Advocates call on DOT to mandate easier airfare cost comparison

January 25, 2023

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, 202-823-8442

WASHINGTON DC. – Yesterday, the National Consumers League (NCL) and a coalition of six consumer and passenger rights organizations filed comments with the Department of Transportation (DOT) in support of proposed regulations requiring the earlier disclosure of common airline ticket add-on fees. DOT’s proposed rules would require airlines and ticket agents to display fees associated with checked baggage, ticket changes and cancellations, and family seating on the first page of airfare search results. 

“It is extremely difficult and time-consuming for consumers to do accurate apple-to-apples comparisons when shopping for airline tickets,” said John Breyault, NCL Vice President of Public Policy, Telecommunications, and Fraud. “DOT’s proposed rules would promote competition by making it harder for airlines and ticket agents to hide some of the most egregious add-on fees in the fine print at the end of the ticket-buying process.” 

“The airlines love to nickel-and-dime passengers with junk fees, and in far too many cases travelers are hit with sticker shock when they finally realize the true cost of flying,” said William J. McGee, Senior Fellow for Aviation & Travel at American Economic Liberties Project. “We urge the DOT to address transparency of fees, and to eliminate certain fees altogether. This applies especially to fees for families with young kids to sit together, an issue Congress directed the DOT to address in 2016.” 

“If airlines are going to continue to devise and impose all sorts of unreasonable fees, they must be required to reveal each fee when travelers first search for price and availability,” said Ruth Susswein, Consumer Action’s Director of Consumer Protection. 

“Airlines have come up with all sorts of extra fees over the years: baggage fees, change fees, seat selection fees and more. We believe airlines should be required to disclose these fees before someone begins the actual booking process, not at the end. And these fees should be disclosed up front in real time to ticket agents that provide fare information. This would encourage price competition and ultimately give consumers more transparency in pricing,” said Teresa Murray, Consumer Watchdog for Public Interest Research Group. 

To view the coalition’s full comments to DOT, click here. 

###

About the National Consumers League (NCL)
The National Consumers League, founded in 1899, is America’s pioneer consumer organization.  Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad.  For more information, visit https://nclnet.org.

National Consumers League names Robin Strongin to lead Health Policy

December 14, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, 202-823-8442

WASHINGTON DC. –  National Consumers League (NCL)-the nation’s oldest consumer advocacy organization, has named Robin Strongin Senior Director, Health Policy, beginning January 4, 2023.  Robin will oversee NCL’s robust health care portfolio.

An accomplished public affairs expert with decades of experience working in Washington, D.C., Robin has worked with and for federal and state governments, regulatory agencies, the White House, Congress, think tanks, nonprofit organizations, corporations, start-ups, coalitions, and trade associations. Robin served as a Presidential Management Intern and worked in the Office of Legislation and Policy in the Health Care Financing Administration (now the Centers for Medicare and Medicaid Services), the Prospective Payment Assessment Commission (now the Medicare Payment Advisory Commission) in addition to serving in the Office of Congressman James J. Florio (D-NJ).  Robin spent a decade as a senior research associate at George Washington University’s National Health Policy Forum.

Robin ran Amplify Public Affairs, LLC and launched an award-winning Disruptive Women in Health Care blog®; she also served on the following boards: the Institute for Music and Neurologic Function (founded by Dr. Oliver Sacks); AcademyHealth’s Translation and Dissemination Institute Advisory Committee; Kaiser Permanente’s Institute for Health Policy; Older Women’s League; Physician-Parent Caregivers; and The Hill newspaper Publisher’s Advisory Board. In October 2015, Robin was named to the National Alzheimer’s Scientific, Patient and Caregiver Advisory Council of the PCORI-funded Alzheimer’s & Dementia Patient/Caregiver-Powered Research Network (AD-PCPRN); and named a Woman of Impact (https://www.womenofimpact.org) in December 2015.

“The National Consumers League is a powerful force in leading and advocating for consumers’ health and safety,” said Strongin. “I’m deeply honored to be part of a team dedicated to this critical mission and I look forward to working with Sally Greenberg, the board, and the entire team to achieve our vision.”

###

About the National Consumers League (NCL)
The National Consumers League, founded in 1899, is America’s pioneer consumer organization.  Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad.  For more information, visit https://nclnet.org.

National Consumers League adds Identity Theft Resource Center ‘Live-Chat’ to Fraud.org to help identity crime victims

December 13, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, 202-823-8442

WASHINGTON, D.C. – Today, the National Consumers League (NCL), the nation’s oldest consumer advocacy organization, and the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, are partnering up to help victims of identity crimes.

NCL integrated the ITRC’s live-chat function into fraud.org, a project of the NCL to give consumers the information they need to avoid becoming victims of telemarketing and internet fraud. The ITRC live-chat function on fraud.org will help assist victims of identity crimes related to data breaches, identity theft and identity fraud. It will also provide people with another resource during the holiday shopping season when there is an increased risk of identity crimes. According to Forbes, Adobe predicts a 2.5 percent growth in online sales from November 1-December 31, when identity criminals may look to take advantage of increased online activity.

The ITRC’s staff of identity advisors provides preventative information and customized plans to address all types of identity concerns. ITRC advisors assist victims live during business hours or through direct follow-up when contacted after hours and on weekends.

“NCL is always looking for new ways to reach consumers and better protect them from fraud,” said John Breyault, Vice President of Public Policy, Telecommunications, and Fraud at NCL. “By increasing the number of options that individuals can use to contact us, we can help a greater number of people. Thanks to ITRC, consumers with differing accessibility needs, levels of phone service, and communication preferences will find it easier to get in touch with a fraud expert.”

“The NCL and ITRC have a long history of mutual respect and shared commitment to victims of identity crimes,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Adding the NCL to the group of organizations and government agencies using live-chat to help victims continues our fight for small businesses and consumers to protect them from identity criminals. We believe giving more people direct access to our live identity experts – at no cost – will help prevent identity fraud and provide the support needed to recover from these crimes.”

NCL is the third organization the ITRC has partnered with to integrate the ITRC live-chat function on its website. Earlier in 2022, the ITRC embedded its chat into the San Diego District Attorney Office and New Mexico Office of the Attorney General websites.

Since the ITRC’s chat function was launched on fraud.org, three (3) percent of the ITRC’s total cases have come from its website. Implementing the ITRC’s live-chat function provides victims access to support when it is convenient and in a manner people often prefer – a live-chat rather than a phone call. ITRC advisors will:

  • Ask what happened
  • Ask a series of questions to help determine the scope of the problem
  • Provide a victim or curious consumer with a detailed, custom plan of action steps to take

Currently, most ITRC cases from fraud.org involve scams, primarily lottery and prize scams (mostly about criminals pretending to be Publisher’s Clearing House representatives) and existing account takeover of a bank or credit card account.

The ITRC is committed to providing access to everyone seeking help. Read about the Center’s accessibility initiative here. Anyone can contact an advisor by visiting www.idtheftcenter.org or calling toll-free at 888.400.5530.

About the National Consumers League (NCL)

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit https://nclnet.org.

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org  and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

National Consumers League urges Congress to strengthen Bipartisan Privacy Bill

June 17, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, (202) 207-2832 

WASHINGTON, D.C. – The National Consumers League is encouraged by the bipartisan, bicameral American Data Privacy and Protection Act (“ADPPA”), a long-overdue step to protect the privacy and security of consumers’ personal information. However, there remain some concerns that must be addressed to ensure that the bill provides basic consumer remedies for failure to comply with the rules of the road and preserve the best aspects of the privacy laws that are already in place in the states.

“The lack of a comprehensive data protection law has left Americans at the mercy of criminal hackers who are making billions of dollars stealing consumers’ personal data,” said NCL Executive Director Sally Greenberg. “At the same time, many companies have built their business models on the collection of sensitive data that exacerbates existing inequities in our economy.”

NCL has long pushed for stronger protections for consumer data. In 2011, NCL supported a bill to regulate the use of sensitive location data. In the wake of the Target data breach in 2013, NCL launched the #DataInsecurity Project to raise awareness about how the lack of data security standards increases the risks to consumers of identity fraud and other scams. Most recently, NCL released a genetic privacy reform roadmap detailing actions Congress, the Biden administration and industry could take to protect consumers’ genetic data.

NCL shares the concerns about the ADPPA raised by privacy and consumer advocates. Importantly, we believe that the bill’s private right of action provisions should be strengthened and a prohibition on mandatory binding arbitration clauses should be included in the legislation.

In addition, NCL supports allowing states with strong privacy and data security laws to preserve those provisions where they provide additional consumer protections.  NCL also supports preserving the Federal Communication Commission’s role in regulating the privacy practices of common carriers. Given the bill’s proposal to expand the role of the Federal Trade Commission in protecting consumer data, Congress must ensure that the FTC has the resources it needs to be effective in that role.

“We applaud members of Congress for putting forward a bipartisan bill to provide comprehensive privacy and security protections,” said John Breyault, NCL’s Vice President of Public Policy, Telecommunications and Fraud. “Compromises by all sides in this debate have led us to this moment. There is much promise in this legislation, but key consumer protections need to be addressed before the bill moves forward.”

###

About the National Consumers League (NCL) 

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

New York ticketing legislation is a victory for fans

June 9, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, (202) 207-2832

Washington, DC— The National Consumers League (NCL) applauded the New York State Assembly for approving S.B. S9461, landmark consumer protection legislation that makes New York the first state to require all-in pricing of live event tickets. The bill also requires ticket brokers to disclose how much was originally paid for a ticket when they resell a ticket, prohibits the resale of tickets that were originally offered for free, and prohibits “print-at-home” fees.

“Fans in New York are the real winners from this bill,” said John Breyault, Vice President of Public Policy, Telecommunications, and Fraud at the National Consumers League. “Hidden fees and outrageous markups are some of consumers’ biggest pain points when it comes to buying tickets. While this bill will not solve every problem within the ticketing industry, getting rid of hidden fees addresses one of fans’ biggest complaints.”

A 2018 Government Accountability Office (GAO) report found that on average, consumers paid an extra 27% of the ticket’s original cost in fees. Media reporting has found instances where hidden fees were 78% of the fare’s starting price.

“Ticketing companies have long known that all-in pricing was a better solution for consumers, but they hesitated to provide it for fear of losing market share to competitors who hid their fees,” said Breyault. “That is the definition of market failure, which the New York bill fixes. We urge other states and the U.S. Congress to follow New York’s example and enact similar legislation.”

NCL applauded, in particular, the leadership of New York Senator James Skoufis whose investigative report on the ticketing industry was an important catalyst for this legislation.

“Senator Skoufis championed this important bill in the face of intense industry opposition and made sure it didn’t get watered down,” said Breyault. “Fans in New York will benefit immensely from his leadership.”

###

About the National Consumers League (NCL) 

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

 

How you should respond to the security threat likely inside your computer

Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.


Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past November. While software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reports. In addition, since the flaw is hardware-based, the “fix” is only good until the next exploit is discovered.

At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity community. Since that time, public attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businesses, the impact on consumers has been somewhat overlooked.

That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like Meltdown, Spectre, and Zombieload—pose to consumers, their data, and the performance of their computers.

Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed.

For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied.

Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.

Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.

So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in a heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.

To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.

Sign up for the #DataInsecurity Digest

Will Obama’s cybersecurity plan help consumers? – National Consumers League

It seems appropriate that the Obama Administration chose Safer Internet Day to announce its new Cybersecurity National Action Plan (CNAP). At a time when massive data breaches continue to be the norm, rather than the exception, it is heartening to see the President take comprehensive action to address ongoing threats to consumers’ data. So, what are some of the highlights of the CNAP? Will it help consumers getting pummeled by data breaches? 

Let’s take a look… 

Establishing a “Commission on Enhancing National Cybersecurity”

Bringing together cybersecurity experts to talk shop and recommend solutions is rarely a bad idea. Importantly, the CNAP is charged with delivering a report of its findings and recommendations to the President on December 1, 2016, which should make for interesting reading by data security geeks like yours truly. The CNAP calls for the Commission to be made up of “top strategic, business, and technical thinkers from outside of Government.” Within the Executive Order itself, the Commission membership qualifications are spelled out in greater detail as “those with knowledge about or experience in cybersecurity, the digital economy, national security and law enforcement, corporate governance, risk management, information technology (IT), privacy, identity management, Internet governance and standards, government administration, digital and social media, communications, or any other area determined by the President to be of value to the Commission.”

Notice something missing there? If you said “consumers,” give yourself a gold star. All too often, the job of protecting consumers’ data is punted on to the backs of consumers themselves. While doing things like enabling two-factor authentication, using good digital hygiene, and paying attention to credit reports is never a bad idea, it can’t be the only solution. The companies and agencies that collect and use consumers’ data must have real skin in the game when it comes to protecting that information. We hope that the new Commission will take a look at the role that data security standards, strong data breach notification requirements, and cyber insurance can play in strengthening data protections.

Empowering Americans to secure their online accounts

At NCL, we’re big fans of the great work the National Cyber Security Alliance is doing to arm consumers and businesses with the tools to enhance their own data security. By embracing two-factor authentication, the Administration is putting its imprimatur on a common-sense data security tool that all consumers should be using whenever possible. Kudos, too, for looking at ways for federal agencies to practice what they preach by looking for ways to implement stronger authentication methods and reduce the use of Social Security Numbers as an identifier for citizens. (P.S. If you use Google services and need some extra incentive to up your security game, our colleagues at Google are offering two free gigabytes of Google Drive storage to anyone who completes their Security Checkup).

Investing $19 billion+ for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget

This is the part of the CNAP that’s getting the most press and, frankly, will probably be the toughest part of the plan to get over the finish line, given election year politics in Washington. However, given the cybersecurity skills gap, it’s heartening to see the President’s budget proposing a package of student loan forgiveness, increased cybersecurity hiring, small business training, and technology modernization initiatives. Last year’s OPM data breach made the consequences of relying on out-of-date technology painfully clear. And for goodness sakes, it’s time for every federal agency to get off Windows XP, already!

There’s lots more to dig into in the CNAP, but overall, it’s got a lot to like from a consumer point of view. As the Plan correctly recognizes, “there is no silver bullet to fully guarantee our data security.” The fight for better data security is going to take lots of hands, and we applaud the President for proposing ways for us all to get in the trenches.

How many straws until the camel’s back is broken on data breaches? – National Consumers League

John BreyaultAnother day, another data breach. The data breach roulette wheel this times landed on health insurer CareFirst. Who loses? The 1.1 million consumers whose names, birth dates, email addresses and CareFirst subscriber ID numbers are now in the hands of cyber crooks.

First things, first, what’s the risk to consumers? The mostly likely effect is that consumer affected by the breach may be on the receiving end of convincing-looking phishing emails. These attacks are designed to trick consumers into clicking on links or attachments that install malware or send users to phishing websites. The phishing emails (and possible telephone calls) are likely to reference CareFirst in some way, and may even masquerade as notifications about the breach itself.

Bottom line: If you are a CareFirst customer, the first place you should be going to get reliable information about the breach and what CareFirst is doing about it is www.carefirstanswers.com. The website has been set up by CareFirst to give affected customers up-to-date information about the breach and what steps they can take to mitigate their risk, including taking advantage of free credit monitoring and identity theft protection CareFirst is offering via Experian.

With that out of the way, there are a number of key questions that regulators, legislators and advocates should be asking in the coming days and weeks.

First, why are health insurers being targeted? CareFirst is the third major health insurer to disclose a breach in the past six months. There are troubling signs that the breaches at Anthem in February, Premera in March and now CareFirst are part of a coordinated attack on U.S. health insurers, possibly by state-sponsored hackers. Regardless of the origin of the hack, it’s clear that medical information is especially lucrative for thieves. According to cybersecurity experts, stolen medical info is worth 10-20 times more than stolen credit or debit card data goes on the cyber black market. With 2.3 million Americans falling victim to medical identity theft in 2014, it’s not hard to see why medical information presents such an attractive target to cybercriminals

Second, why did it take 10 months to notify consumers? According to CareFirst, the intrusion into their network was first detected in June 2014 and “immediate action” was taken to contain the threat. However, it was not until April 2015 that the company discovered that the crooks had exfiltrated their systems with stolen data. With nearly 10 months lead time, cybercrooks had ample time to create mischief with the stolen data before CareFirst notified consumers. Why did it take so long to find out that data was actually lost?

Finally, would more stringent data security standards or data breach notification laws have reduced the risk of this breach? There is no way to make a system 100% safe from hacking. However, far too many companies only invest significant resources in protecting their customers’ data after a hack, not before. This leaves millions of consumers at risk of breach-fueled fraud as companies elect to invest elsewhere while they wait for a hack to force them to spend on data security. What kind of incentives and/or penalties should Congress and Executive Branch consider to shift the cost/benefit equation for companies towards spending on data protection before a breach? NCL’s 2015 Data Security Agenda is a good roadmap for policymakers looking for consumer-friendly answers to these important questions.

The CareFirst breach is yet another straw on the pile of reasons why consumers can’t wait on businesses to take care of the data security problem on their own. It’s time for leaders in Washington to step up and pass real data security reform before the next straw breaks the camel’s — and our — backs. In the meantime, here are tips consumers can use to reduce the risk of identity theft.

Bravo! FTC’s “Start With Security” initiative announces seminar on data security – National Consumers League

Federal Trade Commission Chairwoman Edith Ramirez this morning announced the next step in the FTC’s efforts to craft data security guidelines for businesses. As part of its “Start with Security” program, originally unveiled in March, the Commission will hold an initiative at the University of California on September 9. This follows on the heels of the February 13 Summit on Cybersecurity and Consumer Protection at Stanford University.NCL has long advocated for the FTC to take a leadership role in the federal government on data security and is very pleased about this announcement. We applaud the FTC for taking this step to improve data security and help businesses protect consumers.

While details of the September meeting aren’t yet fully known, we do know a few things about the Commission’s “Start with Security” program. At the IAPP summit in March, FTC Bureau of Consumer Protection Director said that the program’s goal is to provide businesses with resources, education and guidance on data security. Chairwoman Ramirez (who NCL will be honoring in October, incidentally) elaborated on this theme, stating that the initiative will be aimed at bringing together experts on data security to share best practices, particularly for small and medium-sized businesses.

The focus on data security at small-to-medium sized businesses is a logical choice for the agency. Its ongoing legal tussle with Atlanta-based LabMD illustrates challenges the Commission faces as it seeks to enforce data security obligations on small businesses. Such entities are often ill-equipped to adequately protect the growing amounts of sensitive personal information they are collecting.  This is an incredibly important issue. As NCL’s #DataInsecurity Report found, nearly 6 in 10 data breach victims indicated that their trust in retailers decreased following a breach. For a small business struggling to stay afloat, losing the confidence of customers due to a data breach can mean the difference between keeping the lights on and a “closed” sign on the front door.

So what can the Commission hope to accomplish at its September meeting? In the interests of promoting consumer data security, we propose that the meeting agenda cover some basic data security policy topics, such as:

  • Is there a sufficient flow of information and best practices on breach trends, emerging threats from hackers, etc. being shared by the FTC with business that are entrusted to store consumer data? If not, how can this improve?
  • The Online Trust Alliance estimated that 90% of data breaches in 2014 could have been prevented if basic security measures had been taken. With this in mind, how can businesses be incentivized to make sure they are taking the basic steps to protect their data?
  • Small and medium-sized businesses often lack the budget and/or expertise to craft robust data security protections, yet they are increasingly collecting large amounts of sensitive data about their customers. What requirements should be placed on a pizza parlor, for example, when it comes to data security?
  • We often hear that it’s not “if,” it’s “when” when it comes to data breaches at businesses. However, it seems that businesses, particularly small-to-medium sized businesses, aren’t prepared to protest against the data breach threat. Is this accurate? If so, what can the FTC do to change that mindset?
  • Government data security mandates can only do so much to create a climate where data security is taken seriously by business. What flexible, market-based incentives exist to promote data security? Is cyber-insurance the answer?
  • There is no shortage of cybersecurity firms offering high-priced solutions to small-to-medium sized businesses. Are there free or low-cost solutions that businesses can take today that will measurably reduce their data security risks (e.g. enable multi-factor authentication, create stronger passwords, encrypt sensitive data)?

The “Start With Security” initiative is a good opportunity for the FTC to promote solutions that businesses can take to reduce their data security risk. However, absent reforms in Congress to tackle tough issues like data breach notification and a comprehensive data security standard, education can only do so much. We hope that the Commission will use the September 9 forum to highlight the impact that breaches continue to have on consumers and businesses and to push Congress to pass real data security reforms.