The Federal Trade Commission, the nation’s chief privacy agency, issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.
The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. Most of the recommendations involve making sure that consumers get timely, easy-to-understand disclosures about what data they collect and how the data is used.
Jon Brodkin -Dec 5 2012
How Windows tech support scammers walked right into a trap set by the feds
When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn’t spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.
FTC press release 10/03/2012
FTC Halts Massive Tech Support Scams
Tens of Thousands of Consumers Allegedly Tricked Into Paying for Removal of Bogus Viruses and Non-Existent Spyware, and Allowing Scammers to Remotely Access their Computers
The Federal Trade Commission has launched a major international crackdown on tech support scams in which telemarketers masquerade as major computer companies, con consumers into believing that their computers are riddled with viruses, spyware and other malware, and then charge hundreds of dollars to remotely access and “fix” the consumers’ computers.
At the request of the FTC, a U.S. District Court Judge has ordered a halt to six alleged tech support scams pending further hearings, and has frozen their assets.
“The FTC has been aggressive – and successful – in its pursuit of tech support scams,” said FTC Chairman Jon Leibowitz. “And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem.”
Brussels, 26 January 2011
Mergers: Commission clears Intel’s proposed acquisition of McAfee subject to conditions
The European Commission has approved under the EU Merger Regulation the proposed acquisition of McAfee, a vendor of information technology security, by Intel, both of the US. The approval is conditional upon a set of commitments ensuring fair competition between the parties and their competitors in the field of computer security, a growing concern due to the exponential rise in the number of malware such as viruses. The Commission was concerned that rival IT security products could be excluded from the marketplace given Intel’s strong presence in the world markets for computer chips and chipsets. In particular, the Commission worried about the high likelihood that the merged entity would embed its own security solutions into its chips and chipsets. To alleviate those concerns, Intel committed to ensuring the interoperability of the merged entity’s products with those of competitors.
The US Federal Trade Commission (FTC) approved the acquisition in December.
FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers
Endorses “Do Not Track” to Facilitate Consumer Choice About Online Tracking
“Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well,” said FTC Chairman Jon Leibowitz.
The makers of the popular Firefox Web browser are exploring ways to create a do-not-track mechanism that could offer Internet users a way to avoid being monitored online.
The effort comes just months after Firefox’s creator, Mozilla Corp., killed a powerful new tool to limit tracking under pressure from an ad-industry executive, The Wall Street Journal has learned. Mozilla says it didn’t scrap the tool because of pressure, but rather out of concern it would force advertisers to use even sneakier techniques and could slow down the performance of some websites.
Read more: Wall Street Journal
Graham Cluley’s blog
A ghastly story reaches me of a man who committed suicide, after losing $50,000 to West African romance scammers.
67-year-old Al Circelli, shot himself in the living room of his home in Yonkers, New York, after – his family say – he became embroiled in an international romance scam that caused him to lose thousands of dollars and even steal from his relatives.
Circelli’s son Peter says he stumbled across evidence that his late father had wired considerable amounts of money to Ghana, and discovered email messages and photos on his father’s laptop supposedly from a woman called Aisha, who wanted to come to the USA to begin a new life and promised to bring a small fortune with her
Many victims have been devastated monetarily by such scams over the years. One can only imagine the emotional pain.
FTC: The “Nigerian” Scam, Costly Compassion
FTC Press release
At the request of the Federal Trade Commission, a federal court has halted an elaborate international scheme that used identity theft to place more than $10 million in bogus charges on consumersâ€™ credit and debit cards, pending a trial. More than a million consumers were hit with one-time charges of $10 or less, and their payments were routed through dummy corporations in the United States to bank accounts in Eastern Europe and Central Asia.
The defendants, using phony company names resembling real companies, and information taken from identity theft victims in the United States, opened more than 100 merchant accounts with companies that process charges to consumersâ€™ credit and debit card accounts, according to the FTC complaint. The FTC believes the defendants may have run credit checks on the identity theft victims first, to be sure they were creditworthy. The defendants also cloaked each fake merchant with a virtual office address near a real merchantâ€™s location, a phone number, a home phone number for the â€œowner,â€ a Web site pretending to sell products, a toll-free number consumers could call, and a real companyâ€™s tax number found on the Internet.
The FTC alleged that with spam e-mail, the defendants recruited at least 14 â€œmoney mulesâ€ â€“ people in the United States they paid to form 16 dummy corporations, open associated bank accounts to receive the card payments, and transfer the money overseas. The defendants used debit cards linked to these bank accounts to set up telephone service, virtual addresses, and Web sites that helped deceive the card processors, according to the complaint.
FTC Press Release
The Federal Trade Commission has put the brakes on the business practices of an operation that was selling spyware and showing customers how to remotely install it on other peopleâ€™s computers without their knowledge or consent.
The FTC is announcing a settlement that bars the sellers of the â€œRemoteSpyâ€ keylogger from advertising that the spyware can be disguised and installed on someone elseâ€™s computer without the ownerâ€™s knowledge. It requires that the software provide notice that the program has been downloaded and obtain consent from computer owners before the software can be installed.
In 2008, the FTC filed suit against CyberSpy Software, LLC and its owner, Tracer R. Spence, alleging they were violating the law by advertising and selling RemoteSpy, a keylogger software program that the defendants touted as a â€œ100% undetectableâ€ way to â€œSpy on Anyone. From Anywhere.â€ According to papers filed with the court, the defendants provided their clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an e-mail. When the e-mail recipient clicked on the attachment, the RemoteSpy program was downloaded and installed without the victimâ€™s knowledge. The spyware recorded every keystroke typed on an infected computer; captured images of the computer screen; obtained passwords, and recorded Web sites visited. To access the information gathered and organized by the spyware, RemoteSpy clients logged into a Web site maintained by the defendants.
The final Order bars the defendants from providing purchasers with the means to disguise the product as an innocent file or e-mail attachment. It also requires that they inform purchasers that improper use of the software may violate state or federal law. The final Order also requires the defendants to take measures to reduce the risk that their spyware is misused, encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers on which it was previously installed.
Wednesday May 5th, fourteen privacy and consumer protection groups joined the Electronic Privacy Information Center (EPIC) in filing a 38-page complaint against Facebook with the Federal Trade Commission.
The Electronic Privacy Information Center, the Bill of Rights Defense Committee,
the Center for Digital Democracy, the Center for Financial Privacy and Human
Rights, the Center for Media and Democracy, the Consumer Federation of America,
the Consumer Task Force for Automotive Issues, Consumer Watchdog, the Foolproof
Initiative, Patient Privacy Rights, Privacy Activism, Privacy Journal, the Privacy
Rights Clearing House, the United States Bill of Rights Foundation, and U.S. PIRG
(hereinafter â€œPetitionersâ€) urge the Commission to investigate Facebook, determine
whether the company has in fact engaged in unfair and/or deceptive trade practices,
require Facebook to restore privacy settings that were previously available as detailed
below, require Facebook to give users meaningful control over personal information,
and seek other appropriate injunctive and compensatory relief.
FTC Press Release 2/25/2010.
ControlScan, a company that consumers have relied on to certify the privacy and security of online retailers and other Web sites, has agreed to settle Federal Trade Commission charges that it misled consumers about how often it monitored the sites and the steps it took to verify their privacy and security practices. The settlements will bar future misrepresentations. The founder and former Chief Executive Officer has entered into a separate settlement that requires him to give up $102,000 in ill-gotten gains.
Third-party privacy and security certification programs like ControlScan are used by Web sites to assure visitors and customers that the site is secure and consumers can feel confident about providing personal and financial information. Certification companies provide privacy and security â€œsealsâ€ to convey that an independent party is auditing the practices of the site regularly to be sure its data is not vulnerable.
Hat tip: http://blogs.pcmag.com/securitywatch/2010/02/controlscan_settles_misreprese.php
Widespread Data Breaches Uncovered by FTC Probe
The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizationsâ€™ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them.