State AGs Failing to Protect Online Consumers

August 13, 2008

State attorneys general received thousands of consumer complaints of online fraud and abuse in 2006 and 2007 and yet, with the exception of several notable standouts, brought few significant cases in response.

Most states supplied the authors with a top 10 list ranking consumer complaint categories (Internet-related and other). In 2007, 24 out of 30 states that provided rankings reported an Internet-related category within their top 10. Eight states ranked Internet-related complaints among their top three most common consumer complaints, including four states that ranked Internet-related complaints at the top of the list.

For 2007 and 2006, 20 states provided the number of consumer complaints associated with each category—the others merely provided rankings without giving the number of complaints. In both years, these states reported roughly 20,000 Internet-related complaints.

The Federal Trade Commission also provides data for all 50 states on consumer complaints related to Internet fraud. These data are compiled from a variety of sources, including 13 state attorneys general. In 2007, the FTC reported 221,226 Internet-related fraud complaints, up almost 16,000 from 2006 and more than 24,000 in 2005.

"These numbers are startling, but they may even understate the problem," said Reece Rushing, director of regulatory and information policy at the Center for American Progress. "Consumers are often unaware, and thus may not report, when they are victimized by online threats such as spyware or phishing. We must take action against these threats to protect consumers and preserve confidence in Internet commerce."

Several attorneys general, in particular those in New York and Washington state, brought important cases on behalf of online consumers. New York Attorney General Andrew Cuomo, for example, recently announced groundbreaking settlements with Priceline, Travelocity, and Cingular, which advertised using Direct Revenue, a company that surreptitiously installed adware on consumers’ computers. In Washington, meanwhile, Attorney General Rob McKenna reached a recent settlement with the operators of several websites that lured more than 13,000 Washington consumers to divulge personal information that was then sold to third parties.

Despite these successes, however, most attorneys general have not given high priority to online fraud and abuse. Rather, most investigations and prosecutions involving the Internet appear to be focused on sexual enticement of minors and child pornography. Such cases accounted for more than 60 percent of the cases highlighted in 2007 and 2006 by the National Association of Attorneys General in its bimonthly Cybercrime Newsletter, which lists Internet-related cases brought by state attorneys general.

Among other cases highlighted, 8.9 percent involved data security, confidential records, or identity theft and 15.5 percent involved online sales and services, such as failure to deliver on a purchase or failure to provide a product or service that meets advertised quality. This type of crime has clear parallels to fraud conducted in the physical world—the Internet is merely the medium for the transaction.

This is not the case, however, for spyware, adware, spam, and phishing, which represent completely new categories of fraud and abuse. Over 2007 and 2006, the Cybercrime Newsletter highlighted just 14 cases (8.3 percent of the total) brought by state attorneys general in these areas, 10 of which were brought by Washington or New York.

"Online consumers are now at risk," said Ari Schwartz, vice president and chief operating officer at the Center for Democracy and Technology. "Internet crime costs basically nothing to execute, can be highly lucrative, and involves little risk of being caught and punished. We need all 50 state attorneys general focused on this problem. Through committed action and vigorous enforcement, they can provide a powerful and much needed deterrent."

The report recommends that state attorneys general take a number of steps to protect online consumers. In particular, attorneys general should assess the applicability and adequacy of state laws, develop computer forensic capabilities, train investigators and prosecutors to identify Internet fraud and abuse, and devote greater resources to enforcement efforts.

"In New York and Washington, attorneys general have equipped themselves to take on Internet fraud and abuse," Schwartz said. "As a result, they have won a string of important cases. Other state attorneys general should follow their lead and provide online consumers the protection they deserve."