NCL supports AI liability rule, recommends extending its reach

May 2, 2024

Media contact: National Consumers League – Melody Merin, melodym@nclnet.org, 202-207-2831

Washington, DC – This week, NCL and six other consumer advocacy and public interest organizations submitted comments in support of a Federal Trade Commission proposal that would establish legal liability for AI developers who know (or have reason to know) that their AI is facilitating fraud.

The FTC’s proposed rule would enable the agency to crack down on scams that use deepfakes and voice cloning. It would also help to fill a glaring gap in its ability to hold impersonation frauds accountable, like romance and grandparent scams. This hole in the Commission’s capacity to return funds to victims of fraud is a direct result of the Supreme Court’s decision in the 2021 AMG Capital Management v. FTC case.

“While some AI developers implement safeguards to prevent the misuse of their products, many do not,” said NCL Public Policy Manager Eden Iscil. “The FTC’s initiative in this space should put companies on notice that they cannot put out unregulated AI tools and allow criminals to supercharge their frauds with them.”

Recent trends have shown the urgent need for the FTC to have strong enforcement options to combat impersonation fraud. NCL’s Top Ten Scams report for 2023 found significant consumer losses attributed romance and family-and-friend imposter fraud, with victim complaints showing median losses at $8,000 and $1,040, respectively. Generative AI, including text generation, voice cloning, and visual deepfakes, can enable these scams to be significantly more effective. The Federal Bureau of Investigation noted a 322% increase in sextortion reports between 2022 and 2023, attributing much of the increase to the proliferation of AI tools.

The Center for American Progress, Consumer Action, Consumer Federation of America, Electronic Privacy Information Center, the National Association of Consumer Advocates, the National Consumer Law Center, and NCL urged the Commission to clarify that the liability for AI developers in facilitating fraud should also apply to companies that provide scammers access to AI tools, even if the companies did not develop the AI themselves. The full comments can be found here.

Additional reading:

###

About the National Consumers League (NCL)

The National Consumers League, founded in 1899, is America’s pioneer consumer organization.  Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad.  For more information, visit nclnet.org.

NCL applauds President Biden’s landmark AI executive order 

October 31, 2023

Media contact: National Consumers League – Melody Merin, melodym@nclnet.org, 202-207-2831

Washington, DC – Yesterday, President Biden signed an executive order to establish the most comprehensive standards to date regarding artificial intelligence (AI). The following statement is attributable to National Consumers League (NCL) Chief Executive Officer Sally Greenberg:

“NCL applauds the Biden Administration for centering consumers and workers in its landmark executive order addressing AI. It is critical that the development of artificial intelligence aligns with our democratic values, preserves civil rights, and protects consumers’ health and safety as well as our privacy. Importantly, the Biden Administration has made clear that there is no exception for AI from the law as it continues to model how policymakers should tackle this issue. While the president’s order is a critical step forward, Congress must pass a robust bill to ensure lasting and comprehensive federal law governing AI.”

As part of the sweeping executive order, federal agencies are to provide clear guidance to landlords, federal benefits administrators, and federal contractors to ensure that AI does not discriminate against consumers and beneficiaries. The president also addressed the potential harms to workers from the use of AI in workplace surveillance, job displacement, union-busting, and discriminatory hiring practices.

NCL has been advocating for consumers and workers in our push for AI regulation, including requiring the labelling of AI-generated content to minimize deception to users.

###

About the National Consumers League (NCL)

The National Consumers League, founded in 1899, is America’s pioneer consumer organization.  Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad.  For more information, visit nclnet.org.

 

How you should respond to the security threat likely inside your computer

Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.


Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past November. While software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reports. In addition, since the flaw is hardware-based, the “fix” is only good until the next exploit is discovered.

At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity community. Since that time, public attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businesses, the impact on consumers has been somewhat overlooked.

That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like Meltdown, Spectre, and Zombieload—pose to consumers, their data, and the performance of their computers.

Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed.

For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied.

Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.

Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.

So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in a heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.

To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.

Fraud alert: Use caution when talking to ‘old friends’ on Facebook

Facebook is a terrific tool for staying in touch with old friends, former classmates, family, and community members. Unfortunately, like other popular social media platforms, it also attracts scammers looking to abuse the system for their own gain. We’ve recently heard from nearly a dozen consumers who have contacted Fraud.org about scammers using Facebook’s Messenger service to try to defraud them by posing as long lost friends.

The set-up for these scams is remarkably consistent. Consumers who sent us complaints report that these scams begin when they receive a message on Facebook Messenger from someone impersonating a former classmate or an old friend. When the recipient responds, the scammer strikes up a conversation to build trust. Once trust is established, the impersonator urges the consumer to send a text message to a number the scammer controls to get information on a grant, prize, or even government stimulus funds. When the victim texts the number, they are urged to pay an up-front fee and/or supply personal information (Social Security number, bank account/credit card information, etc.) to collect the non-existent money. Victims who do send the money are then urged to send even more money until they catch on. Unfortunately, the money is often sent via wire transfer or gift cards, which are extremely difficult or impossible to stop or reverse.

While this scam is not new, the request to take the conversation off Facebook Messenger and on to text message is a new twist. This is likely due to the scammers trying to evade anti-fraud technology employed by Facebook.

Here are tips to reduce your risk of falling victim to this scam:

Don’t immediately assume your Facebook friend is who they claim to be. Thanks to widespread data breaches, it is not difficult for scammers to get the information they need to compromise a Facebook account. If you receive a message from someone you have not spoken to in a long time, do not assume that the message is legitimate. The safest course of action is to simply ignore the message.

Test them. If you do engage in a conversation and become suspicious, you can try to verify the identity of the person messaging you by asking them a question only they would know (i.e., who was our 9th grade English teacher?).

Beware requests to take conversations off Facebook Messenger. Complaints we have received often describe requests to move conversation from Facebook (where they can be monitored) to text message. This is a big red flag for fraud.

Anyone who asks you to send money to get money is swindling you. If you are asked to pay money to collect a prize, grant, stimulus check, or any other type of reward, it is a scam.

Turn on two-factor authentication and encourage your friends to do the same. One of the reasons this scam occurs is that consumers tend to re-use passwords across multiple websites (your email and Facebook account, for example). That means that if your username and password are compromised at one website, scammers can use that information to try and compromise your account at other websites. An effective way to reduce the risk of this is to turn on two-factor authentication. This will require anyone trying to log in to your Facebook account to supply a special code (typically provided via text message or an authentication app) before they can log in.

If you suspect that you have become a victim, report it immediately. You can file a complaint at Fraud.org via our secure online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars.

Sign up for the #DataInsecurity Digest

NCL urges Administration to take action to combat COVID-themed fraud, patient harms online

April 10, 2020

Contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242 or Taun Sterling, tauns@nclnet.org, (202) 207-2832

Washington, DC – April 10, 2020 – The National Consumers League (NCL), in partnership with 42 patient and provider advocacy, public health, industry, and research groups, has issued joint letters to Vice President Mike Pence, the U.S. Department of Justice (DOJ), U.S. Federal Trade Commission (FTC), U.S. Food and Drug Administration (FDA), and other state and federal leaders calling for swift action to protect consumers against COVID-19 misinformation, scams, and fraud online.

“NCL commends the White House Coronavirus Task Force and other officials for their dedication in responding to the coronavirus crisis,” said NCL Executive Director Sally Greenberg. “The COVID-19 pandemic makes your work against healthcare and financial fraud more important now than ever. However to further flatten the curve and save lives, we urge the Administration to quickly implement increased evidence-based actions and to help protect consumers from predatory attempts to take advantage of our new economy.”

Since the start of the pandemic, criminals launched thousands of COVID-specific global scams and phishing attacks, using the coronavirus crisis to profit at patients’ expense. “Criminals have exploited the fear and confusion caused by the coronavirus for their own personal profits. More must be done to mitigate the health and financial harms experienced by consumers nationwide,” said Greenberg. In the past few weeks alone, more than 100,000 website domain names have been registered containing terms like “covid,” and “corona,” most of which have been found to be outright dangerous. The Federal Trade Commission indicated receipt of nearly 14,000 coronavirus-related complaints totaling fraudulent losses nearly $10 million.

NCL has long called for increased regulation and enforcement against illegal online acts that result in public health and economic harm. The joint letter encourages the Administration to move swiftly to enact and enforce existing no-cost solutions to better protect consumers. Additionally, it calls on the Administration to  ground their efforts in science, address systemic internet policy problems and prepare for an ongoing wave of COVID-19 related scams during the economic downturn.

Co-signers of the letters include Alliance for Safe Online Pharmacies, BIO, Coalition for a Safe and Transparent Internet, Consumer Brands Association, Kroll, Lilly, LegitScript, and USP. The full letter can be read here.

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneering consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

How consumers must respond to the security threat inside nearly every computer

Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.

Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past NovemberWhile software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reportsIn additionsince the flaw is hardware-based, the “fix is only good until the next exploit is discovered. 

At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity communitySince that timepublic attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businessesthe impact on consumers has been somewhat overlooked. 

That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like MeltdownSpectre, and Zombieloadpose to consumers, their data, and the performance of their computers.  

Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed 

For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied. 

Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.  

Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.  

So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.  

To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.

NCL applauds FTC action to reign in deceptive marketing in the wireless industry

November 5, 2019

Media contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242 or Taun Sterling, tauns@nclnet.org, (202) 207-2832

Washington, DC—Today, the National Consumers League, the nation’s pioneering consumer and worker advocacy organization applauded the Federal Trade Commission (FTC) for its successful investigation and settlement with AT&T after the wireless provider misled millions of its customers. In 2014, the FTC found that AT&T had secretly slowed down or “throttled” consumers’ Internet speeds on their supposedly “unlimited” plans and then charged consumers early termination fees if they wanted to switch providers to receive better service. As a result of thsettlement, AT&T will create a $60 million dollar settlement fund that will be paid out to current and former users of AT&T’s “unlimited” plan. 

The following statement is attributable to Sally Greenberg, executive director of the National Consumers League: 

“When consumers are promised unlimited data, they should receive unlimited data. AT&T’s policy of slowing down consumers data, to the point where they could no longer stream videos after using as little as two gigabits of data, is a classic example of bait and switch. NCL applauds the FTC’s efforts to protect consumers from false advertising and unscrupulous business practices in the wireless industry. NCL looks forward to seeing the FTC take additional steps to ensure that the marketplace remains fair and honest for all consumers.”

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

National Consumers League: Computer chip defects force nearly all consumers to choose between speed and security

October 24, 2019

Media contact: National Consumers League – Carol McKay, carolm@nclnet.org, (412) 945-3242 or Taun Sterling, tauns@nclnet.org, (202) 207-2832

New NCL #DataInsecurity report details threat these flaws pose to consumers—both in terms of the security of their data and the performance of their computers—and how they can protect themselves in the future

Washington, DC—A new report released today by the National Consumers League details how consumers have been impacted by a series of processor exploits announced over the last 22 months that leave nearly every computer and server from the past two decades vulnerable to hacking. With sensitive data at risk, patches have been issued that better secure computers and servers. However, these temporary fixes can result in significant performance problems.

The report, “Data Insecurity: How One of the Worst Computer Defects Ever Sacrificed Security for Speed,” is part of NCL’s #DataInsecurity Project. Timed to coincide with National Cybersecurity Awareness Month, the report is an opportunity to remind consumers about the importance of being safe and secure when online. The report discusses the threat these processor flaws pose to consumers—both in terms of the security of their data and the performance of their computer after the necessary security patches are applied—and how they can protect themselves in the future.

“This paper is a part of NCL’s mission to empower individuals to protect themselves from companies that put their data at risk,” said John Breyault, NCL vice president, public policy, telecommunications and fraud. “The scope and severity of these chip flaws is alarming, undermining both the security and speed of computers. Nearly two years after the flaws first made headlines, it is likely that consumers are still not fully aware of the risks they face if they do not protect themselves.”

The report details seven publicly disclosed exploits, known as “Spectre,” “Meltdown,” “Foreshadow,” “Zombieload,” “RIDL,” “Fallout,” and “SWAPGS,” that take advantage of the flaws found in CPUs manufactured by AMD, ARM, and Intel. While Spectre affects all three major chip manufacturers, all six subsequent exploits largely affect only Intel processors.

The exploits have been discovered on an ongoing basis for nearly two years, with the most recent one found in August 2019. The flaws are a result of a process called speculative execution, a functionality created in the 1990s that allows a processor to predict a user’s next action and perform it in advance, thereby reducing delays and increasing the speed of a computer. Because the flaws are foundational to how a CPU’s hardware is built, each patch is only temporary until the next exploit is discovered. Due to the nature of these flaws, the exploits that take advantage of them may not be traceable.

“Consumers are being forced to choose between the security of their data and the computer speed they were promised,” said Breyault. “We recommend consumers prioritize security, though unfortunately, it comes at a financial and performance cost.” 

The report concludes that the best protection for consumers is to buy a new computer that has a CPU with hardware-level security fixes or is immune from some of the exploits. Unfortunately, the NCL report acknowledges that this may not be practical for many consumers. Therefore, consumers are advised to perform frequent software updates. NCL is also strongly supporting data security bills such as the Consumer Privacy Protection Act of 2017 that would require companies to take preventative steps to defend against cyberattacks and data breaches and to provide consumers with notice and appropriate protection when a data breach occurs.

The full report can be found here.

###

About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

Computer chip defects force consumers to choose between speed and security

October is National Cybersecurity Awareness Month! Since the first observation of this month 15 years ago, the world has gone from about 800 million Internet users to approximately 4.5 billion. Over that same period of time, there has been an extensive amount of time and energy dedicated to improving cybersecurity and cyber hygiene.

Sadly, despite those good faith efforts, it does not appear that consumers have become safer. In fact, it is clear by now that most individuals have, in one way or another, been affected by some sort of hack or data breach—either on a personal computer or through a company that they have entrusted with their sensitive information.

To make matters worse, beyond the heightened cyber threat environment that exists today, a new hardware-based vulnerability found in almost every processor in the world has recently emerged, and it is making it increasingly difficult for consumers to keep their data protected.

A new report released by the National Consumers League’s #DataInsecurity Project, “Data Insecurity: How One of the Worst Computer Defects Ever Sacrificed Security for Speed,” discusses the threat these processor flaws pose to consumers—both in terms of the security of their data and the performance of their computer after security patches are applied—and how they can protect themselves in the future.

The report details seven publicly disclosed exploits, known as “Spectre,” “Meltdown,” “Foreshadow,” “Zombieload,” “RIDL,” “Fallout,” and “SWAPGS,” that take advantage of the flaws found in CPUs manufactured by AMD, ARM, and Intel. While Spectre affects all three major chip manufacturers, all six subsequent exploits largely affect only Intel processors.

The exploits, in short, can allow a hacker to obtain unauthorized access to privileged information. And while patches have been released alongside each exploit, they have led to a decrease in computer speed and performance—as much as 40 percent according to some reports. In addition, the patch is only good until the next exploit is discovered.

The flaws create a real challenge for consumers: apply each temporary “fix” as new exploits are discovered and risk slowing down your device, or don’t and put your sensitive information at risk. And consumers who apply patches remain at the mercy of companies that hold their sensitive data and are faced with a similar dilemma, particularly as they must consider the expenses of implementing these fixes—including costs to add computing power lost by each patch.

The report concludes that the best protection for consumers is to buy a new computer that has a CPU with hardware-level security fixes or is immune from some of the exploits. Unfortunately, this is not practical for many consumers. Therefore, consumers are advised to perform frequent software updates. NCL is also strongly supporting data security bills, such as the Consumer Privacy Protection Act of 2017, which would require companies to take preventative steps to defend against cyberattacks and data breaches and to provide consumers with notice and appropriate protection when a data breach occurs.

As we mark this year’s National Cybersecurity Awareness Month, we should certainly celebrate the progress that we have made. We cannot lose sight, however, of the need to better secure our information and systems moving forward. Awareness and smart data hygiene by consumers is one part. Companies must do their part to secure our information as well.

If you are interested in learning more, you can find NCL’s latest report here.