The Federal Trade Commission has approved an omnibus resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that use or claim to be produced using artificial intelligence (AI) or claim to detect its use.

The omnibus resolution will streamline FTC staff’s ability to issue civil investigative demands (CIDs), which are a form of compulsory process similar to a subpoena, in investigations relating to AI, while retaining the Commission’s authority to determine when CIDs are issued. The FTC issues CIDs to obtain documents, information and testimony that advance FTC consumer protection and competition investigations. The omnibus resolution will be in effect for 10 years.

AI includes, but is not limited to, machine-based systems that can, for a set of defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. Generative AI can be used to generate synthetic content including images, videos, audio, text, and other digital content that appear to be created by humans. Many companies now offer products and services using AI and generative AI, while others offer products and services that claim to detect content made by generative AI.

Although AI, including generative AI, offers many beneficial uses, it can also be used to engage in fraud, deception, infringements on privacy, and other unfair practices, which may violate the FTC Act and other laws. At the same time, AI can raise competition issues in a variety of ways, including if one or just a few companies control the essential inputs or technologies that underpin AI.

The Commission voted 3-0 to approve the omnibus resolution authorizing compulsory process in investigations related to the use of AI.

The lead FTC staffers on this matter are Nadine Samter and Ben Halpern-Meekin in the FTC’s Northwest Region office.

California-based CRI Genetics, LLC (CRI) will pay a $700,000 civil penalty and will be barred from a wide range of deceptive practices to settle charges from the Federal Trade Commission and the California Attorney General that the company deceived users about the accuracy of its DNA reports.

In a joint complaint filed in federal district, the agencies say that in marketing its DNA-based ancestry and information reports, CRI deceived consumers about the accuracy of its test reports compared with those of other DNA testing companies, falsely claimed to have patented an algorithm for its genetic matching process and used fake reviews and testimonials on its websites. CRI also used “dark patterns” in its online billing process to trick consumers into paying for products they did not want and did not agree to buy, according to the complaint.

“Today’s action continues the FTC’s crackdown on deceptive reviews, dark patterns, and baseless claims around algorithmic solutions,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “We are proud to partner with California on this important matter and will continue to carefully scrutinize claims around biometric information technologies.”

“CRI Genetics could have found legitimate ways to market its services. Unfortunately, in its pursuit of growth and profits, the company repeatedly misled consumers. The FTC and my office took notice, we investigated, and we are delivering results today,” said California Attorney General Rob Bonta. “Our settlement not only holds CRI Genetics accountable for its past misconduct — it also aims to ensure that CRI Genetics doesn’t engage in similar misconduct going forward. I want to thank our federal counterparts at the FTC for their continued partnership and commitment to ensuring that all businesses play by the same rules.”

This action follows the Commission’s Biometric Policy Statement, which states that unsubstantiated marketing claims relating to the validity, reliability, accuracy, performance, fairness, or efficacy of technologies using biometric information violate the FTC Act.

CRI, also doing business as OmniPGX, advertises, markets, distributes, and sells DNA test kits and ancestry and health and wellness reports to consumer nationwide. Since at least 2017, CRI has marketed and sold DNA saliva swab test kits on its website, along with reports generated from the kits processed by a third-party laboratory. The reports provide consumers with information about their genetic ancestry, potential health and wellness traits and conditions, and paternity.

The complaint charges that CRI violated the FTC Act, California’s Unfair Competition Law, Business and Professions Code, and the state’s False Advertising Law, Business and Professions code in several ways. First, CRI allegedly made false claims on its websites and social media that its ancestry reports were more accurate and detailed than other major DNA testing companies, such as Ancestry DNA and 23andMe.

The agencies say that CRI also misrepresented that its ancestry testing reports would show consumers exactly where their relatives are from and when they were there dating back 50 plus generations, with an accuracy rate of more than 90 percent. The company ran ads featuring a prominent genetic scientist who developed CRI’s algorithm for matching DNA, which it falsely claimed was patented, according to the complaint.

Further, CRI posted fake reviews from supposedly “satisfied customers” on its websites and falsely claimed they only had a limited supply of the tests to entice consumers to buy them quickly. The company also published star rating reviews comparing CRI’s reports to other companies on the market on what appeared to be independent and unbiased websites, without disclosing that CRI owned the websites, which also provided links to purchase the company’s test kits.

The complaint states CRI forced consumers to click through a maze of pop-up pages on its websites, falsely promising “special rewards” and then trapped consumers by saying their order “was not complete.” CRI also deceptively told consumers that they would have a chance to review their orders before being charged for them, but instead immediately charged them, forcing consumers to return the unwanted products.

In addition to paying a $700,000 civil penalty to California, the order will prohibit CRI from making the misrepresentations alleged by the agencies and bars it from misrepresentations made in connection with the advertising, offering for sale, or sale of any DNA information testing product or service. Next, it prohibits CRI from misrepresentations related to endorsements, reviews, and ratings and requires the company to disclose any material connection with social media or other endorsers.

The order also will prohibit CRI from misrepresenting when product orders are final or complete, when charges will take place, and whether consumers can change the services they choose before being charged. CRI must also disclose the total cost of all products or services to consumers, when they will be charged, and whether they can confirm, edit, or delete products before they are charged.

In addition, the order will require CRI to obtain consumers’ consent and to describe to consumers how it may share their DNA information. The company will also be required to delete the genetic and other information of those consumers who previously received refunds and requested that their data and other personal information be deleted.

The Commission vote authorizing the staff to file the complaint and stipulated final order was 3-0. The FTC filed the complaint and proposed final order in the U.S. District Court for the District of Central District of California.

The lead staff attorney on this matter was Nadine Samter of the FTC’s Northwest Region.

NOTE: The Commission files a complaint when it has “reason to believe” that the named defendants are violating or are about to violate the law and it appears to the Commission that a proceeding is in the public interest. Stipulated final injunctions/orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission is sending a second round of payments totaling more than $857,000 to consumers who were harmed by Illinois-based Napleton Automotive Group’s junk fees and discriminatory practices.

The agency is sending 37,034 checks in this mailing. Recipients should cash checks within 90 days. Consumers who have questions about their refund should call the refund administrator, Epiq, at 1-888-691-6050 or visit the FTC website to view frequently asked questions about the refund process. The Commission never requires people to pay money or provide account information to get a refund.

The FTC sent the initial refund mailing in this case in November 2022. More than 88% of eligible consumers cashed their checks, resulting in more than $8.8 million returned to consumers.  

The FTC and the State of Illinois sued Napleton Automotive Group in March 2022, alleging that Napleton employees were sneaking illegal junk fees for unwanted “add-ons” onto vehicle purchases and discriminating against Black consumers. According to the joint complaint, eight of the company’s dealership illegally tacked on junk fees for unwanted “add-on” products such as payment insurance and paint protection, costing consumers hundreds or even thousands of dollars. The complaint also alleged that Napleton discriminated against Black consumers by charging them more for add-ons and financing.

The case settled for a record amount for an auto finance case, reflecting the widespread and high-dollar nature of the harm to consumers. The FTC received 391 complaints—about add-ons and other issues—over a several-month period prior to filing a complaint against Napleton, the thirteenth largest dealership group in the country by revenue as of 2020. However, in a survey of the dealer’s customers over the same time period, 83% of respondents—or at least 16,848 customers—indicated they were subject to the dealer’s unlawful practices related to add-ons alone. This is consistent with the FTC’s experience, which finds that consumer complaints represent the tip of the iceberg compared to the number of consumers harmed.

Consumers who have a bad experience while shopping for a car can inform the FTC about the issues they faced via the Report Fraud website. 

The Commission’s interactive dashboards for refund data provide a state-by-state breakdown of refunds in FTC cases. In 2022, Commission actions led to more than $392 million in refunds to consumers across the country.

The Federal Trade Commission is announcing the Voice Cloning Challenge to help promote the development of ideas to protect consumers from the misuse of artificial intelligence-enabled voice cloning for fraud and other harms.

“We will use every tool to prevent harm to the public stemming from abuses of voice cloning technology,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “We want to address harms before they hit the marketplace, and enforce the law when they do.”

“This exploratory challenge leverages one of our many tools at the FTC,” added Stephanie T. Nguyen, the FTC’s Chief Technology Officer. “The challenge is crafted in a way that ensures companies are responsible for the first- and second-order effects of the products they release.”

Voice cloning technology has grown more sophisticated as text-to-speech AI technology has improved. The technology holds promise for consumers, such as medical assistance for those who may have lost their voices due to accident or illness. At the same time, the FTC has raised concerns about ways that voice cloning technology could be used to harm consumers. For example, it could make it easier for scammers to impersonate family, friends, or business executives; it could also enable fraudsters to deceive consumers by appropriating the voices of creative professionals. Earlier this year, the FTC warned consumers about the use of voice cloning to impersonate others to try to get consumers to give scammers money or personal information. And the FTC held a workshop in early 2020 that examined various issues related to voice cloning technology.

The FTC has and will continue to use its enforcement authority to target companies that misuse technology to harm consumers and competition. The challenge the FTC is launching today is focused on promoting the development of breakthrough ideas aimed at preventing, monitoring, and evaluating malicious use of voice cloning technology, whether it is a product, policy, or procedure.

Challenge submissions must address at least one of these intervention points:

• Prevention or authentication: It must provide a way to limit the use or application of voice cloning software by unauthorized users;
• Real-time detection or monitoring: It must provide a way to detect cloned voices or the use of voice cloning technology; or
• Post-use evaluation: It must provide a way to check if an audio clip contains cloned voices.

The FTC will accept submissions online from January 2 to January 12, 2024. Information on how to submit a proposal for the challenge as well as complete challenge rules can be found on the challenge website. The challenge will offer $25,000 to the winner.

The Voice Cloning Challenge is the FTC fifth challenge issued pursuant to the America Competes act. The goal of these challenges is to spur the development of tools to address consumer problems, including one in 2012 aimed at tackling robocalls and a 2017 challenge focused on addressing security vulnerabilities related to Internet of Things devices.

The lead FTC staffers on this matter are James Evans and Christine Barker from the FTC’s Bureau of Consumer Protection and Amritha Jayanti from the FTC’s Office of Technology.

The Federal Trade Commission has provided the Consumer Financial Protection Bureau (CFPB) with its annual summary of activities to protect consumers in the debt collection arena.

The summary is used by CFPB in its annual report to Congress, released today, on the activities of both agencies, who share law enforcement responsibility in this area.

In the summary, the Commission highlights its multi-faceted work covering the debt collection market to protect consumers and small businesses, including:

• litigating two cases against debt collection operations who, the FTC charged, used a variety of illegal tactics to target small businesses with threats about supposed debts;
• issuing more than $1.27 million refunds to consumers harmed by unlawful debt collection practices;
• halting collections of millions of dollars in debt that originated from illegal financing and sales practices;
• providing tens of millions of people educational materials, in both English and Spanish, informing them about their rights, and educating debt collectors about their responsibilities, under the FDCPA and FTC Act.

The lead staff attorney on this matter for the FTC is Naomi Takagi in the Bureau of Consumer Protection.

The Federal Trade Commission will require prison communications provider Global Tel*Link Corp. and two of its subsidiaries to notify consumers of any future data breaches as part of a proposed settlement over charges they failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.

In a complaint, the FTC says that Falls Church, Va.,-based Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing.

“The FTC is committed to protecting the rights to privacy and security of personal information for all consumers, including incarcerated consumers and their loved ones,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “When consumers have little or no choice about whether to use a business’s products or services, the business has an even greater responsibility to ensure that its practices don’t cause harm.”

Global Tel*Link, which also does business as GTL and ViaPath Technologies, contracts with federal, state, and local jails, prisons, and similar institutions to provide communications services such as phone and video calls and payment services for incarcerated individuals. In the course of providing their services, Global Tel*Link and its subsidiaries collect personal information from consumers including their names, addresses, government identification numbers such as passport numbers or driver’s license numbers, Social Security numbers, and financial account information.

In marketing and other materials, Global Tel*Link touted its security practices by claiming that data security is “the cornerstone of what we do” and that it implemented a security architecture that included many safeguards such as encryption to ensure that its users’ data would not fall into the “wrong hands.”

The FTC says, however, that Global Tel*Link, failed to live up to these claims. In August 2020, as part of an effort to test new search software, the company and a third-party vendor copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services into the cloud but failed to take adequate steps to protect the data. For example, Global Tel*Link stored the data in plain text and failed to deploy a firewall to protect the copied data, implement monitoring software that would have alerted the company if the security settings were changed, and inventory and track the consumer information uploaded to the copied data, according to the complaint. The copied data included individuals’ full names, dates of birth, phone numbers, usernames or email addresses in combination with passwords, Social Security numbers, location information, grievance forms, which can include very sensitive information, and messages exchanged between incarcerated individuals and their friends and family.

As a result of changes made by the company’s third-party vendor to the security settings for the data stored in the cloud, the personal data of many Global Tel*Link customers was left accessible via the internet without any safeguards to prevent unauthorized people from accessing and removing data from the test site—until a security researcher alerted the company about the security holes. A forensic analysis showed that a handful of hackers accessed billions of bytes of the exposed data. In early September, Global Tel*Link was notified again by an identity monitoring company that personal data belonging to Global Tel*Link users was available on the dark web, which is a collection of websites that are used to buy and sell illegally obtained personal data for fraud, identity theft and other nefarious purposes.

Despite this, Global Tel*Link waited approximately nine months to notify affected customers and only contacted 45,000 users—even though the breach may have affected hundreds of thousands of additional customers—that their personal data may have been compromised as a result of the data breach. This nine-month delay harmed users who did not have an opportunity to take actions to protect themselves from identity theft by implementing a credit freeze or other measures, according to the complaint. The company also repeatedly and falsely claimed in marketing materials following the incident that it had never suffered a data breach.

As part of the proposed order with the FTC, Global Tel*Link and two of its subsidiaries are prohibited from misrepresenting their data security practices and will be required, among other things, to:

• implement a comprehensive data security program that includes several requirements such as the deployment of “change management” measures to all of its systems to help reduce the risk of human error, use of multifactor authentication, and procedures to minimize the amount of data it collects and stores;
• notify users of its products affected by the data breach who did not previously receive notice and provide them with credit monitoring and identity protection products;
• notify consumers and facilities within 30 days about future data breaches or security incidents that trigger any federal, state, or local breach reporting requirements and provide information about what data was impacted and how many consumers were affected; and
• notify the FTC within 10 days of reporting a security incident to any local, state or federal authorities.

The Commission voted 3-0 to issue the proposed administrative complaint and to accept the consent agreement with the company.

The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments will appear in the published notice. Once processed, comments will be posted on Regulations.gov.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $50,120. 

The lead attorneys on this matter are Robin Wetherill and Manmeet Dhindsa.

The Federal Trade Commission has obtained orders with the four remaining individual defendants and their affiliated companies in a mobile cramming scheme that the agency says bilked consumers out of more than $100 million through bogus charges added to their mobile phone bills.

The proposed settlements with Darcy Michael Wedd and Phwoar, LLC.; Fraser Robert Thompson and Ocean Tactics, LLC; Erdolo Levy Eromo and Erdi Development LLC; and Michael Pajaczkowski, Concise Consulting, Inc., and MMJX Consulting, Inc., resolve the FTC’s charges related to the MDK Media mobile cramming scheme. The FTC in 2015 reached settlements with six other individual defendants and affiliated companies. The FTC’s case against the remaining defendants was then put on hold pending the outcome of related criminal charges brought by the U.S. Attorney’s Office for the Southern District of New York. These actions resulted in criminal sentences against Wedd, Thompson, Eromo, and Pajaczkowski, with the last case resolved in July 2023.

“Putting a stop to unauthorized charges has been a longtime priority of the FTC,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This case showcases the financial harm these practices cause, and the need to ensure that developing technologies do not become a haven for fraudulent schemes.”

In the complaint first announced in 2014, the FTC charged that the defendants used deceptive practices, including fake websites with bogus offers of “freebies” or gift cards, to trick consumers into providing their mobile phone numbers. The defendants then placed monthly subscription fees for a variety of “services” on consumers’ mobile phone bills without their authorization—a practice known as mobile cramming.

The “services” described in the complaint consisted of subscriptions for text messages sent to consumers’ mobile phones that contained short celebrity gossip alerts, “fun facts,” horoscopes, and other items. The subscriptions typically cost consumers $9.99 or $14.99 per month, which renewed automatically each month. The defendants made it difficult for consumers to dispute charges. Some consumers were crammed for multiple months and, even after significant effort, were unable to obtain a full refund.

Under the proposed settlements, Wedd, Thompson, Eromo, and Pajaczkowski, as well as their related companies are prohibited from placing any charges on any telephone bills, from making any misrepresentations about any product or service, and from engaging in any unfair billing practices. In addition, they are prohibited from using or benefitting in any way from the customer data they collected through this scheme and are required to destroy any remaining customer data.

Many consumers who were impacted by the defendants’ practices received refunds through settlements the FTC and the Consumer Financial Protection Bureau reached with the four major mobile carriers, AT&T, T-Mobile, Sprint and Verizon, related to mobile cramming charges that were placed on customers’ bills without their authorization. The mobile carriers discontinued such third-party billing practices following the actions by the FTC and other state and federal agencies to crack down on cramming.

The Commission vote approving the stipulated final orders with Wedd, Thompson, Eromo, and Pajaczkowski, as well as their affiliated companies, was 3-0. The FTC filed the proposed orders in the U.S. District Court for the Central District of California.

NOTE: Stipulated final orders have the force of law when approved and signed by the District Court judge.

Federal Trade Commission staff have sent warning letters to two trade associations and 12 registered dieticians and other online health influencers warning them about the lack of adequate disclosures in their Instagram and TikTok posts promoting the safety of the artificial sweetener aspartame or the consumption of sugar-containing products.

The letters to the trade groups, the American Beverage Association (AmeriBev) and The Canadian Sugar Institute, express concerns that the organizations may have violated the FTC Act by failing to adequately disclose that the influencers were apparently hired to promote the safety of aspartame or the consumption of sugar-containing products, respectively. This action follows FTC’s recent revision of the Commission’s Guides for Endorsements and Testimonials, and is part of the agency’s continued monitoring of influencer marketing.

“It’s irresponsible for any trade group to hire influencers to tout its members’ products and fail to ensure that the influencers come clean about that relationship,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “That’s certainly true for health and safety claims about sugar and aspartame, especially when made by registered dieticians and others upon whom people rely for advice about what to eat and drink.”

The letter to AmeriBev detail concerns about posts on Instagram and TikTok by Valerie Agyeman, Nichole Andrews, Leslie Bonci, Keri Gans, Stephanie Grasso, Cara Harbstreet, Andrea Miller, Idrees Mughal, Adam Pecoraro, and Mary Ellen Phipps, each of whom also received an individual warning letter.

The letter to The Canadian Sugar Institute expresses concerns about Instagram posts by Jenn Messina and Lindsay Pleskot, each of whom also received an individual warning letter.

As discussed in the Commission’s Guides for Endorsements and Testimonials, paid endorsements should clearly and conspicuously disclose any unexpected material connections to ensure that consumers have the information they need to make informed purchasing decisions.

Each of the warning letters identified what appeared to be paid posts that either did not disclose a material connection, or that contained disclosures that may be inadequate. Each letter explained staff’s concerns regarding particular disclosures, including inconspicuous placement, ambiguous language, or the failure to clearly identify the sponsor of the posts.

Each letter also included the FTC’s notice of penalty offenses concerning misleading endorsements and noted that the recipient could face civil penalties of up to $50,120 per violation for future failures to disclose unexpected material connections. Finally, each letter asked the recipient to contact agency staff within 15 days and detail any actions taken or that will be taken to address staff’s concerns.

The primary staff attorney on this matter is Cassandra Rasmussen in the FTC’s Bureau of Consumer Protection.  

Today, Federal Trade Commission Chair Lina M. Khan announced that an open meeting of the Commission will be held virtually on Thursday, November 16, 2023. The open meeting will commence at 11 a.m. ET and will begin with time for members of the public to address the Commission.

The following items will be on the tentative agenda for the November 16 Commission meeting:

• Voice Cloning Challenge Announcement: FTC staff will announce an exploratory Voice Cloning Challenge to encourage the development of multidisciplinary solutions—from products to procedures—aimed at protecting consumers from artificial intelligence-enabled voice cloning harms, such as fraud and the broader misuse of biometric data and creative content. The challenge complements efforts across the federal government to address and mitigate the risks of AI.

• Presentation on Public Comments on Business Practices of Cloud Computing Providers: FTC Staff will present findings from and ongoing areas of inquiry following the Commission’s Request for Information and public panel discussion on cloud computing. The presentation will address a number of issues raised in the RFI and panel discussion, including competition, security, and generative AI.

At the start of the meeting, Chair Khan will offer brief remarks and will then invite members of the public to share feedback on the Commission’s work generally and bring relevant matters to the Commission’s attention. Members of the public must sign up for an opportunity to address the Commission virtually at the November 16 event.

Each commenter will be given two minutes to share their comments. Those who cannot participate during the event may submit written comments or a link to a prerecorded video through a webform. Speaker registration and comment submission will be available through Tuesday, November 14, 2023 at 8 p.m. ET.

A link to the event will be available on the day of the open meeting, shortly before it starts via FTC.gov. The event will be recorded, and the webcast and any related comments will be available on the Commission’s website after the meeting. The Commission retains discretion to make public comments available following the event on ftc.gov.

As part of its ongoing efforts to combat scammers and protect consumers in every community, the Federal Trade Commission is now providing the ability to report fraud, scams and deceptive practices in multiple languages in addition to English and Spanish.

These new language access enhancements will allow people to file reports with the FTC in their preferred language when calling the FTC. Among the new languages available are Mandarin, Tagalog, Vietnamese, French, Arabic, Russian, Korean, Portuguese and Polish. Consumers speaking English and Spanish can also continue to file reports directly online.

The FTC is also offering guidance online and in print to consumers and businesses in additional languages. This includes advice on how to spot, stop and avoid scams and what to if you paid a scammer online, as well as offering free print resources in multiple languages.

More information about the enhanced language access for both reporting and consumer and business guidance is available in a new FTC blog post.