Publications
Brand Protection & Advertising

Stay ADvised: What's New This Week, April 20

By Marc Roth, Nancy J. Felsten, and Robert J. Driscoll
04.24.20
Print this page

Articles:

NY AG Determined to Put a Stop to COVID-19-related Scams as Advertising for False Cures Spread

Last week, the New York Attorney General's Office announced it has shut down more than 20 websites promoting COVID-19-related scams. Last month, the NY AG sent letters to GoDaddy and other domain name registrars asking them to take control of domain names used for COVID-19-related scams and fake remedies. In keeping with these efforts, Attorney General Letitia James sent a cease and desist letter to CBD company Finest Herbalist, ordering it to stop marketing its CBD product as a cure for COVID-19 in violation of New York law. This serves as a warning to other companies promising a quick but scientifically unsupported remedy to the disease.

In email campaigns, text messages, and purported news websites, Finest Herbalist marketed its supplement Pure Herbal Total Defense Immunity Blend as a treatment for COVID-19, according to Attorney General James, making claims that the product offers "Protection From Corona Virus With Immunity Oil" and is a way to "Fight back against the coronavirus outbreak!" According to James, these statements are false, as there is currently no known cure or effective drug treatment for the virus.

The cease and desist letter advises Finest Herbalist to stop making misleading claims about the efficacy of the product as a treatment for COVID-19 in violation of New York's General Business Law, which prohibits "fraudulent and deceptive business practices and false advertising." The letter further demands that the Utah-based company immediately cease selling the product as a cure for COVID-19.

In light of these allegations, Attorney General James further advised the company to add a disclaimer to every page on its site to indicate that "the product is not intended to diagnose, treat, cure, or prevent any disease, including COVID-19."

The cease and desist letter, signed by Lisa Landau, Chief of the Health Care Bureau in the New York Attorney General's Office, gives the company 10 business days to comply with the orders or risk an enforcement action by the State.

This is not the first time Finest Herbalist has been accused of less than aboveboard tactics. The company has received multiple complaints on the Better Business Bureau's website, with many customers complaining about unsolicited marketing calls and difficulties cancelling free trial plans.

This cease and desist order is just one more example of the AG's efforts to target false marketing claims during the COVID-19 pandemic. Attorney General James has sent cease and desist letters to several other companies and individuals alleging similar wrongdoing, including televangelist Jim Bakker and Alex Jones, whose troubles with the Food and Drug Administration (FDA) over similar allegations we also cover this week.

"By misrepresenting the effectiveness of products against COVID-19, companies like Finest Herbalist are giving consumers a false sense of security, putting their very lives at risk," said Attorney General James. "Deceptive marketing is never acceptable, especially during a time of crisis; this is a matter of public health and safety. My office will continue to root out companies that attempt to illegally profit from this pandemic," she added.

Key Takeaways

Attorney General James' statements echo those made by the Federal Trade Commission, the FDA, and the Department of Justice regarding false marketing of products advertised to mitigate or heal COVID-19, all of which say the agencies have made it a priority to pursue marketers of false COVID-19 cures.

FDA Sends Alex Jones Letter Warning Not to Sell Bogus COVID-19 Cures

The Food and Drug Administration (FDA) has also sought to halt bogus COVID-19 cures and has sent a warning letter to right-wing radio host and well-known "conspiracy theorist" Alex Jones to stop selling and marketing on his website products that he claims are cures for COVID-19.

The April 9 letter, which comes on the heels of a similar letter in March from NY Attorney General Letitia James, warns Jones to stop falsely claiming that certain products for sale on his Infowars website—such as "Superblue Silver Immune Gargle," "SuperSilver Whitening Toothpaste," "SuperSilver Wound Dressing Gel" and "Superblue Fluoride Free Toothpaste"—cure COVID-19 or that they "are intended to mitigate, prevent, treat or diagnose" the virus, for which there is currently no known cure. Further, writes the FDA, Jones' marketing of the products in this manner constitutes sale of unapproved new drugs in violation of the FD&C Act.

The warning comes at a time when the FDA is taking "urgent measures to protect consumers from certain products that, without approval or authorization by FDA, claim to mitigate, prevent, treat, diagnose, or cure COVID-19 in people," it said.

In multiple videos on his website, Jones touts the curative powers of his products for COVID-19. The FDA's warning letter includes a number of examples of Jones' allegedly illegal health claims about the products he sells. In one example, a March 10th video shows Jones advertising his Nano Silver by telling his viewers the following:

"I'm not going to belabor this, I'm just gonna tell ya, that for just your daily life, and your gums and your teeth and for regular viruses and bacteria, the patented Nano Silver we have, the Pentagon has come out and documented, and homeland security have said this stuff kills the whole SARS corona family, at point blank range." Jones then goes on to claim that the product will soon be for sale at Walmart.

The FDA gave Jones 48 hours to remove or correct the false material on his website and to inform the FDA of the steps he has taken to comply.

Key Takeaways

In response to the March 12th letter from the NY AG, counsel for Jones indicated a prominent disclaimer would be posted on his website to make it explicitly clear that the touted products were not meant as COVID cures. But as of this writing, Infowars is still listed by the FDA as noncompliant. It remains to be seen what if any additional action regulatory bodies may take given the widespread dissemination by many different actors of false cures and promises.

Senator Markey Urges FTC to Develop Videoconferencing Privacy Rules

In response to growing concerns about privacy issues experienced by users of online videoconferencing applications, Senator Edward J. Markey sent a letter to the Federal Trade Commission (FTC) urging it to adopt specific guidelines for videoconferencing companies to protect the online privacy of their customers.

“These cybersecurity and privacy concerns are an important and time-sensitive issue, as millions of Americans now depend on online conferencing software for communication during this public health crisis,” wrote Markey in his letter to the FTC.

Markey’s correspondence to the FTC requests that it combat these problems by issuing comprehensive guidance for online technology videoconferencing companies to help these companies “strengthen their cybersecurity and protect consumer privacy.”

Markey wrote that the FTC’s guidance should include implementing safeguards to prevent unauthorized access to consumer data, enacting limits on data collection and recording applicable to videoconferencing apps, employing security tools such as encryption to secure data, and ensuring that companies provide clear and conspicuous privacy policies for users.

Further, Markey requested that the FTC develop best practices for users of videoconferencing apps to provide consumers with direction on what to look for “when choosing and utilizing” videoconferencing apps.

Markey suggested these best practices educate consumers about how to prevent cyberthreats such as malware, how to choose methods to share links online without compromising security, how to restrict access to meetings using software settings, and how best to recognize that different versions of software often provide varying levels of privacy protection.

Key Takeaways

Senator Markey reached out to the FTC—as well as to the Department of Transportation and businesses such as Amazon—at the early stages of COVID-19, urging them to develop a comprehensive plan to protect consumers from COVID-19-related scams. Since then, whether or not spurred by Senator Markey, the FTC has published specific guidance outlining how it will work to safeguard consumer protection from COVID-19 scams.

Establishing privacy protections for videoconferencing apps may be tougher, considering that legislation protecting online privacy is only in the early stages of implementation at the state level, and no comprehensive data protection legislation currently exists at the federal level. Nevertheless, the FTC may address these issues under the “deceptive practices” clause of the FTC Act, as it has done in the past. 

FTC Locks Down Settlement Resolving Smart Lock Co. Security Allegations

A maker of "smart" locks marketed as "ultra-secure" settled Federal Trade Commission (FTC) allegations that it deceived consumers about the security of its locks, which the FTC claimed in reality lacked even basic security protocols.

Canadian company Tapplock, Inc., which touted its locks as "unbreakable," and as the "world's first smart fingerprint padlock," agreed to the proposed settlement requiring it to implement a "comprehensive security program."

The company sells locks that cost consumers between $70 to over $100 per lock. Users are able to open their locks via Bluetooth using Tapplock's smartphone app.

According to the FTC's complaint alleging violations of the FTC Act, Tapplock marketed its "internet-connected, fingerprint-enabled padlocks" with the tagline "Bold. Sturdy. Secure." Aside from the obvious importance of security for a lock, the product linked to an app which collected personal information from users including emails, location history, lock geolocation information, and profile picture, making it even more vital that there be security protocols in place.

Tapplock heavily marketed the security of the product. In addition to the "unbreakable" moniker, the company listed a number of the lock's physical and electronic security protections, including a "double layered" design and technologies meant to make it impossible to "shimmy" the lock. When it came to cybersecurity, the company's privacy policy said it "took reasonable precautions" to safeguard collected data.

And yet according to the FTC, Tapplock actually lacked basic security features. Security researchers found it contained a number of both physical and electronic security vulnerabilities. These made it easy to tamper with the product and with associated user data. Multiple security researchers also found they could easily unscrew the lock's back panel to tamper with and open the lock.

The app was also vulnerable, as the unencrypted Bluetooth connection between the app and the lock device could easily be exploited, allowing "researchers to bypass the account authentication process" to access both the lock and the user's sensitive data.

Further, though the company publicly touted the lock's security, privately it failed to put even a basic cybersecurity program in place. Nor did it follow industry best practices on security, which the FTC said might have helped the company identify the security issues.

In addition to requiring a comprehensive security program that Tapplock must implement, the proposed settlement also bars the company from misrepresenting its privacy and security practices. It must also obtain third-party assessments of its cybersecurity program every two years, with the FTC having authority to approve the assessor.

Key Takeaways

On its website, Tapplock says it has won multiple awards, including Canada's Top 15 Tech Startups and the CES Innovation award. Yet in addition to the FTC action, the company has faced negative media and reputational coverage critical of the lock's security. Andrew Smith, Director of the FTC's Bureau of Consumer Protection, said the company broke its promises vis-à-vis security, noting "Tech companies should remember the basics—when you promise security, you need to deliver security."

Related Articles