WASHINGTON--Federal regulators may be probing Comcast's throttling of BitTorrent filesharing traffic, but can they actually take action, if they choose, against the company or any other broadband provider on Net neutrality grounds?
The answer may not be simple. And if the FCC and other regulators are really powerless--in other words, if they need Congress to enact new laws--it means that any threats to take action against Comcast, based on alleged violations of the law today, are merely empty ones.
That's the issue that former staffers and officials from the Federal Communications Commission and Federal Trade Commission took up at an event here on Thursday.
Both the FCC and the FTC have said in the past that they believe they already have ample authority to go after allegations of network operators blocking, degrading, or prioritizing Internet content. They've used that stance to argue against the need for new regulations sought by Google, Amazon.com, and a wide swath of consumer advocacy groups.
FCC Chairman Kevin Martin, for his part, recently reasserted the position, in the context of the Comcast investigation, that his agency can act against complaints of unreasonable network management. Comcast, however, has publicly disagreed, prompting some to speculate that the issue might ultimately get fought out in court--perhaps even the same court that unceremoniously told the FCC it did not have the authority to impose the so-called broadcast flag.
Panelists speaking at Thursday's event also cast doubts on how much power the FCC really has.
The reasons they gave lie in a labyrinthine legal history of how broadband is regulated. Several years ago, the FCC decided to take an increasingly hands-off approach to broadband, or "information," services--a move that the Supreme Court upheld in a 2005 decision. In doing so, the FCC consciously separated those services from telephone services, which have traditionally been heavily regulated and are required to abide by certain nondiscrimination rules.
Although the agency subsequently adopted four broadband "principles" that say consumers have the right to access the lawful content, applications, and services of their choosing and connect devices as they please, those aren't hard-and-fast rules that can be enforced, said Rebecca Arbogast, an analyst with Stifel Nicolaus.
Combine that with a series of recent court decisions that knocked the FCC for overstepping its boundaries--including the one over the broadcast flag--and "there's a very high risk that the commission would be not found to have the jurisdiction to go forward and do something that would constrain wireless companies, cable companies, phone companies from managing their traffic," said Arbogast, who previously served as chief of the telecommunications division of the FCC's International Bureau.
Kyle Dixon, a partner with the law firm Kamlet Shepherd who once served as a legal adviser to former FCC chairman Michael Powell, said the FCC may have the authority to write and enforce Net neutrality rules, but most likely only in a limited sense.
The FCC's Martin has indicated in the Comcast-BitTorrent debate, for instance, that he would like to force broadband operators to disclose more fully to their customers how they manage their networks. If the FCC decides to require ISPs to make such disclosures, such a move is arguably narrow enough to hold up in court because the agency could argue transparency is essential to helping the free market function, Dixon said. (Free-market economists would argue, on the other hand, that no government intervention is required at all.)
But, based on its previous reactions to some FCC rules, Dixon said an appeals court would most likely balk at the agency's attempts to do anything more dramatic--such as writing rules prohibiting ISPs from charging content companies for premium placement, as Net neutrality advocates support.
Former FCC Commissioner Harold Furchtgott-Roth, an economist, said it's difficult to predict whether the FCC could get away with writing stricter Net neutrality rules or enforcing its policy statement.
"I've always been amazed at the amazing arsenal of legal authority the commission has claimed to have," he said. "I don't always agree with it."
And what about other government agencies? The FTC, for its part, concluded in a report last summer that it already has sufficient authority to investigate alleged misconduct by Internet service providers through its shared antitrust oversight responsibilities with the Department of Justice and through existing consumer protection laws barring unfair and deceptive practices.
Dan Caprio, a private consultant who served as former FTC Commissioner Orson Swindle's chief of staff for more than six years, suggested the report speaks for itself: that the FTC can take action against allegedly anticompetitive or deceptive activities by ISPs.
The FTC may well have those powers, but it doesn't mean they'll actually be relevant to resolving complaints about alleged Net neutrality violations, said former FTC Commissioner Christine Varney.
For example, the FTC could theoretically require ISPs to disclose their network management practices more transparently as a result of a complaint. But, practically speaking, such disclosures may not be all that useful to the average consumer who just wants to surf the Web and doesn't understand the technical underpinnings, suggested Varney, who is now the head of the Internet practice at the law firm Hogan & Hartson. She also questioned the relevance of antitrust law in the Net neutrality debate.
"It's not clear to me there's anything inherently anticompetitive, from an antitrust standpoint, about the concept of prioritization," Varney said. "The tools are there...can they be used effectively? I don't know."
News.com's Declan McCullagh contributed to this report
An online advertising company accused of luring customers with deceptive offers of "free" iPhones, laptop computers, plasma televisions, and other goods has agreed to pay a record $2.9 million fine as part of a settlement with the Federal Trade Commission.
According to a federal court filing (PDF) released Monday, since at least early 2005, Westlake Village, Calif.-based ValueClick and its subsidiary Hi-Speed Media have been attempting to lure consumers to their Web sites through e-mails and Web-based ads bearing slogans like "Free PS3 for survey" or "let us buy you a 42 inch plasma tv! Just type in your zip code." The purpose of those operations was "lead generation"--that is, connecting consumers with advertisers trying to sell certain goods or services, the FTC complaint said.
Trouble is, the companies didn't disclose "clearly and conspicuously" that, in reality, the offers weren't exactly free, the FTC charged. Instead, consumers were required to fulfill certain obligations or incur various other expenses--for instance, applying for car loans or credit cards--in order to qualify for those goods. In addition to allegedly running afoul of a broader law prohibiting unfair and deceptive practices, the FTC said that misleading subject lines in those e-mails violated the 2003 Can-Spam Act, which regulates distribution of bulk e-mail.
The alleged violations didn't stop there: The companies also gathered sensitive credit card and financial information but did not encrypt that data in a way that's consistent with industry standards or take other steps to protect it from hackers--even though they claimed to do otherwise, the FTC said.
The charges resulted in the largest settlement amount the FTC has reached under Can-Spam, the agency said in a statement. Until Monday's announcement, the FTC's highest settlement under Can-Spam occurred in March 2006, when a company called Jumpstart, which allegedly sent misleading e-mails offering free movie tickets,
It was also the FTC's third case targeting "deceptive promises of free merchandise" by Internet lead generation enterprises. In a case last November, a company called Adteractive, which allegedly lured customers to its Web sites with promises of "free gifts," agreed to pay $650,000 in civil penalties as part of an FTC settlement.
In addition to the monetary payout, ValueClick is required to make clear disclosures about what its customers must do in exchange for the free products. It also must establish and maintain a "comprehensive security program" for protecting personal information, subject to mandatory "independent third-party" reviews, for 20 years.
ValueClick apparently knew the settlement was coming more than a month ago. At that time, it released a statement saying it expected the $2.9 million charge, although, as is the norm in these arrangements, it did not concede it had violated any laws. The company also said the FTC complaint referred only to "past practices" of its Hi-Speed Media subsidiary and not other portions of its company.
Before becoming official, the settlement is subject to approval from a federal district judge in California.
Customers of HSBC, Bank of America, and Washington Mutual suffer the highest rates of identity theft in the banking industry, according to an investigative study released Wednesday by a UC Berkeley Law School researcher.
The Federal Trade Commission received over 245,000 reports of identity theft in 2006, but does not typically publish the names of the financial firms and companies listed in the reports. Through an extensive Freedom of Information Act request, Chris Hoofnagle, a staff attorney at UC Berkeley's Boalt School of Law, was able to get detailed records on the individual consumer complaints.
Hoofnagle received detailed information for three randomly chosen months in 2006: January, March, and September. These months included data from 88,560 complaints, with 46,262 names of institutions identified by victims.
Estimated Annual Incidents Per Billion in Deposits Among Largest US Banks (2006)
(Credit: With permission from Chris Hoofnagle)Once he crunched the numbers, Hoofnagle discovered that HSBC has the highest rates of reported identity theft in the financial industry during 2006, when adjusted for billions of dollars in deposits. Bank of America and Washington Mutual came in a close second and third. According to Hoofnagle's stats, HSBC had 21 incidents of identity theft per billion dollars in deposits, Bank of America/MBNA had about 17, while Washington Mutual had 16. Online banking leader ING had the lowest rates in the industry, with just a single reported incident.
Technically, American Express and Capital One lead the pack--with 485 and 242 respective incidents per billion dollars in deposits. However, Hoofnagle excluded them from the graph due to the small scale of each company's banking operation (Amex's 7 billion in deposits compared with Bank of America's nearly 760 billion).
Outside of the financial services sector, telecom giants AT&T and Sprint suffered from more than 9,100 and 8,300 estimated reported cases of identity theft. As the firms do not publish the numbers of customers they serve, it was impossible for Hoofnagle to break these numbers down further.
While the FTC incidents that Hoofnagle examined were from 2006, a number of recent reports indicate that HSBC has recently been overwhelmed with a "a wave of banking fraud." Real numbers to back up these reports will not be available from the FTC for some time.
The levels of theft described by Hoofnagle's match up nicely with a 2007 report released by Cambridge University researchers, which revealed that Bank of America and Washington Mutual took the longest time to shut down phishing sites targeting the banks. Sites masquerading as BofA and Wamu typically stayed online for more than 100 hours, compared with less than two days for Chase and PayPal.
Finally, while the FTC publishes an annual identity theft report, it is not required to break down its figures and reveal the names of the most frequently victimized banks. While states like California have been able to pass significant pro-consumer data breach legislation, this is one area where states have little power. Incidents of identity theft are primarily reported to the FTC, and not to state attorneys general. To force the FTC to voluntarily publish such data, federal legislation will be required--something that is unlikely to happen.
Hoofnagle's 16-page study, with detailed numbers and graphs, can be found here.
Federal Trade Commission regulators said Thursday that Google's controversial $3.1 billion merger proposal with DoubleClick can proceed, despite earlier complaints raised by competitors and privacy advocates.
FTC regulators have been reviewing the proposed merger for months for possible antitrust violations, after Google announced plans in April to acquire the online ad serving company.
"After carefully reviewing the evidence, we have concluded that Google's proposed acquisition of DoubleClick is unlikely to substantially lessen competition" in the online advertising space, the commissioners wrote in their majority statement.
The vote was 4-1, with Commissioner Pamela Jones Harbour issuing a dissent that reflected her "alternate predictions about where this market is heading, and the transformative role the combined Google/DoubleClick will play if the proposed acquisition is consummated."
For more in-depth coverage, see "FTC allows Google-DoubleClick merger to proceed."
In the seemingly waning days of the U.S. government's antitrust review of the Google-DoubleClick union, consumer groups are lodging a last-minute plea: don't forget about privacy.
That was the message during a conference call with reporters Tuesday morning hosted by the Electronic Privacy Information Center and the Center for Digital Democracy.
The directors of those groups, who predicted a decision by the Federal Trade Commission is "imminent," voiced concern that the FTC may overlook the potential privacy implications raised by the combined user massive data stores of the two prominent companies. (The two Washington-based groups, who have positioned themselves as arguably the most vocal opponents of the merger, filed a privacy complaint with the FTC earlier this year.)
Their predictions about the FTC's stance are hardly theoretical. In November, Democratic commissioner Jon Leibowitz told participants at a public workshop on online behavioral advertising that "our analysis of the merger has got to be about competition and potential competition. It can't be about privacy per se."
But EPIC and CDD insist that's not the case. They argue the FTC has ample legal authority--and moreover, they contend, is obligated--to address privacy issues in its merger review and to impose conditions, if necessary, to ensure the united company does not imperil consumer privacy.
"What Google is claiming, and I'm concerned some commissioners may embrace, is the notion that there are not specific privacy concerns intrinsic to the Google-DoubleClick merger, which frankly is absurd on the face of it, when you're merging the two number ones in search and advertising with vast data for targeting all across the globe," said Jeff Chester, CDD's executive director.
Senators Herb Kohl (D-Wisc.) and Orrin Hatch (R-Utah), who lead a Senate antitrust panel that held a hearing on the merger this fall, and a dozen House of Representatives Republicans have also raised questions about the privacy implications of the deal. (The European Union, which expects to issue its ruling on the deal by April, said Monday that it plans to hold a January hearing in Brussels on the privacy implications.)
"I think they're in a very difficult position at this point if they ignore what they're hearing from the Hill," said EPIC executive director Marc Rotenberg. "I would go back to Commissioner Leibowitz and see whether he'd give the same speech again."
FTC representatives were not immediately available for comment Tuesday.
The groups said they're also unamused by Federal Trade Commission Chairman Deborah Platt Majoras's dismissal last week of accusations that her participation in the review process posed a clear conflict of interest. Majoras' husband is a partner with the law firm Jones Day, where Majoras herself used to work, and Jones Day stated at a now-deleted corporate Web page that it was representing DoubleClick "on the international and U.S. antitrust and competition law aspects of its planned $3.1 billion acquisition by Google Inc."
FTC spokespeople later said Jones Day was representing DoubleClick before the European Commission only and had not yet "appeared before" U.S. regulators. Majoras later released a statement saying she would not recuse herself because her husband "is in no way connected to the matter, nor are any of the parties to the matter otherwise currently his clients."
Rotenberg disagreed. "It is still our view she is required under federal law and agency guidelines to recuse herself," he told reporters Tuesday.
In addition to having filed a Freedom of Information Act request with the FTC seeking all documents exposing ties between Jones Day and the Google-DoubleClick matter, Rotenberg said the groups are now strongly considering the possibility of filing a court challenge against Majoras' failure to recuse herself. They haven't yet decided whether they'd file suit before or after the FTC releases its decision, Rotenberg said.
Google declined to comment directly on the privacy groups' latest activities but sent CNET News.com the following statement: "This acquisition is good for consumers, advertisers and website publishers and we continue to be confident that it will be approved."
A Federal Trade Commission official on Thursday issued a warning of sorts to Internet companies: stop collecting information about your users by default, and give them shorter, more conspicuous details about what's going on with their data.
The government doesn't need to force such practices "at this point," said Commissioner Jon Leibowitz, a Democrat. But in his view, online services need to start offering users more "meaningful choices," such as the ability to "opt in" to placement of Web cookies on their machines from the start, rather than the typical "opt out" scenario. Those options are especially important as more and more sites share information gleaned from those tracking tools with third parties, he said.
The logo for the FTC's two-day town hall event.
(Credit: Federal Trade Commission)"The current 'don't ask, don't tell' mentality in online profile tracking needs to end," he said in a speech near the start of a two-day FTC workshop on behavioral marketing.
In any case, he said the FTC won't hesitate to bring lawsuits against companies if there's evidence of "problematic practices" in the increasingly sophisticated world of behavioral marketing, in which companies seek to deliver ads based on tracking consumers' search, searching and other Internet-based habits.
"As the Internet has evolved, the ad targeting has become more sophisticated, arguably bringing greater benefits and a richer experience to consumers, but the question is, at what cost?" Leibowitz asked. "Are we paying too high a price in privacy?"
The online advertising industry, not surprisingly, says it's aware of potential privacy threats but argues self-regulation is the best way to manage them.
Burdensome government regulations could stunt the delivery of new services, Randall Rothenberg, president of the Interactive Advertising Bureau (of which News.com parent company CNET Networks is a member), told workshop attendees. That's because increasingly sophisticated analysis of "non-personally-identifiable data to detect patterns in peoples' interests and consumption habits" has led to a surge in interactive, often free content and has helped to usher in a "renaissance" in American mom and pop shops, he said.
But Leibowitz said he wasn't so sure a hands-off government approach will be enough. One "very promising approach," he said, would be creating a "do-not-track" list for Web surfers. That idea, proposed to the FTC Wednesday by nine privacy and consumer advocacy groups, would involve requiring all online advertisers that use "persistent tracking technologies" (such as cookies) to register domain names of all such servers with the federal agency, so that consumers could set their browsers to block them. (It's modeled after the do-not-call list, which allows consumers to register their phone numbers with the FTC in order to evade telemarketing calls.)
It's particularly troubling when online ads target children and teenagers, Leibowitz added. A 1998 federal law called the Children's Online Privacy Protection Act, requires sites targeting children under 13 to post their data-collection practices and obtain verifiable parental consent before gathering information about children or sharing it with a third party.
But with the rise of targeted advertising approaches, the "parental buffer between advertisers and our children" seems to be "eroding," Leibowitz said. Although he seemed to suggest legal updates may be necessary, he said it wasn't yet clear what specific steps the government should take.
Leibowitz acknowledged that Internet companies are already "making progress." The major U.S. search engines in particular are "literally tripping over each other," as he put it, to improve their privacy policies, minimize data retention and anonymize personal information.
Still, his comments included many of the same concerns detailed in a supplemental privacy complaint that two public-interest groups filed Thursday with the FTC. They called out the rise of social-networking sites and increasingly "invasive" marketing techniques as reason for a federal investigation and, potentially, new Internet privacy rules.
Privacy groups have already asked the FTC to investigate the potential privacy implications of Google's proposed buyout of online ad-tech company DoubleClick.
Leibowitz said he wasn't at liberty to give any details on that review process, except to say the staff "is working through this matter as expeditiously as possible given the complexity of the deal."
He added, however, that "our analysis of the merger has got to be about competition and potential competition. It can't be about privacy per se."
Updated at 2:29 p.m. PDT Thursday: Two public-interest groups are asking the U.S. government to target what they claim are "invasive" online marketing schemes--especially those involving social-networking Web sites or targeting children and teenagers.
In a lengthy new complaint expected to be filed Thursday with the Federal Trade Commission, the Center for Digital Democracy and the U.S. Public Interest Research Group (PIRG) say they're concerned that Internet users are more "vulnerable" than ever to increasingly sophisticated advertising techniques that depend on tracking and compartmentalizing people's behavior and preferences.
"The new business models of the Internet and mobile commerce can stimulate the economy and offer consumers choices," Ed Mierzwinski, PIRG's consumer program director said in a statement. "But unless the FTC steps in now and sets some basic rules for privacy protection, the costs to consumers posed by so-called behavioral targeting, the manipulation of both surfing and price choices, and the 24/7 corporate surveillance and dossier-building will easily outweigh any supposed benefits to consumers."
The complaint is timed to coincide with the FTC's online advertising workshop on Thursday and Friday in Washington, D.C.
The latest filing builds on a complaint filed by the same two groups around the same time last year. Singling out Microsoft's new-at-the-time advertising ventures, they had called on the FTC to review and potentially limit online business models dependent on technologies that "aggressively track us wherever we go, creating data profiles to be used in ever-more sophisticated and personalized 'one-to-one' targeting schemes." The latest filing also reiterates a call for Congress to pass new federal legislation.
Raising a fuss
The groups aren't alone in raising a fuss over emerging online-marketing approaches. Separately on Wednesday, a coalition of nine privacy and consumer groups launched a campaign urging the FTC to establish a "do-not-track" list designed to allow consumers to evade aggressive, targeted advertising messages. That proposal would require online advertisers that use "persistent tracking technologies" (such as cookies) to register domain names of all such servers with the FTC, so that consumers could set their browsers to block them.
Even in the absence of new legislation or regulations, however, all modern Web browsers can be configured to reject cookies--which means that a search engine or other Web site can't track you across visits. (See CNET News.com's FAQ on search privacy and FAQ on protecting yourself from search engines.)
The Center for Digital Democracy and PIRG say that social-networking sites--most notably the wildly popular MySpace.com and Facebook, with their some 140 million combined users--are increasingly "exploiting behavioral targeting and other advanced micro-marketing techniques" based on the detailed personal information that people include in their profiles.
"Instead of online communities supported by advertising, they are fast becoming marketing vehicles that host communications," an early version of the complaint states.
The groups also criticize companies that target their ads based on a person's perceived racial and ethnic background, citing, for instance, AOL's attempts to reach African-Americans through its "AOL Black Voices" portal. They also say it's worrisome from a privacy perspective that they're witnessing advertisers that attempt to group visitors into "behavioral groups" like "fashion freaks" or "nutrition nuts"--which has been a commonplace practice for decades in the magazine and direct-mail world.
Negative perceptions
The goal of the complaint is for the FTC to launch an investigation into each of those concerns and, more broadly, the data collection and behavioral targeting practices of various major Web advertising players. The groups said they hope the agency will use its existing legal authority to crack down on "unfair and deceptive practices" and suggested additional privacy rules would be advisable.
Companies called out by privacy advocates for their advertising practices have already been scrambling recently to fend off negative perceptions of their activities. Google launched on Wednesday a "privacy channel" on YouTube, which features descriptions of its privacy policies. Earlier this year, Google and other major search engines announced greater privacy protections for people, including procedures to delete or partially anonymize search logs.
AOL said on Wednesday that it would allow people to opt out of cookies that track surfing habits and use them to serve up targeted ads. In addition, the Network Advertising Initiative has long allowed people to opt out of targeted advertising displayed by companies including 24/7 Real Media and DoubleClick.
Rep. Edward Markey, a Massachusetts Democrat who heads a House of Representatives panel dealing with Internet issues, released a statement on Thursday supporting the need for the FTC to look into "the privacy impacts of Internet tracking and targeting techniques."
"When consumers search for information online," he said, "they may be unaware of marketers in their wake, who are scooping up the digital traces of consumers' online activities and compiling profiles that could undermine privacy."
Google launched a privacy channel on YouTube Wednesday with videos explaining its privacy policies. The move comes on the eve of a two-day Federal Trade Commission-hosted town hall event on behavioral ad targeting to be held in Washington, D.C.
In a Google video titled "Google Search Privacy: Plain and Simple," a Google support engineer draws on a whiteboard, explaining what type of information is collected by Google servers, such as IP address and cookie data, when you conduct a Google search.
A video on Google's privacy channel explains the basics about the company's privacy practices. This screenshot shows a whiteboard drawing of the type of log data Google keeps when someone conducts a Web search.
(Credit: Google)"In future videos, we'll talk about why Google keeps logs, what information we record when you're signed into a Google account, and steps you can take to increase your privacy when surfing online," a description under the video says.
Another video shows Peter Fleischer, Google's Global Privacy Council, speaking at the 29th International Conference of Data Protection and Privacy Commissioners in Montreal in September. But you'll have to speak French to understand that one.
An entry on the Google Public Policy Blog announces the privacy channel and says that those speaking at the town hall meeting will include Tim Armstrong, Google's president of North American advertising and commerce; Nicole Wong, deputy general counsel; and Jane Horvath, senior privacy counsel.
"This is the first time since 2000 that the Commission has taken an industrywide look at online advertising practices, and given the recent acquisitions in the space by Google, Microsoft, Yahoo, AOL, and others, it's a good time to explore the privacy implications of new ad technologies, and in an industrywide way," writes Google Policy Counsel Pablo Chavez.
He was referring to recent acquisitions of online ad companies, including Microsoft buying aQuantive, Yahoo acquiring Right Media and Blue Lithium, and AOL's buying Tacoda. But it's Google's proposed purchase of DoubleClick that has provoked the most concern.
Privacy advocates are worried about the threat posed if Google were to marry its Web search data with data collected by DoubleClick's online display advertising technology. While approval for the proposed Google-DoubleClick merger is pending in the U.S. and Europe, Australia has given it the OK.
Google has increasingly been turning to videos on YouTube to explain its policies and even how to use its products. For example, there is one on Google adding new cities to its Street View map service.
WASHINGTON--Federal consumer protection authorities say they want nothing more than to put the financial hurt on deceptive spyware purveyors. The trouble, they say, is that the law still doesn't let them.
Sure, the Federal Trade Commission has the ability to go after spyware purveyors now, and it has done so a dozen or so times. So can state attorneys general and the U.S. Department of Justice.
But currently, the FTC can only force an offending company to turn over ill-gotten profits or to pay a finite amount to affected consumers--"consumer redress," as it's known in legal speak--to help make things right, said FTC Commissioner Jon Leibowitz.
FTC Commissioner Jon Leibowitz
(Credit: Federal Trade Commission)Especially when we're talking things like nuisance pop-up ads, the latter penalty can be "very hard to get" because "it's difficult to quantify their harm," Leibowitz, a Democrat, said at a luncheon discussion hosted here by the Harvard University Law School, the Stop Badware Project, the Center for Democracy & Technology, and the National Cyber Security Industry Alliance.
In some cases, to be sure, the ill-gotten gains chunk alone has been hefty, as in the case of
The FTC's wish list isn't news to Congress. After all, in June, the U.S. House of Representatives overwhelmingly approved a bill that would give the FTC the ability to impose fines of up to $3 million each time a long list of offenses is committed, the bulk of which center on "taking control of a computer" in an unauthorized way.
But for whatever reason, the Senate still hasn't yet acted on the proposal, known as the Spy Act, leaving the FTC to continue its longstanding plea for the extra authority. (Some have suggested imprisonment wouldn't be a bad idea, either.)
Because of what Leibowitz called "limited resources," the FTC doesn't always have time to take its cases all the way to court and get potentially higher monetary penalties. Instead, it sometimes ends up taking settlements that may not involve as tough an outcome.
"Arguably we would be doing a better job on behalf of consumers if we have civil penalties," Leibowitz said.
Congress did make one move last year that is helping the feds to police Internet-related scams, Leibowitz said. A law known as the U.S. Safe Web Act, which allows the U.S. government to more readily share information about international consumer protection cases with foreign government partners, is playing a role in a number of ongoing spyware-related investigations, Leibowitz said.
Meanwhile, passage of antispyware legislation this year is far from certain. In the past four years, the House has twice passed spyware legislation that went on to die in the Senate.
Further complicating matters is the fact that the House this year has passed two competing bills that take significantly different approaches. The bill that would give the FTC the additional fining penalties happens to be the more controversial of the two. It's a more regulatory proposal that has been attacked by online advertisers, technology companies like Yahoo and Google, and banks as proposing overly burdensome rules for any Web site that collects personal information and threatening the viability of a vast array of Web sites that rely on cookies to provide free or low-cost services.
Technology companies prefer a less regulatory version that would punish embedding certain types of malicious software on computers without a user's knowledge with criminal fines and up to five years in prison.
If you're one of the hundreds of consumers who reportedly complained to the feds about a less-than-pleasant experience with the media search sites MovieLand.com, Moviepass.tv or Popcorn.net, this piece of news may provide a little vindication.
The Web operations, which allegedly bombarded unsuspecting users of its software with a sequence of large, music-accompanied pop-ups that demanded payment of up to $99, have reached a settlement with the Federal Trade Commission, the agency said in a news release Thursday.
Screenshot of Popcorn.net
Last August, the FTC filed a court complaint against the operators of those sites, accusing them of violating federal laws that prohibit unfair and deceptive practices. Each offers a piece of Windows-only software designed to act as a "download manager" for movies, music, sports and other entertainment.
The allegedly illicit scheme worked something like this, according to the FTC: Consumers had the option of signing up for a three-day trial of the service, after which pop-up windows began appearing and demanding payment of a license fee ranging from $19.95 to $99. The FTC complaint (PDF) claimed the pop-ups "significantly disrupt consumers' use of their computers," and "redisplay again and again with ever-increasing frequency."
As part of the settlement, signed September 5 by a federal judge, the Web operations agreed to provide consumers with a way to uninstall their software, to refrain from downloading software onto a user's computer without his or her consent, and to pay a little more than $500,000 for "consumer redress."
Yes, that means some consumers will be eligible for some sort of payout, said FTC spokeswoman Claudia Bourne Farrell. But there's no need for people who think they might be eligible to contact the FTC because "as part of the settlement, the defendants will provide us with a database of consumers who are eligible and a redress administrator will contact them," she added in an e-mail interview. It wasn't immediately clear, however, what the eligibility requirements are in the first place.
If a court finds that the operation "misrepresented financial information" to the FTC, then it may also have to cough up a $1.8 million judgment.
