use the consumer data should be upfront and precede download so that parents can determine whether or not to allow their children to use the app. Disclosures should include any connections to other social media.

The FTC report also identified (several times) the types of data that could be collected – from contact information, to location information, to call data, as well as in-app data. App developers and third party advertisers should take into account the importance of full disclosure.

Perhaps most importantly, the FTC report and the Waxman-Butterfield letter demonstrate that the government views Apple and Android (and other app stores) not just as the marketplace for app sales, but also as the gatekeepers. The FTC report pointed to Apple and Android as providing the architecture for disclosures and suggested that app stores could incorporate icons to make disclosures more easily identifiable. The Congressmen’s letter all but accuses Apple for its app’s failings.

We have been seeing increasing backdoor regulation by the government through major online presences in a couple of places, including here and here. Since government regulators acknowledge the difficulties in keeping up with developments in new technologies, it’s fair to assume they will look to major online presences to have a hand in helping keep them up to speed and keeping advertisers and developers under wraps.

New Google Policy Reminds Us All of Trade-Off Between Privacy and Efficiency

BY: Nicole Kardell

There has been much noise over Google’s new privacy policy, which is slated to take effect on March 1. It has been a cacophony of cheers and protestations. Some think the new policy brings clarity and transparency, while others complain it leaves consumers without control over their information. Above the hubbub, one thing is clear: at this point, users have to make a choice between new technologies and expectations of privacy.

The new policy will consolidate and streamline some 60 disparate policies of Google products and services. In the overview it has provided to users, Google says that it has tried to keep the policy as simple as possible. And it is an easy-to-read, relatively brief statement that is much more user-friendly than the agreements that we regularly click through in haste to access some enticing new service.

As a part of the new policy, Google will aggregate data it collects on users across its products (with the exception of Google Wallet and Google Books) and develop a “mega-profile” on each user. That data collection includes a user’s Google searches, Gmail messages content, YouTube favorites, and contacts. It also includes location tracking.

Google touts the benefits of its new policy as creating “a beautifully simple, intuitive user experience across Google.” For instance, if you search for pizza, the Google location tracker will look for a nearby pizza place. The Google calendar combination will provide reminders, based on your location, if you’re going to be late for a meeting.

The benefits sound enticing, and the user-friendly format of the privacy policy is refreshing. Apparently, the Google Dashboard will allow you to review and control the information stored in your account.

But lest we forget, the reality is that Google has acknowledged that it is collecting massive amounts of data on its users. Regardless of the usefulness and efficacy of some of its new features, users are beholden to Google (1) to securely store and (2) to defend their personal data.

Much of the negative noise over the new privacy policy stems from the fact that Google accounts users will not be able to opt out of the new policy. To prevent data from being aggregated, they would have to jump through many hoops, including creating different accounts across Google apps.

This inability to opt out is one of the prime reasons that members of Congress have had questions about the new policy. Several members sent a letter to Google CEO Larry Page, asking for detail on what would be collected, how it would be used, and what could come of that data. Google representatives ended up in a closed-door briefing with Congressional members on February 2. From initial reports, it does not appear that the members’ concerns were satisfactorily addressed in the briefing. This gives reason to question what could become of individual user’s “mega-profiles.”

Google’s new policy, and all the accompanying noise, serves as a good reminder that, in the age of new technologies, we are constantly waiving our privacy rights. How often do we click through a user agreement in haste so we can have access to a cool app? How often do we reflect on whether the benefits of the new technology truly outweigh the costs?

Compare the controversy over Google’s new policy with the recent Supreme Court holding in United States v. Jones that warrantless GPS tracking of a criminal suspect violated the Fourth Amendment. Justice Samuel Alito’s concurring opinion in the case hinted at lowering privacy expectations with new technologies: “The availability and use of these and other new devices will continue to shape the average person’s expectations about the privacy of his or her daily movements.” As we press forward in an age in which it is ever easier to get the who, what, when and why of each of us, based upon our own preference for convenience and coolness, we must face the consequences: Privacy will suffer, unless Congress does something about it.

FTC Enlists Surprising Watchdogs to Police Marketers’ Practices

BY: Nicole Kardell

The FTC is building up its army of watchdogs to police online marketing content and practices.  Who those watchdogs are – and their relationship to the industry – might surprise you.

Earlier this month, the agency entered into a settlement agreement with Central Coast Nutraceuticals, an Internet marketer of weight-loss and health products.  The agreement settles charges that were initiated against the company in 2010.  The company is one of the many marketers targeted by the FTC for its tactics in selling acai berry diet products.  Like more recent FTC targets, Central Coast was charged with deceptive advertising and unfair billing.  The deceptive advertising allegations were based on (1) the marketer’s use of phony endorsements by Rachael Ray and Oprah Winfrey and (2) the marketer’s unsubstantiated claims about the benefits of its products.  The unfair billing allegations were based on the marketer’s “free trial” scheme that baited consumers into pricy negative continuity programs.

Those  tracking the FTC’s enforcement actions against online diet marketers are familiar with these allegations.  Last spring, the FTC halted the sites of 10 operators who marketed acai berry diet pills for alleged fake endorsements from major media networks and unsubstantiated claims about the pills’ efficacy.  An eleventh operator was slapped with an action last December for the same issues, including the use of negative continuity programs.

Since Central Coast was the first of these marketers to come under the agency’s fire, and the first to enter into a settlement agreement (the actions of the other 12 operators are still pending), it is likely that the Central Coast settlement agreement will be the template for the suits to follow. (The  FTC uses its settlement agreements to establish its legal standards.)

A term in the settlement agreement that caught our attention is a requirement that the company monitor affiliate marketers it does business with in the future.  This obligation includes reviewing marketing materials to make sure that  those materials comply with the provisions of the settlement agreement.  Again, the Central Coast agreement likely will be the standard for subsequent enforcement actions, so these monitoring duties likely will be included in future agreements with other companies.

There have been a few FTC actions in the past that have imposed monitoring duties on companies who find themselves in hot water with the agency.  In March of last year, a seller of instructional DVDs entered into an agreement  with the FTC that requires the company to periodically monitor and review affiliates’ representations and disclosures.  That includes monthly visits to top affiliate websites “done in a way designed not to disclose to the affiliates that they’re being monitored.”

What does this mean?  Corporate spying has taken on new meaning, thanks to FTC sanctions.  Affiliate marketers have their business partners as their proverbial Gladys Kravitz.  It is likely that this type of government-imposed self-regulation will become increasingly the norm.  The FTC doesn’t like affiliate marketers or the layers of puffery they create between advertiser and consumer.  Policing for free through private companies is a win-win for the agency.

Ifrah Law is a leading white-collar criminal defense firm that focuses on financial services.

HCG Marketers Face Hot Pursuit by FDA, FTC

BY: Nicole Kardell

Putting a snag in New Year’s resolutions for pound-shedding, the FDA and the FTC recently sent out warning letters to several companies that sell HCG-based diet products online. (These companies include Nutri-Fusion Systems LLC, Natural Medical Supply, HCG Platinum, LLC, theoriginalhcgdrops.com, HCG Diet Direct, LLC, and Hcg-miracleweightloss.com.)

The warning letters, which came at the outset of the holiday season (and just before the January windfall for the diet industry, which the government may or may not have had in mind), allege that the companies are in violation of federal law (1) for selling unapproved and misbranded new drugs and (2) for advertising the health benefits of products without sufficient back-up research.

The products at issue, generally liquid drops, contain the human chorionic gonadotropin (HCG) hormone, which comes from human placenta and is extracted from pregnant women’s urine. HCG has been popular for weight loss since the 1950s, when a British doctor published a study that the hormone aided dramatic weight loss (of up to a pound a day) by mobilizing fat stores without affecting muscle or normal/structural fat. The popularity of HCG-based diet products escalated in 2007 when the notorious infomercial man, Kevin Trudeau, published a diet book on HCG.

Responding to the increased demand, in came many enterprising online marketers. But there’s an issue with selling these products – government regulation. HCG is FDA-approved, but only as a prescription drug and only for certain medical conditions, which do not include weight loss.

To get around this government roadblock, companies have marketed their HCG products as “homeopathic.” The FDA allows for the manufacture and distribution – without FDA approval – of homeopathic drugs provided those drugs meet criteria set out in the agency’s Compliance Policy Guide under “Conditions Under Which Homeopathic Drugs May be Marketed (CPG 7132.15).”

But according to the FDA’s warning letters such as this one, the HCG products marketed by these companies don’t meet the Compliance Policy Guide criteria. The biggest issue, which companies are going to have a hard (read impossible) time getting around is that HCG is not an established homeopathic active ingredient. And if a product has any non-homeopathic active ingredients, it falls out of the homeopathic exceptions under the CPG. Since HCG is a regulated drug (several states, including California and New York, list it as a Schedule III controlled substance) and can’t fall under the homeopathic exception, companies marketing HCG-based products are subject to a host of FDA regulations that require FDA involvement and approval. As these companies operated outside the FDA’s purview, they now find themselves in hot water.

The FDA isn’t the only government agency barking up these marketers’ money trees. The FTC joined the investigation and incorporated their allegations into the warning letters. The letters note that the companies’ websites make a host of claims that the government alleges are unsubstantiated. Any advertisement that includes health claims requires “competent and reliable scientific evidence,” such as human clinical studies.

The letters give the companies 15 days to take corrective measures and notify the government of those measures. If you go on these companies’ sites today, you’ll notice a lot of “coming soon” and “products currently being improved”-type language. And this all takes place during the New Year’s resolution timeframe, when these companies could be raking it in.

A few takeaways from the warning letters: (1) If you are going to invest time and money into a product being marketed purely through a regulatory loophole, make sure you satisfy all the criteria to meet that exception. (2) Don’t go where Kevin Trudeau has gone. This is meant to be partially glib, but the fact of the matter is that Trudeau is an FTC pet peeve. You can be sure of FTC involvement if you trek the same path he has. (3) Disclaimers are not enough to avoid the FDA. A couple of the HCG marketers to whom warning letters were issued had included disclaimers on their websites that the products are not intended to treat, cure or prevent disease. Such disclaimers, according to the FDA, could not overcome other health claims and language on the sites. (4) At the end of the day, if the government wants to give you a hard time, there is little you can do about it. Other warning letters issued by the FDA regarding homeopathic products noted that “that there may be circumstances where a product that otherwise may meet the conditions set forth in the CPG may nevertheless be subject to enforcement action.” With this last pointer, all we can say is, do a cost-benefit risk analysis.