The Federal Trade Commission reached two settlement agreements this week in suits alleging deceptive conduct.
In the first group of cases, the agency reached a deal with 20 corporate and individual defendants that promised to help consumers launch online businesses in “work from home” scams. According to the FTC, beginning in 2006, the defendants offered to build and host Web sites for fees from $100 to $400, so consumers could receive commissions when people clicked through their sites to make purchases at major retail sites like Best Buy. They promised profits of $3,000 to $20,000 per month.
Using Web site marketing and telemarketing, the defendants also offered to provide marketing expertise, the agency said. But instead of guidance, the marketing coach tried to upsell various services such as an advertising package intended to promote the consumer’s site, for an additional $5,000 to $20,000.
The defendants failed to fulfill their promises, the agency said, and are now subject to a ban on selling work-at-home business opportunities. They were prohibiting from committing future violations of the Telemarketing Sales Rule and from misrepresenting material facts about products or services. Suspended money judgments of $17.9 million were levied against each defendant, pending the surrender of frozen funds.
In the second settlement, the FTC approved a final order settling charges that HTC America, Inc. failed “to take reasonable steps to secure the software it developed for its smartphones and tablet computers by introducing security flaws that placed sensitive information about millions of consumers at risk.”
In February, the agency said HTC violated Section 5 of the FTC Act because it neglected to review or test its software on the mobile devices to detect potential security vulnerabilities, it failed to provide its engineering staff with adequate training on security issues, it failed to follow well-known and commonly accepted secure coding practices, and it failed to formulate a process for handling security problems when the company received reports about vulnerabilities.
Under the terms of the settlement, HTC agreed to develop and release software patches to fix the vulnerabilities found in millions of devices, providing users with “clear and prominent notice” about the availability of the patches and instructions on how to install them. A comprehensive security program must also be established and maintained by the Washington-based defendant. The proposed agreement was published in the Federal Register and open for public comment.
After reviewing the comments – and providing copies of letters to five commenters on the settlement, including Adam Browning of California, who suggested that HTC “offer a full refund to the defrauded customers, and a nice chunk of change to compensate everyone for their troubles, not to mention wasted time” – the agency said it had determined that “the public interest would best be served” by not making any modifications to the settlement.
To read the complaint and stipulated final orders in the “work from home” cases, click here.
To read the complaint, stipulated final order, and letters from the FTC to commenters on the HTC settlement, click here.
Why it matters: The two settlements reflect the spectrum of enforcement actions taken by the FTC, from more traditional deceptive marketing scams – albeit in the context of the Internet – to a first-of-its-kind agreement by a defendant to provide security patches for software glitches. The case against HTC also reminds companies about the agency’s focus on data security and privacy in the mobile ecosystem, an issue clearly on the FTC’s radar.