[Senate Hearing 116-592]
[From the U.S. Government Publishing Office]
S. Hrg. 116-592
PROTECTING AMERICANS FROM COVID 19 SCAMS
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON MANUFACTURING, TRADE,
AND CONSUMER PROTECTION
OF THE
COMMITTEE ON COMMERCE,
SCIENCE, AND TRANSPORTATION
UNITED STATES SENATE
ONE HUNDRED SIXTEENTH CONGRESS
SECOND SESSION
__________
JULY 21, 2020
__________
Printed for the use of the Committee on Commerce, Science, and
Transportation
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available online: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
52-684 PDF WASHINGTON : 2023
-----------------------------------------------------------------------------------
SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
ONE HUNDRED SIXTEENTH CONGRESS
SECOND SESSION
ROGER WICKER, Mississippi, Chairman
JOHN THUNE, South Dakota MARIA CANTWELL, Washington,
ROY BLUNT, Missouri Ranking
TED CRUZ, Texas AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska RICHARD BLUMENTHAL, Connecticut
JERRY MORAN, Kansas BRIAN SCHATZ, Hawaii
DAN SULLIVAN, Alaska EDWARD MARKEY, Massachusetts
CORY GARDNER, Colorado TOM UDALL, New Mexico
MARSHA BLACKBURN, Tennessee GARY PETERS, Michigan
SHELLEY MOORE CAPITO, West Virginia TAMMY BALDWIN, Wisconsin
MIKE LEE, Utah TAMMY DUCKWORTH, Illinois
RON JOHNSON, Wisconsin JON TESTER, Montana
TODD YOUNG, Indiana KYRSTEN SINEMA, Arizona
RICK SCOTT, Florida JACKY ROSEN, Nevada
Nick Rossi, Staff Director
Adrian Arnakis, Deputy Staff Director
Jason Van Beek, General Counsel
Kim Lipsky, Democratic Staff Director
Chris Day, Democratic Deputy Staff Director
Renae Black, Senior Counsel
------
SUBCOMMITTEE ON MANUFACTURING, TRADE,
AND CONSUMER PROTECTION
JERRY MORAN, Kansas, Chairman RICHARD BLUMENTHAL, Connecticut,
JOHN THUNE, South Dakota Ranking
DEB FISCHER, Nebraska AMY KLOBUCHAR, Minnesota
DAN SULLIVAN, Alaska BRIAN SCHATZ, Hawaii
MARSHA BLACKBURN, Tennessee EDWARD MARKEY, Massachusetts
SHELLEY MOORE CAPITO, West Virginia TOM UDALL, New Mexico
MIKE LEE, Utah TAMMY BALDWIN, Wisconsin
RON JOHNSON, Wisconsin KYRSTEN SINEMA, Arizona
TODD YOUNG, Indiana JACKY ROSEN, Nevada
C O N T E N T S
----------
Page
Hearing held on July 21, 2020.................................... 1
Statement of Senator Moran....................................... 1
Prepared statement from Catherine Hermsen, Assistant
Commissioner, Office of Criminal Investigations, Office of
Regulatory Affairs, Food and Drug Administration,
Department of Health and Human Services.................... 3
Letter dated July 21, 2020 to Hon. Jerry Moran and Hon.
Richard Blumenthal from Jonathan Spalter, President and
Chief Executive Officer, USTelecom......................... 7
Statement of Senator Blumenthal.................................. 8
Statement of Senator Wicker...................................... 51
Statement of Senator Klobuchar................................... 54
Statement of Senator Fischer..................................... 57
Statement of Senator Cantwell.................................... 59
Statement of Senator Capito...................................... 62
Statement of Senator Udall....................................... 64
Statement of Senator Baldwin..................................... 66
Statement of Senator Sinema...................................... 67
Statement of Senator Blackburn................................... 69
Witnesses
Derek Schmidt, Attorney General, State of Kansas................. 9
Prepared statement........................................... 12
Andrew Smith, Director, Bureau of Consumer Protection, Federal
Trade Commission............................................... 30
Prepared statement........................................... 31
Stu Sjouwerman, Founder and Chief Executive Officer, KnowBe4,
Inc............................................................ 39
Prepared statement........................................... 41
Laura MacCleery, Policy Director, Center for Science in the
Public Interest................................................ 42
Prepared statement........................................... 44
Appendix
Response to written questions submitted to Derek Schmidt by:
Hon. Jerry Moran............................................. 79
Hon. Dan Sullivan............................................ 80
Response to written questions submitted to Andrew Smith by:
Hon. Jerry Moran............................................. 81
Hon. Marsha Blackburn........................................ 85
Hon. Dan Sullivan............................................ 86
Response to written questions submitted to Stu Sjouwerman by:
Hon. Jerry Moran............................................. 87
Hon. Dan Sullivan............................................ 88
Response to written questions submitted to Laura MacCleery by:
Hon. Jerry Moran............................................. 88
Hon. Dan Sullivan............................................ 91
Response to written questions submitted to the U.S. Food & Drug
Administration by:
Hon. Jerry Moran............................................. 91
PROTECTING AMERICANS
FROM COVID-19 SCAMS
----------
TUESDAY, JULY 21, 2020
U.S. Senate,
Subcommittee on Manufacturing, Trade, and Consumer
Protection,
Committee on Commerce, Science, and Transportation,
Washington, DC.
The Subcommittee met, pursuant to notice, at 2:34 p.m., in
room SD-G50, Dirksen Senate Office Building, Hon. Jerry Moran,
presiding.
Present: Senators Moran [presiding], Thune, Fischer,
Sullivan, Blackburn, Capito, Young, Blumenthal, Klobuchar,
Udall, Baldwin, and Sinema.
Also present: Senator Wicker, Ex Officio, and Senator
Cantwell, Ex Officio.
OPENING STATEMENT OF HON. JERRY MORAN,
U.S. SENATOR FROM KANSAS
Senator Moran. Good afternoon. As Chairman of the Senate
Commerce Subcommittee on Manufacturing, Trade, and Consumer
Protection, I welcome you all here today to a hearing entitled,
``Protecting Americans from COVID-19 Scams.''
The Nation continues to fight the unprecedented public
health crisis brought on by the COVID-19 pandemic. In addition
to the serious threat this pandemic poses to the health of
Americans, the economic impact of the shuttered main-street
businesses--resulting from responsible public health protocols
have been felt in every corner of the country. It has become
clear that preventive practices, policies, and dedicated
resources, including expanding testing capabilities and the
availability of personal protection equipment, are absolute
necessities to a responsible path forward to reopening the
economy and extinguishing this health crisis.
However, during this time of national emergency and
coordinated recovery, there are fraudsters and scam artists
that seek to take advantage of consumers, especially the
Nation's most vulnerable communities, like that of our Nation's
seniors. In fact, the FTC's Consumer Sentinel Network reports
that consumers across the U.S. have reported over 136,000
different cases of COVID-related scams, totaling approximately
$90 million in total fraud losses from January 1 to July 20,
2020. More specifically, at home in Kansas over this same
period of time, consumers report over 500 related cases,
totaling over $800,000 in financial losses. Everyone should
also bear in mind that these are the--are only the reported
cases, and that it is fair to assume that there are a number of
harmful consumer scams that have not been reported to date.
The variety of these increasingly complex and innovative
scams remains exceedingly difficult for any consumer to wrap
their head around, much less defend themselves against. Whether
it be unsubstantiated health benefits advertised for certain
products, illegal robocalls pitching low-priced health
insurance, fraudulent donation solicitations, or even imposters
claiming to be from Federal agencies collecting mandatory
payments, raising awareness to these harmful practices is
critical to educating consumers and protecting themselves. As
such, this subcommittee has much to learn from law enforcement
agencies, industry, and consumer protection experts in their
efforts to not only identify and address these harms, but also
what exactly they are doing to prevent these harms from
occurring in the first place. Additionally, if there is a role
for Congress to play in supporting these efforts, those
suggestions we will need today and in the future.
More specifically, I look forward to hearing from the
Federal Trade Commission on how their current U.S. SAFE WEB
authorities are utilized in addressing COVID-related scams
stemming from abroad, and how enactment of the U.S. SAFE WEB
Extension Act, which I introduced with the Ranking Member,
Senator Blumenthal, is critical for continuing these foreign
law-enforcement coordination efforts.
Additionally, I would be interested to hear from the
witnesses about any specific efforts directed to particularly
vulnerable groups of Americans, like our seniors. My colleague,
Senator Klobuchar, joined me in introducing Protecting Seniors
from Emergency Scam Act, which directs the FTC to report to
Congress on scams testing--I'm sorry--targeting seniors during
the--this pandemic, makes recommendations on how to prevent
future scams during emergencies and, appropriately, to
distribute such information to seniors and their caregivers.
Finally, the Subcommittee looks forward to hearing more
about current enforcement efforts to detect, identify, and
prosecute criminal organizations engaged in these illegal
activities. If there are ways Congress can assist to strengthen
the current framework of government task force--forces, join
initiatives with State and local agencies and partnerships with
the private sector to address the crimes, this subcommittee
would, again, welcome the suggestions.
Today's witness panel provides a variety of different
perspectives on the same important issue. Joining the
Subcommittee is the Honorable Derek Schmidt, the Attorney
General of the State of Kansas; Mr. Andrew Smith, Director of
the FTC's Bureau of Consumer Protection; Mr. Stu Sjouwerman,
Founder and CEO of KnowBe4, Inc.; and Ms. Laura MacCleery,
Policy Director for the Center of Science in the Public
Interest.
While the Food and Drug Administration was not able to join
us today, the agency has been active in protecting consumers
throughout this pandemic, and provided written testimony for
the Subcommittee's consideration, and agreed to respond to
questions for the record from the Committee members, as well.
[The information referred to follows:]
Statement of Catherine Hermsen, Assistant Commissioner, Office of
Criminal Investigations, Office of Regulatory Affairs, Food and Drug
Administration, Department of Health and Human Services
Introduction
Good morning, Chairman Moran, Ranking Member Blumenthal, and
Members of the Subcommittee. I am Catherine Hermsen, and I serve as
Assistant Commissioner of the Office of Criminal Investigations (OCI)
within the Office of Regulatory Affairs (ORA) at the Food and Drug
Administration (FDA or the Agency), which is part of the U.S.
Department of Health and Human Services (HHS). Thank you for the
opportunity to submit written testimony to discuss FDA's efforts to
monitor and take action against firms that sell products with
fraudulent claims of effectiveness against COVID-19.
I am pleased to submit testimony along with Mr. Andrew Smith,
Director of the Bureau of Consumer Protection at the U.S. Federal Trade
Commission (FTC), and the Attorney General of the State of Kansas, Mr.
Derek Schmidt. FDA works collaboratively with FTC and our Federal and
state law enforcement partners, as well as other Federal and state
agencies, on a day-in and day-out basis across the Agency's programs,
to ensure coordination across the Federal government and between the
Federal government and the states.
FDA has a long history of investigating those who sell fraudulent
products, which led to some of the Agency's, and its predecessors',
founding legislation, such as the Pure Food and Drugs Act of 1906 and
the Federal Food, Drug, and Cosmetic Act of 1938.\1\ Our experience
with previous outbreaks such as swine flu and avian influenza has shown
that fraudulent cures or elixirs will emerge during any public health
crisis, sold by unscrupulous actors capitalizing on the fears of
vulnerable consumers. In 2003, FDA and FTC discovered several websites
offering bogus Severe Acute Respiratory Syndrome (SARS) products, such
as unapproved drugs offered for sale with claims to treat or cure the
respiratory illness, as well as websites promising that consumers would
be protected from SARS if they purchased and used items such as
personal air purifiers, hand sanitizers, respirator masks, latex
gloves, colloidal silver and oregano oil, and SARS ``prevention kits''
that packaged various items together, such as gloves and masks. Later,
during the 2009 H1N1 influenza virus, FDA discovered online sales of
counterfeit versions of the antiviral drug Tamiflu� (oseltamivir
phosphate) shortly after FDA issued an Emergency Use Authorization
during that public health emergency.
---------------------------------------------------------------------------
\1\ When the U.S. Department of Agriculture was created in 1862,
the Patent Office's Agricultural Division was transferred to the new
Department, becoming the Division of Chemistry in 1890 and the Bureau
of Chemistry in 1901. In 1927, the Bureau of Chemistry became the
United States Food, Drug and Insecticide Administration, and in 1930
the name was shortened to the U.S. Food and Drug Administration. Ten
years later, in 1940, FDA was transferred from the U.S. Department of
Agriculture to the newly created Federal Security Agency, which was
renamed the Department of Health Education and Welfare in 1953, and
again renamed the Department of Health and Human Services in 1979.
---------------------------------------------------------------------------
In the past months, we have seen an unprecedented proliferation of
fraudulent products related to the COVID-19 pandemic, and more than
ever before, the Internet is being used as the primary vehicle for
marketing these unproven products. FDA considers the sale and promotion
of these products to be a threat to the public health. Fraudulent
COVID-19 products come in many forms, including medical devices like
personal protective equipment (PPE) and diagnostic tests, purported
vaccines, and even purported dietary supplements and other foods.
Products like these that claim to diagnose, cure, mitigate, treat, or
prevent COVID-19 and haven't been authorized, cleared, or approved for
that use, not only defraud consumers of money--they also can place
consumers at risk for serious and life-threatening harm. Using these
products may lead to delays in getting proper diagnosis and treatment
of COVID-19 and other potentially serious diseases and conditions;
indeed, they may sometimes even cause serious illness or death
themselves.
Fraudulent products have not been submitted to FDA for review, and
may pose a serious safety risk to consumers. Beyond having no proven
therapeutic value, these illegal products may contain dangerous
substances or be adulterated with contamination and filth due to poor
manufacturing standards. FDA oversight helps ensure U.S. consumers have
access to safe and effective medical products. When fraudulent products
attempt to bypass FDA and its scientific review, the results can be
deadly.
FDA's Long-Standing Collaboration with FTC
FDA and FTC have a long history of collaboration in protecting the
health and wellbeing of the U.S. public, dating back to the 1920s.
Between December 2002 and July 2003 alone, during the first SARS
pandemic, the two agencies issued a combined total of more than 200
warning letters and other advisories to various companies selling
unproven and fraudulent health products over the Internet and by other
means. These requests for compliance were directed at several waves of
fraudulent products offered for sale during that time period preying on
consumers' fears about biological, chemical, and nuclear terrorism
threats and the SARS epidemic. And in 2018, FDA and FTC issued joint
warning letters to the sellers of unapproved opioid cessation products
with false and misleading claims about their ability to help in the
treatment of opioid addiction and withdrawal.
Most recently, in March 2020, FDA and FTC sent the first warning
letters to seven firms that offered for sale unproven products--
including teas, essential oils, and colloidal silver--with false and
misleading claims to treat or prevent coronavirus, in violation of the
Federal Food, Drug, and Cosmetic Act and the Federal Trade Commission
Act.
FDA's COVID-19 Fraud Task Force
To address the rapid proliferation of fraudulent COVID-related
products, earlier this year FDA quickly assembled a cross-agency task
force. This task force combines FDA's scientific and regulatory
knowledge of human and animal drugs, biologics, medical devices, and
dietary supplements and other foods, with our investigators and special
agents who specialize in health fraud, compliance and enforcement,
cybercrime, and import operations, to issue warning letters and to
employ the full complement of FDA's enforcement tools, including civil
injunctions, debarments and criminal investigations.
At the outset, it became clear that the Internet was the primary
mechanism for the sale of fraudulent COVID-19-related consumer
products--creating an immediate problem: the speed at which sellers can
post, change, move or remove listings for these products online. In
fact, ORA investigators identified approximately 64,000 domain names
registered from January-March 2020 that contained COVID-19-targeted
terms--names like ``covid19cure.com,'' ``coronavirus-home-kits.com''
and ``cureforcoronavirus.com.'' Questionable social media and online
marketplace postings were also widespread, and once the virus reached
the U.S., FDA began receiving Internet-related complaints about, for
example, fake COVID-19 cures, illegitimate test kits, and substandard
or counterfeit respirators and face masks.
To proactively identify and neutralize these threats to consumers
and the public health, in March 2020 FDA launched ``Operation Quack
Hack.'' Operation Quack Hack leverages Agency expertise and advanced
analytics to protect consumers from fraudulent products during the
COVID-19 pandemic. Building upon our previous experience with illegal
online pharmacies, a team of consumer safety officers, special agents
and intelligence analysts triages incoming complaints about fraudulent
and unproven medical products. Where appropriate, complaints are then
sent to other agencies or to FDA Centers for additional review, or
referred for a warning letter, civil action or criminal investigation.
In some cases, following a preliminary investigation, the team sends an
abuse complaint to the domain name registrars or online marketplaces.
These abuse complaints are intended to notify companies that may not
have been aware that their platforms were being used to sell an
unapproved, unauthorized, or uncleared medical product during the
COVID-19 pandemic.
Our task force has reported hundreds of online postings for
fraudulent and unproven COVID-19 products, and has already contacted
numerous parts of the online ecosystem to request that they be vigilant
in removing unapproved, unauthorized, and uncleared products with false
and misleading COVID-19 claims from their Internet sites. Nearly all of
these listings were thereafter removed by the companies. In addition,
the task force continues to monitor the Internet for new products, and
to ensure that listings for fraudulent products that were previously
removed by the online marketplaces, social media platforms, or domain
name registrars do not return on new sites with the same or new
fraudulent claims. The task force has identified several common
products offered for sale with false and misleading claims to treat and
prevent COVID-19, including colloidal silver, mineral solutions, and
essential oils. And, for unapproved, unauthorized, and uncleared
products coming from abroad, FDA screens imports to protect U.S.
consumers. In addition, FDA has trained imports staff to screen
products entering the U.S. using portable devices that improve
detection of illicit products, increasing FDA's ability to prevent such
products from being sold in the U.S.
We continue to monitor the online ecosystem for fraudulent products
peddled by bad actors seeking to profit from this global pandemic, and
will work with online marketplaces, domain name registrars, payment
processors, and social media websites so that they can investigate and
remove from their platforms products that fraudulently claim to
diagnose, cure, mitigate, treat or prevent COVID-19, and keep those
products from reappearing under different names.
Of course, FDA also partners with other Federal regulatory and law
enforcement agencies, including the FTC, and through the efforts of the
U.S. Department of Justice (DOJ), to coordinate our investigations and
enforcement activities and to efficiently collect and disseminate
information related to surveillance findings, referrals, and consumer
complaints about fraudulent and unproven products sold with claims to
diagnose, cure, mitigate, treat, or prevent COVID-19 or coronavirus
generally.
Recent COVID-Related Enforcement Efforts
As of July 1, FDA has reviewed thousands of websites, social media
posts, and online marketplace listings, and we have identified more
than 780 fraudulent or unproven products related to COVID-19 being
offered for sale. These actions have resulted in issuing more than 80
warning letters to sellers of products like homeopathic drug products,
nasal sprays, colloidal silver products, purported herbal products,
chlorine dioxide products, antibody tests, and others to U.S.
consumers. In addition, listings for more than 195 unapproved,
uncleared, or unauthorized products that claimed to diagnose, cure,
mitigate, treat, or prevent COVID-19 have been removed by online
marketplaces, and the Agency has issued more than 260 abuse complaints
to domain name registrars, resulting in those registrars taking 189
websites offline.
As noted above, FDA has a long-standing history of collaboration
with the FTC, and we often coordinate activities related to companies
marketing fraudulent COVID-related products. For example, in April
2020, FDA and FTC jointly issued a warning letter to a seller of
fraudulent chlorine dioxide products, equivalent to industrial bleach,
frequently referred to as ``Miracle Mineral Solution'' or ``MMS,'' as a
treatment for COVID-19. FDA had received reports of people experiencing
serious adverse events, including severe vomiting, severe diarrhea,
life-threatening low blood pressure, and acute liver failure after
drinking certain chlorine dioxide products. FDA had not approved the
seller's product for any use, despite the defendants' claims that these
products can be used to cure, mitigate, treat or prevent diseases such
as COVID-19, Alzheimer's, autism, brain cancer, multiple sclerosis and
HIV/AIDS. Claims made on the seller's websites, which provided a link
to purchase MMS, included, ``The Coronavirus is curable, you believe
that?. . .MMS will kill it.'' \2\
---------------------------------------------------------------------------
\2\ See: https://www.fda.gov/inspections-compliance-enforcement-
and-criminal-investigations/warning-letters/genesis-2-church-606459-
04082020
---------------------------------------------------------------------------
In response to the April 2020 joint FDA/FTC warning letter, the
defendants indicated that they would continue to sell MMS in violation
of the law; shortly thereafter, a Federal court issued a preliminary
injunction requiring the seller to immediately stop distributing its
unapproved and potentially dangerous product.\3\ On July 9, 2020, the
Court issued an order of permanent injunction against the entity
defendant and two of the named individual defendants.\4\ In a separate
criminal proceeding, on July 8, the U.S. Attorney's Office for the
Southern District of Florida announced criminal charges against four
defendants, resulting from a criminal investigation conducted by FDA's
Office of Criminal Investigations. The defendants were charged with
conspiracy to defraud the United States, conspiracy to violate the
Federal Food, Drug and Cosmetic Act, and criminal contempt.\5\
---------------------------------------------------------------------------
\3\ See: https://www.fda.gov/news-events/press-announcements/
coronavirus-covid-19-update-federal-judge-enters-temporary-injunction-
against-genesis-ii-church
\4\ See: https://www.fda.gov/news-events/press-announcements/
coronavirus-covid-19-update-daily-roundup-july-9-2020
\5\ See: https://www.fda.gov/inspections-compliance-enforcement-
and-criminal-investigations/press-releases/father-and-sons-charged-
miami-federal-court-selling-toxic-bleach-fake-miracle-cure-covid-19-and
---------------------------------------------------------------------------
FDA also works with both U.S. and international law enforcement
agencies to keep unproven products out of our country. For example,
several months ago, we intercepted and investigated a case of
misdeclared COVID-19 ``treatment kits'' offered for import. As a
result, OCI special agents, with the help of domestic and international
law enforcement counterparts in the United Kingdom, led the DOJ to
bring a criminal complaint against a British man who sought to profit
from this pandemic and jeopardize the public health.\6\
---------------------------------------------------------------------------
\6\ See: https://www.fda.gov/inspections-compliance-enforcement-
and-criminal-investigations/press-releases/uk-national-charged-
shipping-mislabeled-and-unapproved-treatments-patients-suffering-covid-
19
---------------------------------------------------------------------------
More recently, FDA has warned consumers and health care
professionals about hand sanitizer products containing methanol, or
wood alcohol--a substance often used to create fuel and antifreeze that
is not an acceptable active ingredient for hand sanitizer products, and
that can be toxic when absorbed through the skin, as well as life-
threatening when ingested.\7\ We have seen an increase in hand
sanitizer products that are labeled to contain ethanol but that have
tested positive for methanol contamination. State officials have
reported recent adverse events in both adults and children ingesting
hand sanitizer products contaminated with methanol--including
blindness, hospitalizations, and death. In addition to warning the
public about these dangerous hand sanitizer products, we are
communicating with manufacturers and distributors about recalling them.
We continue to test hand sanitizers offered for sale to U.S. consumers,
including those being offered for import into the country, and are
maintaining and continually updating a list on our website of hand
sanitizer products that FDA has recommended be recalled because they
were tested and found to contain methanol or are purportedly made at
the same facility as methanol-contaminated products.
---------------------------------------------------------------------------
\7\ See: https://www.fda.gov/drugs/drug-safety-and-availability/
fda-updates-hand-sanitizers-methanol#products
---------------------------------------------------------------------------
COVID-related testing products have also been the subject of recent
FDA action. Last month, FDA issued warning letters to six companies for
marketing adulterated and misbranded COVID-19 antibody tests.\8\
Violations outlined in the warning letters included: offering test kits
for sale in the United States directly to consumers for at-home use
without marketing approval, clearance, or authorization from FDA;
misbranding products with labeling that falsely claims the products are
``FDA approved''; and labeling that bears the FDA logo, which is not
for use on private sector materials. At the present time, there are no
diagnostic or antibody COVID-19 test kits that are authorized, cleared
or approved to be used completely at home. Testing in the home can
present unique and potentially serious public health risks, including
whether a lay user can collect their specimen, run the test, and
interpret their results accurately. While FDA has authorized several
diagnostic COVID-19 tests for use with at-home collection of samples
that can be sent to a lab for processing and test reporting, FDA has
not authorized any serology tests for use with at-home sample
collection. We have requested that the companies take immediate steps
to correct the violations cited in the warning letters, including
ceasing the sale of the products and preventing future sales.
---------------------------------------------------------------------------
\8\ See: https://www.fda.gov/news-events/press-announcements/
coronavirus-covid-19-update-fda-issues-warning-letters-companies-
inappropriately-marketing-antibody
---------------------------------------------------------------------------
Conclusion
FDA will continue to collaborate with the FTC and our other Federal
and state partners to protect consumers from fraudulent products
peddled by bad actors seeking to profit from this global pandemic, and
we strongly encourage anyone aware of suspected fraudulent medical
products related to the COVID-19 public health emergency to report them
to us. We are committed to protecting Americans from unsafe products,
and will continue our efforts to find and stop those selling unproven
products that fraudulently claim to diagnose, cure, mitigate, treat, or
prevent COVID-19. Unscrupulous actors must not be permitted to take
advantage of a pandemic to increase their profits while jeopardizing
the public health.
FDA appreciates the support and interest of Congress, and this
Subcommittee, in our work related to COVID-19. Thank you for the
invitation to provide a written statement for the hearing.
Senator Moran. Finally, USTelecom provided a letter for the
record describing the collaborative efforts of companies in the
Industry Traceback Group to actively trace and identify sources
of illegal robocalls that have only increased in frequency
during the pandemic.
I ask that this letter be submitted for the record.
Without objection, it is.
[The information referred to follows:]
USTelecom | The Broadband Association
July 21, 2020
Hon. Jerry Moran,
Chairman, Subcommittee on Manufacturing, Trade & Consumer Protection,
Washington, DC.
Hon. Richard Blumenthal,
Ranking Member, Subcommittee on Manufacturing, Trade & Consumer
Protection,
Washington, DC.
Dear Chairman Moran and Ranking Member Blumenthal:
Thank you for holding today's important hearing examining the rise
of scams occurring during the COVID-19 pandemic and strategies for
Federal and state government and the private sector to work together to
protect the public. In particular, I am pleased to share with the
committee our work to combat illegal robocalls.
USTelecom leads the Industry Traceback Group, a SWAT team of
providers across the wireline, wireless, VoIP and cable industries who
collaborate to trace the source of illegal robocalls and coordinate
with Federal and state enforcement agencies to bring these scammers to
justice.
Unfortunately, robocall scammers were out in force during this
public health emergency, using COVID-19 to trick, manipulate and
otherwise prey on vulnerable consumers. As soon as these scams started
appearing, we began to aggressively trace them around the world. We do
not just go after the scammers, but the under the radar voice service
providers who let billions of these junk calls onto our shared
communications network in the first place. We then coordinate with
industry to raise awareness about the source of the illegal calls and
with enforcement officials at the state and Federal level.
Some of these tracebacks cut off paths into the United States for
multiple COVID-19 robocalls scams. For example:
The Industry Traceback Group traced a COVID-19 testing kit
scam to a VoIP provider in the Philippines. ITG notified the
provider it was carrying suspect traffic bound for the U.S. and
within 24 hours the provider indicated it severed its
relationship with the customer and the calls stopped.
The Industry Traceback Group traced a COVID-19 HVAC duct
cleaning scam to a Florida provider receiving the calls from
Pakistan. After notification by ITG, downstream call providers
receiving traffic from the Florida entity intervened and the
calls stopped.
The Industry Traceback group traced a COVID-19 work from
home for Amazon scam. In about an hour, ITG traced the calls to
a provider in California who stopped taking the illegal calls
from a customer based in Utah.
The work of the ITG has been facilitated by the Senate's leadership
in passing the TRACED Act, a landmark law that bolsters more government
prosecution, including criminal prosecution of entities and individuals
actively engaged in efforts to defraud Americans.
We are proud to coordinate and share information on illegal and
often fraudulent robocalls with government partners, including the
Federal Communications Commission, the Federal Trade Commission, the
Department of Justice and virtually every state Attorney General. In
separate letters in April and May related to our coordination to combat
COVID-19 scams, the FCC and FTC called this public private partnership
``essential to combatting the deluge of unlawful robocalls and
protecting consumers and is particularly vital in swiftly identifying
scammers who attempt to defraud consumers during the COVID-19 disease
outbreak.''
Thank you again for bringing added attention to this topic by
holding today's hearing. USTelecom and the members of the Industry
Traceback Group remain committed to working with Congress and across
Federal and state enforcement agencies to combat illegal robocalls.
More information about our work is available at http://
www.ustelecom.org/the-ustelecom-industry-traceback-group-itg. We look
forward to being a resource on this and other topics to you and your
staff.
Sincerely,
Jonathan Spalter,
President and Chief Executive Officer.
Cc: The Honorable Roger Wicker
The Honorable Maria Cantwell
Senator Moran. With that, I now turn to the Ranking Member,
Senator Blumenthal, for his opening statement.
STATEMENT OF HON. RICHARD BLUMENTHAL,
U.S. SENATOR FROM CONNECTICUT
Senator Blumenthal. Thanks, Mr. Chairman. And thank you for
having this hearing.
In the wake of almost every disaster in this country, no
matter how dire, there are always bottom-feeders and con
artists who exploit people's fears and hopes. We all know,
probably everybody watching and listening today knows, there is
no cure for COVID-19, and there is no vaccine or other medical
prevention. That has not stopped the con artists and scams from
exploiting people's fears and hopes. In fact, they have defied
both science and common decency in taking advantage of people
financially.
So, the scams range from invasion of privacy and products
that are useless, price gouging, mortgage and student loan
relief scams, false cures, and fake test cons. But, more than
just financial loss, people face real healthcare danger. False
cures can kill. False cures not only take people's money, they
can kill. And deception can be deadly.
So, there are a variety of products. And, in fact, the FTC
has issued 255 warning letters. Those 255 companies were
defrauding and endangering consumers before they were caught.
Those 255 companies are among hundreds of others that are still
doing business. Those 255 companies have paid no cost--none---
for breaking the law and harming people, despite the FTC's
warning letters. And they are still doing business. They may
have changed their marketing pitches to be slightly less
deceptive and misleading, but they're still out there. And if
warning letters will not protect consumers, we need stronger
action.
On March 9, I wrote to the FTC and the FDA, calling on both
agencies to take more aggressive action to stop the marketing
and sale of fake coronavirus cures. Warning letters to
marketers simply fail to give consumers fair notice, they fail
to inform, they fail to correct wrong information, and they
send no real signal to the market. There needs to be real
deterrence, not just warning letters, a slap on the wrist.
I'm also alarmed that, again, we see high-tech firms
enabling consumer harm through negligence and inaction. Last
month, I wrote the FTC and the FDA on the dozens of unsafe
supplements being sold on Amazon and other online marketplaces
that claim to kill viruses. Amazon still has supplements,
tonics, probiotics, in a search for the ``COVID cure.'' We need
to stop the snake-oil salesmen. I mentioned a number of my--of
them in my March 9 letter; in particular, TV evangelist Jim
Bakker, who recently promoted a celluloid silver on his show,
claiming that it would eliminate viruses such as coronavirus.
Another one, Cellular Silver, itself, claims to, quote,
``achieve 99.99 percent complete kill against 660
microorganisms.'' Again, this is deception. We find these kinds
of utterly false ads for Quinessence Aromatherapy, N-
Energetics, GuruNanda, Vivify Holistic Clinic, Herbal Amy.
There is a list, and it is growing.
So, many of us, I think, hoped that this crisis would pass
swiftly and that we could return to a normal life, both the
healthcare crisis and the economic crisis. We're 6 months into
this pandemic. There's no end in sight to this horrendous
national suffering. We've seen hardship and heartbreak. It has
been aggravated, not reduced, by many of these false and
misleading promises for products that threaten healthcare,
endanger lives, take money from people unfairly and illegally,
but also pose great dangers to public health. And if we can do
something about them, Mr. Chairman, we will accomplish a lot of
good for the American people.
Thank you.
Senator Moran. Senator Blumenthal, thank you.
Senator Moran. We now will hear testimony from our
witnesses, and we will begin with the Honorable Derek Schmidt,
Attorney General, State of Kansas.
STATEMENT OF DEREK SCHMIDT, ATTORNEY GENERAL, STATE OF KANSAS
Mr. Schmidt. Thank you, Mr. Chairman.
Chairman Moran, thank you for the invitation, and thank you
for accommodating our remote testimony today. I'll admit it's
the first time I've presented congressional testimony without
leaving the Office of the Attorney General in Topeka, so we
hope it lives up to your needs.
Mr. Chairman, you have--both you and the Ranking Member
have laid out, I think very well, the framework in which we
operate as a State-level enforcement agency. You have my
written testimony. I certainly won't read it. I thought I would
use my minutes here for oral presentation to just emphasize a
few of the highlights that we've already presented to you in
writing.
Let me first discuss one case, for the purpose of
illustrating, not because that case is necessarily all that
extraordinary, but it illustrates some of the types of
enforcement actions that, at the State level, we are engaged
in.
Now, I had already filed a lawsuit, prior to the COVID
pandemic, against a defendant, a fellow named Shawn Parcells. I
actually have both criminal and civil litigation pending
against him and his related companies, so I'm obligated, at
this point, to say that criminal charges, of course, are only
accusations, and a defendant is presumed innocent unless and
until proven guilty. But, on the civil side for the enforcement
action, we had accused Mr. Parcells of violating our State's
consumer laws by selling autopsy services, tissue recovery
services, and other related types of services without having
the qualifications to do so. We had him enjoined from operating
within the State of Kansas. It was done by court order during
the pendency of our litigation. And then along came COVID. And
we received information, after the pandemic erupted into the
public consciousness, that our enjoined defendant had set up
some new companies and was peddling, essentially, the same
services, although in a new package, outside of Kansas, beyond
where he was enjoined; and specifically, he was marketing his
unqualified services to families and individuals who were--had
loved ones who were deceased as a result of COVID, to do
autopsy and tissue recoveries, which--he is entirely
unqualified. We were able to--because we have the case already
pending, the investigation for the additional information
didn't take terribly long. We were able to go back in front of
our judge and receive an expanded temporary restraining order
that prevents him from representing himself on any of this,
including on the COVID-related services, and also bars him from
leaving the State of Kansas without case-by-case permission
from our court.
I use this case just to illustrate--you know, we often
talk, at the broad policy level, about, sort of, the collective
impact of cases and behaviors by groups of defendants, groups
of companies, whatever it may be. And those are certainly
important. But, at the end of the day, enforcement actions, at
least at the State level, typically boil down to one defendant
or an associated group of defendants, one group of victims, and
one group of misconduct. And so, those are the types of cases
we wind up dealing with, with some regularity.
Moving beyond that individual case, let me just mention
some of the types of complaints of scams and related misconduct
we've been receiving since the pandemic erupted on stage in
March. We have investigations pending with respect to each of
these categories. I won't be able to discuss the particular
investigations, but I can certainly talk about the general
approach and subject matter.
And let me say, as both you, Mr. Chairman, and the Ranking
Member have already pointed out, the crooks and scam artists
use the same tools they always use, in terms of trying to get
into people's pocketbooks. They just change the messaging to
reflect the current concerns about COVID and to prey upon what
people are currently worried about.
So, we saw, for example--the first wave that we saw come
in, that continues, were text-message scams related to contact
tracing, something that, back in March, most Americans had
never heard of. And the text messages would come in and claim
along the lines of, you know, ``This is an official
communication letting you know that you've been in contact with
a person who has tested positive for COVID-19. Please click on
this link in order to get more public health information to
help you know what you need to do next.'' Of course, it was a
phishing e-mail. Clicking on the link resulted in an invitation
to provide personal information that had nothing to do with any
legitimate public health purpose. We put out a--an early
consumer alert in our state on that to raise awareness and try
to help people avoid the problem, because it's obviously much
easier to prevent people from becoming a victim than it is to
chase down their money once it's on, particularly when the
scammers operate outside of our jurisdiction and often from
offshore.
Another type of scam that we've seen a lot of complaints
on, as already mentioned by Senator Blumenthal, are COVID
prevention and treatment scams. It's everything you've read
about, but they come in in all the usual ways, sometimes by
robocall, sometimes by personal call, sometimes by text
message, sometimes by e-mail.
We've seen PPE scams, claims to be able to sell PPE to
folks, and then either there wasn't any PPE, or it existed but
it was sub-par, or it existed and it was good, but it was
stolen, it wasn't theirs to sell. We've seen all of the above.
We've seen scams related to stimulus checks, often
government-impostor type of scam, communications saying to
folks, ``We're from the Small Business Administration, we're
from the IRS, we're from a fill-in-the-blank government agency,
and we're here to assist you in making sure you get the payment
to which you're entitled.''
And we've seen fraudulent unemployment claims. Usually the
objective there is some--to get personal information and get a
payment based on some type of identity theft.
Finally, Mr. Chairman, I might just say, from our
standpoint, the ability to cooperate with Federal agencies is
really critical. The vast majority of law enforcement in this
country, especially on scams and frauds, is conducted at the
State and local level. But, we are geographically and
jurisdictionally limited, and it makes no sense for us to be
doing our thing in the territory that is Kansas, and the
Federal agencies to be doing their thing within the territory
that is Kansas, and us not to be coordinating. So, we always
coordinate very closely, particularly with our regional agency
offices, usually out of Kansas City. We have very good working
relationships with the principal agencies you'd expect for this
type of work, whether it's HHS OIG, or the FBI, or the Secret
Service, among others. And we have redoubled those efforts
during COVID.
Two things I might suggest for consideration on a policy
standpoint related to that. And I'll close with this, Mr.
Chairman. One is, I do think there is room--and I've suggested
this, I know, to you before COVID, and I think COVID has proven
the point--I do think there is room for a more structured
relationship between State-level enforcers--in our case, an
Attorney General's office--and our regional Federal law
enforcement partners. What I mean by that is, you know, the
Federal agencies receive a lot of information. I get a lot of
complaints directly from our citizens. They don't--sometimes
citizens don't come to us, they go directly to a Federal
agency. The Feds are limited, in terms of the size of scams and
rip-offs they often will look at. They may or may not admit it,
but the reality is, they have to make choices, and they
naturally look at the larger cases. That's perfectly
understandable. But, sometimes--and we've done this on
occasion--it is very helpful if, when our Federal partners
receive a complaint, and they've worked it up in part, because
they're trying to figure out what they've got, and it turns out
they've got a violation of law, but it's--it doesn't rise to
the level for Federal prosecution or consideration. It is very
helpful if they will then present it to us, as a prosecuting
entity, and we can prosecute those cases under State law. Well,
we've done that, particularly with HHS OIG, out of the regional
office before, and it seemed--it makes us very happy, because
it gives us more cases in our pipeline, and it seemed to make
them very happy, I think because they have a place to send
smaller cases that they've already invested time and effort in
but don't rise to the level, routinely, of Federal prosecution.
And then the second and final thing I'd suggest for
consideration, Mr. Chairman, there is one thing pending in the
Senate that would be very helpful, I think, in advancing our
capacity on some of this. It's Senate bill 2379. I know you're
a cosponsor. I think others on the Subcommittee are, and we
have talked about it. It's a measure that's been pending for
several years now, and I'm hopeful that it's got a path,
perhaps as part of the next stimulus bill, if there is one.
But, it would remove what I think is an arbitrary barrier in
Federal law that currently prohibits states from using our
Medicaid Fraud Control Units to detect, investigate, or
prosecute Medicaid patient abuse, as opposed to systemic
fraud--but patient abuse, unless that abuse occurs in an
institutional setting. So, from a COVID standpoint, what that
means is, if I've got somebody that we discover somehow is
ripping off, is defrauding a Medicaid beneficiary in a home
healthcare setting, trying to sell them, you know, bogus cures,
or whatever it may be, for COVID, I currently am not allowed to
use our Medicaid Fraud Control Unit assets, which are partially
federally funded and, therefore, subject to Federal limitation,
to investigate and prosecute that. I've got to find some other
way to do it with some other resources. And I can't figure out
why that is, other than it's a historical anomaly. And it would
be very helpful if that limitation were lifted swiftly, because
it would allow us to deploy already existing and in-place
investigation and prosecution resources to address non-
institutional COVID scams.
So, thank you, Mr. Chairman, for the opportunity to present
the information.
[The prepared statement of Mr. Schmidt follows:]
Prepared Statement of Derek Schmidt, Attorney General, State of Kansas
Chairman Moran, Ranking Minority Member Blumenthal, and Members of
the Committee:
Thank you for the opportunity to present this testimony as the
committee discusses the unfortunate reality that scam artists are
exploiting this global pandemic in attempts to profit unlawfully. I
appreciate the invitation to offer the perspective of a state attorney
general's office and share the types of scams that are being reported
to our office, the ways our office is responding and the cooperative
work we have engaged in with Federal partners.
Expectations and Preparations
While none of us has experienced a global pandemic on the scale of
COVID-19, our office has had plenty of experience dealing with more
localized disasters, such as tornadoes and floods. We know from that
experience that scam artists often take advantage of those situations
to prey on people during a time of distress and disruption. We expected
COVID-19 would be no different. On March 12, our office issued the
first consumer alert advising Kansans to keep up their guard and watch
out for COVID-19-related scams, such as bogus products advertised as
coronavirus prevention measures or treatments as well as bogus
charities purporting to raise money for coronavirus research or to
support coronavirus patients.
Later that same day, the governor of Kansas declared a state of
emergency related to COVID-19, which triggered the Kansas price-gouging
statute within the Kansas Consumer Protection Act. This statute
prohibits ``profiteer[ing] from a disaster'' by forbidding suppliers
from ``unjustifiably increasing during a time of disaster the price at
which any necessary property or service is offered for sale to
consumers.'' The statute prohibits increases of more than 25 percent in
the price of necessary products compared with the business day before
the disaster was declared, unless the supplier can show that the
additional cost was justified such as by additional costs incurred by
the supplier.
To respond to the expected influx of complaints regarding both
COVID-19 scams and price gouging, we immediately created a new
complaint form on our website specifically to report these activities.
We also launched a temporary COVID-19 resources homepage, which
contained a link to the complaint form and information related to our
COVID-19 response, including the consumer alerts mentioned in my
testimony. As our office moved to dispersed operations, we prioritized
keeping our Consumer Protection Division functional to be able to
timely respond to these complaints.
State v. Parcells
The complaints we have received related to COVID-19 scams have
resulted in numerous investigations, many of which remain underway. To
date, the most significant enforcement action our office has taken was
in relation to a case that was already pending against an individual
who offered to provide private autopsies, tissue recovery and forensic
services, although he was not a licensed physician or pathologist
qualified under Kansas law to perform such services. We previously had
sued this defendant for those sorts of activities not related to COVID-
19 and he was under a temporary court order not to perform such
services in Kansas while our lawsuit is pending. Once the pandemic
began, we learned that the defendant had formed new businesses and
websites, including social media, that offered consulting services for
coronavirus and COVID-19. Specifically, he was offering to enter homes
and businesses, perform swabs for purported coronavirus testing and
examine deceased persons to determine if they were positive for COVID-
19. The defendant was quoted in media reports stating he had contact
with two families in New York for COVID-19 testing on deceased family.
In May, we sought and obtained from the judge in our pending
lawsuit an amended temporary restraining order prohibiting the
defendant from advertising, soliciting, accepting payment for,
contracting, performing, or in any manner conducting business or
consumer transactions in epidemiology and infectious disease, including
coronavirus and COVID-19. In addition, he was prohibited from traveling
outside of Kansas or the Kansas City metro area without the approval of
the court.
The case, State v. Parcells, remains pending in Shawnee County
District Court, Case No. 2019-CV-000233.
Contact Tracing
Scams related to contact tracing were among the first to emerge. We
received reports from local emergency management officials of text
messages circulating claiming that ``Someone who came in contact with
you tested positive or has shown symptoms of COVID-19 and recommends
you self-isolate/get tested.'' The message then has a link to click for
more information. The link went to a bogus website that collected
personal information. Our office issued a consumer alert on this
particular scam, warning Kansans that the text message was not
legitimate and not to click on the link.
As part of a COVID-19 response bill passed by the Kansas
Legislature and signed into law by the governor last month, we
recommended inclusion of language to further protect Kansans from
invasions of privacy through contact tracing. We are hopeful that in
addition to protecting civil liberties, these restrictions in the
state's Contact Tracing Privacy Act will allow Kansans to more easily
know when alleged contact tracing is in fact a scam, because it does
not adhere to the requirements placed on legitimate contact tracers
being employed by the state or a local health department.
The new legislation, which applies to both the state and to local
government authorities, contains the following provisions to protect
citizens' civil liberties and the privacy of information collected
through contact tracing:
Participation in contact tracing must be voluntary. No
person may be required to participate, nor forbidden from
participating.
Contact tracing may not collect information through
cellphone tracking and may not use any information collected
through cellphone tracking.
Information collected through contact tracing must be used
only for contact tracing, kept confidential and not disclosed.
The information must be safely and securely destroyed when no
longer needed for contact tracing.
Only specified information may be collected by contact
tracers. The list of information that may be collected must be
established by the Secretary of Health and Environment through
the open and transparent process of adopting formal rules and
regulations.
The government may not require any third party to collect
contact data. Information voluntarily collected by third
parties may only be obtained by the government with the consent
of both the third party and the person the information relates
to, or with a judicially supervised warrant.
People working as contact tracers must receive training and
must affirm that they are familiar with the privacy and civil
liberties protections in the legislation.
We believe these were sensible solutions to put guardrails in place
so Kansans would have the necessary confidence in contact tracing
programs to be willing to participate voluntarily, knowing that their
personal information would be protected. We believe passage of this
bill made Kansas the first state to pass COVID-specific protections on
contact tracing, and we are aware that other states are currently
considering similar legislation. I am also aware that both Chairman
Moran and Ranking Member Blumenthal are interested in this topic and
have introduced Federal legislation seeking to protect the privacy of
information collected via contact tracing apps.
I have attached to my testimony an op-ed I wrote that was published
by National Review Online regarding our contact tracing bill
(Attachment 1), as well as an editorial from the Kansas City Star that
called our bill a ``pragmatic and deeply American approach.''
(Attachment 2).
In a related action, a bipartisan group of state and territory
attorneys general joined together in a letter to the chief executive
officers of Apple and Google asking them to strengthen efforts to
monitor the contact tracing apps available through their respective
platforms and to remove those that are not associated with a lawful
government purpose. A copy of our letter is attached. (Attachment 3).
Other Types of Scams
In addition to the issues described above, our office has initiated
a number of investigations related to scam reports we have received.
While I cannot discuss these pending investigations in detail, let me
describe common categories of scam reports that we have received:
COVID-19 prevention. These scams involve the offering for
sale of a product purported to help prevent the consumer from
contracting COVID-19.
Personal protective equipment. These scams involved the sale
of masks purported to be N95 and other personal protective
equipment. In some cases, these masks were not N95 and others
involved the sale of PPE that we believe the supplier never
possessed. Some legitimate merchandise offered in third-party
marketplaces was likely stolen and diverted for resale.
Stimulus checks. Following passage of the CARES Act, we
suspected that the direct cash payments to individuals would
spur scam artists, and issued another consumer alert. As
expected, we received reports of Kansans who received text
messages or e-mails offering assistance to the consumer to
claim their stimulus payment.
Government imposters. This always-popular scam reemerged
with COVID-19 variations. We have reports of scam artists
posing as the Small Business Administration offering assistance
with SBA loan programs and Kansas Department of Labor officials
offering assistance with unemployment benefits.
Fraudulent unemployment claims. The unprecedented number of
unemployment claims flooding our state system offered scammers
using stolen identities the opportunity to file claims and
receive the temporarily increased benefits.
Federal and Private Sector Cooperation
Throughout the pandemic, we have been working closely with multiple
Federal partners sharing information about scams that are being
reported. Examples include:
We have worked with the Food and Drug Administration on
cases involving advertisement of COVID-19 prevention or
treatment products.
We are working with the Kansas Department of Labor, U.S.
Department of Labor Office of Inspector General, Small Business
Administration and the Secret Service on the government
imposter scams and fraudulent unemployment filings.
We have referred cases to several other Federal agencies,
including the Federal Trade Commission, Federal Bureau of
Investigation and the U.S. Attorney's Office for the District
of Kansas. The U.S. Attorney's Office has also formed a COVID-
19 Fraud Task Force, bringing together many of these agencies,
including our office.
We have also worked closely with private-sector partners to combat
fraud. The largest example of this has been working with the large
online platforms for resellers--Amazon, eBay and Facebook Marketplace--
to have listings taken down that were clear cases of price gouging or
products that likely did not exist at all. For example, in three cases,
consumers reported to us Facebook Marketplace ads showing toilet paper
advertised for as much as $11 per roll. In each case, we contacted
Facebook and the listing was removed. In another case, eBay removed 57
listings and suspended sellers of N95 masks based on a complaint we
provided.
Scams and Frauds that Victimize Medicaid patients--S. 2379
We know the volume of COVID-19 related scams will stretch law
enforcement resources at every level. One specific action we have
advocated to make further resources promptly available is swift
enactment as part of the COVID-19 response of S. 2379, which would
repeal an outdated and seemingly arbitrary Federal statutory
restriction on states' ability to use their Medicaid Fraud Control
Units (MFCUs) to detect, investigate and prosecute abuse of Medicaid
patients in non-institutional settings. The expanded jurisdiction would
include financial abuses in the form of COVID-19 related scams and
frauds targeting Medicaid beneficiaries who do not reside in
institutions. Under current law, states have authority to use their
MFCU assets to address fraud against the Medicaid program itself
anywhere it may be found but may address the abuse of Medicaid
patients--including financial abuse through COVID-19 scams--only if it
occurs in an institutional setting.
With a growing number of Medicaid beneficiaries receiving services
in home-care settings, and with the increasing isolation at home of
many Americans, including Medicaid beneficiaries, because of COVID-19
related restrictions, eliminating this Federal restriction could
immediately bring more enforcement resources to the fight. Attached is
a bipartisan letter I sent, along with three other state attorneys
general, supporting inclusion of this legislation in COVID-19 relief
legislation (Attachment 4). It would be tremendously helpful if S. 2379
could become law soon.
Conclusion
I sincerely appreciate the cooperative work being done at all
levels to protect Kansans and all Americans from becoming scam victims
during this time when we are already faced with challenges we have
never before experienced. Thank you for conducting this hearing today
to shine a light on the good work that is being done and to discuss
ways that we can further improve our efforts.
______
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Senator Moran. General, thank you for your efforts, at
our--in our home State, to protect consumers. Thanks for your
testimony today. And thanks for your specific suggestions about
Federal actions.
Now we turn to our next witness, Mr. Andrew Smith. He is
the Director, Bureau of Consumer Protection at the Federal
Trade Commission.
STATEMENT OF ANDREW SMITH, DIRECTOR, BUREAU OF CONSUMER
PROTECTION, FEDERAL TRADE COMMISSION
Mr. Smith. Thank you.
Chairman Moran, Ranking Member Blumenthal, and members of
the Subcommittee, I'm Andrew Smith, the Director of the Federal
Trade Commission's Bureau of Consumer Protection.
My written statement represents the views of the
Commission, but this opening statement represents my views,
alone, and not necessarily the views of the Commission or of
any individual commissioner. I'm pleased to appear before you
today to discuss protecting Americans from COVID-19 scams.
Despite the disruption of the coronavirus pandemic, the
Bureau of Consumer Protection has managed to be aggressive,
creative, and productive, particularly with respect to scams
taking advantage of COVID-19 fear and confusion. Many of our
specific initiatives of the last 4 months are outlined in my
written testimony, but what is truly remarkable to me is how
the entire Bureau of Consumer Protection has risen to the
occasion and made a major contribution to the fight against
COVID scams.
Each of our eight divisions and eight regional offices is
pulling its weight in the fight against COVID scams while also
keeping up with its existing load of projects and cases. Our
Advertising Practices Division is taking action against fake
cures. Our Marketing Practices Division is taking on robocalls
and spurious business opportunities. Our Privacy Division is
focused on videoconferencing, contact tracing, and issues
around Ed Tech and distance learning. Our Financial Practices
Division is fighting small-business financing fraud. Our
Enforcement Division is taking on fulfillment scams that
promise PPE to consumers but that never deliver. Our Consumer
Response Division is collecting and analyzing complaint data
for public consumption as well as improved law enforcement
targeting. Our Litigation Support Division is assisting with
innovative ways to continue to do our work remotely, including
remote courtroom appearances, testimony, and document
production. Our Division of Business and Consumer Education has
produced dozens of blog posts, infographics, shareables,
videos, and other material in five different languages, on the
wide range of COVID scams, and has also been conducting
extensive outreach directly and through our partners in the
media, advocacy organizations, and trade groups. And our
regional offices are doing all of the above, actively engaged
in warning letters, investigations, litigation, and TROs.
Outreach, outreach, and more outreach with State and regional
partners.
In fact, just in the car on the way up here, I saw--I got
a--an e-mail about a joint letter that our Chicago office had
done with the Missouri Attorney General on a warning letter to
two separate companies, warning them against making fake claims
for COVID relief in connection with hearing aids. Just within
the last hour, we did that.
None of this, none of the work that we're doing, however,
would be possible without the cooperation and coordination with
our Federal, State, and local partners, as well as the private
sector. Working with FDA, we've sent dozens of warning letters
to dietary supplement sellers. We've been working with the
Federal Communications Commission and the USTelecom Industry
Traceback Group to halt illegal robocallers. Working with SBA,
we've taken action against companies offering PPP financing to
small businesses without SBA approval.
Some of our enforcement actions have been in conjunction
with DOJ or other criminal authorities who execute search
warrants at the same time as we go to court for an emergency
TRO. State regulators and AGs are joining us in warning letters
or taking action against recipients of our FTC warning letters.
Foreign regulators and criminal authorities in India,
Singapore, Canada, and Sweden have worked with us on
investigations and enforcement.
Some of the private partnerships have been just as
remarkable. I mentioned the USTelecom Robocall Traceback
Initiative, which has been invaluable in leading us to the
source of illegal robocalls. Our partnerships with the BBB and
AARP have enabled us to reach literally millions of consumers
with our educational message. In fact, one AARP presentation
early in the pandemic was viewed by more than 850,000 people.
We are always open to new ideas about how to better educate
and protect consumers from these pernicious COVID-related
scams. And I look forward to today's conversation on this
topic.
Thank you for the opportunity to testify. I welcome your
questions.
[The prepared statement of Mr. Smith follows:]
Prepared Statement of Andrew Smith, Director, Bureau of Consumer
Protection, Federal Trade Commission
I. INTRODUCTION
Chairman Moran, Ranking Member Blumenthal, and members of the
Subcommittee, I am Andrew Smith, Director of the Federal Trade
Commission's (``FTC'' or ``Commission'') Bureau of Consumer Protection.
I am pleased to appear before you today to discuss consumer protection
issues arising from the COVID-19 pandemic.\1\
---------------------------------------------------------------------------
\1\ This written statement presents the views of the Federal Trade
Commission. My oral statement and responses to questions are my own and
do not necessarily reflect the views of the Commission or any
Commissioner.
---------------------------------------------------------------------------
The FTC is a highly productive, bipartisan independent agency with
a broad mission. It is the only Federal agency with jurisdiction to
both protect consumers and maintain competition in most sectors of the
economy.\2\ In fulfilling its consumer protection mission, the agency
enforces laws that prohibit business practices that are unfair or
deceptive to consumers, being mindful not to impede legitimate business
activity. The FTC also educates consumers and businesses to encourage
informed consumer choices and compliance with the law. Through its
research, reports, and policy work, the FTC further promotes an honest
and competitive marketplace.
---------------------------------------------------------------------------
\2\ The FTC has broad law enforcement responsibilities under the
Federal Trade Commission Act, 15 U.S.C. Sec. 41 et seq., and enforces a
wide variety of other laws ranging from the Clayton Act to the Fair
Credit Reporting Act. In total, the Commission has enforcement or
administrative responsibilities under more than 70 laws. See https://
www.ftc.gov/enforcement/statutes.
---------------------------------------------------------------------------
On March 13, 2020, the President declared a national emergency in
response to the global outbreak of the ``Coronavirus Disease 2019''
(``COVID-19'' or ``coronavirus'').\3\ The FTC has worked aggressively
to combat consumer protection issues arising from the COVID-19
pandemic. In late March, Chairman Joseph Simons stated that the FTC
would ``not tolerate businesses seeking to take advantage of consumers'
concerns and fears regarding [the] coronavirus disease, exigent
circumstances, or financial distress.'' \4\ And we have not.
---------------------------------------------------------------------------
\3\ President Donald J. Trump, Proclamation on Declaring a National
Emergency Concerning the Novel Coronavirus Disease (COVID-19) (Mar. 13,
2020), available at https://www.white
house.gov/presidential-actions/proclamation-declaring-national-
emergency-concerning-novel-coro
navirus-disease-covid-19-outbreak/.
\4\ FTC Press Release, FTC Chairman Joe Simons Outlines the
Agency's Approach to Safeguarding Consumers During the Coronavirus
Pandemic (Mar. 26, 2020), https://www.ftc.gov/news-events/press-
releases/2020/03/ftc-chairman-joe-simons-outlines-agencys-approach-
safeguarding.
---------------------------------------------------------------------------
To date, the FTC has received over 131,419 consumer complaints
relating to COVID-19, including complaints about the government's
economic impact payments, or so-called stimulus checks.\5\ In addition,
the FTC is monitoring the marketplace for unsubstantiated health
claims, robocalls, privacy and data security concerns, sham charities,
online shopping fraud, phishing scams, work at home scams, credit
scams, and fake mortgage and student loan relief schemes. This also
includes monitoring of a variety of other scams related to the economic
fallout from the COVID-19 pandemic, including government imposters
attempting to scam consumers out of their stimulus checks.
---------------------------------------------------------------------------
\5\ See FTC, FTC COVID-19 and Stimulus Reports: Consumer Sentinel
Network Reports, https://public.tableau.com/profile/
federal.trade.commission#!/vizhome/COVID-19andStimulus
Reports/Map (last visited July 6, 2020).
---------------------------------------------------------------------------
While the FTC has quickly pivoted to address aggressively the
myriad of COVID-related scams, the agency has continued its extensive
consumer protection work. Since early March, the FTC has distributed
$40 million in redress \6\ in more than 10 cases. In addition, our
partners at the Department of Justice distributed another $153 million
from our multi-agency settlement with Western Union.\7\ We have
published rulemaking notices,\8\ workshop reports,\9\ reports to
Congress,\10\ data spotlights,\11\ and the new econsumer.gov
interactive dashboards.\12\ The FTC also has announced complaints or
settlements in more than 30 law enforcement matters, including
settlements that will return more than $225 million to consumers,\13\
privacy cases,\14\ national advertising cases,\15\ fraud cases,\16\
payment processor cases,\17\ financial services cases,\18\ rule
violations,\19\ civil penalty cases,\20\ a data security case,\21\
health advertising cases,\22\ and our first fair lending case in 10
years.\23\ This is all to say that the Commission's extensive COVID-
related work has not taken the Commission's attention away from its
continued dedication to American consumers and the non-COVID-related
hardships they are facing.
---------------------------------------------------------------------------
\6\ In fact, between July 1, 2018 and December 31, 2019, FTC
actions resulted in $1.2 billion in refunds to consumers, including
$542.9 million in refunds the FTC sent to consumers and the remainder
sent through self-administered redress programs. Of the $556.9 million
the FTC disbursed during that time, more than 97 percent ended up in
consumers' pockets, with 1.6 percent spent on administrative costs and
less than 1 percent sent to the U.S. Treasury (either because a refund
program was not feasible or because there was money left over after the
refund program was complete). See FTC, Data on Refunds to Consumers,
https://www.ftc.gov/enforcement/cases-proceedings/refunds/data-refunds-
consumers (last visited July 6, 2020).
\7\ See FTC Press Release, First Round of Refunds Totaling $153
Million Sent to Consumers As a Result of Multi-Agency Case Against
Western Union (Mar. 10, 2020), https://www.ftc.gov/news-events/press-
releases/2020/03/first-round-refunds-totaling-153-million-sent-
consumers-result.
\8\ See FTC Press Release, FTC Announces Final Amendments to the
Agency's Contact Lens Rule (June 23, 2020), https://www.ftc.gov/news-
events/press-releases/2020/06/ftc-announces-final-amendments-agencys-
contact-lens-rule; FTC Press Release, FTC Seeks Public Comment on
Proposed Repeal of the Care Labeling Rule (June 22, 2020), https://
www.ftc.gov/news-events/press-releases/2020/06/ftc-seeks-public-
comment-proposed-repeal-care-labeling-rule; FTC Press Release, FTC
Issues Staff Report on Made in the USA Workshop, Seeks Comment on
Related Proposed Rulemaking for Labeling Rule (June 22, 2020), https://
www.ftc.gov/news-events/press-releases/2020/06/ftc-issues-staff-report-
on-made-in-usa-workshop; FTC Press Release, FTC Seeks Comment as Part
of Review of Health Breach Notification Rule (May 8, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-seeks-comment-part-
review-health-breach-notification-rule; FTC Press Release, FTC Seeks
Comments on Proposed Changes to the Energy Labeling Rule (Mar. 27,
2020), https://www.ftc.gov/news-events/press-releases/2020/03/ftc-
seeks-comments-proposed-changes-energy-labeling-rule.
\9\ See FTC Press Release, FTC Issues Staff Report on Made in the
USA Workshop, Seeks Comment on Related Proposed Rulemaking for Labeling
Rule (June 22, 2020), https://www.ftc.gov/news-events/press-releases/
2020/06/ftc-issues-staff-report-on-made-in-usa-workshop; FTC Press
Release, FTC Staff Perspective Recaps Online Events Tickets Workshop
(May 7, 2020), https://www.ftc.gov/news-events/press-releases/2020/05/
ftc-staff-perspective-recaps-online-event-tickets-workshop.
\10\ See FTC Press Release, FTC Updates Congress on Efforts to
Educate Consumers about Their FCRA Rights (May 5, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-updates-congress-
efforts-educate-consumers-about-their-fcra; FTC Press Release, FTC
Sends Report to Congress on Retailers' Shipping Policies (Apr. 17,
2020), https://www.ftc.gov/news-events/press-releases/2020/04/ftc-
sends-report-congress-retailers-shipping-policies. See also FTC Press
Release, FTC Staff Provides Annual Letter to CFPB On Fair Debt
Collection Practices Act Activities (Mar. 20, 2020), https://
www.ftc.gov/news-events/press-releases/2020/03/ftc-staff-provides-
annual-letter-cfpb-fair-debt-collection (providing information to CFPB
for Congressional Report).
\11\ See FTC Press Release, Active Duty Servicemembers are More
Likely to Report Identity Theft than Other Adults, New FTC Data Shows
(May 21, 2020), https://www.ftc.gov/news-events/press-releases/2020/05/
active-duty-servicemembers-are-more-likely-report-identity-theft.
\12\ See generally https://econsumer.gov.
\13\ See FTC Press Release, Worldwide Payment Processor and
Payments Industry Executive to Pay $40.2 Million to Settle FTC Charges
of Assisting Fraudulent Schemes and Credit Card Laundering (May 19,
2020), https://www.ftc.gov/news-events/press-releases/2020/05/
worldwide-payment-processor-payments-industry-executive-pay-402; FTC
Press Release, FTC Halts Online Subscription Scheme that Deceived
People with ``Free Trial Offers'' (May 8, 2020), https://www.ftc.gov/
news-events/press-releases/2020/05/ftc-halts-online-subscription-
scheme-deceived-people-free-trial; FTC Press Release, Fashion Nova Will
Pay $9.3 Million for Consumer Refunds To Settle FTC Charges It Violated
Rules On Shipping, Refunds (Apr. 21, 2020), https://www
.ftc.gov/news-events/press-releases/2020/04/fashion-nova-will-pay-93-
million-consumer-refunds-settle-ftc; FTC Press Release, Rent-To-Own
Payment Plan Company Progressive Leasing Will Pay $175 Million to
Settle FTC Charges It Deceived Consumers About Pricing (Apr. 20, 2020),
https://www.ftc.gov/news-events/press-releases/2020/04/rent-own-
payment-plan-company-progressive-leasing-will-pay-175; FTC Press
Release, Student Loan Debt Relief Companies Agree to Settle FTC Charges
They Falsely Promised to Lower or Eliminate Consumers' Student Loans
(Mar. 30, 2020), https://www.ftc.gov/news-events/press-releases/2020/
03/student-loan-debt-relief-companies-agree-settle-ftc-charges-they.
\14\ See FTC Press Release, Swiss Digital Game Developer Settles
FTC Allegations that it Falsely Claimed it was a Member of COPPA Safe
Harbor Program (May 19, 2020), https://www.ftc.gov/news-events/press-
releases/2020/05/swiss-digital-game-developer-settles-ftc-allegations-
it-falsely; FTC Press Release, Medical Diagnostic Device Maker Settles
Allegations that it Misled Consumers about its Participation in the EU-
U.S. Privacy Shield (Mar. 30, 2020), https://www.ftc.gov/news-events/
press-releases/2020/03/medical-diagnostic-device-maker-settles-
allegations-it-misled.
\15\ See FTC Press Release, Williams-Sonoma, Inc. Settles with FTC,
Agrees to Stop Making Overly Broad and Misleading ``Made in USA''
Claims about Houseware and Furniture Products (Mar. 30, 2020), https://
www.ftc.gov/news-events/press-releases/2020/03/williams-sonoma-inc-
settles-ftc-agrees-stop-making-overly-broad; FTC Press Release, FTC
Acts to Stop False and Unsubstantiated Claims for Wagner OEX Brake Pads
(Mar. 25, 2020), https://www.ftc.gov/news-events/press-releases/2020/
03/ftc-acts-stop-false-unsubstantiated-claims-wagner-oex-brake-pads.
\16\ See FTC Press Release, Operators of Business Coaching Scheme
Will Pay At Least $1.2 Million to Settle FTC Charges They Deceived
Consumers Starting New Internet-based Businesses (May 13, 2020),
https://www.ftc.gov/news-events/press-releases/2020/05/operators-
business-coaching-scheme-will-pay-least-12-million; FTC Press Release,
FTC Files Complaint Alleging Telemarketers and Debt Collectors Worked
Together to Bilk Organizations for Subscriptions and Books They Never
Ordered (May 13, 2020), https://www.ftc.gov/news-events/press-releases/
2020/05/ftc-files-complaint-alleging-telemarketers-debt-collectors-
worked; FTC Press Release, FTC Halts Online Subscription Scheme that
Deceived People with ``Free Trial'' Offers (May 8, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-halts-online-
subscription-scheme-deceived-people-free-trial; FTC Press Release, FTC
Obtains Preliminary Injunction Against Investor Training Scheme Online
Trading Academy (Apr. 7, 2020), https://www.ftc.gov/news-events/press-
releases/2020/04/ftc-obtains-preliminary-injunction-against-investor-
training; FTC Press Release, Affiliate Marketers to Pay More Than $4
Million to Settle Charges that They Promoted a Fraudulent Business
Coaching and Investment Scheme (Mar. 5, 2020), https://www.ftc.gov/
news-events/press-releases/2020/03/affiliate-marketers-pay-more-4-
million-settle-charges-they.
\17\ See FTC Press Release, Rogue Payment Processor that Helped
Perpetuate Multiple Scams Is Banned from the Payment Processing
Business Under FTC Settlement (June 9, 2020), https://www.ftc.gov/news-
events/press-releases/2020/06/rogue-payment-processor-helped-
perpetuate-multiple-scams-banned; FTC Press Release, Payment Processor
for MOBE Business Coaching Scheme Settles FTC Charges (June 1, 2020),
https://www.ftc.gov/news-events/press-releases/2020/06/payment-
processor-mobe-business-coaching-scheme-settles-ftc; FTC Press Release,
Worldwide Payment Processor and Payments Industry Executive to Pay
$40.2 Million to Settle FTC Charges of Assisting Fraudulent Schemes and
Credit Card Laundering (May 19, 2020), https://www.ftc.gov/news-events/
press-releases/2020/05/worldwide-payment-processor-payments-industry-
executive-pay-402; FTC Press Release, Credit Card Launderer for Tech
Support Scams to Pay $6.75 Million to Settle FTC Charges (Apr. 22,
2020), https://www.ftc.gov/news-events/press-releases/2020/04/credit-
card-launderer-tech-support-scams-pay-675-million-settle.
\18\ See FTC Press Release, FTC Halts Deceptive Payday Lender That
Took Millions From Consumers' Accounts Without Authorization (May 22,
2020), https://www.ftc.gov/news-events/press-releases/2020/05/ftc-
halts-deceptive-payday-lender-took-millions-consumers; FTC Press
Release, Student Loan Debt Relief Companies Agree to Settle FTC Charges
They Falsely Promised to Lower or Eliminate Consumers' Student Loans
(Mar. 30, 2020), https://www.ftc.gov/news-events/press-releases/2020/
03/student-loan-debt-relief-companies-agree-settle-ftc-charges-they;
FTC Press Release, Health Center, Inc. Settles FTC Allegations That It
Targeted Older Consumers With Deceptive Claims for Health and Wellness
Products (Mar. 19, 2020), https://www.ftc.gov/news-events/press-
releases/2020/03/health-center-inc-settles-ftc-allegations-it-targeted-
older; FTC Press Release, Credit Repair Company Settles FTC Charges It
Deceived Consumers By Telling Them ``Piggybacking'' on Others' Credit
Could Boost Scores (Mar. 9, 2020), https://www.ftc.gov/news-events/
press-releases/2020/03/credit-repair-company-settles-ftc-charges-it-
deceived-consumers.
\19\ See FTC Press Release, Developer of Apps Popular with Children
Agrees to Settle FTC Allegations It Illegally Collected Kids' Data
without Parental Consent (June 4, 2020), https://www.ftc.gov/news-
events/press-releases/2020/06/developer-apps-popular-children-agrees-
settle-ftc-allegations-it; FTC Press Release, Auto Dealership Bronx
Honda, General Manager to Pay $1.5 Million to Settle FTC Charges They
Discriminated Against African-American, Hispanic Car Buyers (May 27,
2020), https://www.ftc.gov/news-events/press-releases/2020/05/bronx-
honda-to-pay-over-1-million-to-settle-charges; FTC Press Release,
Credit Card Launderer for Tech Support Scams to Pay $6.75 Million to
Settle FTC Charges (Apr. 22, 2020), https://www.ftc.gov/news-events/
press-releases/2020/04/credit-card-launderer-tech-support-scams-pay-
675-million-settle; FTC Press Release, Fashion Nova Will Pay $9.3
Million for Consumer Refunds To Settle FTC Charges It Violated Rules on
Shipping, Refunds (Apr. 21, 2020), https://www.ftc.gov/news-events/
press-releases/2020/04/fashion-nova-will-pay-93-million-consumer-
refunds-settle-ftc; FTC Press Release, Student Loan Debt Relief
Companies Agree to Settle FTC Charges They Falsely Promised to Lower or
Eliminate Consumers' Student Loans (Mar. 30, 2020), https://
www.ftc.gov/news-events/press-releases/2020/03/student-loan-debt-
relief-companies-agree-settle-ftc-charges-they; FTC Press Release,
Credit Repair Company Settles FTC Charges It Deceived Consumers By
Telling Them ``Piggybacking' on Others' Credit Could Boost Scores (Mar.
9, 2020), https://www.ftc.gov/news-events/press-releases/2020/03/
credit-repair-company-settles-ftc-charges-it-deceived-consumers.
\20\ See FTC Press Release, Developer of Apps Popular with Children
Agrees to Settle FTC Allegations It Illegally Collected Kids' Data
without Parental Consent (June 4, 2020), https://www.ftc.gov/news-
events/press-releases/2020/06/developer-apps-popular-children-agrees-
settle-ftc-allegations-it; FTC Press Release, FTC Reaches Settlement
with Kohl's over Allegations it Failed to Provide Victims with
Information Related to Identity Theft (June 10, 2020), https://
www.ftc.gov/news-events/press-releases/2020/06/ftc-reaches-settlement-
kohls-over-allegations-it-failed-provide.
\21\ See FTC Press Release, Canadian Maker of Smart Locks Settles
FTC Allegations that It Deceived Consumers about Its Security Practices
(Apr. 6, 2020), https://www.ftc.gov/news-events/press-releases/2020/04/
canadian-maker-smart-locks-settles-ftc-allegations-it-deceived.
\22\ See FTC Press Release, FTC Puts an End to Deceptive
Advertising of Light Therapy Device (June 25, 2020), https://
www.ftc.gov/news-events/press-releases/2020/06/ftc-puts-end-deceptive-
advertising-light-therapy-device; FTC Press Release, FTC Takes Action
to Stop Direct Mail Pill Marketers' Unproven Health Claims (Apr. 20,
2020), https://www.ftc.gov/news-events/press-releases/2020/04/ftc-
takes-action-stop-direct-mail-pill-marketers-unproven-health; FTC Press
Release, FTC Halts Bogus Claims about ``Miracle'' Supplement for Older
Adults (Apr. 16, 2020), https://www.ftc.gov/news-events/press-releases/
2020/04/ftc-halts-bogus-claims-about-miracle-supplement-older-adults;
FTC Press Release, Health Center, Inc. Settles FTC Allegations That It
Targeted Older Consumers With Deceptive Claims for Health and Wellness
Products (Mar. 19, 2020), https://www.ftc.gov/news-events/press-
releases/2020/03/health-center-inc-settles-ftc-allegations-it-targeted-
older; FTC Press Release, Tea Marketer Misled Consumers, Didn't
Adequately Disclose Payments to Well-Known Influencers, FTC Alleges
(Mar. 6, 2020), https://www.ftc.gov/news-events/press-releases/2020/03/
tea-marketer-misled-consumers-didnt-adequately-disclose-payments; FTC
Press Release, Marketers of Pain Relief Device Settle FTC False
Advertising Complaint (Mar. 4, 2020), https://www.ftc.gov/news-events/
press-releases/2020/03/marketers-pain-relief-device-settle-ftc-false-
advertising.
\23\ See FTC Press Release, Auto Dealership Bronx Honda, General
Manager to Pay $1.5 Million to Settle FTC Charges They Discriminated
Against African-American, Hispanic Car Buyers (May 27, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/bronx-honda-to-pay-over-
1-million-to-settle-charges.
---------------------------------------------------------------------------
As always, the FTC appreciates your support of our consumer
protection mission. An essential part of that mission is getting back
to consumers money wrongly taken from them. Unfortunately, our ability
to do so has been threatened or curtailed by recent judicial decisions,
making it harder for the FTC to get consumer redress, including in
coronavirus-related scam cases. We therefore respectfully request that
Congress clarify the agency's statutory authority to obtain complete
consumer redress under Section 13(b) of the FTC Act. Section 13(b) says
the FTC can seek ``permanent injunctions,'' and for decades, courts
interpreted that language to mean that the FTC could secure equitable
monetary remedies, including restitution to consumers and disgorgement
of ill-gotten gains. One recent decision from the Seventh Circuit held
that Section 13(b) was limited to injunctions and so did not allow
monetary remedies at all.\24\ The Supreme Court has agreed to hear that
case and another case, from the Ninth Circuit, that ruled we are
entitled to monetary equitable relief. \25\ We expect the Court to
resolve this issue by next summer. A decision last year from the Third
Circuit held that the FTC could bring cases under Section 13(b) only if
the illegal acts were ongoing or impending, limiting our ability to
pursue past illegality.\26\ And the Supreme Court's recent Liu decision
may place limitations on the amount of money we can obtain from
wrongdoers and ultimately return to consumers.\27\ In short, our
ability to get full redress for consumers is in peril. Congress should
act now to preserve the FTC's ability to restore to consumers money
they lose to scammers and fraudsters.
---------------------------------------------------------------------------
\24\ See Fed. Trade Comm'n v. Credit Bureau Ctr., LLC, 937 F.3d 764
(7th Cir. 2019).
\25\ Fed. Trade Comm'n v. Credit Bureau Ctr., LLC, 937 F.3d 764
(7th Cir. 2019), cert. granted, No. 19-825 (July 9, 2020); AMG Cap.
Mgmt., LLC v. Fed. Trade Comm'n, 910 F.3d 417 (9th Cir. 2018), cert.
granted, No. 19-508 (July 9, 2020).
\26\ See Fed. Trade Comm'n v. Shire ViroPharma, Inc., 917 F.3d 147
(3rd Cir. 2019).
\27\ See Liu v. Sec. Exch. Comm'n, 140 S.Ct. 1936 (2020).
---------------------------------------------------------------------------
In addition, the Commission's primary source of legal authority in
the privacy and data security space is Section 5 of the FTC Act, which
prohibits deceptive or unfair commercial practices.\28\ Section 5,
however, is not without its limitations. For example, Section 5 does
not allow the Commission to seek civil penalties for the first offense.
It also excludes non-profits and common carriers from the Commission's
authority, even when the acts or practices of these market participants
have serious implications for consumer privacy and data security. To
better equip the Commission to meet its statutory mission to protect
consumers, we urge Congress to enact privacy and data security
legislation, enforceable by the FTC, which grants the agency civil
penalty authority, targeted Administrative Procedure Act rulemaking
authority, and jurisdiction over non-profits and common carriers.\29\
---------------------------------------------------------------------------
\28\ 15 U.S.C. Sec. 45. The Commission also enforces sector-
specific statutes containing privacy and data security provisions, such
as the Gramm-Leach-Bliley Act (``GLB Act''), Pub. L. No. 106-102, 113
Stat. 1338 (1999) (codified as amended in scattered sections of 12 and
15 U.S.C.), and the Children's Online Privacy Protection Act
(``COPPA''), 15 U.S.C. Sec. Sec. 6501-6506.
\29\ Commissioner Phillips supports congressional efforts to
consider consumer data privacy legislation. He believes legislation
should be based on harms that Congress agrees warrant a remedy, and
that tools like penalties and rulemaking should be calibrated carefully
to address those harms. Commissioner Phillips believes Congress should
also give appropriate consideration to the trade-offs involved in new
regulation, and, with regard to rulemaking, reserve to itself
fundamental value judgments appropriately made by the legislature.
Finally, Commissioner Phillips believes data security legislation is a
critical step Congress should also take to protect consumer privacy.
---------------------------------------------------------------------------
II. COVID-19 HEALTH FRAUDS
It is often the case that, following reports of a health scare,
deceptive advertising or marketing touting ``miracle cures'' quickly
emerge. The COVID-19 pandemic has put this cause and effect scenario
into overdrive. Although some of these supposed ``treatments'' seem
facially preposterous, it is not uncommon for consumers in distress to
be willing to try (and spend) anything in the hopes that it will
protect them or their families from sickness or death.
Given the breadth of false treatment claims we have seen regarding
COVID-19, the FTC determined that the fastest way to get these false
treatment claims taken down is to pursue a rigorous warning letter
program. To date, the FTC and the Food and Drug Administration
(``FDA'') have issued 65 joint warning letters to marketers regarding
claims that their products will treat, cure, or prevent COVID-19, and
there are additional joint warning letters in the pipeline.\30\ The FTC
also has issued its own 190 warning letters to additional
marketers.\31\ The letters warn recipients that their conduct is likely
to be unlawful, that they could face serious legal consequences if they
do not immediately stop, and require a response to the FTC within 48
hours. Overwhelmingly, companies that have received FTC warning letters
these past few months have taken quick steps to correct their
problematic claims. As a result, warning letters are frequently the
most rapid and efficient means to address the problem. However, when a
warning letter does not work, or is not appropriate given the conduct
at issue, the FTC has pursued law enforcement.
---------------------------------------------------------------------------
\30\ See generally https://www.ftc.gov/coronavirus/enforcement/
warning-letters.
\31\ Id. The FTC issues its own warning letters to entities selling
products that are outside the FDA's jurisdiction.
---------------------------------------------------------------------------
The FTC's action against Marc Ching, doing business as Whole Leaf
Organics, is one example.\32\ Mr. Ching had previously received a
letter from the FDA warning him that he was making unapproved drug
claims by claiming that his cannabidiol (``CBD'') products were
intended for use in the treatment or prevention of diseases. Not only
did Mr. Ching fail to remove the unapproved CBD claims from his
website, he added COVID-19 claims for a Vitamin C and herbal extracts
product during the pandemic.\33\ We knew that with these facts, a
warning letter was not appropriate. On April 22, the FTC issued an
administrative complaint alleging that Mr. Ching deceptively advertised
a supplement as a clinically-proven immunity booster that prevents and
treats COVID-19.\34\ Two days later, the FTC filed a Federal complaint
seeking preliminary relief containing the same allegations about Mr.
Ching's health claims. By April 26, Mr. Ching had agreed to the Federal
preliminary order, barring him from claiming that his products were
effective at treating, preventing, or reducing the risk of COVID-19 for
the duration of the administrative proceeding. Mr. Ching subsequently
agreed to settle the administrative case with an order barring his
false and unsubstantiated health claims, and requiring him to send
written notices to customers and retailers that his products would not
treat, prevent, or reduce the risk of COVID-19, or prevent or treat
cancer, and inform them of his settlement with the Commission.\35\
---------------------------------------------------------------------------
\32\ U.S. v. Marc Ching, No. 2:20-cv-03775 (C.D. Cal. 2020),
https://www.ftc.gov/enforcement/cases-proceedings/202-3110/whole-leaf-
organics; Marc Ching, No. D9394 (administrative complaint filed Apr.
27, 2020), https://www.ftc.gov/enforcement/cases-proceedings/202-3110/
marc-ching-matter.
\33\ Mr. Ching sold a supplement, called ``Thrive,'' and advertised
that it was ``the perfect way to strengthen your immunity against
pathogens like, ``COVID-19,'' THE CORONAVIRUS.'' (Emphasis in
original). Marc Ching, No. D9394 (administrative complaint, Exhibit A),
https://www.ftc.gov/system/files/documents/cases/
d09394_administrative_part_iii_complaint.pdf.
\34\ The complaint also alleged that Mr. Ching deceptively
advertised that his CBD products would prevent and treat cancer, and
that clinical studies established the efficacy of these products. Id.
\35\ FTC Press Release, FTC Order Stops the Marketer of ``Thrive''
Supplement from Making Baseless Claims It Can Treat, Prevent, or Reduce
the Risks from COVID-19 (July 10, 2020,), https://www.ftc.gov/news-
events/press-releases/2020/07/ftc-order-stops-marketer-thrive-
supplement-making-baseless-claims.
---------------------------------------------------------------------------
III. MULTI-LEVEL MARKETING COMPANIES
The FTC also has issued warning letters to major multi-level
marketing companies (``MLMs'') regarding COVID-19 prevention or
treatment claims made by the MLM and/or its business opportunity
participants.\36\ In addition to warning the MLMs regarding the
prevention or treatment claims, we also warned them that they are
responsible for their earnings claims as well as earnings claims made
by their business opportunity participants and representatives.\37\
---------------------------------------------------------------------------
\36\ See FTC Press Release, FTC Sends Second Round of Warning
Letters to Multi-Level Marketers Regarding Coronavirus Related Health
and Earnings Claims (June 5, 2020), https://www.ftc.gov/news-events/
press-releases/2020/06/second-round-warning-letters-to-mlms-regarding-
coronavirus (letters to Isagenix International LLC, The Juice Plus+
Company, Youngevity International, Inc., Vivri USA, LLC, and Plexus
Worldwide, LLC included health claims); FTC Press Release, FTC Sends
Warning Letters to Multi-Level Marketers Regarding Health and Earnings
Claims They or Their Participants are Making Related to Coronavirus
(Apr. 24, 2020), https://www.ftc.gov/news-events/press-releases/2020/
04/ftc-sends-warning-letters-multi-level-marketers-regarding-health
(letters to doTERRA International, Inc., Pruvit Ventures, Inc., Total
Life Changes, LLC, Tranont, Modere, Inc., Arbonne International, LLC,
and Zurvita, Inc. included health claims).
\37\ See also FTC, Business Guidance Concerning Multi-Level
Marketing (Jan. 2018), https://www.ftc.gov/tips-advice/business-center/
guidance/business-guidance-concerning-multi-level-marketing.
---------------------------------------------------------------------------
To date, the FTC has sent 12 warning letters to MLMs regarding
prevention or treatment claims, earning claims, or both, made by the
MLMs themselves,\38\ or by business opportunity representatives or
participants on their behalf.\39\ Telling a consumer that by joining an
MLM business venture they can earn a certain amount of money in a
month, or obtain ``financial freedom,'' when it is unlikely they can do
so, is unlawful. The need to address such claims is pressing because
consumers are facing extreme economic and employment uncertainty due to
the COVID-19 pandemic. The FTC's warning letters make it clear that
misrepresenting a consumer's potential earnings will not be tolerated.
---------------------------------------------------------------------------
\38\ FTC Press Release, FTC Sends Warning Letters to Multi-Level
Marketers Regarding Health and Earnings Claims They or Their
Participants are Making Related to Coronavirus (Apr. 24, 2020), https:/
/www.ftc.gov/news-events/press-releases/2020/04/ftc-sends-warning-
letters-multi-level-marketers-regarding-health (letter to It Works
Marketing, Inc.).
\39\ See FTC Press Release, FTC Sends Second Round of Warning
Letters to Multi-Level Marketers Regarding Coronavirus Related Health
and Earnings Claims (June 5, 2020), https://www.ftc.gov/news-events/
press-releases/2020/06/second-round-warning-letters-to-mlms-regarding-
coronavirus (letters to Isagenix International LLC, The Juice Plus+
Company, and Melaleuca, Inc. included earnings claims); FTC Press
Release, FTC Sends Warning Letters to Multi-Level Marketers Regarding
Health and Earnings Claims They or Their Participants are Making
Related to Coronavirus (Apr. 24, 2020), https://www.ftc.gov/news-
events/press-releases/2020/04/ftc-sends-warning-letters-multi-level-
marketers-regarding-health (letters to doTERRA International, Inc.,
Pruvit Ventures, Inc., Total Life Changes, LLC, Tranont, Modere, Inc.,
Arbonne International, LLC, IDLife, LLC, and Rodan & Fields, LLC
included earnings claims).
---------------------------------------------------------------------------
IV. COVID-19 FINANCIAL VULNERABILITY FRAUDS
Alongside the health concerns presented by COVID-19, many consumers
are facing substantial economic and financial hardships because of the
pandemic. These are also dire times for small businesses. The FTC has
been on the lookout for frauds targeting financially vulnerable
consumers and small businesses, and is pursing warning letters and law
enforcement to protect them from further financial harm.
Millions of American consumers lost their jobs because of the
pandemic. With families to support, many consumers are seeking
alternative ways to make money. In addition to the MLM effort outlined
above, we have redoubled our efforts to identify scam business
opportunities that look better than they are.
The FTC also recognizes that the financial hardships caused by the
pandemic are not just limited to consumers. Small businesses have
sought out relief and loans through the Paycheck Protection Program
(PPP) or other programs authorized by the Coronavirus Aid, Relief, and
Economic Security (CARES) Act.\40\ To date, the FTC and the Small
Business Administration (``SBA'') have issued 8 warning letters to
companies making claims that could lead consumers and small businesses
to believe these companies are somehow affiliated with the SBA, that
consumers and small businesses could get PPP loans by applying on their
website, or otherwise misleading small business about Federal loans or
other temporary small business relief.\41\ As with deceptive health
claims, the FTC believes that the fastest way to take down these false
claims is by issuing warning letters. However, as always, in some
cases, the FTC will pursue law enforcement. For example, on April 17,
2020, the FTC filed a complaint against one such company that was
posing as an approved PPP lender.\42\ The FTC will continue to monitor
the marketplace and will take action where appropriate to combat such
frauds.
---------------------------------------------------------------------------
\40\ P.L. 116-136.
\41\ See FTC Press Release, FTC and SBA Warn Six Companies to Stop
Potentially Misleading Marketing Aimed at Small Businesses Seeking
Coronavirus Relief Loans (June 24, 2020), https://edit.ftc.gov/news-
events/press-releases/2020/06/ftc-sba-warn-six-companies-stop-
potentially-misleading-marketing; FTC Press Release, FTC and SBA Warn
Operator of SBA.com and Lead Generator Lendio to Stop Potentially
Misleading Coronavirus Relief Loan Marketing (May 18, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-sba-warn-operator-
sbacom-lead-generator-lendio-stop.
\42\ FTC v. Ponte Investments, LLC, No. 1:20-cv-00177 (D.R.I. Apr.
17, 2020), https://www.ftc.gov/enforcement/cases-proceedings/202-3115/
ponte-investments-llc.
---------------------------------------------------------------------------
V. ONLINE SHOPPING FRAUD
``Online shopping'' has recently become the leading source of
coronavirus-related consumer complaints in our Consumer Sentinel
database.\43\ These complaints are, in part, about merchants that offer
for sale masks, personal protective equipment, and related products,
but then do not ship the products, fail to meet their delivery
promises, or ship products other than those advertised, and fail to
provide refunds to consumers. We recently brought an expedited
enforcement action--in conjunction with criminal authorities who
executed a search warrant at the same time \44\--and are seeking
additional actions where it would be appropriate to combat such frauds
in conjunction with criminal authorities. Working together with
criminal authorities, we can get effective injunctive relief and
compliance monitoring quickly.
---------------------------------------------------------------------------
\43\ See FTC Consumer Sentinel Network Reports, FTC COVID-19 and
Stimulus Reports, https://public.tableau.com/profile/
federal.trade.commission#!/vizhome/COVID-19andStimulus
Reports/Map (last visited July 6, 2020).
\44\ FTC Press Release, FTC Takes Action against Marketer That
Falsely Promised Consumers Next Day Shipping of Facemasks and Other
Personal Protective Equipment (July 8, 2020), https://www.ftc.gov/news-
events/press-releases/2020/07/ftc-takes-action-against-marketer-that-
falsely-promised-next-day-shipping.
---------------------------------------------------------------------------
VI. COVID-19 SPOOFING/IMPOSTER SCAMS
Aside from scams targeting health and financial vulnerabilities
caused by the pandemic, the FTC has responded to other coronavirus-
related fraudulent behavior.
The FTC has issued warning letters to 15 Voice over Internet
Protocol (VoIP) service providers and other companies, warning them
that ``assisting and facilitating'' illegal telemarketing or robocalls
related to the COVID-19 pandemic is against the law.\45\ The Federal
Communications Commission joined the FTC on 6 of these warning
letters.\46\ Many of these calls prey upon consumers' fear of the virus
to perpetrate scams or sow disinformation. The letters stress that
combatting illegal telemarketing and robocalls is a top priority of the
Commission.\47\
---------------------------------------------------------------------------
\45\ FTC Press Release, FTC and FCC Sent Joint Letters to
Additional VoIP Providers Warning against `Routing and Transmitting'
Illegal Coronavirus-related Robocalls (May 20, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-fcc-send-joint-
letters-additional-voip-providers-warning; FTC Press Release, FTC and
FCC Send Joint Letters to VoIP Service Providers Warning against
`Routing and Transmitting' Illegal Coronavirus-related Robocalls (Apr.
3, 2020), https://www.ftc.gov/news-events/press-releases/2020/04/ftc-
fcc-send-joint-letters-voip-service-providers-warning-against; FTC
Press Release, FTC Warns Nine VoIP Service Providers and Other
Companies against `Assisting and Facilitating' Illegal Coronavirus-
related Telemarketing Calls (Mar. 27, 2020), https://www.ftc.gov/news-
events/press-releases/2020/03/ftc-warns-nine-voip-service-providers-
other-companies-against.
\46\ FTC Press Release, FTC and FCC Sent Joint Letters to
Additional VoIP Providers Warning against `Routing and Transmitting'
Illegal Coronavirus-related Robocalls (May 20, 2020), https://
www.ftc.gov/news-events/press-releases/2020/05/ftc-fcc-send-joint-
letters-additional-voip-providers-warning; FTC Press Release, FTC and
FCC Send Joint Letters to VoIP Service Providers Warning against
`Routing and Transmitting' Illegal Coronavirus-related Robocalls (Apr.
3, 2020), https://www.ftc.gov/news-events/press-releases/2020/04/ftc-
fcc-send-joint-letters-voip-service-providers-warning-against.
\47\ While there were likely many factors--including more
aggressive blocking by phone companies and warning letters from the FTC
and others--the FTC has seen a sharp drop in the number of robocall
complaints since bringing a case against a large VoIP provider for
facilitating illegal robocalls in December 2019. See FTC Press Release,
Court Halts Operations of VoIP Service Provider after the FTC and Ohio
Alleged that It Helped Promote Credit Card Interest Reduction Scheme
(Dec. 5, 2019), https://www.ftc.gov/news-events/press-releases/2019/12/
court-halts-operations-voip-service-provider-after-ftc-ohio.
---------------------------------------------------------------------------
The agency will continue to review complaints and monitor the
marketplace to keep abreast of evolving scams and make sure that
consumers have the most up-to-date information and advice possible.
VII. COVID-19 CONSUMER EDUCATION AND OUTREACH
The FTC has worked aggressively to educate consumers of all ages
about coronavirus-related scams from the onset of this crisis. FTC
staff across the Bureau of Consumer Protection (including the eight
regional offices) conduct national and local outreach with partners to
reach a variety of audiences, including older consumers, ethnic media,
housing organizations, and re-entry groups by using webinars, tele-town
halls, Twitter chats, Facebook Live events, as well as interviews with
local and national media. During the pandemic, FTC staff have
participated in hundreds of virtual webinars, presentations, and
interviews--in English, Spanish, and Mandarin.\48\
---------------------------------------------------------------------------
\48\ One AARP tele-town hall that the FTC participated in received
more than 852,000 views just 4 days after posting the video. See AARP,
AARP's March 19 Coronavirus Tele-Town Hall (Mar. 21, 2020), https://
www.aarp.org/podcasts/take-on-today/info-2020/coronavirus-town-hall-3-
20.html.
---------------------------------------------------------------------------
On February 10, the FTC issued its first consumer alert warning
about the potential scams that come with widespread health concerns
like the COVID-19 pandemic.\49\ The FTC also developed a multi-media
campaign, complete with a dedicated website in response to the COVID-19
pandemic.\50\ This page contains a library of more than 96 consumer and
business posts and scam alerts on topics ranging from stimulus payments
and health claims to charity fraud, government imposter scams, and
misinformation and rumors.\51\ The FTC's coronavirus webpage also
includes a free one-page infographic that other organizations can share
with consumers.\52\ FTC staff regularly updates the page, linking to
related consumer and business alerts, law enforcement actions, consumer
report data, and other details about the FTC's efforts to combat
coronavirus-related scams and educate consumers. More than 365,000
businesses and consumers receive FTC alerts.\53\ All resources on the
FTC's website are free for consumers and organizations--including any
member of Congress--to access, use, and share. In addition to our own
social media activity, we encourage consumers to share the materials
through social media and organizations to co-brand our materials and
share them with their audiences.\54\
---------------------------------------------------------------------------
\49\ FTC Consumer Alert, Coronavirus scammers follow headlines
(Feb. 10, 2020), https://www.consumer.ftc.gov/blog/2020/02/coronavirus-
scammers-follow-headlines.
\50\ See ftc.gov/coronavirus.
\51\ For example, the FTC issued a consumer alert following reports
that nursing homes and assisted living facilities were illegally taking
residents' stimulus payments. See FTC Consumer Alert, Did a nursing
home or assisted living facility take your stimulus check? (May 15,
2020), https://www.consumer.ftc.gov/blog/2020/05/did-nursing-home-or-
assisted-living-facility-take-your-stimulus-check.
\52\ A pdf of the infographic can be downloaded here: https://
www.consumer.ftc.gov/sites/www.consumer.ftc.gov/files/
keep_calm_infographic_en_508.pdf.
\53\ Moreover, the FTC's COVID-related blog post about fake checks
from the government has received over 1.5 million views. See FTC
Consumer Alert, Checks from the government (Mar. 18, 2020), https://
www.consumer.ftc.gov/blog/2020/03/checks-government.
\54\ Various national organizations, including the National
Association for the Advancement of Colored People, have worked with the
FTC to co-brand COVID-19 scam infographics.
---------------------------------------------------------------------------
The FTC also has provided outreach specifically on privacy during
the coronavirus pandemic, a concern of many businesses and consumers as
the pandemic has shifted the workplace from traditional office spaces
to consumers' homes. For example, the FTC has provided privacy and
online security tips to consumers and businesses who have transitioned
from working at an office to working from home.\55\ The FTC also has
provided information on contract tracing so that consumers do not
divulge their sensitive personal information (such as financial
information) to fake contract tracers, while emphasizing the importance
of cooperating with legitimate contact tracers.\56\ The pandemic has
led to an increased reliance on technology to stay connected, and the
Commission is staying abreast of privacy or data security issues that
may arise so that consumers and businesses can better protect
themselves in this increasingly virtual world.\57\
---------------------------------------------------------------------------
\55\ FTC Business Alert, Video Conferencing: 10 privacy tips for
our business (Apr. 16, 2020), https://www.ftc.gov/news-events/blogs/
business-blog/2020/04/video-conferencing-10-privacy-tips-your-business;
FTC Consumer Alert, Online security tips for working from home (Mar.
18, 2020), https://www.consumer.ftc.gov/blog/2020/03/online-security-
tips-working-home.
\56\ FTC Consumer Alert, Help COVID-19 contract tracers, not
scammers (June 25, 2020), https://www.consumer.ftc.gov/blog/2020/06/
help-covid-19-contact-tracers-not-scammers; FTC Consumer Alert, COVID-
19 contact tracing text message scams (May 19, 2020), https://
www.consumer.ftc.gov/blog/2020/05/covid-19-contact-tracing-text-
message-scams.
\57\ See also FTC Business Alert, COPPA Guidance for Ed Tech
Companies and Schools during the Coronavirus (Apr. 9, 2020), https://
www.ftc.gov/news-events/blogs/business-blog/2020/04/coppa-guidance-ed-
tech-companies-schools-during-coronavirus?utm_source=govdelivery.
---------------------------------------------------------------------------
VIII. CONCLUSION
The Commission appreciates Congress's confidence in the FTC's
ability to protect consumers, especially with the unique challenges
presented by the current COVID-19 pandemic. Through our enforcement,
education, and policy efforts, we will continue to ensure that your
confidence is well placed. We look forward to continuing to work with
the Subcommittee and Congress.
Senator Moran. Thank you very much, Mr. Smith.
Now Mr. Stu Sjouwerman, Founder and Chief Executive
Officer, KnowBe4, Inc.
STATEMENT OF STU SJOUWERMAN, FOUNDER AND CHIEF EXECUTIVE
OFFICER, KNOWBE4, INC.
Mr. Sjouwerman. Mr. Chairman and members of the Committee,
thank you for the opportunity to provide my perspective as
Congress works toward developing solutions for businesses and
governments combating COVID-19-related scams, and what more can
be done to protect the public.
My name is Stu Sjouwerman. I am the Founder and CEO of
KnowBe4, Inc. We are headquartered in Tampa Bay, Florida, with
offices in Europe, South America, Australia, and Southeast
Asia.
KnowBe4 is the provider of the world's largest security
awareness training and simulated phishing platform. Our
services are used by more than 33,000 organizations, with 24
million employees around the globe. And, for the last 30 years,
I have served as an entrepreneur and data security expert in
the IT industry.
I founded an anti-malware company called Sunbelt Software,
which got multiple Inc. 500 awards and was acquired in 2010.
And, as I was running that company, I realized that the human
element of security was being seriously neglected, so I decided
to help organizations to manage the ongoing problem of
cybercrimes, social engineering tactics. And that is why I
founded KnowBe4, to provide new school security awareness
training. More than 33,000 organizations in a variety of
industries, including highly regulated fields such as
healthcare, finance, energy, government, and insurance, have
mobilized their end users as their last line of defense using
KnowBe4.
Our primary objective is to enable employees--and they are
also, of course, consumers--to make smarter security decisions
by training them to become a human firewall in defense against
social engineering attacks, which are responsible for upwards
of 90 percent of data breaches.
The shutdowns and economic turmoil of the coronavirus
pandemic have expanded the cyberattack surface, making it even
easier for hackers and scammers to do their nefarious acts. If
we don't focus on the human elements, consumers and employees,
we ignore a crucial part of cybersecurity.
So, since the beginning of this year, COVID-19 has quickly
reshaped the cyber threat landscape. For instance, over 192
coronavirus-related phishing attacks have occurred per week
over the last month. No one is immune to being scammed, and
different types of scams target different sets of consumers.
Scammers go to great lengths to make their attacks as
convincing as possible, and many of these scams have very few
visible signs that could tip off the recipients. The best way
to fight scammers is to, of course, prevent, educate consumers
and employees with a combination of security awareness training
and frequent social engineering testing.
Here's one example. New data from security vendor Tripwire
highlights how the shift to remote working has changed the face
of cybersecurity for both current and future work climates.
According to their report, 94 percent of organizations are more
concerned about cybersecurity than before COVID-19. And they
should be. The fact is that people are clicking on simulated
COVID-19 phishing attacks at higher rates, and coronavirus-
themed e-mails are rampant.
The emphasis in cybersecurity has traditionally been on
hardware and software. However, we cannot solely rely on that.
This strategy can't catch everything, nor does it address the
need for a human firewall.
So, to end off, any support from Congress that would direct
government agencies to implement ongoing security awareness
training, more than just annual training that is typically in
place, and include frequent social engineering testing would be
greatly beneficial as we work together to bridge the gap in
cybersecurity and protect American networks.
So, thank you for the opportunity to share KnowBe4's
perspective on cybersecurity and our industry's unique ability
to protect American citizens from rising COVID-19-related
social engineering scams. We're grateful to Chairman Moran and
the members of the Committee for the time and effort you are
all putting into this important matter of national security.
KnowBe4 is committed to being a helpful partner, going forward,
as we all work to serve the best interest of the public.
Thank you.
[The prepared statement of Mr. Sjouwerman follows:]
Prepared Statement of Stu Sjouwerman, Founder and Chief Executive
Officer, KnowBe4, Inc.
Mr. Chairman and members of the committee, thank you for the
opportunity to provide my perspective as Congress works towards
developing solutions for businesses and governments combatting COVID-19
related scams and what more can be done to protect the public.
My name is Stu Sjouwerman, and I am the founder and Chief Executive
Officer of KnowBe4, Inc., headquartered in Tampa Bay, FL with offices
in Europe, South America, Australia and South East Asia.
KnowBe4 is the provider of the world's largest security awareness
training and simulated phishing platform. Our services are used by more
than 33,000 organizations around the globe. For the last 30 years, I
have served as an entrepreneur and data security expert in the IT
industry, and co-founded the Inc. 500 company Sunbelt Software, which
was a multiple award-winning anti-malware software company that was
acquired in 2010.
Realizing that the human element of security was being seriously
neglected, I decided to help organizations manage the problem of
cybercrime's social engineering tactics through new school security
awareness training which is why I founded KnowBe4.
More than 33,000 organizations in a variety of industries--
including highly-regulated fields such as healthcare, finance, energy,
government and insurance--have mobilized their end users as their last
line of cyber defense using KnowBe4.
KnowBe4 is founder-led and mission-driven. Our primary objective is
to enable employees to make smarter security decisions by training them
to become a ``human firewall'' in defense against social engineering
attacks, which are responsible for upwards of 93 percent of data
breaches.
The shutdowns and economic turmoil of the coronavirus pandemic have
expanded the cyber attack surface, making it even easier for hackers
and scammers. Ransomware and malware attacks are up, and users working
from home are more susceptible to phishing attempts and other social
engineering tactics to gain access to networks. If we don't focus on
the human element--consumers and employees--we ignore a crucial part of
cyber security.
Covid-19 has quickly reshaped the cyber threat landscape. For
example, over 192,000 coronavirus-related phishing attacks have
occurred per week over the last month. No one is immune to being
scammed, and different types of scams target different sets of
consumers. Scammers go to great lengths to make their attacks as
convincing as possible, and many of these scams have very few visible
signs that could tip off recipients. Consumers should not assume they
can spot every scam attempt, and that bias only helps the scammers. The
best way to fight scammers is educating consumers and employees with a
combination of security awareness training and frequent social
engineering testing.
New data from security vendor Tripwire highlights how the shift to
remote working has changed the face of cybersecurity for both the
current and future work climate. According to their report, 94 percent
of organizations are more concerned about cybersecurity than before
COVID-19--and they should be. The fact is, people are clicking on
simulated COVID-19 phishing attacks at high rates and Coronavirus
themed e-mails are rampant.
Malicious actors are aggressively exploiting the COVID-19 crisis by
re-purposing and overhauling the phishing e-mails they were running
before the Coronavirus emerged in late December. Although the bad guys
have been developing new social engineering schemes uniquely based on
the onslaught of recent events, these COVID-19 ``re-treads'' are fast
becoming the most common variety of Coronavirus-themed phishing e-mails
that we encounter on a day-to-day basis.
It's no surprise that phishers and scammers are using the avalanche
of new information and events involving the global coronavirus pandemic
as a way to successfully phish more victims. These phishing scams are
becoming more aggressive and more targeted as this pandemic continues.
COVID-19 phishers prey on both consumers and employees and have sought
private information through targeting passport details, the healthcare
industry, social media channels, and we can expect to see them use
current and future COVID-19 lawsuits as bait in spear phishing attacks.
Everyone should remain very skeptical of any e-mail related to COVID-19
coming into their inbox.
The emphasis in cybersecurity has traditionally been on hardware
and software. However, we cannot solely rely on that. This strategy
cannot catch everything, nor does it address the need for a human
firewall. The largest breaches in our country--to include John
Podesta's personal e-mail, our U.S. power grid, JP Morgan Chase, Sony
Pictures, etc.,--these systems relied on hardware and software for
defense, yet still fell victim to phishing attacks.
Through new-school security awareness training, the likelihood of
such social engineering attacks are significantly decreased, and
organizations are inoculated against the types of compromises we're
seeing today.
Any support from Congress that would direct government agencies to
implement ongoing security awareness training--more than the annual
training typically in place--and include frequent social engineering
testing would be greatly beneficial as we work together to bridge the
gap in cyber security and protect American networks.
Thank you for the opportunity to share KnowBe4's perspective on
cybersecurity and our industry's unique ability to protect American
citizens from rising COVID-19 related social engineering scams. We are
grateful to Chairman Moran and the members of the committee for the
time and effort you all are putting into this important matter of
national security. KnowBe4 is committed to being a helpful partner
going forward as we all work to serve the best interest of the public.
Senator Moran. Thank you very, very much.
Now Ms. Laura MacCleery, Policy Director, Center for
Science in the Public Interest.
Welcome.
STATEMENT OF LAURA MacCLEERY, POLICY DIRECTOR, CENTER FOR
SCIENCE IN THE PUBLIC INTEREST
Ms. MacCleery. Thank you, Chairman Moran and Ranking Member
Blumenthal, for the honor of testifying today on this critical
topic.
I am Policy Director for Center for Science in the Public
Interest, a nearly 50-year-old organization that works to
improve the health of the food supply and the interests of
consumers.
Americans are facing an unprecedented challenge in keeping
themselves and their families safe during a pandemic. Public
health officials emphasize that we all need to socially
distance, wear a mask, and wash our hands. Understandably,
though, many people are looking for more to protect themselves,
and those without scruples are actively exploiting consumer
fear and anxiety.
In truth, our under-regulated marketplace for dietary
supplements is a risky place under any conditions. For the past
3 years, we've been collecting evidence of scams concerning
supplements, and sending it to the Food and Drug Administration
and the Federal Trade Commission. These included many
misleading claims we found on products marketed to vulnerable
consumers suffering from opioid and tobacco addiction, as well
as supplements making false claims on female fertility.
It is far too tempting to think that a powder or a
supplement can help us with a global pandemic. When the
coronavirus appeared, we knew the hucksters would not be far
behind.
First, we wrote the FDA and FTC about televangelist Jim
Bakker, whom we heard Senator Blumenthal describe. That show
featured experts advancing the claim that the products it sold
containing colloidal silver could cure coronavirus, quote,
``within 12 hours.'' The commentators on the same show had
previously claimed that the same product cures, quote, ``all
venereal diseases as well as HIV.'' Yet, there's no evidence
that silver supplements prevent or treat any condition,
according to the National Institutes of Health. Although
experts featured on the show claimed that it could be consumed
daily, in ``slurps,'' and was, quote, ``safe for babies,''
colloidal silver in large enough amounts can be dangerous to
kidneys and other organs. It can also cause permanent bluish-
gray discoloration of a person's skin and organs.
Also in June, we sent another request to the FDA and FTC
asking for enforcement on supplements being marketed as
antiviral claims. Any claim that a supplement has antiviral
properties is considered an illegal disease claim by the FDA,
because only drugs can cure or treat disease.
Our market scan of products on Amazon in late May found 46
dietary supplements making illegal antiviral claims, so we
wrote the agencies and Amazon directly for removal.
Unfortunately, a subsequent search of Amazon performed on June
29 found that 26 of these--those supplements are still making
antiviral claims on their own websites, on Amazon, or other
online stores.
We continue to be on the lookout for scams related to COVID
claims. Just this morning, we sent public letters to the FDA
and FTC asking for the agencies to act to address dozens of
misleading claims made by about 23 supplements and medical
devices by Dr. Joseph Mercola, a well-known purveyor of dietary
supplements.
In a pandemic, such untruths pose a clear and urgent
danger. Consumers may develop a false sense of security and
fail to practice social distancing or use masks, endangering
themselves or everyone around them. They also may harm
themselves by taking dangerous doses of supplements or fail to
seek effective medical treatment, believing, instead, in the
promises of charlatans. But, it's even worse than that. On a
recent episode of Mercola's podcast, he actually advises
consumers to take the immunity-boosting supplements he sells
and then deliberately attempt to contract COVID-19 because his
supplements will allegedly reduce their symptoms.
Dietary supplements are, in fact, among the most poorly
regulated consumer products. Congress, through the Dietary
Supplement Health and Education Act of 1994, established a
bare-bones system of oversight that was designed to be weak.
Today, particularly given the tremendous expansion of products
and use by consumers over the past 26 years, that system is
failing.
Both the FDA and the FTC need more funding, personnel, and
resources for enforcement. The FDA, in particular, needs far
better tools, including a mandatory product registration
requirement, to make the marketplace transparent for regulators
and consumers. In addition, Congress should authorize State
Attorneys General to enforce relevant Federal laws related to
dietary supplements to improve their accountability and reach.
And the FDA should be given heightened regulatory powers for
specific categories of supplements that are known to pose a
high risk to consumers because they are marketed to vulnerable
groups or are commonly tainted with drugs and synthetic
ingredients.
We would appreciate the opportunity to work with lawmakers
on a vision for reform of supplement oversight to ensure that
consumers are protected from fraud. It should not take a
pandemic to motivate solutions to require that supplements,
like any consumer product, are truthfully labeled and marketed,
and that consumers are not misled in ways that risk their own
and public health.
Thank you. And I'm happy to answer any questions.
[The prepared statement of Ms. MacCleery follows:]
Prepared Statement of Laura MacCleery, Policy Director, Center for
Science in the Public Interest
Thank you, Chairman Moran and Ranking Member Blumenthal for the
honor of testifying today on this critical topic. I am the Policy
Director for the Center for Science in the Public Interest, a nearly
fifty-year-old organization that advocates for healthy changes to our
food system and for the interests of consumers.
Americans are facing an unprecedented challenge in keeping
themselves and their families safe during a pandemic. Public health
officials emphasize that we all need to socially distance, wear a mask,
and wash our hands. But understandably, many people are looking for
more than those measures to protect themselves, and those who lack
scruples are actively exploiting consumer fear and anxiety.
In truth, our underregulated marketplace for dietary supplements is
a risky place under any conditions. For the past three years, we have
been collecting evidence of scams concerning supplements and sending it
to the Food and Drug Administration (FDA) and Federal Trade Commission
(FTC). These have included the many misleading claims we found on
products marketed to vulnerable consumers suffering from opioid\1\ and
tobacco addiction.\2\
---------------------------------------------------------------------------
\1\ Center for Science in the Public Interest (CSPI). Crackdown
Urged on Supplements Marketed as Opioid Withdrawal Aids: CSPI
Investigation Shows Manufacturers Can't Support Claims. December 8,
2017. https://cspinet.org/news/crackdown-urged-supplements-marketed-
opioid-withdrawal-aids-20171208. Accessed July 16, 2020.
\2\ CSPI. FDA Urged to Take Enforcement Action against
Manufacturers of Dietary Supplements that Promise to Help Smokers Quit:
Companies Produce No Evidence to Support their Claims. April 23, 2019.
https://cspinet.org/news/fda-letter-dietary-supplements-smoking-
cessation. Accessed July 16, 2020.
---------------------------------------------------------------------------
Last November, we reported to the agencies about 39 supplements
selling false hope to women experiencing infertility by making
unsupported disease claims, a practice precluded by law.\3\ Only
products approved as drugs may make claims to treat or prevent a
disease or health condition, such as infertility or the coronavirus.
---------------------------------------------------------------------------
\3\ CSPI. Manufacturers of ``Fertility'' Supplements Selling False
Hope: CSPI Asks the FDA and FTC to Take Enforcement Action. November
15, 2019. https://cspinet.org/news/manufacturers-fertility-supplements-
false-hope-20191118. Accessed July 16, 2020.
---------------------------------------------------------------------------
It is far too tempting to think that a powder or supplement can
help us against a global pandemic. When the coronavirus appeared, we
knew the hucksters would not be far behind. We have been tracking and
reporting such efforts to appropriate Federal authorities since
February.
First, we wrote the FDA and FTC about televangelist Jim Bakker,
whose show featured experts advancing the claim that products it sold
containing colloidalsilver could cure the coronavirus ``within 12
hours.'' \4\ Commentators on the same show previously claimed that the
same product cures ``all venereal diseases,'' as well as HIV.\5\
---------------------------------------------------------------------------
\4\ CSPI. CSPI Urges FDA Enforcement Action on Televangelist Jim
Bakker's Fake Coronavirus ``Cure'': Letter Submitted to FDA and FTC.
February 20, 2020. https://cspinet.org/news/cspi-urges-fda-enforcement-
action-televangelist-jim-bakkers-fake-coronavirus-cure-20200218.
Accessed July 16, 2020.
\5\ Id; Right Wing Watch Twitter Page (@RightWingWatch). February
12, 2020 (1:17pm). https://twitter.com/RightWingWatch/status/
1227657884395327489?ref_src=twsrc%5Etfw%7Ctw
camp%5Etweetembed%7Ctwterm%5E1227657884395327489&ref_url=https%3A%2F%2Fw
ww.lgb
tqnation.com%2F2020%2F02%2Ftelevangelist-jim-bakker-claims-silver-
solution-std-cure-also-kills
-coronavirus%2F. Accessed July 16, 2020.
---------------------------------------------------------------------------
Yet there's no evidence that silver supplements prevent or treat
any condition, according to the National Institutes of Health.\6\
Although experts featured on Bakker show claimed it should be consumed
daily in ``slurps'' and was ``safe for babies,'' \7\ colloidal silver
in large enough amounts can be dangerous to kidneys and other
organs.\8\ It can also cause permanent bluish-gray discoloration of a
person's skin and organs.\9\
---------------------------------------------------------------------------
\6\ Mayo Clinic. My dad takes colloidal silver for his health, but
is it safe?. September 6, 2017. https://www.mayoclinic.org/healthy-
lifestyle/consumer-health/expert-answers/colloidal-silver/faq-20058061.
Accessed July 16, 2020.
\7\ CSPI. CSPI Urges FDA Enforcement Action on Televangelist Jim
Bakker's Fake Coronavirus ``Cure'': Letter Submitted to FDA and FTC.
February 20, 2020. https://cspinet.org/news/cspi-urges-fda-enforcement-
action-televangelist-jim-bakkers-fake-coronavirus-cure-20200218.
Accessed July 16, 2020.
\8\ National Center for Complementary and Integrative Health.
Colloidal Silver. April 2017. https://nccih.nih.gov/health/
colloidalsilver. Accessed July 16, 2020.
\9\ Id.
---------------------------------------------------------------------------
The FDA and FTC issued warning letters to The Jim Bakker Show,\10\
as did the New York \11\ and Missouri Attorneys General,\12\ and the
religious group Faithful America is asking for networks to drop the
show because of these statements.\13\ In June, the Arkansas Attorney
General brought a civil claim against the show, seeking compensation
for consumers.\14\
---------------------------------------------------------------------------
\10\ U.S. Food and Drug Administration (FDA). WARNING LETTER: The
Jim Bakker Show MARCS-CMS 604820. March 06, 2020. https://www.fda.gov/
inspections-compliance-enforcement-and-criminal-investigations/warning-
letters/jim-bakker-show-604820-03062020. Accessed July 16, 2020.
\11\ State of New York, Office of the Attorney General. Letter RE:
CEASE AND DESIST NOTIFICATION. March 3, 2020. https://ag.ny.gov/sites/
default/files/bakker_cease_and_desist_
letter_notification.pdf. Accessed July 16, 2020.
\12\ Missouri State Attorney General. AG Schmitt Files Suit Against
Jim Bakker for Selling Fake ``Coronavirus Cure''. Mar 10, 2020. https:/
/ago.mo.gov/home/news/2020/03/10/ag-schmitt-files-suit-against-jim-
bakker-for-selling-fake-coronavirus-cure. Accessed July 16, 2020.
\13\ Faithful American. Tell DirecTV, DISH, and Roku: Drop
televangelist for selling fake coronavirus cure. March 7, 2020. https:/
/act.faithfulamerica.org/sign/bakker-coronavirus/. Accessed July 16,
2020.
\14\ Arkansas Attorney General. Rutledge Sues Jim Bakker for
Peddling Colloidal Silver Products to Cure COVID-19. June 16, 2020.
https://arkansasag.gov/media-center/news-releases/rutledge-sues-jim-
bakker-for-peddling-colloidal-silver-products-to-cure-covid-19.
Accessed July 16, 2020.
---------------------------------------------------------------------------
Also in June, we sent another request to the FDA and FTC, asking
for enforcement on supplements being marketed as ``antiviral''
products.\15\ Any claim that a supplement has antiviral properties is
considered an illegal disease claim by the FDA because viruses are,
obviously, a form of disease.\16\
---------------------------------------------------------------------------
\15\ CSPI. CSPI Letters re: Antiviral Claims by Supplement
Manufacturers: Sent to FDA, FTC, Amazon. June 3, 2020. https://
cspinet.org/resource/cspi-letters-re-antiviral-claims-supplement-
manufacturers. Accessed July 17, 2020.
\16\ Agency guidance provides that: ``A claim that a dietary
supplement fights disease or enhances disease-fighting functions of the
body is a disease claim. Under this criterion, context and specificity
are important. Claims such as `supports the body's ability to resist
infection' and `supports the body's antiviral capabilities' are disease
claims because the context of the claim is limited to the disease
prevention and treatment capabilities.'' FDA. Small Entity Compliance
Guide on Structure/Function Claims. January 9, 2002. https://
www.fda.gov/regulatory-information/search-fda-guidance-documents/small-
entity-compliance-guide-structurefunction-claims. Accessed May 4, 2020.
---------------------------------------------------------------------------
Our market scan of products on Amazon in late May found at least 46
dietary supplements making illegal antiviral claims, so we sent our
findings to the agencies and wrote Amazon directly to ask the company
to remove these products.\17\ Unfortunately, a subsequent search of
Amazon performed on June 29th found that 26 of those supplements are
still making antiviral claims on their own websites, Amazon, or other
online stores.
---------------------------------------------------------------------------
\17\ CSPI. CSPI Letters re: Antiviral Claims by Supplement
Manufacturers: Sent to FDA, FTC, Amazon. June 3, 2020. https://
cspinet.org/resource/cspi-letters-re-antiviral-claims-supplement-
manufacturers. Accessed July 17, 2020.
---------------------------------------------------------------------------
While Amazon has already rid its site of many products bearing
explicitly illegal COVID claims,\18\ others have done little. Because
consumers rely on them so much today, platforms such as Amazon, Ebay,
Facebook and Etsy must do a far better job of removing misleading
claims and products being sold and marketed through their sites, and we
urge Congress and the agencies to hold them accountable for doing so.
---------------------------------------------------------------------------
\18\ U.S. Immigration and Custom Enforcement (ICE). HSI partners
with Pfizer, 3M, Citi, Alibaba, Amazon, Merck to protect consumers
against COVID-19-related fraud. May 5, 2020. https://www.ice.gov/news/
releases/hsi-partners-pfizer-3m-citi-alibaba-amazon-merck-protect-
consumers-against-covid-19. Accessed May 6, 2020. ("`Since the
beginning of the COVID-19 crisis, Amazon has proactively stopped more
than 6.5 million products with inaccurate claims, removed over 1
million offers for suspected price gouging, suspended more than 10,000
selling accounts for suspected price gouging and referred the most
egregious offenders to Federal and state law enforcement across the
country. Amazon welcomes HSI's partnership in holding counterfeiters
and bad actors accountable, and we look forward to building on our
long-standing relationship to protect customers and ensure a trusted
shopping experience,' said Dharmesh Mehta, Amazon vice president,
customer trust and partner support.'').
---------------------------------------------------------------------------
We continue to be on the look-out for scams related to COVID
claims. Just this morning, we sent public letters to the FDA and FTC
asking for the agencies to act to address dozens of misleading claims
made about at least 23 supplements and medical devices by Dr. Joseph
Mercola, a well-known purveyor of dietary supplements over the
Internet.
According to Dr. Mercola and his companies' website, Mercola.com,
it is the world's ``#1 most visited natural health website'' and is
viewed by ``millions of people daily.'' \19\ Working with Justice
Catalyst Law,\20\ and People's Parity Project,\21\ we documented how he
markets these supplements and devices by falsely claiming that they
will protect people from, or treat symptoms of, COVID-19.\22\
---------------------------------------------------------------------------
\19\ See Dr. Joseph Mercola (Mercola). Health Website Rankings:
Mercola.com is World's Most Visited Natural Health Site. https://
www.mercola.com/forms/rankings.htm. Accessed July 16, 2020.
\20\ Justice Catalyst Law (JCL) is a nonprofit law firm that
focuses on combatting social and economic injustice, working nationally
to support cases and policy work in the fields of antitrust, consumer
law, employment law and civil rights. See, https://justicecatalyst.org.
Accessed July 16, 2020.
\21\ People's Parity Project (PPP) organizes law students and new
attorneys nationwide to unrig the legal system and build a justice
system that values people over profits. PPP believes that by
dismantling the coercive legal tools that enhance corporate power and
fighting for a judiciary that is representative of--and thus responsive
to--people, not corporations, can reshape the legal profession. See,
https://www.peoplesparity.org. Accessed July 16, 2020.
\22\ Such products, sold through its online store, and that Dr.
Mercola has endorsed in public statements (See supra note 23) for the
prevention and/or treatment of COVID-19, include: vitamin C
(specifically, liposomal vitamin C); vitamin D; zinc and selenium
(which Mercola Group sells together); melatonin; licorice; molecular
hydrogen; astaxanthin; n-acetyl cysteine; prebiotics, probiotics, and
sporebiotics; saunas; ozone therapy; elderberry extract; spirulina;
beta-glucan; lipoic acid; and sulforaphane. See, e.g., Mercola,
Nutrition and Natural Strategies Offer Hope Against COVID-19. Mar. 29,
2020. https://articles.mercola.com/sites/articles/archive/2020/03/29/
andrew-saul-vitamin-c.aspx. Accessed July 16, 2020; Mercola.
Coronavirus Resource Page. https://www.mercola.com/coronavirus-
resources.htm. Accessed July 16, 2020; Mercola and Andrew Saul,
Nutrition and Natural Strategies Offer Hope Against COVID-19:
Discussion Between Drs. Andrew Saul and Mercola, Dr. Joseph Mercola--
Take Control of Your Health. Mar. 29, 2020. https://podcasts.apple.com/
us/podcast/nutrition-natural-strategies-offer-hope-against-covid/
id1286870871?i=1000469858840. Accessed July 16, 2020; http://Shop.Mer
cola.com. Accessed July 16, 2020; https://bit.ly/2XBFJ9d (Liposomal
Vitamin C). Accessed July 16, 2020; https://bit.ly/372lcxy (Liposomal
Vitamin D3). Accessed July 16, 2020; https://bit.ly/2UbOKmX (Molecular
Hydrogen). Accessed July 16, 2020; https://bit.ly/3gYhzx5 (Melatonin).
Accessed July 16, 2020; https://bit.ly/2UeDlmJ (Zinc plus Selenium).
Accessed July 16, 2020; https://bit.ly/3758gqA (Ozone generating air
purifiers). Accessed July 16, 2020; https://bit.ly/3dDE0pk (Infrared
Saunas--temporarily discontinued for ``redesign''). Accessed July 16,
2020.
---------------------------------------------------------------------------
In a pandemic, such untruths pose a clear and urgent danger.
Consumers may develop a false sense of security and fail to practice
social distancing or use masks, endangering themselves and everyone
around them. They may also harm themselves by taking dangerous doses of
supplements, or fail to seek effective medical treatment, believing
instead in the promises of charlatans.
But it is even worse than that. On a recent episode of Mercola's
podcast, he actually advises consumers to take the immunity-boosting
supplements he sells and then attempt to contract the COVID-19 virus
deliberately, because his supplements will allegedly reduce their
symptoms.\23\ Even with all my experience investigating supplement
scams, this reckless self-promotion and endangerment of the public took
my breath away.
---------------------------------------------------------------------------
\23\ Mercola stated: ``When you get a vaccine, you only simulate
your humoral immunity, the B-cells. The T-cells are not stimulated. So,
scary as it may sound, the best thing is to get the infection, and have
a strong immune system to defend against it so you won't even display
any symptoms.'' Here, Dr. Mercola made the misleading and false
assertion that contracting the virus and recovering will confer a
``natural immunity'' that will be more effective than the immunity
provided by a vaccine. Mercola and Andrew Saul, Nutrition and Natural
Strategies Offer Hope Against COVID-19: Discussion Between Drs. Andrew
Saul and Mercola, Dr. Joseph Mercola--Take Control of Your Health. Mar.
29, 2020. https://podcasts.apple.com/us/podcast/ nutrition-natural-
strategies-offer-hope-against-covid/id1286870871?i=1000469858840.
Accessed July 16, 2020.
---------------------------------------------------------------------------
Such potentially deadly advice to consumers, and the profiteering
from our legitimate fears, must be stopped. While the agencies are
working hard to stem the tide of misleading products, the funding and
enforcement tools they currently have are woefully inadequate to this
task.
Dietary supplements are among the most poorly regulated consumer
products. Congress, through the Dietary Supplement Health and Education
Act of 1994 (DSHEA), established a bare-bones system of oversight by
the Food and Drug Administration (FDA) that was designed to be weak.
Today, particularly given the tremendous expansion of products and use
by consumers over the intervening 26 years, that system is indisputably
failing.
Both the FDA and FTC need more funding, personnel and resources for
enforcement. The FDA, in particular, needs far better tools, including
a mandatory product registration requirement to make the marketplace
transparent for regulators. A modest and graduated registration fee
could also be collected to build resources at the agency.
In addition, Congress should authorize state attorneys general to
enforce relevant Federal laws related to dietary supplements, to
improve their accountability and reach. Currently, state AGs can only
enforce general consumer protection laws under their own state regime,
not Federal rules on supplements. Yet the sheer number of products make
it practically impossible for one central agency to monitor and enforce
compliance with legal requirements.
The FDA should also be given heightened regulatory powers for
specific categories of supplements known to pose a ``high risk'' to
consumers because they are marketed to vulnerable groups or are
commonly tainted with drugs or synthetic ingredients. Many such
products-including sexual-enhancement, weight-loss, and workout
supplements-are already identified as high risk because agency testing
reveals they often contain drugs such as amphetamines.\24\
---------------------------------------------------------------------------
\24\ FDA. Tainted Dietary Supplements and Foods: Responsibilities
of Retailers and Distributors. October 2010. https://www.fda.gov/files/
drugs/published/Tainted-Dietary-Supplements-and-Foods--
Responsibilities-of-Retailers-and-Distributors.pdf. Accessed July 16,
2020.
---------------------------------------------------------------------------
These and other categories of high-risk supplements should be
subjected to pre-market product testing and audits in a new, focused
safety program authorized and funded by Congress. Ironically, under
current law, because these are tainted with drugs, they are not subject
to mandatory recall-a loophole that should be closed.\25\
---------------------------------------------------------------------------
\25\ Such a provision would state that if a product is sold as a
dietary supplement and contains an ingredient approved by the FDA for
use as a prescription drug, FDA may initiate a recall of the product.
---------------------------------------------------------------------------
There are other needs as well:
Companies should be required to report all adverse events
that result from their products, not merely the ones they deem
``serious.''
Supplements that interact with common categories of
prescription drugs should bear a warning for consumers about
the risk of an interaction.
A loophole that allows new supplements to side-step safety
review should be closed.\26\ A leading trade association
representative admitted at a 2018 FDA public meeting that the
industry uses this loophole ``six to seven times'' more than
the official safety approval process they are supposed to use
under the law, thereby avoiding any review for safety at
all.\27\
---------------------------------------------------------------------------
\26\ The Dietary Supplement Health and Education Act of 1994
(DSHEA) requires companies that introduce novel substances into dietary
supplements provide the FDA with information showing that the ``new
dietary ingredients'' (NDIs) in supplements will ``reasonably be
expected to be safe.'' However, FDA draft guidance on NDIs has never
been completed, and perhaps three-quarters or more of NDIs evade FDA's
review by following a pathway permitted for secret and unmonitored
self-assessment by companies of the safety of ingredients in food,
known as ``Generally Recognized as Safe,'' or ``GRAS,'' self-
determination. See 21 U.S.C. Sec. 350b; 62 Fed. Reg. 49886 (September
23, 1997), Premarket Notification for a New Ingredient.); See also CSPI
FDA Food Ingredient Approval Process Violates Law, Says CSPI: Flawed
`GRAS' System Lets Novel Chemicals Into Food Supply without FDA Safety
Review. April 15, 2015. http://cspinet.org/new/201504151.html. Accessed
July 17, 2020.
\27\ FDA. Public Meeting to Discuss the Development of a List of
Pre-DSHEA Dietary Ingredients. P. 49. October 2017. Transcript
available at https://www.fda.gov/media/108452/down
load. Accessed May 11, 2020.
Last, rules that have languished unfinished since 1994,
including defining what a ``new dietary ingredient'' is, should
be completed by the FDA, and Congress should set deadlines for
that completion.\28\
---------------------------------------------------------------------------
\28\ The FDA has yet to issue final draft guidance on how companies
should show that the ``new dietary ingredients'' (NDIs) in supplements
will ``reasonably be expected to be safe.''
We would appreciate the opportunity to work with lawmakers on a
vision for reform of supplement oversight to ensure that consumers are
protected from fraud. It should not take a pandemic to motivate
solutions to require that supplements-like any consumer product-are
truthfully labeled and marketed, and that consumers are not misled in
---------------------------------------------------------------------------
ways that risk their own and public health.
Senator Moran. Thank you very much for your presence and
testimony.
Let me begin with a question, initially for Mr. Smith. On
April the 14th, Senator Blumenthal and I sent a letter to FTC
Chairman Joseph Simons asking if the FTC currently had the
authority, under its relatively flexible Section 5 authority,
to enforce against unfair and deceptive acts or practices to
deal with the issue of price gouging.
On May 19, the Chairman responded, indicating there are
significant legal challenges under our current statutory
authority to address price-gouging allegations, and that they
rely heavily on the DOJ and State Attorneys General to enforce
such activities.
Mr. Smith, historically the FTC has not used its Section 5
authority related to those unfair and deceptive acts or
practices to take enforcement actions related to price gouging.
If Congress were to legislate to explicitly direct the FTC to
address price gouging, would you have recommendations for this
subcommittee as to what that should look like?
Mr. Smith. Right. So, you're right that historically the
Commission has not--there have been these supply shocks, you
know, following natural disasters and the like, and the
Commission has been asked, you know, ``Could the unfairness
authority fit the increased prices that follow those supply
shocks?'' And the Commission has historically been reluctant to
use its unfairness authority in that way.
I would note that, you know, at least 35 other states have
UDAP authority, as well, similar to our unfairness authority,
but have seen fit to enact price-gouging statutes, including
Kansas--General Schmidt, in his written remarks, talked a bit
about that--and the State of Connecticut and a lot of other
states.
So, you know, we think that a special law would be helpful
here. And, with respect to that law, what we have--and we've
worked with some of your offices on this--what we would
recommend is that the crisis to which the statute applies be
clearly defined, and that it be truly national in scope, not
one of these, you know, regional or local supply shocks that
might call upon the national Federal Trade Commission to
address those issues, so that there be--so there'd be a
narrowly defined, or at least clearly defined, national crisis
that a statute applies to; that it would be nice if it were to
define the types of materials or products or services that
would be covered--for example, PPE, in the current crisis; that
there be a clearly defined trigger, such as an increase in
price over a pre-crisis index--so, 25-percent increase in
price, for example, is what some State laws account for; and
also that there be some acknowledgment that increased costs
might be legitimate. So, for example, if there's a disruption
in the supply chain, and a merchant needs to find alternative
supplies, and it results in increased costs, we don't want to
discourage that. We want to encourage new entrants to the
marketplace. We want to--you know, we don't want to discourage
people from providing critical goods and services simply
because their costs have increased.
So, I think that those three or four items that I've
outlined would be really helpful in any national price-gouging
legislation.
Senator Moran. Thank you.
You mentioned the State of Kansas. Let me turn to the
Attorney General.
General Schmidt, we do have a law in place, as you
indicated and Mr. Smith indicated. Tell me, if you would,
describe your office's efforts in enforcing that law, that
State law.
Mr. Schmidt. Mr. Chairman, we do. After the 9/11 attacks,
the State of Kansas enacted what is now known as our
Profiteering from Disaster Statute, which, in the colloquial,
would be our anti-price-gouging law.
The way it is structured is that it is in effect only
during a time--and in the place, in the geographical area--of a
declared state of emergency, either by our Governor or by the
President. So, those are the two triggers that cause the law to
enter into force. The standard is any unjustified increase of
pricing, as compared with the price for a particular product or
service on the day before the emergency was declared, and
unjustified--there's a presumption that something was
unjustified if it's 25-percent-or-more increase, although, if
it's a passthrough cost, as Mr. Smith suggested, that's--that
negates the presumption and also operates as a defense. And it
applies to what the statute calls ``necessary goods or
services,'' which are further defined as, essentially, things
that consumers are likely to need more of as a result of the
particular emergency. So, that's the structure of our statute.
To your question about our efforts to enforce it, it has
been enforced--in effect now in Kansas longer and in a more
widespread way than ever before, during the COVID response,
because of the nature of the emergency. We have approached
this--we've received--last I looked, it was somewhere around
400 complaints from Kansans alleging a violation of that
statute. We've investigated them all. And--or are investigating
them all--and, generally speaking, we've approached this
through education or engagement with the supplier, with the
retailer. A lot of times, we discover they didn't know that the
law existed, because it's so rarely in effect. Other times,
it's plain on its face that they're simply passing through
costs that were raised for them, so we can then go up the
supply chain to figure out if there's anything unlawful
happening. So, we've tried to approach it in that way. We have
not, at this point, had to actually file an enforcement action.
We have had a number of suppliers change their behavior once
we've engaged with them, however.
Senator Moran. General, thank you.
I now turn to a former State Attorney General, the Ranking
Member, Senator Blumenthal.
Senator Blumenthal. Yes, I want to welcome you
particularly, Attorney General Schmidt, and thank you for the
good work you're doing out there. And I think you provide
evidence as to one of the recommendations that Ms. MacCleery
makes about the need for authority on the part of State
Attorneys General to enforce Federal laws.
So, let me ask, if I may, Mr. Smith, what do you think
about giving State Attorneys General broader authority?
Mr. Smith. So, generally--so, I'm speaking just for
myself--right?--not for the Commission or for any individual
commissioner. A lot of the consumer protection laws in which--
that we currently enforce have authority for State Attorneys
General to enforce them, as well. And I think that's terrific,
honestly. And it's a big help for us, I think, that, if the
State Attorneys General are willing to share some of the load
with respect to enforcement, we are delighted for that.
I would say that, typically, when there is a provision
permitting State Attorney General enforcement, that the Federal
Trade Commission, or whomever the relevant Federal authority
might be, have an opportunity to get--one, that it receives
notice of the case before being filed, and that it has an
opportunity to intervene. But, with those safeguards, I think
that, you know, traditionally, we, at the Federal Trade
Commission, have been in favor of State AG enforcement of the
Federal statutes that we enforce.
Senator Blumenthal. Ms. MacCleery, I want to thank you for
the work that your organization does. The Center for Science in
the Public Interest really does magnificent research and policy
formulation. And I think what you've done on these fake and
phony cures is show not only that there's a financial cost, but
also that they have serious adverse side effects. And I don't
mean only that the potential physical dangers, medically. I
mean, the sense of false security that may cause complacency, a
failure to practice good preventive action, like wearing masks
and physical distancing and the kinds of dangers that they pose
when people talk about them and exaggerate them to their
friends or neighbors. So, I think there's a special
responsibility on the part of everyone who is involved in
promoting these products. And I note, in your testimony, that
you make reference to Amazon, eBay, Facebook, and Etsy. And I'm
quoting, ``must do a better--must do a far better job of
removing misleading claims and products.'' Shouldn't they be
held accountable?
Ms. MacCleery. Yes. I think that there has been a
perception that the third-party platforms are just a
marketplace without a stake in the game. Increasingly, we see
that that is not the right understanding of the model. They
profit from having all the sellers on their platform. They
learn tremendous amounts about the marketplace and the behavior
of buyers and sellers. They often produce their own products,
in the case of Amazon or Walmart (which has a big online
presence), and sell them directly to sellers. And they should
be asked to help patrol the viability of claims on the
marketplaces that they're managing.
The antiviral complaints that we've filed have been very
disappointing, because to see the lack of response, on the part
of Amazon, to those. They are doing some coordination, is my
understanding from news reports, with the Department of
Homeland Security around COVID products that are specifically
marketed to treat or prevent COVID, which is commendable. And
what we'd like to do is see more of that sort of shared
enforcement model.
Amazon has been found liable in court for selling foods
that should have been recalled after they were identified by
the CDC as having a food-borne pathogen. In addition, we were
working with a family that lost their son to unwashed poppy
seed tea, which is an opiate, and the seeds were sold through
Amazon in bulk amounts to be used for this purpose. And it was
clear, from the comments on this site, that these products were
used for drug purposes.
So those are the kinds of things that we see. And we think
that there could be a much more compelling partnership between
the platforms and the government to deal with fraud and abuse.
Senator Blumenthal. They could be much more aggressive. And
don't they have an obligation to be more aggressive? If you
search for ``COVID cure'' on Amazon, you still find sponsored
banners for probiotics and product listings for supplement.
Aren't they complicit, along with other marketplaces? And have
you been satisfied with their response to your complaints?
Ms. MacCleery. I think they have a tricky job controlling
the algorithm, which might, in part, be learning from consumer
practices in real time on their site, but I don't know enough
about how the Amazon search engine works, because it's not very
clear, from looking over the site protocols. So, that would be
an area for investigation by Congress or the agencies, in
consultation with the company.
I do think where we have flagged items, like the antiviral
claims, which are per se illegal claims, according to the Food
and Drug Administration, they have a clear obligation to act.
And there are also supplements that are tainted with
prescription drugs that have been sold through Amazon, and
those need to be expeditiously removed as soon as the platforms
are informed that they are tainted.
Senator Blumenthal. Thank you.
My first round--I hope there will be a second round, Mr.
Chairman--has expired, so I'll yield back and hope that we can
ask more questions.
Senator Moran. We'll follow our usual practice of not
informing the other committee members whether there will be a
second round or not until we see how many people are here.
[Laughter.]
Senator Moran. The--we now turn to the Full Committee
Chairman, who's certainly entitled to a second round.
Senator Wicker, thank you for joining us.
STATEMENT OF HON. ROGER WICKER,
U.S. SENATOR FROM MISSISSIPPI
The Chairman. Well, thank you very much, Senator Moran. I
appreciate the work that you and Senator Blumenthal are doing
on this issue.
I have a prepared statement that I will ask be included in
the record following the opening statement of Senator
Blumenthal.
Senator Moran. Without objection.
The Chairman. Thank you very much.
And I've very much enjoyed the testimony.
You know, Mr. Smith, we are looking, right now, in the
House and Senate at a COVID-19 response bill, a Phase 4, and
this is a good opportunity for, I think, us to see if you need
anything in that bill.
Ms. MacCleery says that FTC does not have enough funding or
enforcement tools to go after the scammers. And so--but, you
haven't asked for any additional full-time equivalents. So, one
thing I'd like for you to discuss is--you have enough resources
to fulfill the task that we're talking about today, and then,
with regard to--following up on Senator Blumenthal's question
about State Attorneys General, maybe that's a way for us,
indeed, to spread some of the responsibility, let the 50
Attorneys General be involved in this.
When you have been able to farm out work to Attorneys
General, Mr. Smith, does that involve a State enforcement
mechanism only, or are there damages requested? Do you ever
outsource that to the Trial Bar in enforcing anything that the
FTC does? So, if you could comment on that, I'd appreciate it.
Mr. Smith. OK. Thank you.
So, I'll go with the resources first.
At this point, we haven't identified any costs that we
can't cover, but we do appreciate very much the additional
funding that the House Appropriation Committee has recommended
for the Commission in FY-2021. We also appreciate the extra
resources that we got in FY-2020. And whatever resources we
get, we will put to good use.
I will say that we do, though, have two very specific
needs. The first is a--legislation to address our authority
under Section 13(b) of the FTC Act. So, this is the primary
provision that we use to return money to consumers. And, for
decades, courts across the country have said that we have
authority to obtain equitable monetary relief under Section
13(b).
Very recently, the Court in the Seventh Circuit has
questioned that. And so, this is the first court to do that.
The great weight of the authority is still on the FTC's side,
but this is an issue that has been teed up in front of the
Supreme Court for next term. And we expect the Court to resolve
that issue by the middle of 2021. But, an adverse ruling from
the Supreme Court would mean that the FTC would lose the
ability to get any monetary relief under Section 13(b) of the
FTC Act, as we have been doing for decades. Because the stakes
are so high, we're asking Congress to act now to ensure that
the FTC can continue returning money to consumers.
Second issue where we could use some help is
reauthorization of the SAFE WEB Act. SAFE WEB Act was last
reauthorized in 2012--right? 2012. It will sunset on September
30 of this year. It extends the FTC's UDAP authority--unfair
and deceptive practices authority--to conduct that has a
reasonably foreseeable effect on U.S. consumers or that
involves material conduct in the U.S. This allows us to address
cross-border fraud, which is a real problem. Since 2015, we've
had 310,000 complaints from U.S. consumers against foreign
businesses.
The other thing that SAFE WEB allows us to do is more
easily exchange confidential investigative information with our
foreign counterparts. We've relied on SAFE WEB to respond to
162 information-sharing requests from 40 enforcement agencies
in 17 foreign countries. It's been a critically important tool.
And a lot of the COVID-19 fraud that we see is also coming from
overseas or Canada.
So, two things that we could really use help with: 13(b)
and SAFE WEB.
The--with respect to State AGs, we routinely have task
force--we participate in task forces, regular meetings with our
State AG counterparts. They will frequently be co-plaintiffs in
our cases, particularly charity cases, where they have better
authority than we do to return money to consumers. We sometimes
refer cases to them. They sometimes refer cases to us. We
have--you know, one of our biggest recent cases was our $170
million settlement with Google and YouTube. That was a case
that we did with the New York Attorney General. Critically
important----
The Chairman. Do they farm it out to the Trial Bar----
Mr. Smith. We have not----
The Chairman.--the State Trial Bar?
Mr. Smith.--we haven't farmed anything out to the Trial
Bar, and our State partners, as far as I know--we've been
dealing with, you know, Assistant Attorneys General; we haven't
been dealing with private lawyers who are hired by the Attorney
General. In my experience, that's been what we've seen.
But, I haven't, also, been participating in a lot of these
task forces. That's generally done by the folks in our regional
offices. So, I can't say for sure about outsourcing to the
Trial Bar, but I've never heard of it in our cases.
The Chairman. Mr. Chairman, we're way over time. The--I
would note that you and Senator Thune, Senator Blackburn, and
I, and Fischer, have a data privacy bill that would deal with
this specific issue with COVID-19. And, perhaps on the record,
our witnesses might tell us if they've had a chance to look at
that, and if they want to go ahead and, on the record,
enthusiastically endorse this great piece of legislation.
Thank you, Mr. Chairman.
Senator Moran. Mr. Chairman, would you like the witnesses
to respond to that question now?
The Chairman. I'll be glad to. I just don't want to intrude
on your time. But, if they can respond within your constraints,
I'd be--I'd love to hear----
Senator Moran. Let's do it very quickly.
Derek Schmidt.
Mr. Schmidt. Thank you, Mr. Chairman.
Based on the sponsors, I have no doubt that it is excellent
legislation, but I have not had a chance to review it.
Senator Moran. That probably means you're offending half of
the members of the U.S. Senate, but----
[Laughter.]
Senator Moran.--Senator Blumenthal and I continue our
efforts in this regard.
Mr. Smith.
Mr. Smith. So, you know, I can't speak for the Commission,
but I--we, institutionally, believe that contract-tracing
legislation would be a big help. Consumers really need to be
able to trust these contact-tracing apps if they're going to
work. And the app developers need to know the rules of the
road. So, having legislation--Commission has testified in favor
of broad privacy legislation, but, that failing, contact-
tracing legislation would be great, too.
Senator Moran. Mr. Sjouwerman. Is this within your domain?
Mr. Sjouwerman. I have not been able to look at this
particular bit of legislation, so I can't afford an opinion. Of
course, these things are incredibly important. They cover part
of the problem. If you take this just a slightly bit more to
the 30,000-foot level, you would like to see Federal/national
cybersecurity standards, not the patchwork of current different
States' cybersecurity standards, which can prevent a multitude
of these types of scams in a variety of ways. But, maybe we can
come back to that particular issue a little later.
Senator Moran. Yes, sir, thank you.
Ms. MacCleery.
Ms. MacCleery. We'd certainly be pleased to review the
bill, but I haven't had a chance to focus on data privacy, I
regret to say.
I do have more information on the funding-and-resources
question, if that's of interest to the Chair.
Senator Moran. I'll try to make certain that you--each of
you have an opportunity to respond at the end of the hearing to
kind of catch up with anything that you would like to add to
your testimony.
Let me turn now to Senator Klobuchar, who's been patiently
waiting.
STATEMENT OF HON. AMY KLOBUCHAR,
U.S. SENATOR FROM MINNESOTA
Senator Klobuchar. Thank you very much, Mr. Chairman, and
thank you, to Senator Blumenthal as well, for holding this
really, really important hearing today.
I think we all know that we are in, yes, a public health
crisis, but also an economic crisis. And, sadly, when that
happens, there are people who prey on people's vulnerabilities.
While scammers have used--as you pointed out at the beginning
of your remarks, Senator Moran and Blumenthal--they've used the
coronavirus to exploit Americans' fears, the impact of the scam
on seniors have been particularly disturbing. Reports have come
that eight out of ten people in this country who have lost
their lives to coronavirus are seniors, and that the seniors,
who also lose an estimated $3 billion annually to financial
scams in their normal time, have been targeted for additional
scams.
Just last week in my state, we had a scammer that pretended
to be the child of an elderly Minnesotan and convinced that
person to send $25,000 to address--an address in Connecticut,
not to pick that out, Senator Blumenthal, but, yes,
Connecticut. That's why Senator Moran and I introduced the
Protecting Seniors from Emergency Scams Act in May to help
prevent scammers from taking advantage of seniors during the
pandemic. And we've also called on the FTC to protect seniors
from some of the contact-tracing scams that you've all
discussed, and to educate seniors on how to protect themselves.
So, I think I would start with Ms. MacCleery. Could you
talk about how it is critical for seniors and their caregivers
to have access to resources from law enforcement, adult
protective agencies, to help combat these coronavirus scams?
And also, with the rise of online-shopping fraud in which
consumer products are ordered online, what is the FTC doing to
protect seniors from these type of scams?
Ms. MacCleery. Thank you so much, Senator.
I so appreciate the care that you and the Chairman are
showing for this very vulnerable population. We know from our
work, that seniors, for example, are very heavy users of
dietary supplements. Eighty-two percent of people ages 55 to
64, and 88 percent of those 65 and older, take vitamins and
supplements, and we've been very concerned that the supplements
actually deliver on the benefits that are promised on the
label. We sued CVS, several years ago, for producing a
supplement or--that was a CVS labelled product that promised to
have macular degeneration ingredients in it that were
effective, and, in fact, lacked those ingredients, even though
it was sold next to a product that had the appropriate
ingredient. So seniors are particularly vulnerable to
supplement scams in the way that we've highlighted. They also
tend to be vulnerable to the kinds of marketing scams in the
supplement marketplace; that is, you know, buy-back guarantees
and money-back promises and phishing scams related to those
kinds of product marketing. So, that's of real concern to us,
and their health makes them more vulnerable to gaps in those
supplements or the use of the supplements as substitution for
valid medical treatment. It may displace a visit to a doctor
that's actually needed.
Senator Klobuchar. Yes. Thank you.
Mr. Smith, I'll direct this one toward you. Is the FTC
planning to take additional measures to better protect seniors,
assist them with this if they're a victim of a contact-tracing
scam? And I know the FTC is coordinating with the DOJ and HHS
to warn consumers. Can you highlight the key measures the FTC
is taking as part of this coordination?
Mr. Smith. Sure. Older Americans have been a priority of
ours for a long time. You know, interestingly, our research
shows that older Americans are not necessarily victimized at a
higher rate than younger people. In fact, they're victimized at
a somewhat lower rate. But, they suffer more losses when they
do suffer a monetary loss. And some of that has to do with
scams, like the grandparent scam that Senator Klobuchar
outlined, which is really pernicious and can lead to big
losses. And so, our efforts are--in addition to our law
enforcement efforts, our efforts are focused on educating
consumers, particularly to these scams.
And one of our most effective tools has been a campaign
called ``Pass It On.'' And what ``Pass It On'' does--it's a
series of articles, presentations, bookmarks, activities,
videos, and what it does is, it educates--it's targeted at
older Americans, and it says, ``Look, you need to give this
information to your friend, to your neighbor, to your family
member. You need to educate them about this scam.'' And it
allows older people to capitalize on their life experience and
their wisdom in educating others. And, of course--and in
educating others, they're also educating themselves. So, we've
distributed millions of pieces of this information, and we've
found that it's effective. But, you're absolutely right, there
are always new scams, particularly those involving technology,
tech support, contact tracing, which are going--where they're
going to find--the scammers will find fertile ground with older
consumers.
Senator Klobuchar. OK. Thank you.
Mr. Schmidt, one last question. In your testimony, you note
the legislation enacted in Kansas to protect the privacy of
consumers' personal data. Do you think that providing strong
protections for consumers' personal data is helpful in making
these contact-tracing apps more effective? And what more do you
think we should be doing federally on the personal data?
We're--a number of us have been trying to work on privacy
issues--Senator Cantwell, otherwise, as well, when it comes to
personal data. And this goes way beyond the pandemic. I think
that's only put a magnifying glass on this issue with the tech
companies and the like. But, what do you think would be
helpful?
Mr. Smith. Right. So, the Commission has testified in favor
of data security legislation that would include civil penalty
authority, APA rulemaking authority, and expanded jurisdiction
for the FTC over common carriers and nonprofits. A majority of
commissioners have testified for something similar with respect
to privacy legislation. And speaking just for myself, I think
that privacy legislation would be really helpful now to both
tell app developers and others who might be working on contact-
tracing issues--let them know what the rules of the road are,
what's protected, what they can collect, what the contours of
de-identified and aggregated data are, as an example. And it
also would build confidence by consumers. Consumers need to be
confident in these apps if they're going to use them and if
they're going to be effective.
Senator Klobuchar. That's for sure.
Mr. Schmidt, could you also answer that one?
Thanks.
Mr. Schmidt. You know, we've obviously followed with
interest many of your discussions and debates in Washington on
broader privacy issues. And, of course, from a state
standpoint, we always have generalized concerns about
preemption, the tension between State authorities, on the one
hand, and, on the other hand, the benefits of a national
standard. Setting that bigger issue aside that I assume would
also be a challenge for you at this point if you were trying to
do something quickly on this federally, Kansas did--our
legislature was in special session in June and did, at that
point, enact, at the suggestion of our office, what we call the
Contact Tracing Privacy Act at the State level. It's, I think,
fairly characterized as stopgap legislation. It sunsets next
May. It's designed to fill the immediate need while we have,
perhaps, a more thoughtful review of what the law to look like
with respect to contact tracing.
It has multiple parts, some of which are not relevant to
your question. But, essentially, it requires that--you know,
contract--contact tracing was largely unregulated, even though
it has deep roots and is a critically important public health
tool. At least in Kansas, there weren't many rules of the road.
It just sort of was operated the way the public health
officials chose to operate it. And, obviously, the scale of the
COVID response has brought a lot more people into that business
and, therefore, invited discussion about what the rules ought
to be.
So, our new statute does things, such as requiring--
specifying that participation in contact tracing, whether it's
electronic or whether it's the old-fashioned way, with pencil
and pen and knocking on a door, is voluntary. We think that's
important, because it reduces some of the pushback that some
citizens have when the government tells them they ``must''
provide information, under some sort of penalty. Our statute--
again, a stopgap--actually, flat, prohibits the use of
cellphone location information, so most of the apps for contact
tracing. Our public health department at the State level said
they weren't interested in doing that at this point, and we
thought it advisable to put the whole thing on hold until there
can be a more thoughtful review of what exactly the rules ought
to be on that. Again, in the spirit of trying to reassure folks
that it's OK to participate without having to wonder what
happens to your information.
And we also, in that statute, ensure that there can be what
I've called ``bureaucratic mission creep.'' We ensure that the
data lawfully and appropriately collected for contact tracing
for COVID, when it's no longer needed for that contact-tracing
purpose, must be safely and securely destroyed, because there's
obviously going to be tremendous value in a lot of this data,
for reasons we may not even have thought about yet, and that
may be beneficial. But, again, folks may be really discouraged
from participating if they think it's an open door to what
their information might eventually be used for.
So, that's been our approach.
Senator Klobuchar. OK. Thank you.
Thank you, Senator Moran.
Senator Moran. You're welcome, Senator Klobuchar.
Now Senator Fischer.
STATEMENT OF HON. DEB FISCHER,
U.S. SENATOR FROM NEBRASKA
Senator Fischer. Thank you, Mr. Chairman. I appreciate you
holding this hearing today.
American consumers have had to become suspicious of all
types of fraud that comes to their e-mails, to the telephones,
to their mailboxes, and sometimes to their front doors. On top
of this, the coronavirus pandemic has been a convergent of all
of these potential scams and--it's increasingly difficult to
determine what's real and what isn't.
We saw this recently in my State of Nebraska, when
consumers were confused after they received their valid
stimulus money from the CARES Act in the form of prepaid debit
cards from the U.S. Treasury, and many of them thought it was a
scam, so they threw them away. Thankfully, the Treasury has
been responsive on resolving these issues.
We've also seen some skepticism from consumers contacted
from government agencies for contact-tracing efforts.
Mr. Smith, in light of these, going forward, what can we do
to improve trusted channels between the Federal Government
and------
Mr. Smith. Well, what we're doing at the FTC is educating
consumers about contact tracing and the like so that they can
be--because what--we want consumers to engage with contact
tracers. And so, we don't want them simply to be afraid and to
shut down when they get that e-mail. And so, our message is,
``Don't be afraid to engage with contact tracers, but the first
thing is, don't click on any link in that text message,'' just
like General Schmidt said.
Second, the--a contact tracer--a legitimate contact tracer
will never ask you for money, for your bank account, for your
Social Security number, or for your immigration status.
In addition, on our website, FTC.gov/coronavirus/scams, we
have contact information for all the different State Boards of
Health and other information about contact tracing to educate
consumers about legitimate contact tracing.
But, you're absolutely right that we need to build trust--
or consumers need to be able to trust these apps if they're
going to work in the way that they're intended to work.
Senator Fischer. What are you looking at for best practices
there? Are you trying to reach out to State government more to
be able to work together so that we can build that consumer
confidence?
Mr. Smith. Well, we have--we've issued a great deal of
business guidance, including business guidance for contact
tracers and for app developers, where we've been counseling app
developers to build--to employ privacy and security, by design,
at the beginning of the app development process, not simply
build it in at the end; that they include privacy protective
design features for their apps, such as decentralization of
data, so the data lives on individual devices rather than in
one centralized database; that they use anonymous data, or,
even better, aggregated data, so thinking of heat maps for
coronavirus for these contact-tracing apps. They use the data
only for the stated purposes. Just like General Schmidt said,
if you're collecting it for public health, you use it for that,
you use it for nothing else. And you delete the data when
you're--when you no longer need it.
So, those best practices would be relevant to a private
entity developing a contact-tracing app or to a State Board of
Health that's developing a contact-tracing app.
Senator Fischer. OK, thank you.
And, General Schmidt, I notice that you commented on the
enforcement actions that your office recently has taken related
to COVID-19 scams. As you've carried out those investigations
over the last few months, do you feel that there has been
adequate and proactive coordination from the FTC as well as the
Justice Department with State AGs on these COVID-related issues
and other issues as well?
Mr. Schmidt. Yes, I do, Senator. We've had--we have a very
good preexisting relationship with our counterparts at the
relevant Federal agencies, both in regional offices, to the
extent they're in Kansas City at least, or nationally, to the
extent they may not have a regional presence in Kansas City.
And I think those preexisting relationships have been really
helpful in allowing us to simply apply how we normally work
together in this context. So, I feel very good about that.
As I suggested in my opening, I think there might be some
room to, maybe, in a more institutional way, not--I don't mean
legislation, just in a more institutional way, to ensure that
relationships that cause cases to flow Federal-to-State or
State-to-Federal, for example, between the investigation and
prosecution stage, that that may happen even when there are
changes in personnel, because so much of it becomes based upon
those personal relationships, and, you know, like, you have to
reinvent the wheel. But, beyond that, I feel good about it.
Senator Fischer. OK, thank you.
Thank you, Mr. Chairman.
Senator Moran. Thank you, Senator Fischer.
We're pleased to have the Ranking Member of the Full
Committee here, Senator Cantwell.
STATEMENT OF HON. MARIA CANTWELL,
U.S. SENATOR FROM WASHINGTON
Senator Cantwell. Thank you, Chairman Moran. And thank you
to my colleague, Senator Blumenthal, for being the Vice Chair
of the Committee and for all your hard work on these issues.
It's great to join you.
And I think what I'll try to do is just talk about some
very, very broad issues, if I could. I think my colleagues have
covered a lot of territory. And, first of all, let me just
thank you for mentioning--and my colleague Senator Klobuchar--
the data security issue. Really feel that data security is, and
should be, included. So, thank you for endorsing that concept,
that data security really does need attention, along with
privacy legislation overall. So, thank you for that.
On this issue of the--you know, the usual FTC approach,
which is a first-time warning, do the witnesses agree that the
FTC needs a first-time civil penalty authority when it comes to
some of these COVID, you know, deceptive information and
statements, given the severity of the problem?
I don't know, Ms. MacCleery, I don't know what you have to
say, or whether Mr. Smith wants to comment on that.
Ms. MacCleery. So, I think that the warning-letter tool has
limitations. There are a number of unscrupulous actors in the
marketplace that may disregard warning letters, and it's
enormously inefficient for the FDA or the FTC to have to track
and go after bad actors multiple times. We have seen a pattern,
even in supplements tainted with drugs like amphetamines. The
agency will issue a warning letter, and then the company will
come back with a slightly tweaked product and keep selling into
the same marketplace. So, I think, for supplements in
particular, you have a small number of bad actors, and warning-
letter authority is just insufficient to get their attention.
Senator Cantwell. Well, we--definitely agree. We were very
involved in drafting a new law as it related to, you know, the
same on our opioid crisis. We didn't put enough oomph behind
the penalties there. So, I think we should look at this. I
mean, you know, a civil penalty, given something that's about
protecting the lives of individuals in the middle of a
pandemic, when people are reaching, you know, for solutions,
seems a reasonable approach.
Mr. Smith, did you want to add anything to that? I have a
different question for you. So.
Mr. Smith. OK. I would just say, I think your question was
about, like the opiate law, where, under Section 5, we bring an
enforcement action, and we're entitled to equitable monetary
relief, an injunction, things like that, but no penalties.
Right? And if we get an administrative order for the second go-
round, we can get civil penalties. And so, I think that's what
your question was focused on, not so much the warning letters.
And I would say----
Senator Cantwell. I'm saying, I think the warning letters,
in the middle of a pandemic, on things that people might think
are lifesaving, when actually they're, you know, causing----
Mr. Smith. Right.
Senator Cantwell.--fatalities--could cause fatalities,
seems like a warning letter may not be strong enough, given the
complexity of this environment we're in. And giving the FTC a
stronger tool----
Mr. Smith. Right. Well, so we have a stronger tool. We can
go to court, with all--with respect to every one of the
companies that we've sent a warning letter to, we can go to
Federal court or in front of our administrative law judge, and
we can get an injunction. We have chosen the warning-letter
route because what we have found with--particularly with
respect to the fake cures, what we have found is that the
warning letters are astonishingly effective. In 48 hours, we
can get bad claims taken down. And where we can't, we follow up
with law enforcement, either in a Federal court or in front of
our administrative law judges.
Senator Cantwell. Well, what about flexibility?
Mr. Smith. I'm sorry----
Senator Cantwell. I mean----
Mr. Smith. And then I think what you're----
Senator Cantwell. I mean, just like what Ms.----
Mr. Smith.--advocating is another path, where we get
civil--like with the opiate law, where we get civil penalties
on our first bite at the apple. And with respect to that,
that's a better question for the Commission. I would be getting
pretty far out over my skis if I were to offer an opinion----
Senator Cantwell. OK. What----
Mr. Smith.--on whether we----
Senator Cantwell.--about----
Mr. Smith.--should have civil penalties.
Senator Cantwell. What about our definition of price
gouging? And I don't know if--I mean, this unfairness
authority. I mean, that's what we, in Washington, prevent
unfair and deceptive practices pretty similar, I think, to
where you guys are, but it is quite broad. So, do we need to do
more on defining the price-gouging standard?
Mr. Smith. I think we--yes. It would be helpful to have a
price-gouging statute. If Congress wanted us to address price
gouging specifically, it would be really helpful to have a
statute that gave us specific authority and laid out specific
guidelines for when--for, basically, what high--what--how high
is too high? So, 35 states which have the same FTC Act
authority that we do--you know, they have the Unfair and
Deceptive Acts or Practices authority--they have, nonetheless,
seen fit to enact a price-gouging statute, because the
unfairness authority doesn't fit neatly. So, that would be--if
you want us to address price gouging, a statute----
Senator Cantwell. But----
Mr. Smith.--would be a big help.
Senator Cantwell. Well, we have one for you, so we will--
we'll get that.
Mr. Smith. Right.
Senator Cantwell. So----
Mr. Smith. Right.
Senator Cantwell. I mean, we've been involved in
establishing a standard for you also on manipulation, and we
thought that was quite helpful, and very helpful to the CFTC,
and very helpful for the FERC. So, we think clarity, here, is
our friend, and we think----
Mr. Smith. Right.
Senator Cantwell.--or, just like with the opioid law, I
think if people can get around it, they will. And so, the
stronger deterrent that we can have on the books, in the
penalties, the better, in my opinion.
One last question I was going to ask about. Let's see. What
else do we need to do on some of these--you know, some of the
larger organizations that have taken advantage of states on
their paychecks and the programs for unemployment?
Mr. Smith. So, are you talking about large businesses that
have obtained, for example, paycheck protection program loans?
Senator Cantwell. I'm talking more about the abuse of the
system, of people signing up and getting--you know, rings of
people who have signed up to get--in the State of Washington--
----
Mr. Smith. Right.
Senator Cantwell.--we've had----
Mr. Smith. Right.
Senator Cantwell.--employment checks given to rings of----
--
Mr. Smith. Right.
Senator Cantwell. Yes.
Mr. Smith. So, I would say--so, General Schmidt, from
Kansas, may have some thoughts on that. From the FTC's
perspective, when we see the--I think from--we send it to the
IRS or to their--TIGTA--to their Inspector General for---
because that's real--that's real criminal theft, right?
Senator Cantwell. Yes.
Mr. Smith. From the government.
Senator Cantwell. Yes.
Mr. Smith. And so, it's not so much an FTC problem. But,
General Schmidt may have additional thoughts. I don't know.
Senator Cantwell. Well, I just want to know what we're
doing to share that, you know, data, in general. Obviously,
identify theft and these issues are something that the FTC--so,
don't know many----
Mr. Smith. Right.
Senator Cantwell.--other states have addressed this, or
faced it, but--I don't know----
Mr. Smith. So, we do----
Senator Cantwell.--if General Schmidt has something--I
mean, if the--yes--General Schmidt wants to offer something.
Mr. Schmidt. Senator, the only thing I might add, as I
mentioned but didn't dwell on earlier with respect particularly
to unemployment benefits, which may or may not be precisely
what you're asking about but it's a similar genre, we have
gotten a lot of complaints from folks alleging--broaden those
benefits payments, identity theft, creating false identities to
claim a payment. The way we've been handling those--because,
under Kansas law, I don't have original criminal jurisdiction
for that type of crime--so, the way we've been handling those
is to refer them to our State Department of Labor, which
handles unemployment program, and they, in turn, then work with
their Federal counterparts whenever, in their judgment, it's
appropriate to do so. So, a little bit outside, under Kansas
law, of our authority.
Senator Cantwell. OK. Thank you.
Thank you, Mr. Chairman.
Senator Moran. Senator Cantwell, thank you very much.
Senator Capito.
STATEMENT OF HON. SHELLEY MOORE CAPITO,
U.S. SENATOR FROM WEST VIRGINIA
Senator Capito. Thank you, Mr. Chairman, and thank the
Ranking Member, for having this hearing. Very interesting, and
it's interesting--I'm just going to kind of start on the--where
Senator Cantwell left off, and that is the fraud on the
unemployment compensation.
We just had--I'm from West Virginia--we just had an
instance, where our unemployment commissioner, basically, said
that somebody from the same IP address had applied for 50,000
different ways to get a benefit with, you know, different
names, or tweaking different names. And I'm wondering--Attorney
General Schmidt, you mentioned that this is an issue that's
come up in Kansas, but I'm wondering, is it the magnitude of
which we're seeing? And also, what additional resources would
you need to combat something of this nature, when the program
was created this rapidly but also to the great benefit of so
many people?
Mr. Schmidt. Senator, from the vantage point of the Kansas
Attorney General's office, we haven't seen that scope, but I'm
quick to say we might not, because, as I was just describing to
Senator Cantwell, we aren't necessarily the face of the public
response.
You know, the only thing I might add--it's something we
have talked and thought about a big here, because we've seen
the reports in other states, that the problems have been
widespread, and I don't have a reason to think that Kansas is
materially different. I just have not seen the data.
Senator Capito. Right.
Mr. Schmidt. But, you know, there are other programs, where
there is a Federal/State partnership, as there is now with the
unemployment payments coming from the Federal Government to
assist and extend the benefits. Medicaid program comes to mind.
And, in some of those programs, Congress has seen fit to create
certain requirements for fraud policing by the state in order
to participate in the program. For example, the Medicaid Fraud
Control Units that I mentioned earlier.
So, I am not prepared to advocate that in the unemployment
insurance context, but I--it does seem to me a logical area to
look, whether that model for programs that have shared funding
would also make sense in the unemployment context for shared
fraud enforcement.
Senator Capito. Yes. I mean, I think it--a lot of our
systems are very overwhelmed, as you know. And to try to
determine where the fraud lies and how to detect it, I think,
is----
I'm going to stick with you, Mr. Attorney General, because
I want to ask something that comes up in this committee all the
time that has to be related to scams, and certainly the
education of either our elderly or others. And I appreciate
Senator Klobuchar bringing up the scamming of the elderly.
That's an issue I'm very concerned about, in all aspects. But,
you know, we have a lack of broadband in our rural areas. And
what do you find is the best way to really transmit, to people
who may not have broadband connectivity, the possibility of
false advertising or false claims or, you know, cures that are
going to cure it all or prevent you from ever getting COVID?
What--how do you address that issue in Kansas?
Mr. Schmidt. So, we are the lead consumer protection agency
for the State, at the State level, in Kansas. And, because of
that, in ordinary times, we have a very robust consumer
education and prevention program. We do it online, as you
suggest. We also do a lot of in-person presentations around the
state, whether it's civic clubs, nursing homes, senior centers.
We--our people spend a large proportion of their time actually
talking with Kansans, because our philosophy is, ``If we can
help you avoid losing your money in the first place, better for
you, it's better for us, so we can focus our enforcement on the
back end, on a smaller universe.''
Senator Capito. Right.
Mr. Schmidt. So, that's how we normally do it.
Now, as your question, I think, implies, right now, where
we're all less mobile, we're doing things, like we're doing
today, in communicating remotely. Obviously, that disables one
of our principal tools for reaching Kansans, which is, ``Go
where they are, in person, and talk with them.'' And so, we've
struggled with that. We are doing more online. We recognize the
limits, as you suggest, that there are areas that that's simply
not going to be effective because our consumers aren't able to
access that programming. But, nonetheless, we think there is a
significant number of Kansans who we don't normally reach
online, we could reach online--technologically they're able--
and so, we're doing that now, because it's better than not
doing anything. So, we've pushed that.
But, I have struggled very much with how we reach those
pockets of individuals in the state that we can't reach
digitally because they don't have suitable Internet access, and
we can't reach them physically right now because of the----
Senator Capito. Right.
Mr. Schmidt.--of the COVID-related restrictions. And I
don't have a good answer right now.
Senator Capito. Yes. I think that's a real problem, because
a lot of those are our more vulnerable populations, and I think
it brings a difficult question.
I don't know if I have any more time. I've got one more
question to Mr. Smith.
We've seen a big increase in scams, obviously. And they're
heading toward the vulnerable population, which we've said.
But, what limitations to the FTC--this is to my FTC--let's
see--yes, Mr. Smith--what limitations does the FTC have? And
I've created an Act, with Senator Gardner, called the CEASE
Act, which would increase penalties for false advertising and
deceptive acts. Wondering if that would be a helpful tool, if
you're aware of it, and what tools--additional tools you might
need at the FTC to be able to break up these large advertising
scams that we see.
Mr. Smith. Right. So, I am familiar with the CEASE Act. And
we are--I think we may have provided some technical
assistance----
Senator Capito. Yes. Thank you.
Mr. Smith.--for your offices. And we are happy to continue
working with your office on that law.
And with respect to specific tools that we could use, I
mentioned, earlier, reauthorizing the SAFE WEB Act. I think
Senators Moran and Blumenthal have introduced--have cosponsored
a bill that would reauthorize the SAFE WEB Act. That's
critically important for our foreign law enforcement. And some
of these COVID scams are coming from outside of the country.
Senator Capito. Right.
Mr. Smith. The second thing is to clarify our authority
under Section 13(b) of the FTC Act. So, for decades and
decades, we've had authority to obtain equitable monetary
relief under Section 13(b). And, just recently, there have
been--there has been one important court, the Seventh Circuit
Court of Appeals, which has called into question that
authority. That issue is now in front of the Supreme Court. It
will probably be resolved sometime next year about this time.
But, in the meantime, it would be great if Congress could act
to clarify our authority that we can get redress, restitution,
disgorgement as Congress has thought we've been able to get for
the last, what, now probably 40 years.
Senator Capito. Right.
Thank you very much.
Senator Moran. Senator Capito, thank you.
A vote has been called. And I have been very lenient in
time. I'll try to be less so now. I'm sorry.
Senator Udall, it's now your turn.
STATEMENT OF HON. TOM UDALL,
U.S. SENATOR FROM NEW MEXICO
Senator Udall. Thank you, Chairman Moran and Ranking Member
Blumenthal, for calling this hearing on the important issue of
protecting our constituents from COVID-19 scams.
There is unprecedented demand for products to protect
against the transmission of coronavirus. And the scramble to
keep our families, workers, and customers safe has led to a
surge in scams and fraud against consumers. The FTC has
received over 136,000 reports of scams related to COVID-19,
including 477 from New Mexico. And people have reported losing
nearly $90 million on these and other COVID-related frauds.
But, it's not just individual consumers that are at risk,
here. There are increasing reports of companies misrepresenting
themselves in contracts with local, State, and Federal agencies
to procure PPE.
In May, a $3 million Indian Health Service contract was
given to a former White House official to provide 1 million
KN95 respirator masks for use in the Indian Health Service
facility serving the Navajo Nation that did not meet--these
masks did not meet the Food and Drug Administration's standards
for use in healthcare settings by healthcare providers.
I want to address the issue of some substandard masks.
Thousands of masks procured by IHS were determined to be
substandard and not for medical use for IHS hospitals serving
the Navajo Nation in New Mexico and Arizona. I brought this up
in another hearing directly with the IHS Director and told him
that this was absolutely unacceptable. Thankfully, the masks
were never used, but HHS and FDA ought to be pretty savvy
consumers when it comes to workplace safety in the medical
field.
I'll have a written question for our in-writing witness
from the FDA.
But, Ms. MacCleery, what can this administration do to
better protect workers, both in the private sector and
government? And do you support an OSHA emergency standard?
Ms. MacCleery. Absolutely. We are on record as supporting
OSHA's development of an emergency temporary standard for
workers at risk of contracting COVID. We've particularly been
worried about meatpacking workers, where we've seen a large
number of exposures and deaths, both among inspectors and
workers. And it may be something about the working conditions
and the close proximity there that lead these to be hotspots.
Workers really need these protections in order to maintain our
food supply and keep going to work. And we need a healthy
workforce. So, we are backing the measures that have come out
of the Congress in several packages for an emergency temporary
standard for workers.
In addition, we think there should be a concerted effort
to, of course, develop mask standards for workers in the
healthcare setting. We know there's some of that going on
underway. But, some sort of concerted attention by the FDA to
set standards is needed. Masks in the healthcare setting have
been to protect the patient from infection by the healthcare
worker, not necessarily to protect the worker. And so, there
needs to be a new and urgent effort to ensure that workers in
the settings where they're dealing with patients are also
protected.
Senator Udall. Ms. MacCleery, are online platforms doing
enough to put a stop to questionable and fraudulent goods
before they are sold?
Ms. MacCleery. There certainly has been a concerted effort
by Amazon and a few of the other platforms to work with Federal
authorities and get rid of explicitly marketed COVID cures and
treatments. However, behind that there is lots more work to do.
In general, we need to have a plan for when platforms are
selling supplements to the public, and the false claims that
they're making, and for actively patrolling them, not just
during a pandemic. And in addition, not all platforms are
making enough of an effort. We have looked across a number of
the platforms, and not all of them are free of products that
are explicitly promising to treat or prevent coronavirus, which
is a problem.
Senator Udall. Thank you.
Mr. Chairman, knowing that a vote is on and we're pressed
for time, I'll submit the rest of my questions. I really
believe there is a role for Attorneys General to play here, and
I hope that our witnesses will answer that question on the
record.
But, I will yield back at this time.
Thank you very much.
Senator Moran. Ever so cooperative. Senator Udall, thank
you very much.
Senator Baldwin.
STATEMENT OF HON. TAMMY BALDWIN,
U.S. SENATOR FROM WISCONSIN
Senator Baldwin. Can you hear me?
Senator Moran. Yes, ma'am.
Senator Baldwin. Can you see me? That's the other question.
Senator Moran. Now we can.
Senator Baldwin. Yes. OK. Thank you.
So, thank you, Mr. Chairman.
This March, I introduced a bipartisan bill to incentivize
states to provide compensation to elderly victims of financial
fraud, abuse, and exploitation. I called it Edith's Bill after
learning the story of Edith Shorougian and her family, who
wrote a letter to me, asking that I work on legislation to help
seniors get money back when it's stolen from them, especially
when it's money earned over a lifetime of hard work.
General Schmidt, do you believe that elder financial fraud
and abuse is underreported? And are you aware of any national
programs or efforts that would incentivize states to provide
compensation or restitution to these victims if they're unable
to recover restitution from the offenders themselves?
Mr. Schmidt. Senator, I absolutely believe that elder fraud
and abuse, including financial abuse, are underreported. All of
the data I've ever reviewed--and it has been substantial--
suggests that there's a quarrel about how much--to what order
of magnitude the underreporting is, but not about the
principle.
In terms of your question about compensation, I'm not aware
if--just I'm not aware of it--of any program that provides
compensation to elder victims of crime. There is, of course,
the Crime Victims Compensation Program, generally, that I'm
sure all of our states participate in. Generally speaking, that
compensation, as I recall, is limited to certain categories of
costs that generally are associated with violent crime, as
opposed to financial losses.
We make a priority, in Kansas, in our enforcement actions,
to put restitution first and the State's recovery always
second. And, of course, that usually is more important at the
collection stage than it is at the liability-imposition stage.
But, in principle--I don't know any particular proposals, but,
in principle, I think it would be a very good conversation to
talk about whether there's some type of compensation program
that would assist somebody's who's lost a life savings as the
result of fraud and scams.
Senator Baldwin. So, thank you for that. Edith and her
family were scammed out of more than $80,000 by their longtime
financial advisor. And, of course, they fear that they'll never
get that money back that was stolen from them. But, Edith's
family was able to uncover the fraud because Edith asked for
help, and her son-in-law recognized that there was a problem
when he was attempting to reconcile and balance her checkbook.
General Schmidt, in April, you led a letter to Senate
leadership in which you and other Attorneys General noted that
emergencies and disaster situations invite abuse and
exploitation of vulnerable and isolated populations. So, I want
to know if you are concerned that seniors who are isolated from
family members, loved ones, caregivers during the pandemic, and
the support networks that they usually rely on, are being
targeted by scammers. And how does this separation from typical
caregivers make seniors more vulnerable and susceptible to such
scams?
Mr. Schmidt. Senator, this is one of the things that keeps
me up at night right now. We have focused tremendously, in both
the Kansas Attorney General's office and then a couple of years
ago, when I was President of our National Association of State
Attorneys General. We focused on elder abuse issues, including
financial abuse, on a national basis from a State standpoint.
So, it's a longstanding priority for us.
I am very worried that seniors who may be physically
isolated, ordinarily, and have their contact come to them, or--
in terms of home healthcare or other home support--or who go to
contact, but in very discrete manners--they go to a doctor's
office visit, they perhaps go to their coffee klatch for lunch
on every Thursday, and back, but they're now separated from
those de facto early warning systems that can spot something
out of the ordinary and perhaps sound the alarm, as happened
with your constituents. I am very worried about that.
And I might just say--I don't mean to sound like a broken
record; I highlighted it in my testimony and mentioned it in my
opening statement--but, I really do believe that one step that
Congress could take swiftly, I believe without controversy,
would be to include in some vehicle this year, perhaps the next
COVID bill, whatever is appropriate, the text of Senate bill
2379, which is the latest incarnation of legislation that we've
been working on now for several years. From a state standpoint,
we began the advocacy--it was actually, at that time, Attorney
General Jepsen, from Connecticut, and myself, bipartisan--
asking for this change in statute so that we can use our
existing, already-funded, already-trained, already-skilled
resources in our Medicaid Fraud Control Units outside the exit
doors of the nursing homes and long-term care facilities, and
reach exactly the type of isolated individuals in the Medicaid
program that you're talking about.
So, thank you.
Senator Baldwin. Thank you.
And, Mr. Chair, I think my time has run out, so I yield
back.
Senator Moran. Thank you very much.
Senator Sinema has joined us, as well.
Senator Sinema.
STATEMENT OF HON. KYRSTEN SINEMA,
U.S. SENATOR FROM ARIZONA
Senator Sinema. Well, thank you, Mr. Chairman.
And thank you, to all of our witnesses today.
Scammers are using this pandemic as an opportunity to
defraud Americans, including our seniors. Arizonans have
reported thousands of COVID-related scams to the FTC, with $1.5
million in losses for Arizona families, so far. And those are
just the scams that are reported to the FTC. We know the actual
damage is far greater.
Scams aren't just a financial concern. COVID scams also
endanger the health of the public, who can be defrauded into
believing that certain products can prevent or cure COVID,
when, of course, there's no scientific basis to support these
claims.
Scammers have also distributed counterfeit personal
protective equipment, which can endanger lives of our medical
professionals and first responders. I'll continue to work with
partners on the Federal, State, and local levels to ensure we
have adequate resources to prevent scams before they happen,
ensure that we're returning funds to Arizona fraud victims, and
punishing the scammers who are stealing from our families.
Before I move to questions, I want to thank Senator Capito
for mentioning our bill to extend FTC authority to stop false
advertising during this pandemic. Our bill increases civil and
criminal penalties on scammers, and we hope to find some
bipartisan support for this legislation.
My first question is for Attorney General Schmidt. Due to
the coronavirus pandemic, scammers are using fear and confusion
to steal money and personal information. Recently, I teamed up
with our Attorney General, Arizona Attorney General Mark
Brnovich, to warn Arizonans about some common coronavirus
scams. This includes trying to sell fake coronavirus vaccines
or unproven treatments to scared families and individuals.
Scammers are also calling seniors and threatening to cutoff
stimulus payments or food assistance if they don't share
personal information. You know, this criminal behavior not only
hurts the direct victims, but it also hurts legitimate
charitable initiatives who are trying to help vulnerable
communities respond to the virus.
My question for you, Attorney General, is, How can
policymakers help our constituents distinguish between scams
and legitimate offers of assistance? And are there additional
resources that states need in order to more effectively fight
these new pandemic-related scams?
Mr. Schmidt. So, Senator, it is such a difficult question,
because mixed messaging is the bane of effective messaging. And
we normally all are on the page of, ``Don't answer the phone.
Don't respond to the inquiry. Just hang up on the bad guys if
you don't know them.'' Now we're in a position where we're
saying, ``Well, that's all true, but, you know, we sure like
you to respond, for example, to contact tracers when they
engage with you,'' and that creates a really difficult message
to convey to vulnerable populations.
I don't know that I have a great answer. I can tell you
what my messaging is when I talk with Kansans about the types
of things you're saying. I usually say it boils down, for me,
to two simple points:
How do you separate the legit from the illegitimate? Number
one, if you didn't initiate--you as the Kansan, you as the
Arizonan, you as the consumer--if you didn't initiate the
contact, the communication, then just assume it's not legit.
Now, that gets me in trouble with some legitimate both
businesses and public-sector folks, but, from a consumer-
protection standpoint, it is a simple, straightforward message.
If you want a widget and you think you need a widget, sit at
your breakfast table, figure that out, initiate the contact
with the seller of widgets, and now you know at least you're in
contact with a legitimate operator. So, that's point one.
And point number two, you know, the old-fashioned advice is
still good. Do business--whether it's online, remotely, or in
person, do business with people you already know and trust. So,
shop local or shop reputable retailers in the retail space.
Again, it's not perfect, but those two principles are
usually what I tell folks.
Senator Sinema. Thank you, Attorney General. I appreciate
that.
My next question is for Mr. Smith. As part of the fight
against the coronavirus, many organizations have experienced
severe shortages of PPE, cleaning and disinfectant supplies,
and other necessary items that would help them reopen safely
and smartly. As the virus continues to surge in places like
Arizona, our local businesses, schools, nursing homes, and
healthcare facilities are continuing to struggle to buy
supplies from their usual and trusted vendors. What advice do
you have for businesses and organizations that want to buy PPE
or other coronavirus-related supplies in order to avoid
fraudulent or counterfeit materials?
Mr. Smith. Well, our efforts with respect to PPE have
largely been focused on what I'll call shop-at-home scams, or
fulfillment scams, where a company is offering to sell PPE, and
you order the PPE; it says, you know, ``next-day delivery,''
and it's not delivered next-day; in fact, it's delivered
``never.'' So, we're not--so, the folks that we're protecting
are generally consumers and not businesses. And we've brought
at least one enforcement action in that area, and we have
several more in the pipeline. I would say that, you know, what
we are enforcing there is our mail-and telephone-order rule,
which requires that, if you're not going to deliver on time,
that you provide a notice or the opportunity for a full refund.
With respect to those larger institutional purchases of PPE
that you're talking about, we also have been working with the
Department of Justice, which has been extraordinarily active
under the Defense Production Act, both--and a lot of our PPE
fulfillment issues have followed on their price gouging under
the DPA. So, there are unscrupulous sellers out there, selling
counterfeit products, price gouging, taking advantage of
institutions' needs for these products in this time of
emergency. And so, a lot of that, I think, is being addressed
by the criminal authorities, and, in particular, the Department
of Justice and the Department of Justice DPA Price Gouging Task
Force.
Senator Sinema. Thank you.
Mr. Chairman, my time's expired, but I want to thank you
for holding this important hearing. I appreciate it.
Senator Moran. Senator Sinema, thank you.
Senator Blackburn has joined us, as well.
Senator Blackburn.
STATEMENT OF HON. MARSHA BLACKBURN,
U.S. SENATOR FROM TENNESSEE
Senator Blackburn. Thank you so much, Mr. Chairman.
And I want to go to the issue of data privacy. And, General
Schmidt, you mentioned this in your statement. And let's look
at the issue of protecting that private information, and then,
if that falls into the hands of scammers, what are you doing to
make certain that people are not being scammed based on their
information for this contact tracing? Because what we've
learned--when you look at the virtual space, whoever has that
data and claims possession of that data feel that they know--
that they own the ``virtual you.'' They have access to this and
then begin to use that entree to follow you and to share your
information with outsiders and third parties.
So, General Schmidt, let's talk with you--or start with
you, and then just, if each of you will add. I want to hear
about what is being done to protect privacy, to protect that
data, to protect the follow-on information via contact tracing.
Mr. Schmidt. Senator, I appreciate the question. You know,
I don't mean to sound glib, either to you or anyone who's
listening, but often in this space, I think of the old
expression that ``the road to hell is paved with good
intentions.'' And I worry, in the contact-tracing space,
because we have grown so rapidly into that data collection,
that perhaps we have not put in place the ordinary safeguards
we would otherwise put in place with any entity, government or
business, that's collecting large amounts of personal data. And
we've done it for good purposes, to try to properly contain the
spread of the virus. But, I've been sort of the contrary voice
on that, and I've done it deliberately, because I think we need
to have a more balanced conversation.
As I suggested earlier, and I won't repeat myself, but we
did, in Kansas, our legislature, in June, enacted what I've
characterized as a stopgap contact-tracing privacy act data-
privacy measure. It's designed to put in place guardrails,
rules of the road, duties of privacy, limitations on
distribution, and the like, for all of that data that's
collected, both the digital stuff that we're talking about, in
terms of app development here, but also data that's collected
the old-fashioned way. Still, once it's collected and in the
data base, it does have value to some folks. And so, we have
tried to put in those limitations to make sure that Kansans'
data is protected and they can feel free to participate openly
in legitimate tracing efforts.
Senator Blackburn. Let me ask you this. First of all, what
I've heard you say is, we need to have a Federal preemption and
one Federal standard for the retention--collection of, and
retention of, this data. Is that correct?
Mr. Schmidt. Senator, yes, with a--an important caveat. And
that is this. And this is my State role coming out. I do
understand the importance of a Federal standard. It makes
sense. Data crosses State lines. I understand that. But, I
would suggest that we don't want complete Federal preemption of
State enforcement. And----
Senator Blackburn. Correct.
Mr. Schmidt.--we also don't want----
Senator Blackburn. [Inaudible]----
Mr. Schmidt. Yes, but we also don't want to compel State--
for example, State AGs--to go to Federal court, follow Federal
rules to enforce a Federal law, because, with all respect, as
I've said to my colleagues many times, if I wanted to do that,
I'd try to go be a U.S. Attorney. I'm a State actor. So, it's
always seemed to me what makes the most sense is to set a
Federal standard with respect to data privacy, but to allow
states to independently enforce that standard under State law,
in State court, with State procedures and State rules, as long
as we're holding folks to the same standard.
Senator Blackburn. Yes. Let me ask you this before we move
on. And my time is about to run out. Should, then, we see
that--should it be that consumers--the online consumer has the
ability to choose to opt-in to share their information, or
choose to opt-out if they do not want that entity that is
collecting and holding that information to share that with
third parties? Is that a--something that should be granted to
them, or a protection afforded to them?
Mr. Schmidt. Well, it does seem so to me, Senator. And
obviously, as you know probably better than I, that that's at
the core of a very broad and robust policy debate, both here
and with our friends in Europe. But----
Senator Blackburn. Correct.
Mr. Schmidt [continuing]. It--I am on the general side of
the debate that suggests my personal data is my personal data,
and I ought to be able to control with whom it is shared and
then re-shared and reused.
Senator Blackburn. All right.
I'll tell you what, Mr. Chairman, with that I'm going to
yield back, in the interest of time.
Thank you.
Senator Moran. Thank you for yielding back.
I've got to go vote. I have one question I want to ask, and
then I'm going to turn the hearing over to Senator Blumenthal
for a question or two he may have. He's going to then close the
hearing.
We are to be exiting this room by 5:45, so our panel of
witnesses should breathe a sigh of relief that it can't last
much longer.
I want to ask Mr. Sjouwerman. The--with the noteworthy
cybersecurity news related to Twitter last week serving as a
pretty significant example of social engineering, these types
of attacks continue to evolve while posing increasing harm to
Americans. Your testimony indicated that these types of threats
are responsible for, quote, ``upwards to 93 percent of data
breaches.'' Do you have any recommendations for this
subcommittee on how Congress can draw increased consumer
attention to these risks, or even prevent them from occurring
in the first place?
Mr. Sjouwerman. Yes. There is--ideally, there should be
Federal/national cybersecurity standards. There are several
standards. For instance, the National Institute of Standards
and Technology--they are abbreviated as NIST--they have several
standards in place. The problem is that if you want to really
combat social engineering attacks, you're going to have to go
far and wide in--you're going to have to get the private
sector, to some degree, involved and motivated to live up to
data security and privacy standards.
If you had asked me, What is the best framework to use in
this particular case?--I'd point you to the Department of
Defense, the Cybersecurity Maturity Model Certification. This
is abbreviated as CMMC. They have a very good model, where you
have five levels of ramp-up, in the sense of making sure that
you comply more over time and can buildup your resilience
against scams like this. And the--basically, the ultimate or
very effective solutions for all the scams that you see is
awareness. Train the elderly in increased awareness. And the
AARP is actually doing a good job of that. It's an awareness
issue. Educate, but also protect. And the standards of
protecting just the home PC, but also corporate networks,
should ideally be a Federal standard so that everyone can
comply, because, at the moment, it's a patchwork. And, as we
can see, it isn't working.
Senator Moran. Mr. Sjouwerman, thank you very much.
Thank you, to all the panelists, for your presentation
today.
General Schmidt, thank you for joining us from home. Derek,
I've known you at least since you were a young Kassebaum Senate
staffer. And thank you for your public service, now, for a long
period of time on behalf of our fellow Kansans. I appreciate
your presence with us today, but appreciate your presence in
Kansas and what you do for all of us.
I now----
Mr. Schmidt. Thank you, Senator.
Senator Moran.--recognize Senator Blumenthal.
Senator Blumenthal [presiding]. I want to join in thanking
you, as a former fellow Attorney General, and just say, the
next time we have a hearing with you as a witness, maybe we can
do it out in Kansas instead of here. And I want to----
Mr. Schmidt. Always welcome, sir.
Senator Blumenthal. And I want to ask you specifically,
because--Mr. Smith has said he would welcome a price-gouging
law at the Federal level, and I completely agree, because right
now there really is no Federal price-gouging law, and that is a
great obstacle to effective Federal enforcement. And I
encountered this issue when I was State Attorney General,
urging the then-Attorneys General of the United States to take
action, and the FTC, and they said to me, ``Well, we have no
Federal law.'' And in Kansas, you have a price-gouging law that
says that a price increase is presumed unjustified if it
exceeds by 25 percent the pre-crisis level. Tell me how you
feel about that law, whether you think it has helped or harmed
your office's ability to bring enforcement action, and whether
you would recommend it to us in the U.S. Senate, in the
Congress?
Mr. Schmidt. Senator, it--I think it has been useful for
Kansas. As Mr. Smith has suggested a couple of times, sure, we
could--prior to enactment of that law, we could try to use our
general Kansas version of the UDAP authority--we actually don't
have an ``unfair'' standard, but we have a ``deceptive or
unconscionable'' standard--to deal with price gouging. But, it
is really clunky to do that, and it's much better if there's
something that looks more like a bright-line standard. That
way, everybody knows what the rules are. And our experience has
been, by having that on the books, with that 25-percent
presumption, it has allowed us to get voluntary compliance,
almost universally, at least from legitimate actors. Now, you
know, the crooks and scammers are crooks and scammers. That's a
different category. But--of course, when you're talking about
price regulation, you're talking about, at least to some
extent, dealing with very legitimate enterprises, and the
bright-line rule in law is very helpful in bringing them into
compliance without the need for formal enforcement. At least it
has been for us.
Senator Blumenthal. Clarity is always good for enforcement.
Let me ask you. And this is a little bit of an unfair
question, because Senator Moran is not here. If we were to
adopt a Federal statute, I personally would be against making
it preemptive of all State laws, broadly preemptive. I don't
know how you feel about that issue of preemption when it comes
to either price gouging or other Federal statutes.
Mr. Schmidt. Yes. Senator, you know, philosophically, as I
suggested early on--I'm a states' guy, and so, not
surprisingly, I'm not a fan of Federal preemption, generally,
as a philosophical matter. Now, having said that, I recognize
there are times it makes perfect sense. As I just suggested to
Senator Blackburn, you know, data privacy, I understand why you
can't have, as a practical matter, 50-plus, with territories,
different sets of standards for folks to manage data privacy.
So, the one thing I say on that--and I--you know, I'm quick to
say--this is always true, but it's particularly true in this
area--I--I speak only for myself--I have colleagues among the
State and Territory Attorneys General community who have very
different views on this--but, speaking for myself, when
Congress has made the determination, appropriately, by subject
matter, for a Federal standard, as a--in some area; let's say,
data privacy or maybe it's on price gouging, whatever it is--as
a general matter, if that's going to be what Congress does, and
it's going to preempt states from having a different standard,
my own preference would be, don't go further than that in the
preemption. Don't preempt me from having a State law that
codifies, in State law, the same standard--so, it's the same
performance that's required of the regulated entity--that I can
then enforce independently, under State rules and State court,
with our State procedures, because that's what my team is
accustomed to doing. And perhaps, in some larger States, where
they have very large, let's say, consumer protection shops,
they have folks who are accustomed, every day, to going down
and litigating in Federal court and enforcing Federal law.
Maybe it's a HIPAA statute, or whatever it may be. But, that's
not true for us, and I think it's not true for a lot of smaller
states.
And so, as I'm making enforcement decisions, just to be,
you know, blunter than I should, but just to make the point--
I'll overstate it--I mean, I got enough to do enforcing the
laws of the State of Kansas that I was hired by my voters to
enforce. Enforcing Federal law is not a great privilege that I
aspire to, it's something else to do. It's not very high on the
pecking order. So, I would much rather, if Congress is going to
set a standard, set it, but then let me work with my
legislature, perhaps in addition to letting me go to Federal
court--I have no objection to that, but don't make it my
exclusive option--let me work with my legislature to find a way
that we can bring State law alongside and enforce that standard
our way.
Senator Blumenthal. Thank you. I appreciate your
perspective, which I think is very valuable.
On the--on this topic of privacy, I want to ask you, Mr.
Smith. Contact-tracing apps are not regulated under HIPAA or
any other privacy laws. I've introduced bicameral legislation
to regulate these apps. The proposal is called the Public
Health Emergency Privacy Act. But, isn't there more that the
FTC could do? I know you've issued general guidance, but
nothing recent, and nothing specific, so far as I'm aware, such
as advisory notices to the tech company----
Mr. Smith. Right.
Senator Blumenthal.--to the technology companies, that I am
aware of, about consumer privacy of contact-tracing apps. If
this system of contact tracing is going to have any chance of
working, privacy has to be assured to consumers. That's the
FTC's job. And I'm concerned that the FTC has been silent.
Mr. Smith. So, the privacy of contact-tracing apps we would
address now, in the absence of any special Federal legislation,
using our unfairness and deception authority. And I can't
comment on any specific companies or any specific
investigations, whether we might have them open or not. But,
this is an area where we have been heavily focused. And part of
that is because consumers--you're right, consumers have to
trust these contact-tracing apps if they're going to work. We
need a lot of uptake in order for contact-tracing apps to work.
App developers also need to know the rules of the road. So,
we have recently--I'd say within the last month--issued
business guidance to app developers, where we have five or six
specific points that they should take into account when
developing apps. Now, some of these aren't going to be anything
new to you, like privacy by design, for example. But, there is
one that's kind of interesting, which is, use privacy
protective design features, such as decentralized protocols.
So, one of the things that I think is really interesting about
these contact-tracing apps that we've been running into
recently is that they don't actually collect everybody's
location in one big centralized data base, and everybody's
health information in one big centralized data base. It lives
here. And it is--and I have my Bluetooth turned on, and you
have your Bluetooth turned on, and it has a--these devices all
have a single Bluetooth identifier. And if I test positive for
coronavirus, then that gets uploaded to the data base, and you
dial into the data base, and you see, ``Is anyone in any of
these Bluetooth IDs that I've been in close proximity with--is
it in the data base, or not?'' So, by using those kinds of
decentralized protocols, we solve a lot of privacy issues up
front. Other guidance--which, again, no surprise--you know,
don't user identifiable data, use aggregated data, to the
extent you're able. Some of these apps will do things like
display heat maps for where there's particular risk of
exposure. So, they--you don't need to know--you don't need to
have even unique personal data, much less personally
identifiable data. Aggregated data will do just fine.
So we have, within the last month or so, I think, issued
business guidance for app developers. But, you're right that
this is an area where we need to be vigilant, and we are
heavily focused on it, because this is kind of the--this is the
privacy issue for 2020.
Senator Blumenthal. It is one of the key privacy issues,
and it has such sweeping ramifications, as you know as well or
better than I. And I'm just thinking that more clarity and
specificity, with more information made available to the
public--I'm aware of those protocols, the decentralization, use
of Bluetooth. Amazon and Google are working on systems. There
is a coalition of groups that's hoping, I think, to have it
ready by the end of this summer. But, I think an explanation to
the American public about how this data is safe, what those
rules of the road will be, and how they will be impervious, or
at least highly protected, against intrusion or interference, I
think it would be very valuable----
Mr. Smith. That's an excellent----
Senator Blumenthal.--to make these----
Mr. Smith.--point.
Senator Blumenthal.--systems work.
Mr. Smith. Our consumer ed, so far, has focused more on how
to spot a contact-tracing scam, right? You know, which is the,
``Don't click on a link. If they ask you for money, it's not
legitimate,'' that kind of stuff. But, you're right, in order
to build trust, we might need to--have to, you know, actually
explain, ``Look, this is what a contact-tracing app does, and
how it works.''
Senator Blumenthal. Because, as you know--as you well know,
contact-tracing doesn't work unless you reach a threshold level
of----
Mr. Smith. Right.
Senator Blumenthal.--participation. And right now, we ain't
nowhere near----
Mr. Smith. Right.
Senator Blumenthal.--anywhere in this whole country. And
very few places in the world, if any, have reached that
threshold level. So, you know, we talk so broadly and
frequently about, ``We need testing, we need contact tracing,
we need a vaccine, we need therapeutics,'' and, in some ways,
the contact tracing may be the most difficult of all----
Mr. Smith. Right.
Senator Blumenthal.--to achieve, because we don't have that
trust and credibility.
Mr. Smith. Right. And I don't know--I mean, so--I'm not,
sort of, up to date, as of today, but I do not believe that
there are very many State Boards of Health that have contact-
tracing apps. And I think that--I mean, Kansas has passed its
contact-tracing law, but I have heard only of one or two states
that have developed these apps. And then, of course, the apps
are going to have to be able to work together, right? Virginia
will have to speak with Oklahoma, and the different APIs,
whether it be Google or Apple, will have to work together. So,
it's a significant challenge.
Senator Blumenthal. Right. Well, we could talk about a lot
more. I have one more area of questioning that I want to cover.
You mentioned that the warning letters are, I think you
said, ``effective,'' maybe even ``very effective.'' Maybe, in
some cases. But, I talked about 255 warning letters. A lot of
those scammers have come back, maybe not with exactly the same
language, but they--they're back, and, in some part, due to the
lack of vigilance on the part of the tech platforms that I
mentioned earlier, and Ms. MacCleery very articulately
described, need to be held more accountable.
But, I just want to say, about warning letters, speaking as
a prosecutor, you know, I used to try to get actual court
judgments, not even consent order. Because you get a consent
order, you have to go back to court to enforce it. With a
warning letter, you have nothing to enforce. It's no deterrent.
If you're--if you leave here, and you drive above the speed
limit, 85 miles an hour in a 60-mile-an-hour zone, and you get
a warning letter, the deterrent effect, especially if you know
that, the next time, you'll get another warning letter, has
very little impact.
So, I wonder whether a more aggressive use of--whether it's
administrative or actual judicial process for judgments, for
fines, for even criminal referral, wouldn't be appropriate.
Mr. Smith. Right. So--well, there's a lot there. And I
agree with you, 100 percent, that a warning letter, by
definition, is a warning letter; there is nothing to enforce.
But, in the last--let's say we've been at this for over three
and a half months, middle of March--maybe 4 months--and in that
time, we have succeeded in getting almost all of those 255
companies to take down the claims. And for those that haven't--
there are some, and there are some that have taken the claims
down, only to replace it with something that's equally
misleading--we are pursuing law enforcement action, both in
Federal court and in front of our administrative law judges.
You've seen the fruits of some of that, and it's outlined in
our testimony. There's a lot more of that in the pipeline,
though. But, those cases take time. And particularly when
you're talking about fake cures, the way that we will typically
prove that up is with expert testimony, to say, you know,
``Here's what scientific, you know, educated people in the
profession would say is adequate substantiation, and you ain't
got it.'' That takes time. It also takes money. But, you know,
I think we have the resources, I think we have the manpower to
do it. We are doing it. But, it's not something that can be
easily done overnight.
And so, you know, these warning letters have been very fast
and very effective, I think. And, when not, then we back it up
with law enforcement. But, you're absolutely right that a
warning letter, on its face, is not worth much.
Now, General Schmidt, though, said that, with respect to
price gouging, that a lot of the challenge is just telling
companies that are legitimate, more or less, that, ``Hey, look,
you can't do this. You can't say this.'' And when you do that--
-you know, if we can fix the problem by--through that kind of
communication, then we need to--then we need to be--we need to
be doing that.
But, I appreciate your concern, absolutely.
Senator Blumenthal. Yes. I think there are all kinds of
different potential violations. Some are close to the line,
some are in the gray area. You know, when you recommend the
equivalent of somebody swallowing hand-sanitizer or something
like that----
Mr. Smith. Right.
Senator Blumenthal.--or bleach, or whatever--and you're
making money from it----
Mr. Smith. Right.
Senator Blumenthal.--I think that something more than a
warning letter may be appropriate. But----
Mr. Smith. Well, they're also--we also have been with the
FDA, as you know.
Senator Blumenthal. Yes.
Mr. Smith. And FDA has been--as they outlined in their
testimony, they've been bringing some actions criminally. We
have been making criminal referrals. So, we work with a wide
variety of partners. And sometimes, in some of our most
pernicious cases, when we get there, we realize that the crimes
are involved, too. And so, we will defer to them, unless they
want us to come along with them, which has happened in a couple
of cases. Because we can sometimes get relief more quickly than
they can. You know, they can do their search warrant and, at
the same time, we can get our, you know, asset freeze and
receiver appointed.
Senator Blumenthal. Thank you.
At the risk of being tossed out, which has not yet happened
to me as a Senator, tossed out of the room, I'm going to close
the hearing. But, I am certainly interested in following up on
many of these issues.
I want to thank each of our witnesses--Mr. Smith, Attorney
General Schmidt, Mr. Sjouwerman, and Laura MacCleery--all of
you, for your excellent testimony, and, more important, for
your excellent work. You are trying to make these laws work. We
make the laws, but you try to make them work. And I really
appreciate your being here today. I'm sure the Chairman joins
me in that sentiment. And I hope we have an opportunity to talk
soon again.
This hearing record will remain open for two weeks. During
this time, Senators are asked to submit any questions for the
record. Upon receipt, the witnesses are requested to submit
their written answers to the Committee as soon as possible.
I, again, thank the witness--witnesses for being here.
And this hearing is adjourned.
Thank you.
[Whereupon, at 4:51 p.m., the hearing was adjourned.]
A P P E N D I X
Response to Written Questions Submitted by Hon. Jerry Moran to
Derek Schmidt
Question 1. Your office continues to lead robust enforcement
efforts to identify and prosecute individuals engaged in COVID-19
related fraud, and I thank you for those efforts. Our state attorneys
general are on the ``front lines'' when it comes to protecting
consumers during this pandemic, and we are committed to assisting them
as appropriate during this difficult time. Keeping in mind that many
consumers often report fraud and scams directly to state and local
authorities, how can Congress assist with some of the obstacles that
agencies like the Kansas Attorney General office face every day when
dealing with out of state criminal operations?
Answer. We work closely with the Federal officials in Kansas, and
especially the Kansas City regional offices of several Federal
agencies. We appreciate the open lines of communication we have with
those agencies to refer cases when the bad actor is outside our
jurisdiction--particularly those operating from overseas. I would
continue to encourage Congress to invest resources in these regional
office as well as any efforts that encourage collaboration between the
state and Federal agencies with jurisdiction.
Question 2. What does coordination between your office and your
Federal law enforcement partners, like the FTC, currently look like?
Answer. Our office routinely refers cases to Federal law
enforcement partners, including the FTC. We have participated in
several nationwide ``sweeps,'' when state and Federal officials
nationwide have filed enforcement actions in a coordinated time period,
which helps to raise awareness that both state and Federal government
officials are focused on enforcing laws that protect consumers. Our
office has participated in sweeps focused on elder fraud and fraudulent
activity in the student loan market, to name two examples.
Question 3. Both the state of Kansas and the FTC have pursued
enforcement actions against fraudsters posing to be government entities
like the Small Business Administration (SBA) aiming to dupe consumers
into sharing personally identifiable information or money. Are there
specific protocols that you each have in place that distinguish the
treatment of these types of frauds differently than others?
Answer. Impersonation scams constantly rank among the top types of
scam reports our office receives. This includes everything from the
classic ``grandparent scam'' to tech support scams. But, those
impersonators who claim to be calling from a government agency are
among the most egregious. We have even received reports of scam artists
calling and claiming to be from the attorney general's office. Our
protocols for investigating these scams do not differ significantly
based on the type of impersonation the scam caller is purporting to be.
We do regularly alert consumers to these types of impersonations when
we hear of them--including recently advising consumers of SBA
impersonation scams that have been reported, claiming to help small
businesses receive assistance from the various COVID-relief programs.
Question 4. Outside of general interstate jurisdictional concerns,
would you explain all the factors that your office takes into
consideration in determining what cases to refer to your Federal law
enforcement partners?
Answer. The primary factor is the subject matter of the case we are
working, and the Federal regulations/agencies with jurisdiction to that
subject. We take into consideration the size/impact of the case,
sometimes measured in victims, sometimes in dollars. We have long-term
working relationships with several agencies, and those serve us well in
assessing our course of action with our Federal partners.
Question 5. While many businesses have taken well-intentioned steps
to develop technological solutions to tracking, containing and ending
the COVID-19 pandemic, Congress must address potentially harmful
practices that could stem from these innovations if not held
accountable. On May 7, I joined Chairman Wicker and other colleagues in
introducing the COVID-19 Consumer Data Protection Act of 2020, which
would require companies collecting individuals' sensitive personal data
for contact tracing or other COVID-19-related purposes to obtain
affirmative express consent.
a. Would you please describe the recent efforts of your office to
protect consumers from harms associated with the collection and
processing of their personal data in contact tracing processes?
Answer. In early June, the Kansas Legislature passed the COVID-19
Contact Tracing Privacy Act as part of its COVID-19 response package
passed during the 2020 Special Session. I recommended the Contact
Tracing Privacy Act be included in that legislative package and
assisted in drafting its contents. That legislation, which contains
provisions that I believe to be common-sense measures to reassure
Kansans that they can participate in contact tracing without worrying
about the security of the information they provide to contact tracers,
sunsets in May 2021 and is designed as a stopgap measure to put basic
privacy and civil liberties protections in place while our state
legislature conducts a more thorough review of public policy options.
The legislation includes the following provisions:
Consistent with CDC guidance, participation in contact
tracing must be voluntary. No person may be required to
participate, nor forbidden from participating.
Contact tracing may not collect information through
cellphone tracking and may not use any information collected
through cellphone tracking.
Information collected through contact tracing must be used
only for contact tracing, kept confidential and not disclosed.
The information must be safely and securely destroyed when no
longer needed for contact tracing.
Only specified information may be collected by contact
tracers. The list of information that may be collected must be
established by the Secretary of Health and Environment through
the open and transparent process of adopting formal rules and
regulations.
The government may not require any third party to collect
contact data. Information voluntarily collected by third
parties may only be obtained by the government with the consent
of both the third party and the person the information relates
to, or with a judicially supervised warrant.
People working as contact tracers must receive training and
must affirm that they are familiar with the privacy and civil
liberties protections in the legislation.
Additional information on this bill is included in my Op-Ed
published on National Review Online, which was attached to my written
testimony.
______
Response to Written Questions Submitted by Hon. Dan Sullivan to
Derek Schmidt
Question 1. We have seen various scams relating to this pandemic,
including scams related to Federal relief efforts such as the PPP and
economic impact payments (EIPs), as well as health-related scams that
sell fake PPE and tout false cures and treatments for the virus. What
do you believe is the most prevalent scam right now relating to the
pandemic? And what should Americans and Alaskans most be on the lookout
for to avoid it?
Answer. Please find attached a copy of my recent Consumer Corner
column, which is distributed to media across Kansas. In that column, I
outlined the five most-common COVID-19 scams that have been reported to
our office, which includes the scams mentioned in your question.
Question 2. As everyone knows, we are currently negotiating another
relief package that will potentially contain resources that could
attract scammers. Are there steps that Congress, the FTC, or the states
could take to proactively prevent future scams as the pandemic
continues?
Answer. When the CARES Act was being negotiated earlier this year,
we anticipated scam artists would begin to use the ``stimulus
payments'' as the basis for new scams. We began to warn consumers of
this even before the CARES Act was passed by Congress, and advised
consumers to only trust information coming from the official government
websites, such as the IRS and SBA. Referring consumers to those
agencies' websites was key to stopping the spread of false information
and assuring Kansans of how to know if information, checks or the
prepaid debit cards they received from the government were legitimate.
I hope that if another relief package is passed, those agencies will
continue to proactively provide information to keep consumers informed
and know how to spot false information and scams.
In addition, as discussed in my written testimony, I encourage
Congress to enact as part of any further COVID-19 relief legislation S.
2379, which would immediately remove a Federal impediment to use of
existing state Medicaid Fraud Control Units to detect, investigate and
prosecute the abuse of Medicaid beneficiaries in non-institutional
settings. These existing assets could immediately be available to
protect Medicaid beneficiaries from financial abuse by scammers if this
legislation were swiftly enacted.
Question 3. How have the States and the FTC, along with the various
Federal agencies, been working together to combat these scams?
Answer. As mentioned in my written testimony and the above answer
to Senator Moran's Question 1, we have been working closely with the
FTC and our regional Federal agencies. We appreciate the information
sharing that is taking place on how to protect consumers and the
ability to refer complaints and cases to the Federal agencies when
appropriate.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Andrew Smith
Question 1. The FTC's authorities provided by the U.S. SAFEWEB Act
are critical to maintaining cross-border cooperation on consumer
protection investigations and fraud actions with our foreign law
enforcement partners. These authorities expire in a couple months, and
Senator Blumenthal and I introduced a necessary reauthorization that
awaits Senate floor consideration. How would the expiration of these
authorities impact the FTC's ongoing enforcement efforts related to
COVID-19 scams and other unfair and deceptive acts?
Answer. SAFE WEB is an indispensable part of the FTC's enforcement
arsenal. It provides the Commission with critical law enforcement tools
to combat fraudulent telemarketing, robocalls, privacy violations,
misleading health claims, spam, spyware, malware, and other cross-
border misconduct that harms American consumers. Without SAFE WEB, the
FTC might not prevail in enforcement actions against foreign
wrongdoers. SAFE WEB contains an express provision stating that the
FTC's authority over unfair and deceptive practices extends to foreign
conduct that has a ``reasonably foreseeable'' effect on U.S. consumers,
or that involves ``material conduct'' in the United States. Without
SAFE WEB's ``clear statement of Congressional intent,'' FTC enforcement
against foreign wrongdoers would be in jeopardy.
SAFE WEB also supports cooperation with foreign counterparts
against unlawful cross-border activity, efforts that are even more
critical in the current COVID-19 environment. We have identified many
businesses in foreign jurisdictions targeting consumers in the United
States with advertisements for products they falsely claim will treat,
prevent, and cure coronavirus and illegal robocalls coming from abroad
touting a wide variety of coronavirus-related financial scams. We have
already used our SAFE WEB authority to exchange confidential
information about coronavirus-related scams with foreign enforcers.
Question 2. Your testimony indicated that the FTC's coordinated
efforts with the FDA in sending warning letters to marketers for false
treatment claims have been successful in many cases, especially when
coupled with enforcement actions as appropriate. Would you describe the
general process and roles of the two agencies in identifying and
enforcing against these types of threats? How do these efforts differ
when addressing COVID-19 prevention or treatment claims made by major
multi-level marketing companies?
Answer. Continuing our strong tradition of close cooperation, the
FTC has coordinated closely with the Food and Drug Administration to
identify and target sellers of unproven COVID-19 remedies. When
addressing COVID-19 prevention or treatment claims made by major
multilevel marketing companies, the FTC's approach remains the same as
with other types of sellers. While we obtain information about
potential frauds from many sources, including searches on the Internet
and social media platforms, FTC staff also perform a daily review of
COVID-19-related complaints submitted by consumers to our Consumer
Sentinel database, and these complaints are a critical source of
investigative leads. After issuing the warning letters, we monitor each
company that received a warning letter. If the claims at issue persist,
we contact the company to ensure compliance, and we proceed with law
enforcement action as warranted.
Question 3. With the noteworthy cybersecurity news related to
Twitter last week serving as a significant example of social
engineering, these types of attacks continue to evolve while posing
increasing harm to Americans. Does the FTC successfully pursue
enforcement actions against these socially engineered cyber-attacks? Do
they coordinate with Department of Justice and state attorneys general
in such efforts?
Answer. Although we defer to criminal enforcement authorities in
bringing cases against the cyber attackers themselves, the FTC has
engaged in numerous activities to ensure that businesses protect their
customers' information from socially-engineered cyberattacks. The FTC's
business guidance emphasizes that, under various statutes enforced by
the FTC, businesses must design a security program that addresses
foreseeable risks, including training staff on basic security measures,
such as phishing attacks and other forms of social engineering. The FTC
has also brought law enforcement actions against companies that have
failed to implement reasonable security training. And, the FTC has
engaged in research and training on novel forms of social engineering
attacks. For instance, in January 2020, the FTC held a workshop on
voice cloning technologies that can enable attackers to create a near-
perfect clone of someone's speech based on a five second recording of a
person's voice. The workshop included a panel devoted to methods of
authenticating, detecting, and mitigating the risks of these
technologies.
We also cooperate regularly with state and Federal law enforcement
agencies in data security matters. For example, in the Equifax case,
where we alleged a lack of reasonable employee training, we cooperated
with 50 state attorneys general. As to cooperation with criminal
authorities, while we have not made such cooperation in particular
cases public, we regularly communicate with our criminal counterparts
as we bring enforcement actions, through our Criminal Liaison Unit
within the FTC.
Question 4. Would you please describe the FTC's efforts to
coordinate with the Federal Communication Commission and industry,
particularly the USTelecom Industry Traceback Group, in identifying,
mitigating, and enforcing against fraudulent robocalls related to
COVID-19?
Answer. In an effort to quickly and efficiently stop illegal
robocalls that used a coronavirus-related message, the FTC sent 15 (as
of 08/18/20) warning letters to VoIP service providers and providers of
caller ID numbers potentially involved in these robocalls. Six of those
warning letters were sent jointly with the FCC. In its investigative
work to identify appropriate recipients for the warning letters, the
FTC used information provided by the USTelecom Industry Traceback Group
(``ITG''), a collaborative effort of companies across the wireline,
wireless, VoIP, and cable industries that actively trace and identify
the source of illegal robocalls.
The FTC warning letters to VoIP service providers and other
companies warn them that ``assisting and facilitating'' illegal
telemarketing or robocalls related to the COVID-19 pandemic is against
the law. The joint FTC/FCC warning letters include a warning that the
FCC will authorize U.S. providers to block all calls from recipients of
the warning letter.
FTC enforcement attorneys continue to join in regular coronavirus
telemarketing enforcement coordination calls with their counterparts at
DOJ, FCC, and the offices of state attorneys general. The enforcers
also have a regular call with the ITG on fighting robocalls.
Question 5. Both the state of Kansas and the FTC have pursued
enforcement actions against fraudsters posing to be government entities
like the Small Business Administration (SBA) aiming to dupe consumers
into sharing personally identifiable information or money. Are there
specific protocols that you each have in place that distinguish the
treatment of these types of frauds differently than others?
Answer. Government imposter scams are consistently one of the most
common issues reported to the FTC, and in times of crisis or distress
like the current pandemic, we often see a rise in imposter scams
seeking to take advantage of consumers. Frequently working with state
and Federal partners, we can quickly pivot to address these scams
through enforcement efforts and consumer and business education.
Recently, the FTC has focused on companies posing as the Small
Business Administration to businesses seeking CARES Act relief.
Businesses that apply for such relief through these companies, as
opposed to through legitimate SBA approved lenders, might lose out on
the ability to obtain relief. Specific steps we take to uncover these
schemes include searching our consumer complaint database, calling
victims, coordinating with the SBA, examining targets' websites, and
uncovering the individuals involved.
When we uncover concerning practices, we move quickly to stop the
conduct, by filing a complaint and seeking preliminary relief in court,
or sending warning letters to the companies to curb the conduct. We
have taken these types of approaches, including conducting
investigations and filing complaints or sending warning letters, in
other areas as well, particularly where companies have sought to
capitalize on consumers' financial and health concerns as a result of
the pandemic. In general, these are the types of protocols we follow
when combatting fraud in an any area; however, given the current
financial and health crisis, we have devoted additional resources to
combatting pandemic-related frauds, including government imposter
scams.
Question 6. Your testimony described the robust awareness campaign
on COVID-19 scams that the FTC has developed in response to the
pandemic ranging from staff participation in presentations to rapid
response consumer alerts issued by the agency. In response to the
COVID-19 pandemic specifically, has there been increased attention
dedicated to a particular type of scam based on the frequency of cases
that may not have been as prevalent previously?
Answer. While the agency responds to reports of scams with consumer
and business education, staff are able to draw on their experience to
try to get ahead of scams with clear warnings to the public. For
example, the first COVID-19-related blog post from the FTC came on
February 20, 2020, ahead of many scams, and a March 18, 2020 warning
about the scams that would accompany Economic Impact Payments garnered
more than 1.5 million views. The FTC has drafted more than 100 consumer
and business blog posts in response to the pandemic, covering a variety
of topics, including health and treatment claims, charity fraud,
government imposters, contact tracing, privacy, and scams targeting
small business. The FTC has held or participated in dozens of webinars,
tele-town halls, and conference calls covering these topics with a wide
range of groups, including the AARP, FEMA, SBA, FDIC, CFPB, DoD, the
BBB, and members of Congress.
There have been some notable surges in scams reported. For example,
the agency received a sharp uptick of reports from consumers about
online shopping scams--especially complaints about merchandise that is
ordered and never received. According to an FTC Data Spotlight report,
``[p]eople reported unreceived orders of facemasks in April and May far
more often than any other item, and undelivered sanitizer, toilet
paper, thermometers, and gloves were also reported.'' \1\
---------------------------------------------------------------------------
\1\ FTC Data Spotlight, Pandemic purchases lead to record reports
of unreceived goods (July 1, 2020), https://www.ftc.gov/news-events/
blogs/data-spotlight/2020/07/pandemic-purchases-lead-record-reports-
unreceived-goods. See also https://www.consumer.ftc.gov/blog/2020/07/
scams-online-sales-when-orders-dont-arrive
---------------------------------------------------------------------------
The Commission used databases within the agency to track this
problem. Based on that proactive monitoring, the FTC recently brought
four Federal court cases against sellers of PPE, each of whom we
alleged took advantage of consumers' need for quick delivery at the
outset of the pandemic by advertising quick turnaround times because
they had products in stock. We alleged that, in fact, that they did not
have PPE in stock, could not deliver for months, and refused to provide
the refunds required by law.\2\
---------------------------------------------------------------------------
\2\ See FTC Press Release, FTC Acts Against Online Sellers That
Falsely Promised Fast Delivery of Facemasks and Other Personal
Protective Equipment (Aug. 5, 2020), https://www.ftc.gov/news-events/
press-releases/2020/08/ftc-acts-against-online-sellers-falsely-
promised-fast-delivery; FTC Press Release, FTC Takes Action against
Marketer That Falsely Promised Consumers Next Day Shipping of Facemasks
and Other Personal Protective Equipment (July 8, 2020), https://
www.ftc.gov/news-events/press-releases/2020/07/ftc-takes-action-
against-marketer-that-falsely-promised-next-day-shipping.
Question 7. I remain motivated to provide American consumers with
clear and measurable data privacy and security protections in Federal
statute, and it is clear that the Federal Trade Commission is the ideal
regulating agency for such framework. Contact tracing practices require
the collection and processing of sensitive personal data. Based on the
FTC's past privacy enforcement efforts under their existing Section 5
authority, would you please describe the importance of any enforcement
actions accounting for the sensitivity of the personal data or the
potential harm associated with information in question?
Answer. The Commission has long sought to protect sensitive
information. Some examples follow:
Financial information: The compromise of financial
information such as Social Security numbers, account numbers,
and usernames and passwords on financial accounts can lead to a
host of injuries, including fraudulent charges, delayed
benefits, expended time, opportunity costs, fraud, and identity
theft. We have sought to protect this information through
recent cases such as the Equifax case,\3\ as well as cases
against a mortgage broker,\4\ service providers for auto
dealers,\5\ and multilevel marketers.\6\
---------------------------------------------------------------------------
\3\ FTC Press Release, Equifax to Pay $575 Million as Part of
Settlement with FTC, CFPB, and States Related to 2017 Data Breach (July
22, 2019), https://www.ftc.gov/news-events/press-releases/2019/07/
equifax-pay-575-million-part-settlement-ftc-cfpb-states-related.
\4\ See FTC Press Release, Mortgage Broker That Posted Personal
Information about Consumers in Response to Negative Yelp Reviews
Settles FTC Allegations (Jan. 7, 2020), https://www.ftc.gov/news-
events/press-releases/2020/01/mortgage-broker-posted-personal-
information-about-consumers.
\5\ See FTC Press Release, FTC Gives Final Approval to Settlement
with Auto Dealer Software Company That Allegedly Failed to Protect
Consumers' Data (Sept. 6, 2019), https://www.ftc.gov/news-events/press-
releases/2019/09/ftc-gives-final-approval-settlement-auto-dealer-
software-company.
\6\ See FTC Press Release, FTC Finalizes Settlement with Utah
Company and its former CEO over Allegations they Failed to Safeguard
Consumer Data (Jan. 6, 2020), https://www.ftc.gov/news-events/press-
releases/2020/01/ftc-finalizes-settlement-utah-company-its-former-ceo-
over.
Health information: Unauthorized disclosure of health
information can lead to harms ranging from physical harm (e.g.,
use of stolen health insurance number to get treatment, where
the criminal's health records get mixed up with the victim's)
to reputational harm that can result from disclosure of
stigmatizing health conditions. Indeed, one of the Commission's
first health privacy cases involved the unauthorized public
disclosure of individuals' Prozac use.\7\
---------------------------------------------------------------------------
\7\ See FTC Press Release, Eli Lilly Settles FTC Charges Concerning
Security Breach (Jan. 18, 2002), https://www.ftc.gov/news-events/press-
releases/2002/01/eli-lilly-settles-ftc-charges-concerning-security-
breach.
Children's information: Concerns over children's physical
safety, as well as concerns over limiting the collection of
information about children without parental consent, helped to
drive Congress's enactment of COPPA in 1998.\8\ The FTC has
vigorously enforced COPPA in dozens of cases, most recently
against Musical.ly (now TikTok),\9\ YouTube,\10\ and the
developer of the popular KleptoCats app.\11\
---------------------------------------------------------------------------
\8\ See COPPA Legislative History, 105th Congress, 2nd Session,
Vol. 144 (Oct. 21, 1998), https://www.congress.gov/congressional-
record/1998/10/21/senate-section/article/S12741-4.
\9\ See FTC Press Release, Video Social Networking App Musical.ly
Agrees to Settle FTC Allegations That it Violated Children's Privacy
Law (Feb. 27, 2019), https://www.ftc.gov/news-events/press-releases/
2019/02/video-social-networking-app-musically-agrees-settle-ftc.
\10\ See FTC Press Release, Google and YouTube Will Pay Record $170
Million for Alleged Violations of Children's Privacy Law (Sept. 4,
2019), https://www.ftc.gov/news-events/press-releases/2019/09/google-
youtube-will-pay-record-170-million-alleged-violations.
\11\ See FTC Press Release, Developer of Apps Popular with Children
Agrees to Settle FTC Allegations It Illegally Collected Kids' Data
without Parental Consent (June 4, 2020), https://www.ftc.gov/news-
events/press-releases/2020/06/developer-apps-popular-children-agrees-
settle-ftc-allegations-it.
Geolocation information: The revelation of consumers'
precise geolocation data--particularly in real-time--can lead
to physical harms such as harassment or stalking. The FTC has
considered this data to be sensitive and has brought
enforcement actions against companies that collected or shared
this data without consumers' knowledge or consent. For example,
the FTC recently alleged that BLU Products violated the FTC Act
by transmitting sensitive personal information about
consumers--including real-time cell tower location data--to
another company's servers in China, without consumers'
knowledge or consent.\12\
---------------------------------------------------------------------------
\12\ Blu Products, Inc., No. C-4657 (Sept. 10, 2018), https://
www.ftc.gov/enforcement/cases-proceedings/172-3025/blu-products-samuel-
ohev-zion-matter; 3see also FTC Press Release, FTC Gives Final Approval
to Settlement with Phone Maker BLU (Sept. 10, 2018), https://
www.ftc.gov/news-events/press-releases/2018/09/ftc-gives-final-
approval-settlement-phone-maker-blu.
Contents of consumer communications: The Commission has
considered the content of certain private activities to be
sensitive. Congress has as well, and, for example, unauthorized
disclosure of private video viewing habits led to the enactment
of the Video Privacy Protection Act in 1988.\13\ In the same
vein, in 2017, the Commission unanimously approved a settlement
with VIZIO, Inc., a manufacturer of Internet-connected TVs,
alleging that the collection and use of sensitive television
viewing data from unwitting consumers was an unfair
practice.\14\
---------------------------------------------------------------------------
\13\ The Video Privacy Protection Act of 1988, codified at 18
U.S.C. Sec. 2710 (2002).
\14\ See Complaint for Permanent Injunction and Other Equitable and
Monetary Relief (Feb. 6, 2017), https://www.ftc.gov/system/files/
documents/cases/170206_vizio_2017.02.06_complaint
.pdf; see also FTC Press Release, VIZIO to Pay $2.2 Million to FTC,
State of New Jersey to Settle Charges It Collected Viewing Histories on
11 Million Smart Televisions without Users' Consent (Feb. 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/02/vizio-pay-22-
million-ftc
-state-new-jersey-settle-charges-it.
Question 8. Has the agency looked into existing contact tracing
technology proposals?
Answer. Yes, the agency has been following this issue closely. Key
privacy issues relating to contact tracing or exposure notification
technologies include whether health information is collected by
companies providing the technology, app developers, or public health
authorities, and what other information, such as location data or
identifiers that can be linked back to the user, are collected in
addition to information about the user's health status. Among other
things, agency staff have engaged with various companies to learn more
about how the systems work technically, limitations on use of any
information collected, and division of responsibility for securing data
collected.
We have also issued guidance for companies that plan to engage in
partnerships with government entities for pandemic-related purposes.
The guidance notes that companies should consider privacy and security
as they are developing their initiatives, rather than after launch; use
privacy-protective technologies; consider using anonymous, aggregate
data; and use data only for limited health-related purposes and delete
the data when the crisis is over.\15\
---------------------------------------------------------------------------
\15\ FTC Business Blog, Privacy during coronavirus (June 19, 2020),
https://www.ftc.gov/news-events/blogs/business-blog/2020/06/privacy-
during-coronavirus.
Question 9. I think it is essential to the protection of U.S.
consumers that they be able to recover money stolen from them by scam
artists, and the FTC is our main agency assuring such recovery.
However, lately its ability to get money back to victims has been under
judicial attack. Mr. Smith, should Congress consider providing
additional statutory clarity to the FTC's 13(b) authority in seeking
equitable monetary relief on behalf of consumers?
Answer. Yes. Section 13(b) of the FTC Act is one of the FTC's
principal tools for protecting consumers. Since the 1980s, courts have
applied longstanding Supreme Court precedent to hold that Section 13(b)
allows all types of equitable relief, including refunds to consumers.
Using this authority, the Commission has secured billions of dollars in
relief in every manner of case, including telemarketing fraud,
anticompetitive pharmaceutical practices, data security and privacy,
scams that target seniors and veterans, and deceptive business
practices. Unfortunately, however, our ability to keep getting such
results for consumers has been threatened or curtailed by recent
judicial decisions. Accordingly, as indicated in my testimony and the
testimony of the Commission on August 5, the FTC is seeking legislation
to clarify the agency's statutory authority to obtain complete monetary
relief under Section 13(b) of the FTC Act.
______
Response to Written Questions Submitted by Hon. Marsha Blackburn to
Andrew Smith
Question 1. How is the FTC working alongside your partners at DOJ
to prosecute bad actors who are duping vulnerable Americans into
appalling scams?
Answer. The FTC works closely with DOJ on several fronts to protect
American consumers. Notably, the FTC works with main Justice and U.S.
Attorneys' Offices through our Criminal Liaison Unit (CLU) to ensure
the worst fraudsters are prosecuted and punished. In the first three
quarters of this Fiscal Year, FTC staff actively worked on one hundred
thirty-one (131) new formal requests for cooperation from our criminal
law enforcement partners. Prosecutors relied on FTC information and
support to charge thirty-two (32) new defendants and obtained sixteen
(16) new pleas or convictions. Six (6) defendants received sentences
totaling one hundred ninety-eight (198) months.
Also, the FTC and the FBI are collaborating bring the Internet
Crime Complaint Center's consumer fraud data into the FTC's Consumer
Sentinel Network, which is the Nation's largest repository of consumer
fraud complaints. This information sharing will help the FTC, DOJ, and
many other agencies across the country to access investigative leads in
a single database, Sentinel.
Further, at the outset of the pandemic, FTC participated in weekly
(and now as needed) calls with DOJ and numerous other Federal partners
to identify and tackle COVID-19-related scams.
Question 2. I understand that the FTC and FCC have been working
hand in hand to combat coronavirus-related fraudulent behavior. Can you
tell me about the warning letters the FTC, in conjunction with the FCC,
sent to service providers and other companies, warning them that
``assisting and facilitating'' in illegal telemarketing or robocalls
related to the Coronavirus pandemic is against the law?
Answer. In an effort to quickly and efficiently stop illegal
robocalls that used a coronavirus-related message, the FTC sent 15 (as
of 08/18/20) warning letters to VoIP service providers and providers of
caller ID numbers potentially involved in these robocalls. Six of those
warning letters were sent jointly with the FCC.
The FTC warning letters to VoIP service providers and other
companies warn them that ``assisting and facilitating'' illegal
telemarketing or robocalls related to the COVID-19 pandemic is against
the law. The joint FTC/FCC warning letters include a warning that the
FCC will authorize U.S. providers to block all calls from recipients of
the warning letter.
FTC enforcement attorneys continue to join in regular coronavirus
telemarketing enforcement coordination calls with their counterparts at
DOJ, FCC, and the offices of state attorneys general. The enforcers
also have a regular call with the USTelecom Industry Traceback Group on
fighting robocalls.
______
Response to Written Questions Submitted by Hon. Dan Sullivan to
Andrew Smith
Question 1. We have seen various scams relating to this pandemic,
including scams related to Federal relief efforts such as the PPP and
economic impact payments (EIPs), as well as health-related scams that
sell fake PPE and tout false cures and treatments for the virus. What
do you believe is the most prevalent scam right now relating to the
pandemic? And what should Americans and Alaskans most be on the lookout
for to avoid it?
Answer. While we don't have survey data to establish prevalence of
pandemic-related scams, of consumer complaints to the FTC's Consumer
Sentinel Network that mention terms related to the pandemic (such as
COVID, stimulus, N95 facemasks), the largest category involves Online
Shopping. As of August 5, 2020, Sentinel had received 23,755 such
reports from consumers.\16\ Within that category, most complaints are
about goods that were ordered and never delivered.
---------------------------------------------------------------------------
\16\ See FTC.gov/exploredata for most up-to-date statistics about
top reports related to COVID-19.
---------------------------------------------------------------------------
People who shop online should check out any unknown websites before
ordering goods, and they can do this by typing the website name into a
search engine along with the words like ``scam'' or ``complaint.'' They
should confirm the seller's physical address and phone number, and
watch out for unfamiliar sites selling products that are in short
supply. Finally, they should always pay with a credit card or debit
card, and dispute charges for any goods that do not arrive.\17\
---------------------------------------------------------------------------
\17\ See FTC Consumer Blog, Cracking down on fake COVID-19 cures
(July 31, 2020), https://www.consumer.ftc.gov/blog/2020/07/online-
seller-failed-ship-next-day-ppe-promised for additional tips.
---------------------------------------------------------------------------
The agency has published multiple blog posts for consumers and
businesses on PPE, as well as Federal relief efforts, including one I
recently authored about unlawful practices targeting small
businesses.\18\ In addition, FTC staff have participated in dozens of
webinars to educate small business owners about PPP-related scams.
Because the FTC is regularly posting blogs that cover the most recent
COVID-related scams, among others, Alaskans can subscribe to the FTC's
Consumer Alerts (https://www.ftc.gov/consumeralerts) and Business
Alerts (https://www.ftc.gov/businessalerts) to stay on top the most
current information.
---------------------------------------------------------------------------
\18\ See FTC Business Blog, Protecting small businesses seeking
financing during the pandemic (Aug. 3, 2020), https://www.ftc.gov/news-
events/blogs/business-blog/2020/08/protecting-small-businesses-seeking-
financing-during.
Question 2. As everyone knows, we are currently negotiating another
relief package that will potentially contain resources that could
attract scammers. Are there steps that Congress, the FTC, or the states
could take to proactively prevent future scams as the pandemic
continues?
Answer. The FTC has already taken steps to warn consumers of
potential scams that might accompany another relief package,\19\ which
have led to media reports and interviews. The FTC will continue to both
monitor and forecast scammers' activities that target both consumers
and businesses--as it did early in the pandemic and around the first
economic relief package.
---------------------------------------------------------------------------
\19\ See FTC Consumer Blog, Scams in between stimulus packages
(Aug. 11, 2020), https://www.consumer.ftc.gov/blog/2020/08/scams-
between-stimulus-packages.
---------------------------------------------------------------------------
Whenever the agency spots or anticipates scams, it alerts the
public through its consumer and business blogs, which reach more than
half a million people, including local media. It also does extensive
outreach through and with partners, creates multimedia campaigns in
multiple languages to share through social media, provides content for
partner publications and activities, participates in webinars and
presentations (including with members of Congress), and carries out
media interviews in English and Spanish.
It would be helpful for members to relay two key messages to
constituents: sign up for the FTC's consumer and business alerts (at
www.ftc.gov/subscribe), and be sure to report anything that might be a
scam at ftc.gov/complaint. Reports help law enforcement spot trends,
build cases, and develop consumer and business education that reflects
what people are experiencing.
Question 3. How have the States and the FTC, along with the various
Federal agencies, been working together to combat these scams?
Answer. The FTC has been actively coordinating with various
government partners to combat COVID-19 scams. For example, the FTC has
jointly issued numerous warning letters with several of its sister
agencies, including the FDA, FCC, and the SBA. The FTC has also
coordinated with state attorneys general to send simultaneous warning
letters to targets located in their states. Some state attorneys
general have brought enforcement actions against recipients of FTC
warning letters located in their states. The FTC also participates in
several working groups, attends regular meetings and coordinates
efforts by sharing investigative leads.
In addition, the FTC has worked with Federal agencies such as the
IRS, FEMA, GSA, and FDIC to coordinate consumer and business messaging
and to deliver scores of webinars, presentations, social media
shareables, and infographics about COVID-related scams. Moreover,
recognizing the once-in-a-generation economic shift resulting from the
pandemic, the FTC quickly developed and delivered materials on the
financial impact of the coronavirus, including comprehensive PowerPoint
presentations with talking points on issues like scams involving
employment, mortgage relief, and student loan debt relief. FTC staff
and partners, including Congressional offices, have used the
PowerPoints to deliver presentations across the country.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Stu Sjouwerman
Question 1. With the noteworthy cybersecurity news related to
Twitter last week serving as a significant example of social
engineering, these types of attacks continue to evolve while posing
increasing harm to Americans. Your testimony indicated that these types
of threats are responsible for ``upwards of 93 percent of data
breaches.'' Do you have any recommendations for this Subcommittee on
how Congress can draw increased consumer attention to these risks or
even prevent them from occurring in the first place?
Answer. E-mail continues to be the most common vector for launching
social engineering attacks, with 99 percent of the actors being
external to organizations. Most of these phishing and pretexting
attacks are motivated by financial gain, however there is a substantial
percentage which are motivated by corporate espionage.
The studies I referenced in my testimony make the point that
phishing is relied on as the lead action or strategy of a more expanded
attack, followed by malware installation and further actions to attain
greater exfiltration of data.
Although 100 percent prevention of these attacks is not feasible,
individuals and organizations can drastically reduce the success rate
of bad actors by becoming more aware of how hackers operate and the
concept of ``social engineering.'' The best way to draw attention to
this problem is by creating programs which are designed to help
potential victims become more aware. I believe to be more aware; one
needs to face the fact that bad actors are trying to trick us. From
there, individuals can learn to detect scams and then make appropriate
decisions, like deleting and e-mail or not clicking a link.
Question 2. Your testimony highlighted the importance of ongoing
security awareness training, which I would understand to be more than
annual cybersecurity training required by some employers. How would you
suggest employees and consumers alike to be proactive in their training
efforts to prevent socially engineered cyber-attacks? What is the
appropriate model and frequency for such training?
Answer. Given the advanced and dynamic models hackers use today,
the static model of training is no longer adequate to protect
employees, consumers, and organizations. To effectively equip employees
and consumers with the ability to identify potential hacking attempts
at the level they are now receiving, training must be equally dynamic.
The most effective and efficient models are those that train the
individual, test their abilities, analyze success and failure, and then
adapt future training, testing, and analysis to ensure the individual
or organization is progressing. More importantly, consistent training
allows the individual or organization to become more vigilant and
sensitive to hacking attempts.
______
Response to Written Questions Submitted by Hon. Dan Sullivan to
Stu Sjouwerman
Question 1. We have seen various scams relating to this pandemic,
including scams related to Federal relief efforts such as the PPP and
economic impact payments (EIPs), as well as health-related scams that
sell fake PPE and tout false cures and treatments for the virus. What
do you believe is the most prevalent scam right now relating to the
pandemic? And what should Americans and Alaskans most be on the lookout
for to avoid it?
Answer. The latest data on COVID-related phishing scams from
security researchers at CheckPoint comes with some good news and
insightful trends that may help keep Americans secure.
We've seen just about every kind of COVID-related phishing scam
over the last 5 months. From maps of the virus spread, to tracing apps,
to class action lawsuits, to getting a tax rebate, and more--there
seemed to be no end to the creativity of these scammers who find yet
another way to use COVID as the draw to get potential victims to engage
with malicious e-mail content.
According to CheckPoint, the good news is COVID-themed scams are on
the decline--July saw a 50 percent decrease in the number of
coronavirus-related attacks from the previous month. CheckPoint did
find vaccine-related e-mail scams that take advantage of the world's
race to find a vaccine.
The bad news is CheckPoint is still seeing a rise in all
cyberattacks (including COVID attacks) which, according to their latest
data, begin with a malicious phishing e-mail 80 percent of the time.
Executables, Excel documents, and Word documents are the top three
attachment types found in phishing scams.
While we're happy to see COVID-themed phishing e-mails go away
sometime soon, there is no end in sight for the art of phishing. COVID
merely played a viable long-term overarching theme for a wide range of
scams. When COVID no longer gets people's attention and engagement,
cybercriminals will turn to a new angle and story that will.
It's important to have users understand the need for vigilance when
interacting with e-mail. Security Awareness Training provides users
with ongoing education, teaching them what a suspicious or malicious e-
mail looks like, what kinds of tactics and social engineering are used,
and ways to avoid becoming a victim of a scam--COVID or otherwise.
Question 2. As everyone knows, we are currently negotiating another
relief package that will potentially contain resources that could
attract scammers. Are there steps that Congress, the FTC, or the states
could take to proactively prevent future scams as the pandemic
continues?
Answer. Broadly implementing the National Institute of Standards
and Technology's (NIST) cybersecurity training guidelines is a good
place to start. NIST highlights security awareness training as a core
component of the ``Protect'' function of the cybersecurity framework.
NIST recommends awareness and training for an organization's entire
workforce and partners as a necessary defense against cyber attacks.
NIST Special Publication 800-50 provides guidelines for designing
an employee awareness and training program, developing training
materials and implementing a program. In Special Publication 800-50,
NIST provides two clear objectives for security awareness and training:
``Material should be developed with the following in mind: What
behavior do we want to reinforce? (awareness); and What skill or skills
do we want the audience to learn and apply? (training).''
NIST recommends training that includes educational, awareness-based
content as well as skill development to help employees understand the
threats they face and take the right action to prevent security
incidents.
I believe an important additional step is to ensure dynamic
training modules (rather than the old school annual PowerPoint
presentation) and incorporate frequent social engineering testing into
the NIST guidelines to ensure individuals and organizations remain
vigilant and prepared to respond to new methods of attack that hackers
will inevitably create to take advantage of future situations.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Laura MacCleery
Question 1. Your testimony described your work at the Center for
Science in the Public Interest in identifying misleading consumer
product claims for agencies like the FTC and FDA. Given your
partnership with these agencies, do you have specific recommendations
for Congress related to their available resources?
Answer. Congress can and should allocate significantly more
resources to the FDA and FTC given that both agencies lack the
resources necessary to adequately protect consumers during the
pandemic, and more generally. The enforcement office with authority
over supplements at FDA, for example, has only 6 FTEs, and is also
responsible for enforcement over medical devices. That is simply
insufficient to address the tide of misleading products and claims
flooding the supplement marketplace.
Even prior to the pandemic, the FDA was badly outmaneuvered in a
large and growing supplement marketplace with an estimated 50,000 or
more products. Notably, increasing enforcement actually helps to
improve the overall quality of the marketplace, as it would permit the
agency to focus its resources on the worst actors, and to take more
definitive steps to set enforcement precedents on a wide range of risky
products.
In addition to resources, FDA should also be given greater
authorities by Congress to act and address gaps in the oversight of
supplements. Specifically, the Dietary Supplement Health and Education
Act of 1994 (DSHEA) is in need of significant reforms to protect
consumers. Because the FDA lacks the legal authorities, funding, and
accountability to effectively oversee the safety of dietary supplement
marketplace, Congress should:
(1) Authorize state Attorney Generals to file civil enforcement
actions against DSHEA violations, in coordination with the FDA
and FTC. As many dietary supplement companies are small, fly-by
night operations, it is difficult for one central agency to
oversee the dietary supplement markets in all 50 states. State
Attorney Generals can work with local health and law
enforcement officials to identify supplements that pose local
but significant threats to the safety of their residents.
(2) Provide FDA with specific pre-market safety review authority and
enhanced post-market surveillance of categories of supplements
known to pose a heightened risk because they are commonly
tainted with drugs or marketed to vulnerable populations (e.g.,
weight-loss, sexual enhancement, and exercise supplements).
Sponsors should be required to report all adverse reactions,
not only the serious ones, as is the case at present.
(3) Grant FDA the authority to require warning labels on products
that interact with prescription or OTC medications. Many
commonly consumed supplements have little-recognized adverse
interactions with commonly taken medications. For example, St.
John's Wort, a supplement that is believed by some to treat
depression, menopausal symptoms, and smoking addiction (among
other ailments) interacts with critical prescription
medications, including blood thinners, anti-retroviral
medications for HIV/AIDS, antidepressants, birth-control pills,
some cancer medications, and other medications.
(4) Recall authority over supplements tainted with prescription or
other drugs. One gap in FDA's recall authority lies with
supplements that are tainted with ingredients used in
prescription drugs. These products fall within the meaning of
the word ``drug'' under the FDCA and, therefore, fall outside
of FDA's mandatory recall authority if they are not on the
controlled substances list. (Currently, FDA has mandatory
recall authority for food hazards, but not for drugs). To
correct for this lack of enforcement power, FDA needs more
robust recall authority over products tainted with drugs.
(5) Criminal penalties for a failure to recall hazardous supplements
subject to a recall notice. A study in Journal of the American
Medical Association (JAMA) found that even when adulterated
supplements were recalled, a majority of the recalled products
on the shelves continued to contain banned adulterants.
Criminal penalties for bad actors that ignore recalls and
continue to sell dangerous supplements would provide stronger
incentives for bad actors to remove those dangerous products.
(6) Mandatory product registration requirements and requirements
that retailers validate this registration (including online) to
create transparency in the supply chain. Currently, it is
impossible for the agency to know what supplements are
currently on the market. By requiring product registration, the
FDA can more closely monitor the claims and safety of
supplements on the market. It will also make it easier for the
agency to identify bad actors that attempt to circumvent
oversight as both the agency and consumers would be able to
tell if a particular supplement has registered with the FDA and
is in compliance with FDA's safety standards.
(7) To avoid the common problem that FDA is chasing multiple
violations by the same company over similar products that
differ mostly in its labeling, Congress should allow the FDA to
issue increased penalties for repeated violations when a letter
has been issued but the product and company has been rebranded
to avoid enforcement (e.g., the FDA should be able to double
the fines for the second offense, and triple it for the 3rd
offense, etc.). The FDA should have the authority to enforce
these penalties even when the product has been rebranded by the
same seller or by the same company principals. The agency
should also have the authority to determine when a company and
product has been rebranded to avoid further enforcement and
consider their continued sales of illegal supplements as a
repeated violation subject to the escalating penalties. When
determining if a company or product is rebranded to avoid
enforcement, the FDA should be able to use factors such as
similarities in the type of products, trade dress, ingredients,
and ownership, and management.
Question 2. Your testimony noted that false and misleading claims
were inevitable following the growth of the coronavirus into a global
pandemic, which has been proven true. However, the FDA has been quickly
on their heels so far, sending out hundreds of letters to those making
false claims to withdraw them and take down their websites and
products. The actions of the FDA appear to have a considerable impact
in removing these products from the market or at least removing their
false claims as they relate to treating the coronavirus. Is it your
belief the FDA has not acted appropriately?
Answer. Our concern is not whether the FDA acted appropriately
within their limited capabilities, but that the FDA does not have the
tools necessary to combat the wide array of COVID-19 scams and health
fraud in general, as described above. Unfortunately, health fraud is
not a unique feature of COVID-19 but is common throughout the
supplement industry and is a result of inadequate statutory authority,
specific mandates, and funding.
Although the FDA, FTC, and private companies, such as Amazon,
Google, and Twitter have made progress in eliminating many COVID-19
fraudulent claims, there are more COVID-19 supplements that persist,
and many supplements continue to use illegal claims to profit from the
pandemic. For example, although the FDA and Amazon have removed many
COVID-19 claims from Amazon supplement listings, searches for COVID
supplements, vitamins, or pills still yield hundreds of supplements
with immunity boosting and illegal antiviral claims.
Furthermore, although many supplement companies have removed the
terms COVID or coronavirus from their labeling, they continue to use
their Web pages and social media profiles to promote their products as
cures, treatments, and preventions for viruses more generally.
Finally, many of these fraudulent products that were and are
currently marketed as COVID-19 cures were not developed during the
pandemic or specifically developed for the coronavirus. These COVID-19
supplement scams are just a symptom of an ongoing problem. For example,
although colloidal silver has been touted by scammers as treatment for
COVID-19, it has been promoted as cures for numerous diseases decades
before the pandemic. As the FDA has stated, ``Unfortunately, during
outbreak situations, fraudulent products claiming to prevent, treat or
cure a disease almost always appear.'' We have found products making
fraudulent claims for opioid addiction treatment, tobacco addiction
treatment, and female fertility treatment, in searches over the past
few years. In the end, the COVID-19 pandemic has become just another
opportunity for profiteers to market existing supplements that are not
safe and effective for any disease or condition. Without fixing the
underlying oversight problems, these same issues will continue to harm
consumers and afflict the dietary supplement marketplace.
Question 3. You have recommended granting state attorneys general
wider authority to enforce Federal statutes, do you have concerns about
uneven efforts or capacity that may create a patchwork system of
enforcement that leaves some states with a strict enforcement and
others more lax?
Answer. It is true that companies who violate Federal law could be
subject to different levels of enforcements in different states.
However, a company would first have to break Federal law in order to be
subjected to state enforcement, and any company within the U.S. remains
bound by Federal law. The proposal would merely extend the
effectiveness of these Federal provisions by encouraging state
attorneys general to complement the efforts of resource-strapped
Federal agencies.
Shared enforcement would also allow Federal agencies to focus their
resources on the states that are more vulnerable to fraud. Currently,
the FDA and FTC must oversee fraud under Federal statutes in every
state. With shared enforcement, Federal agencies could work closely to
enhance the effectiveness of states with greater capacity to enforce
Federal statutes on their own to train them up, and then focus Federal
efforts on states or regions with fewer resources.
______
Response to Written Questions Submitted by Hon. Dan Sullivan to
Laura MacCleery
Question 1. We have seen various scams relating to this pandemic,
including scams related to Federal relief efforts such as the PPP and
economic impact payments (EIPs), as well as health-related scams that
sell fake PPE and tout false cures and treatments for the virus. What
do you believe is the most prevalent scam right now relating to the
pandemic? And what should Americans and Alaskans most be on the lookout
for to avoid it?
Answer. In terms of dietary supplements, all American's should be
on the lookout for supplements that claim to mitigate, treat, or
prevent the effect of COVID-19. As Federal authorities have made clear,
``[t]here are currently no medical products that are approved to treat
or prevent COVID-19.''
Yet supplement companies are preying on the fears of the public,
looking for quick, low-cost ways of protecting themselves and their
family. Unfortunately, consumers who buy ineffective supplements are
throwing their money away and may be less likely to use proven means of
prevention, such as masks and social distancing.
Question 2. As everyone knows, we are currently negotiating another
relief package that will potentially contain resources that could
attract scammers. Are there steps that Congress, the FTC, or the states
could take to proactively prevent future scams as the pandemic
continues?
Answer. The FDA and FTC should have dedicated resources from the
Congress to help combat scams and predatory behavior that occur in a
crisis such as this one. A COVID-19 scams funding stream to enlarge
efforts to monitor the marketplace would be a strong step in that
direction and could be dedicated to building more comprehensive
surveillance and enforcement efforts by the agencies.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
the U.S. Food & Drug Administration
Question 1. Is there an estimate of how much money U.S. consumers
have spent on these fraudulent products related to COVID-19?
Answer. The Food and Drug Administration (FDA or the Agency) plays
an essential role in overseeing our Nation's medical products as part
of our vital mission to protect and promote public health, including
during public health emergencies. The Agency is an active partner in
the Novel Coronavirus (COVID-19) response, working closely with our
government and public health partners across the Department of Health
and Human Services, as well as with our international counterparts. Our
work is multifaceted, focusing on actively facilitating efforts to
diagnose, treat and prevent the disease; surveilling the medical
product supply chain for potential shortages or disruptions and helping
to mitigate such impacts, as necessary; and leveraging the full breadth
of our public health tools as we oversee the safety and quality of FDA-
regulated products for American patients and consumers.
Within FDA, several parts of the Agency are involved in combating
health fraud. The Office of Criminal Investigations, Office of
Enforcement and Import Operations, and Health Fraud Branch within the
Agency's Office of Regulatory Affairs all work collaboratively with
colleagues in FDA's product centers and the Office of Chief Counsel.
FDA also works closely with other government agencies including the
Centers for Disease Control and Prevention (CDC), U.S. Customs and
Border Protection, the Federal Trade Commission, and the U.S.
Department of Justice.
FDA has established a cross-agency task force dedicated to closely
monitoring for unproven products sold with false or misleading COVID-19
claims. We have reached out to major retailers to ask for their help in
monitoring their online marketplaces for fraudulent coronavirus
products. Products may be subject to FDA investigation and potential
enforcement action if they are sold or distributed with claims to
prevent, treat, or cure COVID-19 and have not been approved, cleared,
or authorized by the Agency for that intended use. Our task force has
already alerted retailers that their platforms included listings for
fraudulent COVID-19 products online, and several retailers have
responded that they plan to monitor for false or misleading COVID-19
claims.
In addition, FDA's website includes a dedicated web page alerting
consumers to beware of fraudulent coronavirus tests, vaccines, and
treatments,\1\ and advising consumers and health care professionals
that they can report suspected fraud to the Agency's Health Fraud
Program\2\ or Office of Criminal Investigations.\3\
---------------------------------------------------------------------------
\1\ https://www.fda.gov/consumers/consumer-updates/beware-
fraudulent-coronavirus-tests-vaccines-and-treatments
\2\ https://www.fda.gov/safety/report-problem-fda/reporting-
unlawful-sales-medical-products-internet
\3\ https://www.accessdata.fda.gov/scripts/e-mail/oc/oci/
contact.cfm
---------------------------------------------------------------------------
FDA is committed to taking action to prevent unscrupulous actors
from selling fraudulent products related to this outbreak; however, the
Agency does not routinely collect data on the amount of money that U.S.
consumers have spent on fraudulent products related to COVID-19, and is
unable to provide such an estimate.
Question 2. Do you have an estimate as to how many hospitalizations
have resulted from the use of these fraudulent products?
Answer. FDA does not routinely collect national hospitalization
data and is unable to provide such an estimate. However, the Agency
works closely with CDC and state health departments, utilizes the
Agency's MedWatch Adverse Event Reporting program, which includes
health care professional and consumer complaints, to help identify
products that may be causing injury or death, and takes appropriate
action to protect the public health. This is particularly true when the
injuries caused are serious enough to warrant medical treatment or
hospitalizations.
For example, earlier this year FDA identified certain hand
sanitizer products that tested positive for contamination with
methanol, a substance often used to create fuel and antifreeze.
Methanol is not an acceptable active ingredient for hand sanitizer
products, and can be toxic when absorbed through the skin as well as
life-threatening when ingested. State officials also reported adverse
events, including blindness, hospitalizations and death, in people that
had ingested methanol-contaminated hand sanitizers. FDA quickly took
action to warn consumers about methanol-contaminated and other
potentially dangerous hand sanitizer products and encouraged health
care professionals, consumers and patients to report adverse events to
the Agency's MedWatch Adverse Event Reporting program. We worked
proactively with manufacturers to recall these products, and encouraged
retailers to remove them from store shelves and online marketplaces; in
addition, FDA took action to help prevent certain hand sanitizers from
entering the United States by placing them on an import alert.
Question 3. Has the COVID-19 Fraud Task Force examined the Deep Web
for other, more persistent producers or sellers?
Answer. FDA has received thousands of complaints from U.S.
consumers about unproven cures and illegitimate test kits being offered
for sale on the internet, and the Agency identified tens of thousands
of new ``high-risk'' Internet domain names that were registered in
early 2020. To proactively identify and neutralize these threats to
consumers, the Agency launched ``Operation Quack Hack'' in March 2020.
Operation Quack Hack leverages Agency expertise and advanced
analytics to protect consumers from fraudulent FDA-regulated products
during the COVID-19 pandemic. Building on our previous experience with
illegal online pharmacies, a team of consumer safety officers, special
agents and intelligence analysts triage incoming complaints about
fraudulent and unproven products sold for prevention, diagnosis, or
treatment of COVID-19. Where appropriate, complaints are sent to other
agencies or to FDA centers for additional review, and may be referred
for a warning letter, civil action, or criminal investigation.
In some cases, following a preliminary investigation, the Operation
Quack Hack team sends an abuse complaint to the domain name registrars
or a report to online marketplaces. These abuse complaints and reports
are intended to notify online entities that their platforms were being
used to sell an unapproved, unauthorized, or uncleared medical product
during the COVID-19 pandemic.
The Operation Quack Hack team has reviewed thousands of websites,
social media posts, and online marketplace listings, resulting in more
than 110 warning letters to sellers, more than 220 reports sent to
online marketplaces, and more than 270 abuse complaints sent to domain
registrars. These initiatives have led domain registrars to review and
take down numerous websites illegally selling unproven products.
ORA's Office of Criminal Investigations has discovered Dark
Websites purporting to sell a range of COVID-19 related medical
products such as convalescent plasma, vaccines, drugs, and personal
protective equipment (PPE). Many of the sites appear to be associated
with ``non-delivery'' fraud schemes involving PPE, medical equipment
such as ventilators, and other supplies or equipment in short supply
during the current COVID-19 pandemic. ``Non-delivery of merchandise''
is a scheme in which a seller on an Internet website (including auction
websites) accepts payment for an item yet intentionally fails to ship
it. Sellers like these sometimes will re-list the item and attempt to
sell it again through a different user name.
FDA will continue to monitor social media and online marketplaces
for listings promoting and selling fraudulent products to prevent,
diagnose, cure, or treat COVID-19. We have been working with retailers
to remove fraudulent products from store shelves and online, and we are
also increasing our enforcement at ports of entry to ensure that
fraudulent products do not enter the country through our borders.
Americans expect and deserve treatments that are safe, effective and
meet appropriate standards, and FDA will continue its efforts to
protect consumers from those who place profits above the public health
during this pandemic.
[all]