Consumer rights groups say the Federal Trade Commission should investigate itself for false advertising after the agency backtracked on cash payouts.
As part of its $575 million settlement with Equifax, the FTC initially stated victims of the historic hack would get either 10 years of free credit reporting, or a $125 cash payout if they already had such services. But it didn’t take long for the FTC to backtrack on its promise of modest cash compensation, claiming it found the public interest in free money “unexpected.” Now consumer group Demand Progress says the agency should investigate itself for incompetence, empty promises, and for violating the FTC Act. The FTC Act prohibits unfair and deceptive advertising “in any medium,” but the FTC has long been criticized for turning a blind eye to blatant examples of misleading marketing across numerous sectors. As Motherboard noted last week, the $31 million the FTC set aside for the payouts was hugely inadequate, covering just 240,000 of the 147 million victims of the hack and leak. Privacy and legal experts say the agency’s woeful underestimation was a bait and switch. In turn, Demand Progress has launched a new petition urging its members to reach out to the “failed trade commission” and demand the agency investigate its own screw up.
“We demand the Federal Trade Commission and its Office of Inspector General launch an immediate investigation into the Federal Trade Commission's false and deceptive advertising surrounding its settlement with Equifax,” the petition states. “In addition to a full investigation, we demand the FTC issue an immediate cease and desist to itself and prohibit itself from making future deceptive statements,” Demand Progress Executive Director David Segal said in a statement provided to Motherboard. Both the Equifax and Facebook settlements made headlines for the “record” fines being levied against both companies. But such framing isn’t particularly relevant when the banking, tech, and telecom industries are not only making record profits off of the collection and sale of private user data, but have repeatedly failed to keep that data private and secure.
“Our main focus was the credit monitoring product, largely provided by a third party vendor, as the primary source of relief for affected consumers because it was viewed as the best source of future protection from identity theft,” the FTC told Motherboard in a statement. But experts say that credit monitoring is largely useless. Many consumers have already received free monitoring in the wake of countless other privacy breaches. Consumers may also fail to see value in services by an industry that has already proven incapable of protecting user data, or signing up for services replete with fine print eroding your legal rights. Of the $575 million settlement, $175 million went to the 48 states involved in the settlement. Another $100 million was doled out as civil penalty to the The Consumer Financial Protection Bureau. The remaining $300 million is intended to pay for consumers that can prove direct financial harm (such as identity theft) as a result of the historic hack. And while users can still fill out a form and receive cash compensation up to $20,000 if they can prove the hack resulted in clear monetary harm, the rest of the 147 million impacted consumers are out of luck. The most compelling part of the settlement was the $125 worth of compensation the FTC initially promised, then backtracked from. The FTC has refused to answer questions as to why it only set aside $31 million for the $125 payouts, or whether this failure reflects clear shortcomings in the settlement itself. “The data breach affected 147 million people. There is no reasonable explanation for advertising a cash payout of $125 with those numbers,” Demand Progress said.