tv Senate Hearing on COVID-19 Scams CSPAN July 26, 2020 3:33am-5:55am EDT
at 11:00 a.m. on c-span. night on the communicators, oregon republican congressman brett walden -- >> there is great admiration for the brilliance that pulses in silicon valley. i have been out there and met with a lot of the leaders and it is so exciting to see what is being developed and what the future holds. careful how i say this and i will how lovely offense somebody but there is an arrogance that comes with that incredible innovation that tends to downplay the effect that they have on public policy and people engaged in public policy. when you are that good and that big and strong, sometimes you think you can discard public reaction or political reaction.
monday night at 8:00 eastern on c-span two. scams thathearing on have surfaced during the coronavirus pandemic. a senate congress subcommittee heard from officials on protecting the public, especially the senior population. >> good afternoon. all here today to a hearing entitled "acting americans from covid-19 scams
covid-19 scams." the nation continues to fight the health crisis brought on by the covid-19 pandemic. in addition to the threat this pandemic poses to americans, the economic impact resulting from responsible public health protocols have been felt in every corner of the country. it has become clear that preventing practices and dedicated resources including expanding testing capability and the availability of personal protective equipment are absolute necessities to a responsible path forward in extinguishing this health crisis. however, during this time of national emergency and coordinated recovery, there are scam artists that seek to take advantage of consumers, especially the nation's most vulnerable communities, like that of our nation's seniors. networks consumer reports consumers across the u.s. reported over 136,000 different cases of covid related
scams totaling approximately $90 million in fraud losses from january 1 to july 20, 2020. more specifically, at home in kansas, over the same time, consumers report over 500 related cases totaling over $800,000 in financial losses. everyone should also bear in mind that these are only the reported cases. it is fair to assume there are unable of harmful consumer scams that have been not -- that have not been reported to date. these innovative scams remain difficult for any consumer to wrap their head around, much less defend against. whether it be unsubstantiated health benefits advertised for certain products, robo calls, fraudulent donations or imposters claiming to be from federal agencies collecting mandatory payments, raising awareness to these practices is critical to protecting consumers. as such, this subcommittee has much to learn from industry and
consumer protection experts in their efforts to not only identify and address these harms, but also what they are doing to prevent these harms from occurring in the first place. if there is a role for congress to play in supporting these efforts, those suggestions we will need today and in the future. more specifically i look forward to hearing from the ftc on how there you -- how their authorities are used in addressing covid related scams stemming from abroad and how enactment of the safe web extension act is critical for these law-enforcement efforts. additionally, i would be interested to hear from the witnesses about any specific efforts directed to particularly vulnerable groups like seniors. senator klobuchar joined me in the protecting seniors from emergency scam act, which requires the ftc to report on
scams targeting seniors and appropriately to distribute such information to seniors and their caregivers. the subcommittee looks forward to hearing more about current enforcement efforts to detect, identify and prosecute criminal organizations involved in these illegal activities. if there are ways congers can strengthen the current framework of the task forces to address the crimes, this subcommittee would again welcome the suggestions. today's panel provides a variety of different perspectives on the same important issue. joining the subcommittee is the attorney general of the state of kansas. ftc'sith, director of the bureau of consumer protection. "knowb4der and ceo of inc." while the food and drug
administration was not able to join us today, the agency has been active in protecting consumers around this pandemic and provided written testimony and agreed to respond to questions for the record from the committee members as well. finally, u.s. telecom provided a letter for the record describing the collaborative efforts of companies in the trace back group to actively trace and identify sources of robo calls that only increased in frequency during the pandemic. i ask that this letter be submitted for the record. without objection it is. with that, i turned to senator blumenthal for his opening statement. sen. blumenthal: thank you for having this hearing. in the wake of almost every disaster in this country, no matter how dire, there are always bottom feeders and con artists who exploit people's fears and hopes. we all know, probably everybody
watching and listening today knows there is no cure for covid-19 and there is no vaccine or other medical prevention. that has not stopped the con artists and scams from exploiting people's fears and hopes. in fact, they have defied both science and common decency in taking advantage of people financially. so, the scams range from the invasion of privacy and products that are useless, price gouging, mortgage and student loan relief scams, false cures and fake tests, cons, but more than just financial loss, people face real
health care danger. false cures can kill. false cure not only take people's money, they can kill, and deception can be deadly. so, there are a variety of products, and in fact, the ftc has issued 255 warning letters. those 255 companies were defrauding and endangering consumers before they were caught. those 255 companies are among hundreds of others that are still doing business. those 255 companies have paid no cost, none, for breaking the law and harming people, despite the ftc's warning letters, and they are still doing business. they may have changed their
marketing pitches to be slightly less deceptive and misleading, but they are still out there. and if warning letters will not protect consumers, we need stronger action. on march 9th, i wrote to the ftc and fda, calling on both agencies to take more aggressive action to stop the marketing and sale of fake coronavirus cures, warning letters to marketers, they simply fail to give consumers fair notice. they failed to inform. correct wrong information and they sent no real signal to the market. there need to be real determined just justence, not warning letters for or a slap on the wrist.
last monday i wrote the ftc and fda on the dozens of unsafe supplements being sold on amazon and other online marketplaces that claimed to kill viruses. amazon still has supplements, thecs, probiotics, in search for the covid here. we need to stop the snake oil salesman. i mentioned a number of them in my march 9th letter. in particular, tv evangelist jim baker, who recently promoted a celluloid silver on his show, claiming that it would eliminate viruses such as coronavirus. another one, cellular silver itself claims to quote, achieve complete kyl against 6--
kill against 660 microorganisms. this is deception. we find these kinds of utterly fors as f-- false ads amy --erapy, herbal there is a list, and it is growing. hope that i think this crisis would pass swiftly and that we could return to a normal life, both the health care crisis and the economic crisis. we are six months into this pandemic. there is no end in sight to this horrendous national suffering we -- national suffering. we have seen hardship and heartbreak. it has been aggravated, not reduced, by many of these false
and misleading promises for products that threaten health care, endanger lives, take money from people unfairly and illegally, but also pose grave dangerous to public health, and if we can do something about them, mr. chairman, we will accomplish a lot of good for the american people. thank you. >> senator blumenthal, thank you. we now will hear testimony from our witnesses and we will begin with the honorable derek schmidt, attorney general, state of kansas. >> thank you, mr. chairman. chairman moran, thank you for the invitation and thank you for accommodating our remote testimony today. i will admit it is the first time i've presented congressional testimony without leaving the office of the attorney general, so i hope it lives up to your needs.
mr. chairman, both you and the ranking member have laid out very well the framework in which we operate is a state level enforcement agency. you have my written testimony. i won't read it. i thought i would use my minutes for oral presentation to emphasize the highlights that we have already presented to you in writing. let me first discuss one case, for the purpose of illustrating, not because that case is necessarily all that extraordinary, but it illustrates some of the types of enforcement actions at the state level that we are engaged in. i had already filed a lawsuit prior to the covid pandemic against a defendant. both civil and criminal litigation against i haveng against him, so to say the criminal charges are only accusations and that it is
presumed innocent unless proven guilty, but on the civil side, we accused him of violating our state's consumer laws by selling autopsy services, tissue recovery services and other related types of services without having the qualifications to do so. oined from enj operating with the state of kansas from court ordered during our litigation and then along came covid and we received information after the pandemic erupted in the public consciousness that our enjoined defendant had set up some new companies and was peddling essentially the same services, although in a new package outside of kansas, beyond where he was enjoined, and specifically he marketing his unqualified services to families and individuals who had loved
ones that were deceased as a result of covid to do autopsy and tissue recoveries, which in my view, he is entirely unqualified. because we have a case already request for additional information did not take long. we were able to go back in front of our judge and receive an expanded temporary restraining order that prevents him from representing himself on any of this, including on the covid related services, and also bars him from leaving the state of kansas without case by case permission from our court. tose this case just illustrate, you know, we often talk at the broad policy level about sort of the collective impact of cases and behaviors by groups of defendants, groups of companies, whatever it may be, and those are certainly important, but at the end of the day, enforcement actions, at
least at the state level, typically boiled down to one defendant or associated group, one group of misconduct. so those are the types of cases we wind up dealing with with some regularity. moving beyond that individual case, let me just mention some of the types of complaints, of scams and related misconduct we have been receiving since the pandemic erupted on this stage in march. we have investigations pending with respect to each of these categories. i won't be able to discuss the particular investigations, but i can talk about the general approach and subject matter. as you and the ranking member already pointed out, the crooks and scam artists use the same tools they always use, trying to get into people's pocketbooks. they just changed the messaging to reflect the current concerns about covid and to prey upon what people are currently worried about.
we saw, for example, the first wave related to contact tracing, something that back in march most americans had never heard of. and the text messages would claim along the lines that this is an official communication letting you know you have been in contact with the person who has tested positive for covid-19, please click on this link in order to get more public health information to help you know what you need to do next. of course it was a phising em -- phishing email. it had nothing to do with any legitimate public health purpose. we put out an early consumer alert in our state on that to raise awareness and try to help people avoid the problem, because it is obviously much easier to prevent people from becoming a victim than it is to chase down their money when these scammers operate from
offshore. another type of scam that we have seen a lot of complaints on, as already mentioned by senator blumenthal, are covid prevention and treatment scams. it is everything you have read about, and they come in and all the usual way, sometimes by robocall, and sometimes by personal call, sometimes by text message, sometimes by email. ms, plans to ppe sca sell ppe to folks and then either there was none or it existed but was subpar or it existed and it was good, but it was stolen and it was not there -- it was not theirs to sell. we have seen all of the above. we have seen scams related to stimulus checks, communications saying, folks, we are from the small business administration, we are from the irs, we are from fill in the blank government agency and we are here to assist you and making sure you get the payment to which you are entitled, and we have seen fraudulent unemployment claims,
usually the objective there is to get personal information and a payment based on some type of identity theft. ourlly, mr. chairman, from standpoint, the ability to cooperate with federal agencies is critical. the vast majority of law isorcement on these scams conducted in the state and local level, but we are geographically and jurisdictionally limited. and it makes no sense for us to be doing things and our territory and the federal agencies to be doing their thing in the territory that is kansas and us not to be coordinating we coordinate. we have a very good working relationship with principal agencies you would expect for this type of work, whether it is hhs, oig or the fbi, secret service, among others and we have readable those efforts during covid.
two things i might suggest for consideration on a policy standpoint related to that. one is i do think there is room -- i suggested this to you before covid, and i think covid has proven the point -- room foa more structured relationship between state-level enforcers and our regional, federal law westman partners. federal agencies receive a lot of information. a lot of complaints come from citizens. limited, in terms of size. make choices and look at their choices. whenimes, it is help for our federal partners receive a
complaint, they have worked it up in part because they are trying to figure out what they have. it is very helpful, if they present it to us. we can prosecute those cases. it makes us very happy because it gives us more cases in the pipeline. the second and final thing i would suggest for consideration, there is one thing pending in the senate that would be very helpful in advancing our capacity on some of this. senate bill 79. i know you are a sponsor. it is a measure that has been pending for years now.
it would remove what i think is an arbitrary area in federal law that prohibits states from using the control units to detect or prosecute patient abuse, as opposed to systemic fraud. unless that abuse occurs at an institutional setting. is, somebody who is ripping off and defrauding in --ealth care setting, trying i am not allowed to use the assets, which are partially funded and subject to limitation, to investigate and prosecute that. i have to find out how to do that with other resources. helpful if that
limitation relifted swiftly because it would allow us to deploy already existing and in-place prosecution resources to address noninstitutional covid scams. thank you for the opportunity to present the information. >> thank you for your help in protecting consumers. thank you for your specific suggestions about actions. mr. andrewtness is smith. >> thank you. i am andrew smith, director of the federal trade commission's bureau. my written statement represents the views. of theessarily the views commission or individual commissioners.
i am pleased to appear before you today to discuss protecting americans from covid-19 scams. theite the disruption, bureau has managed to be productive, particularly with taking to scams advantage of covid-19 fear and confusion. many are outlined in my written testimony, but what is truly remarkable is how the entire bureau has visited to the occasion and made a major contribution against covid scams. each of our regional offices is pulling its weight, while keeping up with project loads and cases. practice division is taking on robo calls. our privacy division is focused
on contact tracing and issues around since learning. our enforcement division is taking on fulfillment scams that promise ppe to consumers, but that never delivered. collecting and analyzing complaint data for public consumption and improve law enforcement targeting. it remote courtroom appearance these, testimony and production. until graphic shareable videos and other material in five different languages. it has also been conducting extensive outreach directly and through our partners in the advocacy organizations and
trade groups. our regional offices are doing all of the above, actively engaged in investigation, litigation and tro's. the car on the way up here, i got email about a joint a that our chicago office had done with the missouri attorney general, a warning letter to two separate companies, warning them against making fake claims. that was within the last hour that we did that. none of the work we are doing the be possible without the coordination with federal, state and local partners. sentng with fda, we letters to sellers.
we have been working to halt illegal robo colors. we have taken action against companies offering financing without fda approval. ine actions have been conjunction with other criminal authorities executing search warrants. state regulators are joining us or taking action against recipients of our ftc morning letters. they have worked with us on investigations and enforcement. mentioned u.s. telecom trace back initiative, which has been invaluable to leading us to the source. our partnership has enabled us to reach literally millions of
consumers with our message. one aarp presentation early in the pandemic was viewed by more than 850,000 people. new ideasays open to about how to better educate and protect consumers from ,ernicious covid related scams and i look forward to our conversation on this topic. thank you for the opportunity to testify. >> thank you. the founder and chief executive officer. >> members of the committee, asnk you for the opportunity we work towards developing solutions combating covid scams.
sherman.s stu we are headquartered in florida with offices in europe, south america, australia and southeast asia. our services are used by more organizations with 24 million employees around the globe. the last 30 years, i have served as an entrepreneur in industry. i founded an anti-malware that got multiple awards and was acquired in 2010.
as i was running the company, i realized the human element of security was being seriously neglected. i decided to help organizations to manage the ongoing problem of cybercrimes. i want to provide security awareness training. a variety of industries, including highly regulated field. mobilized their users as their last line of defense. objective, also our consumers to make smarter security decisions by training them to become a human firewall
and defense against social engineering. the shutdown has expended the cyberattack surface, making it even easier for a hacker and scammer to do their nefarious acts. that do not focus on element, we ignore a crucial part of cybersecurity. beginning of this year, covid-19 has quickly we shaped the cyber threat landscape. coronavirus related phishing attacks have occurred per week, over the last month.
no one is immune to being scammed. ofy target different sets consumers. scams go to great lengths to make their attacks as convincing as possible. there few visible sites. frequent social engineering testing. here is one example. vendor. from a security a shift to remote working has changed the face of current andy for future work climate. 94% of organizations are more cybersecurityt
than before covid-19. people are clicking at high rates. on it has been on hardware and software. we cannot solely rely on that. this strategy cannot catch everything. fordoes it address the need a human firewall. any support from congress that would direct agencies to implement ongoing security registering, more than just training and include testing would be greatly beneficial, as we work together to bridge the gap in cybersecurity and protect
american networks. tonk you for the opportunity share perspective on cybersecurity and our industry's unique ability to protect citizens from rising covid-19 engineering scams. thank you for the time and effort you are putting into this important matter of social security. we will all work to serve the best interest of the public. thank you. >> thank you very much. director and the public interest, welcome. for the you chairman honor of testifying today on this critical topic. i am the policy director, a 50-year-old organization.
facing anare unprecedented challenge in keeping themselves and their families safe during a pandemic. public health officials emphasize that we need to --ially distance and walked wash our hands. we are looking for more to protect themselves. those without scruples are actively exploiting consumer fear and anxiety. market -- weulated have been collecting evidence of it to thesending federal trade commission. it includes many misleading claims for those suffering from addiction, asacco well as those making false claims on female fertility.
when the coronavirus appeared, we knew the hucksters would not be far behind. first, we vote about televangelist jim baker, whom we heard the senator described. advancing the claim that products containing colloidal silver could cure coronavirus. ity had previously claimed cured all venereal diseases. there is no evidence that silver supplements heal or treat any symptoms. colloidal server, in large amounts, can be dangerous to kidneys and major organs. it can cause permanent
discoloration of a person's skin or major organs. sent a request asking for enforcement on supplements being marketed as antiviral claims. only drugs can cure or treat disease. found 46 dietary supplements making illegal claims. than for immediate removal. 26 of these supplements are still making antiviral claims on their own websites or on online stores. we continued to be on the look to the claims.ed
in the pandemic, such untruth posed a clear and urgent danger. consumers may fail to practice social distancing, endangering themselves and everyone around them. they may harm themselves i taking dangerous doses or failing to seek appropriate treatment. it is worse than that. any recent episode, he advises consumers to take the immunity supplements he sells and to covid-19ely contract because his supplements will reduce the symptoms. --tary supplements established a bare-bones system of oversight
designed to be week. given the tremendous expansion of products and use by consumers , the system is failing. the fda and ftc need more funding and personnel for reinforcement. toolsa needs far better to make the marketplace transparent for regulators and consumers. shouldtion, congress authorize the attorney general to improve accountability and reach. fda should be given heightened regulatory powers because they are marketed to vulnerable groups. we would appreciate the opportunity to work on oversight to ensure that they are protected from fraud. it should not take a pandemic to
require supplements like any product are truthfully enabled and marketed. you and i am happy to answer any questions. >> thank you very much for your presence and testimony. on april 14, the senator and i sent a letter asking if the ftc had the authority under its flexible authority to enforce against unfair, deceptive act. issue of pricee gouging. respondedthe chairman saying there are legal challenges to address price , and they rely heavily
on the doj and state attorney general's to enforce such activity. historically, the ftc has not authorityon five related to those acts or practices related -- related to price gouging. would you have recommendations for this subcommittee as to what that should look like? >> you are right. shocksave been supply following natural disasters and the like. could the unfairness authority for the increased prices that follow the supply shocks? they have been reluctant to use authority in that way. states haveother
the authority as well. they have seen fit to enact price gouging. schmidt.udes general his remarks talked about that. that a special law would be helpful here. we have worked with some of your offices on this. what we would recommend is the crisis to which the statute applies should be clearly defined and be national in scope . there would be a narrowly defined or clearly defined national crisis that the statute applies to. it would be nice if it defines the type of materials or services that would be covered.
there should be a clearly defined trigger like an increase in price over a precrisis index. what some account for. there should be some acknowledgment that increased cost might be legitimate. if a merchant needs to find alternative supplies, we do not want to discourage that. want to-- we do not discourage people from providing critical goods and services. items.re three or four paternal turn to the -- attorney general. we do have a law in place.
tell me, would you describe your efforts in enforcing law? do, after the 9/11 attacks , the state of kansas enacted our profiteering from disaster statute. is structured, it is in effect only in the time and place of a declared state of emergency by the governor or the president. those are the two triggers. the standard is any unjustified increase of pricing, as compared with a particular price or product. that there is a presumption that something was unjustified, although if it is a pass-through cost, it negates
the presumption and operates as a defense. it applies to what the statute calls necessary goods or services, essentially things that consumers are likely to need more of. that is the structure of our statute. for efforts to enforce it, it has been in effect in a more widespread way than ever before. we have approached this. we have investigated them all. we are investigating them all. throughapproached this engagement with the supplier and retailer. they did not know that it existed because it is so rarely in effect.
other times they are just passing through costs so we can go up the supply chain. we have tried to approach it. we have not actually had to file an westman action. we have had a number of suppliers change their behavior. stateow turn to a former attorney general. >> attorney general smith, thank you for the good work you are doing ethic. he provided evidence as to one of the recommendation made about authority on the part of state attorneys general to enforce federal laws. may, mr. smith,
what do you think about getting state attorneys general broader authority? speakinglly -- i am for myself, not for the commission. a lot of the consumer protection laws that we currently enforce have authority to enforce them as well. i think that is terrific and it is a big help for us. if they are willing to share some of the load, with respect to enforcement, we are delighted for that. isould say that when there -- the federal trade commission or whoever the authority maybe has the opportunity to receive notice of the case before being with those safeguards, traditionally, we have been in favor of the
about them and exaggerate them to their friends or neighbors. is a special responsibility on the part of everyone involved in promoting these products, and i know in your testimony that you make an -- reference to amazon, ebay and etsy. let's do a far better job of removing misleading claims and products. shouldn't they be held accountable? >> yes. i think there has been a perception that the third-party platforms are just a marketplace without a stake in the game. increasingly, we see that is not the right understanding of the model. they profit from having all the sellers on their platform. learned tremendous amounts about the marketplace and behavior of buyers and sellers.
they sell them directly. patrolould be asked to the viability of claims that they are managing. that weviral complaints have filed have been very disappointing to see. they are doing some coordination from news reports with the department of homeland security, around covid products what we would like to do is see more of that shared enforcement model. amazon has been found liable in court for selling food that should have been recalled after
they were identified by the cdc as having a foodborne pathogen. in addition we were working with the family that left their son is unwashed poppyseed, which an opiate, that was sold through amazon in bulk amounts for this purpose. it was clear from the comments these were used for drug purposes. those are the kinds of things we see. we think there could be a much more compelling partnership between platforms and government to deal with fraud and abuse. quick they could be more aggressive. don't they have an obligation? if you search for covid care on sponsoredu still find banners for probiotics and supplements. aren't they complicit along with other marketplaces? have you been satisfied with their response?
>> they have a tricky job controlling the algorithm, which might in part be learning from consumer practices in real-time on the site. i don't know enough about how amazon's search engine works because it is not very clear looking over the site protocols. that would be an area for investigation by congress or the agencies in consultation with the company. flaggednk where we have items like the antiviral claims, which are, per se, illegal claims according to the food and drug administration, they have a clear obligation to act. supplements contaminated with prescription drugs have been sold through amazon. those need to be expeditiously removed.
>> my first round, i hope there will be. a second round. i yield. >> we are following our practice of not informing committee members whether there will be a second round or not. we now turn to the full committee chairman. >> thank you, senator moran. i appreciate the work he and senator blumenthal are doing on this issue. i have a prepared statement i will ask to be included in the record. following the opening statement of senator blumenthal. >> without objection. >> i enjoyed the testimony. mr. smith, we are looking right now in the house and senate at covid-19 response bill, phase
four. this is not a good opportunity to see if you need anything in the bill. said the ftc does not have enough funding or enforcement tools to go after scammers. but you have not asked for any additional equivalents. one thing i would like for you to stress is, you have enough fulfill the task we are talking about today. up onegard to following senator blumenthal's question general,te attorneys maybe that is a way for us to
spread some of the responsibility. when you have been able to farm ,ut work to attorneys general does that involve the state enforcement mechanism only, or are there damages requested? enforcing anything the ftc just -- does. if you could comment, i would appreciate that. >> i will go with resources first. we have not identified any costs we cannot cover. we do appreciate very much the additional funding the house procreation -- appropriation committee has recommended. we appreciate the extra resources we got in fy 2020.
whatever resources we get we will put to good use. i will say we have two very specific needs. legislation to address our authority under section 15 b of the fcc asked. this is the provision we use to return money to consumers. thedecades, boards around country have said we have authority to obtain equitable monetary relief under section 13 b. recently the court in the seventh circuit has question that. this is the first court to do that. the great weight of the authority is felt on the ftc side. this is an issue that has been teed up in front of the supreme court for next term. we expect the court to resolve that issue by the middle of 2021. an adverse ruling from the supreme court would mean the ftc
would lose the ability to get monetary relief under the ftc act as we have been doing for decades. stakes are so high we are asking congress to act now so the fcc -- ftc can continue returning money to consumers. the second issue we could use some help is the reauthorization of the safe web act. the safe web act was last reauthorized in 2012. it will sunset on september 30 of this year. authority the ftc unfair and deceptive practices authority on content that has an effect on u.s. consumers. this allows us to address cross-border fraud, which is a real problem. since 2015 we have had 310,000 complaints from u.s. consumers against foreign businesses. the other thing it allows us to
do is more easily exchange confidential investigative information with our foreign counterparts. we relied on safe web to respond to information sharing requests from 40 enforcement agencies in 17 foreign countries. it has been critically important. a lot of the covid-19 fraud we see is also coming from overseas or canada. two things we could really use help with, 13 b and safe web. ag's, weect to state wetinely have task force -- participate in task forces, regular meetings with our state asian counterparts. they will frequently be coat plaintiffs in co- our cases where they have a better authority than we do to return money to consumers. we sometimes refer cases to them. they sometimes refer cases to us. one of our biggest recent cases was our $170 million settlement
with google and youtube. that was a case we did with the new york attorney general. we have not farmed anything out to the trial bar. our state partners as far as i know, we have been dealing with assistant attorneys general. we have not been dealing with private lawyers who are hired by the attorney general. in my experience, that has been what we have seen. beene not also participating in task forces. that is generally done by the folks in our regional offices. i cannot say for sure about outsourcing to a trial bar, but i have never heard about it. time.are way over you and senator dataman and i have a
privacy bill that would deal with this issue of covid-19. perhaps on the record, our witnesses might tell us if they have had a chance to look at that and if they want to go ahead and enthusiastically endorse this great piece of legislation. thank you, mr. chairman. >> mr. chairman, would you like the witnesses to respond to that now? >> i will be glad to. i do not want to intrude on your time. they can respond within your constraints. >> let us do it very quickly. >> based on the sponsors, i have no doubt it is excellent legislation, but i have not had a chance to review it. >> that means you are offending half the members of the united states senate. -- mr. smith?thal
>> i cannot speak for the commission. we institutionally believe contract tracing legislation would be a big help. consumers need to trust contact tracing apps if they are going to work and after developers need to know the rules of the road. in commission has testified favor of broad privacy legislation. that feeling, contact tracing legislation would be great, too. >> i have not been able to look at this particular legislation. i cannot afford an opinion. of course these things are important. problem.r part of the this slightly more, you would likely see national , not the workards
of current different state security standards. which can prevent a multitude of these types of scams in a variety of ways, but maybe we can come back to that particular issue a little later. >> yes sir, thank you. ms. mcclary. >> we would be pleased to review the bill but i have not had a chance to focus on data privacy. more information on resources if that is of interest to the chair. >> i will try to make certain each of you have an opportunity to respond at the end of the hearing to catch up with anything you would like to add. let me turn now to senator klobuchar, patiently waiting. >> thank you very much, mr. chairman. thank you senator blumenthal as well for holding this really
important hearing today. i think we all know we are in a public health crisis, but also an economic crisis. sadly, when that happens, there are people who pray on vulnerability. while scammers have used as you pointed out at the beginning of your remarks, moran and blumenthal, they have used the coronavirus to exploit americans' fears, the impact of the scam on seniors has been particularly disturbing. reports have found eight out of 10 people in this country who have lost their lives to coronavirus are seniors. seniors who also lose an estimated $3 billion annually to financial scams in a normal time have been targeted for additional scams. just last week, in my state, we had a scammer that pretended to be the child of an elderly minnesotan and convinced that
person to send 25,000 dollars to an address in connecticut. that is why senator moran and i introduced the protecting seniors from emergency scams act in may to help prevent scammers from taking advantage of seniors during the pandemic. we have called on the ftc to protect seniors from some of the contact tracing scams you have all discussed and to educate seniors on how to protect themselves. i would start with ms. mccleary. can you talk about how it is have access to resources from law enforcement, adult protective agencies, to help combat these coronavirus scams, and also with the rise of online shopping fraud in which consumer products are ordered
doing tohat is the ftc protect seniors from these scams? >> thank you so much, senator. thatappreciate the care you and the chairman are showing for this very vulnerable population. we know that seniors, for example, in our work are very heavy users of dietary supplements. 82% of people ages 85 to 64 and 88% of those 65 or older take vitamins and supplements. we have been very concerned the supplements actually deliver on the benefits that are promised on the label. we sued for producing a supplement with a cvs label that promised to have macular degeneration ingredients in it that were effective and lacked those ingredients even though it was sold next to a product that had the appropriate ingredients.
seniors are particularly vulnerable to supplement scams and the way that we have highlighted. they also tend to be vulnerable to the kinds of marketing scams in the supplement marketplace, that is by that guarantee than the money back promises and fishing scams related to those product marketing. that is of real concern to us. their health makes us -- makes them more vulnerable to supplements or the use of supplements for valid medical treatment. it may delay a visit to a doctor that is actually needed. mr. smith i will direct this towards you. is the ftc planning to take additional measures to better protect seniors? victim of athe contact tracing scam? i know the ftc is coordinating
with doj and hhs. can you highlight the measures the ftc is taking as part of this coordination? >> older americans have been priority of ours for a long time. our research shows older americans are not necessarily victimized at a higher rate than younger people. they are victimized at a lower rate. they suffer more losses when they do suffer a monetary loss. some of that has to do with scams like the grandparents scam which is really pernicious and can lead to big losses. our efforts, in addition to law enforcement efforts, our efforts are focused on educating consumers, particularly to these scams. one of our most effective tools has been a campaign called pass it on. and what pass it on does, it is a series of articles, presentations, bookmarks, and videos, and what it does, it is
targeted at older americans and it says, look. you need to give this information to your friend, your neighbor, your family member. you need to educate them about about this scam. toallows older people capitalize on their life experience and their wisdom in educating others. and in educating others they are also educating themselves. we have distributed millions of pieces of this information and found it is effective, but you are right. there are always new scams, particularly involving contact tracing, which -- where they are going to find fertile ground with consumers. >> thank you. one last question. you mentioned legislation enacted in kansas to protect data. do you think providing strong protections for consumers personal data is helpful in
making these contact tracing apps more effective? what more do you think we should ?e doing on the personal data a number of us have been trying to work on privacy issues when it comes to personal data. this goes way beyond the pandemic. i think it has put a magnifying glass on this issue. what do you think would be helpful? testifiedmission has in favor of data security legislation that would civil penalty authority and expanded jurisdiction by the ftc over common carriers and nonprofits. a majority of commissioners testified for something similar with respect to privacy legislation. speaking for myself, privacy legislation would be really both tell app developers and others who might be working on contact tracing issues, let them know what the
rules of the road are, what they the contourswhat of the identified and aggregated data are as an example. beo consumers need to confident in these apps if they are going to be effective. >> mr. schmidt, could you answer that? thanks. we followed with interest many of your discussions and debates in washington on broader privacy issues. from a state standpoint, we always have generalized concerns about preemption, the tension between state authority on the one hand and on the other hand the benefits of national standard, setting that bigger issue aside that i assume would also be a challenge for you at this point if you were trying to do something quickly on this federally, kansas did, our legislature was in special session in june, and we had at enacted what we call
the contact tracing privacy act at the state level. it is characterized as stopgap legislation. it stop -- sunsets next may. it is designed to fill the need while we have a more thoughtful review of what the law can look like with respect to contact tracing. it has multiple parts, some of which are not relevant to your question. essentially it requires contact tracing was largely unregulated even though it has deep roots and is a critically important public health tool. there were not many rules of the road. it operated the way public health officials chose to operate it. obviously the scale of the covid response has brought a lot more people into that business. and therefore, invited discussion about what the rules out to be. requiringings such as specifying participation in istact tracing, whether it the old-fashioned way with pencil and pen knocking on the door.
it is voluntary. we think that is important area it reduces some of the pushback citizens have when the government tells them they must provide information under some sort of penalty. stopgapute again, a prohibits the use of cell phone location information, so most of the apps for contact tracing, our public health department at the state level said they were not interested at this point. we thought it advisable to put the whole thing on hold. until there is more thoughtful review in the spirit of trying to reassure folks it is ok to participate without having to wonder what happens to your information. ensure in that statute there can be your credit mission creep. we ensure the data collected for covid, when it is no longer needed for that contact tracing purpose, must be safely and securely destroyed.
there is obvious he going to be tremendous value for reasons we may not have thought about. it may be beneficial. again, folks may be really discouraged if they think it is an open door. that has been our approach. >> americans have to be suspicious of all kinds of fraud. of this, the coronavirus pandemic has been the convergence of all of these potential scams. it is increasingly difficult to determine what is real and what is not. state ofin my nebraska, we found this when consumers were confused after they received their valid
stimulus money from the cares act in the form of prepaid debit cars and the u.s. -- debit cards from the u.s. treasury. many threw them away. the treasury has been responsive on solving this issue. we have also seen skepticism from consumers contacted from government agencies, contact tracing efforts. going forward,se what can we do to improve trusted channels between the federal government? >> what we are doing at the ftc is educating consumers about contact tracing and the like so that they can be -- we want consumers to engage with contact tracers. we don't want them simply to be afraid and to shut down when they get that email. -- don't beis dumpy
engaged with contact tracers. don't click on any link in the text message. second, the contact tracer, illegitimate contact tracer, will never ask you for money, for your bank account, or for your immigration status. on our website, ftc.gov/coronavirus/scams, we have contact information for all the different state boards of health and other information about contact tracing to educate consumers about legitimate contact tracing. you are right, we need to build trust. consumers need to be able to trust apps if they are going to work the way they are intended to work. >> what are you looking at for best practices? to you trying to reach out state government more to be able to work together so that we can build that consumer confidence? >> we have issued a great deal
of business guidance, including business guidance for contact tracers and for app developers. we have been counseling app developers to employ privacy and security at the beginning of the app development process, not simply build it in at the end. that they include privacy protection design features for their apps such as decentralization of data so the data lives on individual devices rather than one centralized database, that they use anonymous data or aggregated coronavirus, for these contact tracing apps, they use the data only for the stated purposes like general schmidt said. if you are collecting it for public health, you use it for that and nothing else. you delete the data when you no longer needed. those best practices would be relevant to a private entity
developing a contact tracing app or to a state board of health that is developing a contact tracing app. >> thank you. general schmidt, i noticed you commented on the enforcement action that your office has taken related to covid-19 scams. have you carried out those investigations -- as you have carried out those investigations, do you feel there is proactive coordination of the ftc as well as the justice department with state ag's on these covid related issues and other issues as well? >> yes i do, senator. we have a very good pre-existing relationship with our counterparts at the relevant federal agencies, both in regional offices to the extent they are in kansas city at least, or nationally, to the extent they may not have a regional presence. those pre-existing relationships have been really helpful in simplify how we
normally work together in this context. i feel good about that. i think there might be room to may be a more institutional way, to ensure relationships that cause cases to flow federal to state or state to federal for happen, that that may even when there is changes of personnel. much of it becomes based on personal relationships and you have to reinvent the wheel. >> thank you mr. chairman. >> we are pleased to have the ranking member of the full committee here. senator cantwell. ,> thank you to my colleague senator blumenthal, for being the vice chair of the committee and for all your hard work on these issues. i think what i will try to do is just talk about some very broad
issues, if i could. i think my colleagues have covered a lot of territory. let me thank you for mentioning senator klobuchar, the data security issue, it really feels data security is and should be included. thank you for endorsing that alongt of data security with privacy legislation overall. of the usual approach, which is a first time warning, do the witnesses agree the ftc needs a first time civil penalty authority when it comes to some of these covid -- you know, deceptive information and statements given the severity of the problem? mccleary,ow, miss what you have to say or whether mr. smith wants to comment on that. morning tool has
limitations. there are unscrupulous actors in the marketplace that may disregard warning letters. it is enormously inefficient for the ftc to have to track and go after bad actors multiple we have seen a pattern even in tinted with drugs like an fed amines, they will issue a warning letter. the company will come back with roddickightly tweaked and selling into the same -- tweaked product. you have a small number of bad actors, and the letter of authority is to get their attention. >> we were involved in drafting a new law as a related to the same on the opiod crisis, we did not put enough oomph
behind the penalties. we should look at this, while protecting the lives of individuals in the middle of the pandemic when people are reaching for solutions seems a reasonable approach. did you want to add anything to that? >> i would say, i think your question like the opiate law where under section five we bring enforcement action and are titled to equitable monetary relief, but no penalties. if we get it amid a straight of order, the second go around we can get civil penalties. that is what your question was focused on, not so much the warning letters. >> i think the warning letters in the middle of a pandemic on things think might be our or could cause fatalities, it seems that the warning letter may not be strong
enough even the complexity of the environment we are in. we can go to court. every company we sent a warning letter to, we can go to court or to a judge and get an injunction. we have chosen the warning letter because what we have two-stateicularly cures, what we have found is the warning letters are astonishingly effective. claims taken down, and where we cannot, we follow up with law enforcement in a federal court or in front of our administrative law judges. >> what about flexibility? >> what you're advocating is another path like the opiate law where we get civil penalties at our first bite of the apple. that is a better question for the commission, i would get out over my skis. >> what about our definition of
price gouging. that isirness authority unfair in washington, and deceptive practices are similar to what you are, but it is quite broad. do we need to do more on defining the price gouging standard? yes. it would be helpful to have a price gouging statute. if congress wanted us to address gouging, it would be hopeful to have a specific authority laid out, specific guidelines for how high is too high. the five states have the same ftc act authority that we do, the unfair and deceptive act practices. they had nonetheless seen fit to an act of price gouging statute. if you want us to address price
gouging, the statute would be a big help. >> we have been involved in establishing a standard for you on manipulation. .e thought that was helpful we think clarity is our friend. ",think like with the hopefully we can get around it -- if they can get around it, they will. the stronger deterrent and the penalties the better in my opinion. one last question. about --ng to ask let's see. do onlse do we need to some of the larger
organizations that have taken advantage of state on their paychecks and the programs for unemployment? are you talking about large businesses that have obtained paycheck protection program loans? >> i am talking about the abuse of people signing up -- in the state of washington we have had implanted checks given to rings. >> general schmidt from kansas may have thoughts on that. from the ftc's perspective, we send it to the irs or take it to their inspector general. that is real criminal theft. much an ftc problem, but general schmidt may have additional thoughts. i am wondering what we do to
share that data. identity theft and these issues, i do not know how many states have addressed this. if general schmidt wants to offer something. addhe only thing i might that we did not dwell on earlier, with respect to unemployment, it may not be what you are asking about. we have a lot of complaints from folks alleging to broaden benefit payments, identity theft , creating false identities to create payment. law, i do not have original criminal did -- seminole jurisdiction for that crime. we have been referring those to our state which handles unemployment programs, and they work with the federal counterparts when it is
appropriate to do so. a little outside our authority. >> thank you. >> senator cantwell, thank you very much. >> thank you, mr. chairman. i will start with senator cantwell left off, the fraud on unemployment compensation. i am from west virginia. we just had an instance where our unemployment basically said that somebody from the same ip address applied 50,000 different ways to get a benefit with different names, or tweaking different names and i'm wondering, attorney general schmidt, you mentioned that this is an issue that has come up in kansas, but i'm wondering is it the magnitude in which we are seeing? and also, when additional resources but you need to come that something of this nature when a program is created this rapidly, but also, to the great
benefit of people. >> senator, from the vantage point of the kansas turning general office we have not seen that scoop but i could say we might not because i was just describing the senator can't, -- senator cantwell. we are not necessarily the face of the public response. you know, the only thing i might add is something we have talked a thought about it here because we've seen the reports in other states, problems have been widespread and i don't think i am seeing the data. there are other programs weather is a federal state partnership as there is now with the unappointed payment from the federal government to exist -- assist in extending benefits. medicaid program comes to mind, and in some of those programs, congress has seen fit to create certain requirements for fraud policing by the state in order to participate in the program. for example, medicaid fraud control units i mentioned
earlier. i am not prepared to advocate that in the unemployment context, but it seems a logical area to look, what it those programs that has shared funding would make sense in the unappointed context for fraud enforcement. >> i think a lot of our systems are overwhelmed and to try to determined where the front lines and how to detect it i think is an issue. i'm going to stick with you mr. attorney general because i want to ask something that comes up in this committee all the time, that has to be related to scams and either our elderly and others and i appreciate senator klobuchar bringing up the scamming of the elderly, that is an issue i'm very concerned about in all aspects. we do have a lack of broadband in rural areas, and what you find is the best way to really transmit to people who may not have broadband connectivity the
, the possibility of false advertising or false claims or, you know, cures that are going to cure it all or prevent you from ever getting covid. how do you address that? >> we are the lead consumer protection agency for the state of the state level in kansas, and because of that, in ordinary, times we have a very robust consumer education and prevention program. we do it online, as you suggest. we also do a lot of in person visitations around the state, whether it is nursing homes, senior center, people and a large portion of their time after talking with kansas and if you avoid losing money in the first place, better for, you better for, us we can focus our enforcement on the back end. so, that's how we normally do it , and your question implies we are less mobile.
we are communicating remotely. that disables one of our principal tools for reaching kansans, which is go with a are in person and talk with them. we struggle with that. we are doing more online. we reckon issa limits as you suggest. there are areas that will not be effective because our consumers are not able to access that programming. nonetheless, we think there is a significant number of kansans who we do not normally reach online. we could reach online, technologically they are able, so we are doing that because it is better than not doing anything. i have struggled very much with how we reach those pockets of individuals in the state that we cannot reach digitally because they do not have suitable internet access. we cannot reach them physically right now because of covid related restrictions. i do not have a good answer. >> that is a real problem because those are a vulnerable
population. it brings up a difficult question. i have one more question to mr. smith. we have seen a big increase in scams obviously, and they are heading toward the vulnerable population. what limitations does the ftc have, and i have created an act with senator gardner which would increase penalties for false advertising. i am wondering if that would be a helpful tool, if you are aware of that, and what additional tools you might need in the ftc to break up these large advertising scams that we see. >> i am familiar with the act, and i think we may have provided technical assistance and her offices, and we are happy to
continue working with your office on that law. with respect to specific tools that we could use, i mentioned earlier reauthorizing the safe web act. i think senators moran and have introduced a cosponsored bill that would reauthorize the safe web act. that is quickly important for law enforcement. some of these covid scams come from outside the country. the second thing is to clarify our authority under section 13b of the ftc act. for decades we had authority to obtain equitable monetary relief under section 13b. and recently there has been one important court of appeals that has called into question that authority. that issue is now in front of the supreme court, and will probably be resolved sometime next year about this time. it wouldeantime,
be great if congress could act to clarify our authority that we can get and redress. >> a vote has been called. inave been very lenient time. i will try to be less so. , it is your turn. chairman moran and ranking member blumenthal for calling this hearing on the important issue of protecting our constituents from covid-19 scams. there is unprecedented demand for products to protect against the transmission of coronavirus and the scramble to keep our families workers and customers surge in scams a and fraud against consumers. the ftc has received over 136,000 reports of scams related to covid-19, including 477 from new mexico, and people have
reported losing nearly $90 million on these and other covid related frauds. but is not just individual consumers that are at risk here. there are increasing reports of companies misrepresenting themselves in contract with local, state, and federal agencies to procure ppe. a $3 million health service contract was given to a former white house official to provide one million respirator masks for use in the indian health service that is serving the navajo nation. masks did meet, the not meet the fda standards for use in health care settings by health care providers. the issue ofress substandard masks. thousands procured were
determined to be substandard and not for medical use for an ihs hospital serving the navajo nation in arizona. i brought this up directly with the ihs director and told him this was absolutely unacceptable. were neverthe masks used, but hhs and fda ought to be savvy to consumers when it comes to workplace safety in the medical field. i will have a written question for our in writing, when it comes from the fda but much more clearly, what can this administration due to better protect workers both in the private sector and government, oshao you support emergency standards? >> absolutely. we are absolutely on the record of supporting osha's development of an emergency standard for workers at risk of contacting and developing covid. we are particularly worried about meatpacking workers were we have seen a large number of deaths even among inspectors but also workers and maybe something
about the working conditions in close proximity that leave these to be hotspots. workers really need these protections in order to maintain our food supply and keep going to work. we need a healthy workforce. we are backing the measures that have come out of congress and several packages for an emergency temporary standard for workers. in addition, we think there should be a concerted effort to develop mask standards for workers in the health care setting. we know there is some of that going on under way. attentionof concerted by the fda to set standards. masks in the health care setting have been to protect the patient from infection by the health care worker, not necessarily to protect the worker. there needs to be a new and urgent effort to ensure workers
in the settings where they are dealing with patients are also protected. are platforms doing enough to put a stop to questionable goods and fraudulent goods before they are sold. ? been a concerted effort by amazon and other platforms to work with federal covidities and get rid of cures and treatments. behind that, there is a lot more work to do. in general we need a plan for when platforms are selling supplements to public, and the false claims they are making, and actively patrolling them, not just during a pandemic. not all platforms are making enough of an effort. we have looked across a number
of platforms, and not all of them are free of products that are explicitly promising to treat or prevent coronavirus, which is a problem. >> thank you. mr. chairman, knowing a vote is on and we are pressed her time, i will submit the rest of my questions. i believe there is a role for the attorneys general to play here, and i hope our witnesses left to the question on the record. i would yield back at this time. >> thank you so much. senator baldwin. >> can you hear me? >> yes ma'am. >> can you see me? >> we can. >> thank you. .hank you, mr. chairman this march i introduced a bipartisan bill to incentivize states to provide compensation
to elderly victims of financial fraud, abuse, and exploitation. after's bill learning the story of her and her family, who wrote me a letter asking that i work on legislation to help seniors get money back when it is stolen from them, especially when it is earned over a lifetime of hard work. general schmidt, do you believe elder financial fraud and abuse is underreported, and are you aware national programs or efforts that would incentivize states to provide compensation or restitution to these victims if they are unable to recover restitution from the offenders themselves? senator, i absolutely believe
elder fraud and financial abuse are underreported. i have everata reviewed has been substantial and suggests what order of magnitude. of your question about compensation, i am not aware of it, any program that provides compensation to elder victims of crime. there is the crime victims compensation program generally that i am not sure all states participate in. is restrictedion to certain categories of costs associated with violent crime as opposed to financial losses. we make a priority in kansas in our enforcement actions to put restitution first, and the states recovery, that usually is more important at the collection
stage than the liability stage. , it would make a good conversation to talk about whether there is some compensation program to assist somebody who have lost their life savings as a result of scams. >> thank you for that. edith and her family were $80,000out of more than by the longtime financial advisor. they fear they will never get that money back that was stolen from them. was able toly uncover the fraud because edith asked for help, and her son-in-law recognized there was a problem when he was attempting to reconcile and balance her checkbook. april youhmidt, in wrote a letter to senate leadership in which you and
other attorneys general noted that emergencies and disasters situations invite abuse and exploitation of vulnerable and isolated populations. i want to know if you are concerned with seniors who are isolated from family members, loved ones, caregivers during the pandemic, and the support networks that they usually rely byare being targeted scammers. how does this separation from typical caregivers make seniors more vulnerable and susceptible to such scams? senator, this is one of the things that keeps me up at night right now. we have focused tremendously in the kansas attorney general's office. a couple of years ago when i was president of our national association of state of it attorneys general, we focused on elder abuse issues from the
state standpoint. it is a long-standing priority for us. i am very worried seniors who may be physically isolated ordinarily and have their contact come to them or in terms of health care or other home support, or who go to contact but in a very discreet manner, they go to a doctor's office, their coffee clutch for lunch, but they are now separated from those defective early warning acto early de f warning systems that can spot something out of the ordinary and perhaps sound the alarm with this. i do not want to sound like a broken record, i mentioned it in my opening statement. i believe one step congress can take swiftly without controversy would be to include in some vehicle this year, perhaps the
next covid bill, whatever is appropriate, the text of senate 9, which is the latest incarnation of a bill we have been working on for several years. advocacy,gan the asking for this change in statute so that we can use our existing already funded, already trained, already skilled resources in our control units the exit doors of the nursing homes and long-term care facilities, and reach exactly the type of isolated in visuals the medicaid program you are talking about. thank you. i think my time has run out, so i yield act. -- yield back. >> thank you, mr. chairman. pandemicare using this
as an opportunity to defraud our seniors. arizona has reported many fraudulent to the ftc. those are just scams reported to the fcp. we know that damage is far greater. -- the public can believe certain products can cure covid, but there is no scientific basis to support these claims. scammers have also distributed counterfeit personal protective equipment, all continue to work with partners on the federal, state and local levels to ensure we have adequate resources to prevent scams where they happen, ensure that we are returning funds, and punishing the scammers stealing from our families. the mentioning of our bill to stop false advertising during this pandemic. our bill increases penalties on
scammers, and we hope to find bipartisan support for this legislation. my first question is for attorney general schmidt. due to the coronavirus pandemic, scammers are using fear and confusion to steal money and personal information. i teamed up with our attorney arizonans about common coronavirus scams. this includes trying to self fake coronavirus axes are unproven treatment. scammers are calling seniors and paymentsng to cut off for food assistance if they do not share personal information. this criminal behavior hurts the victim, but it hurts legitimate charitable initiatives trying to help vulnerable communities respond to the virus. my question is, how can policymakers help our constituents distinguish between scams and legitimate offers of and offer additional resources that states need in
order to effectively fight these pandemic related scams? senator, it is a difficult question because mixed visiting is the bane of effective messaging. we normally are all on the page of, do not answer the phone, do not respond to the inquiry, hang up on the bad guys if you do not know them. now we are saying that is all true but we would like you to whennd to contact tracers they engage with you. that creates a difficult message to convey to vulnerable populations. i can tell you what my messages when i talked with kansans. i say it boils down to two simple points. number one, if youdid not initiate, in u.s. the arizona,
new is the consumer, if you do not initiate the contact communication, then just assume it is not legit. now, that gets me trouble with some legitimate businesses and public sector folks but from a consumer protection standpoint it is a simple, straightforward message. you think you need a widget, sitting at your breakfast table, initiate the contact with a cellar of widgets and now you at least know you are in contact with a legitimate operator. the old-fashioned advice is still good. you've visited, whether it is online, remotely, or in person -- or person, do business with those who already no interest so shop local and reputable retailers in retail space. again, it is not perfect but those two principles are usually what i tell folks. >> thank you, attorney general. i appreciate that. my next question is for mr. smith. part of a fight against coronavirus, many organizations have experienced shortages of ppe, disinfectant and cleaning supplies, and other items that
would help them reopen safely. as the virus continues to surge in places like arizona, our local businesses, schools, nursing homes, and health care facilities are continuing to struggle to buy supplies from their usual and trusted vendors. what advice do you have for businesses and organizations that want to buy ppe or other coronavirus related supplies, in order to avoid fraudulent or counterfeit materials. >> well, our efforts with respect to ppe have largely been focused on shopping home scams or fulfillment scams. companies offering to sell ppe, and you order the ppe, next day delivery, and it is not delivered next day in fact, it is delivered never so, the folks we are protecting are generally consumers and not businesses and we brought at least one enforcement action in that area. we have several more in the pipeline.
i would say that what we were enforcing there is our mail and telephone order rule, which requires that if you are not going to deliver on time, provide a notice or the opportunity for a full refund. with respect to this larger institutional purchases of ppe that you're talking about, we also have been working for the department of justice which has been extraordinarily active under the defense production act. a lot of our ppe fulfillment issues have followed on their price gouging under the da. so, there are unscrupulous sellers or they're selling counterfeit products, price gouging, taking advantage of institutions' needs for these products, in this time of emergency and so a lot of that, i think is being addressed by the criminal authorities in the department of justice.
>> thank you. mister chairman, my time is expired but i want to thank you for holding this important hearing. >> senator sinema, thank you. senator blackburn. >> thank you so much, mister chairman, and i want to go to the issue of privacy. mr. smith, you mentioned this in your statement, and let's look at the issue of protecting that private information, and if that falls into the hands of scammers, what are you doing to make certain that people are not being scammed based on their information for contact tracing. because what we've learned, when you look at the virtual space, whoever has that data claims possession of it, feels that they own the virtual use, they
have access to this, and then begin to use that to follow you and to share your information with outsiders. so, general schmidt, let's talk to you, or start with you and then if each of you will add, i want to hear about what is being done to protect privacy, and to protect the following information via contact tracing. >> senator. i appreciate the question. i don't mean to sound glib to anyone who is listening, but often in this space, i think of the old expression that the road to hell is paved with good intentions and i worry, in the contact tracing space, because we have grown so rapidly into that data collection that perhaps we have not put in place the ordinary safeguards we would
otherwise put in place if any entity, government or business that is collecting large amounts of personal data and we have done it for a good purpose, to try to properly contain the spread of the virus. i have been sort of the contrary voice on that i have done it deliberately because i think we need to have a more balanced conversation. as i suggested earlier, and i will not repeat myself, we did, in, kansas and legislature included a stopgap privacy measure. it is designed to put in place guardrails, rules of the road, duties for privacy, distribution on limitation and the light, for all of the data that is collected, but the digital stuff we're talking about in terms of active element here but also data is collected the old-fashioned way so, once it is collected in the database it does have value to some folks so, we have tried to put in those limitations to make sure
data is protected and they can feel free to participate openly in legitimate tracing efforts. >> let me ask you this. first of all, what i have heard you say is we need to have a federal preemption, and one federal standard for the retention, collection of and retention of this data. is that correct? >> yes, with an important caveat, and that is, this and this is my state rule coming out. i do understand the importance of a federal standard. that makes sense. i understand that but i would suggest that we don't want complete federal preemption of state enforcement. >> correct. >> but we also don't want to compel state, for example, state ag's to go to federal court, follow federal rules to enforce a federal law because with all respect, as i've said to my
colleagues many times, i wanted to do that i would try to be a u.s. attorney. i am a state actor. so what makes sense to me is set a federal standard with respect to data privacy but to allow states to independently enforce that standard under state law in state court, with state procedures and state rules, as long as we are holding those same standards. >> let me ask you this, before we move on, and my time is about to run out. should then we see that, should it be that consumers, the online consumer has the ability to choose to opt in to share their information or choose to opt out if they do not want that and -- entity that is collecting and holding that information to share that with third parties. is that something that should be granted to them, or a protection afforded to them? >> it does seem so to me.
obviously as you know better than i, that is part of a robust policy debate both here and with our friends in europe. but i am on the general side of the debate that suggests my personal data is my personal data and i have to be able to control with whom it is shared and then re-shared. >> all right. i'll tell you what, mister chairman, i will yield back the remainder of my time. >> thank you for yielding back. i've got to go vote. i have one question i want to ask and then i will turn the hearing over to senator blumenthal for a question or two you may have. he is going to then close the hearing. we are to be exiting this room by 5:45, so, our panel of witnesses should breathe a sigh of relief that it can't last much longer. i want to ask mr. chairman, with noteworthy cybersecurity news related to twitter last week, it serves as a pretty
significant example of social engineering. these attacks continue to evolve while posing harm to americans. your testimony indicated that these types of threats are responsible for quote, upwards of 93% of data breaches. do you have any recommendation for the subcommittee on how congress can draw increase consumer attention to these risks, or even prevent them from occurring in the first place? >> yes. ideally, there should be federal / national cybersecurity standards. there are several standards. for instance, the national institute of standards for technology. they have several standards in place. the problem is that if you want to really combat social engineering attacks, you're going to have to go far and why
-- wide. you go to have to get the private sector to some degree involved and motivated to live up to data security standards. if you had asked me what is the best framework to use in this particular case, i point to the department of defense cybersecurity maturity models certification. they have a very good model where you have five levels of ramp up in the sense of making sure that you comply more over time and can build up your resilience against scams like this, and basically, the ultimate or very effective solution for all the scams that
you see is awareness, training the elderly, aarp is doing a good job of that. it's an awareness issue. educate. also protect. standards of protecting just the home pc but also open networks. it should ideally be a federal standard, so that everyone can comply. at the moment, it is patchwork. as we can see, it isn't working. >> thank you very much. thank you to all the panelists for your presentation today and general schmidt, thank you for joining us from home. derek, i have known you at least since you were a young senate staffer and thank you for your public service now for a long period of time, on behalf of our fellow kansas, i appreciate your
presence with us today, but i appreciate your presence in case -- kansas and what you do for all of us. i now recognize senator blumenthal. >> i want to join in thanking you as a former fellow attorney general. i would just say the next time we have a hearing with you as a witness, maybe we can do it kansas instead of here. >> that would be welcome, sir. >> i would ask you specifically because mr. smith has said he would welcome a price gouging law at the federal level and i completely agree because right now there really is no federal price gouging law and that is a great obstacle to effective federal enforcement and i encountered this issue when i was state attorney general, urging the then attorneys
general of the united states to take action, and the ftc and they said to me, well, we have no federal law. and in kansas, you have a price gouging law that says that a price increase is presumed unjustified if it exceeds by 25% the pre-crisis level. tell me how you feel about that law. do you think it is helped or harmed your offices ability to bring in enforcement action and whether he would recommend it to us in the united states senate, and the congress? >> senator, i think it has been useful for kansas, as mr. smith has suggested a couple of times. try to use our general kansas version of the authority. we actually don't have an unfair
standard to deal with price gouging but it is really clunky to do that and it is much better if there is something that looks more like a bright line standard. that way everybody knows what the rules are and our experience has been, by having that on the books, it has allowed us to give voluntary compliance almost universally at least from legitimate actors. the crooks and scammers are crooks and scammers, that is a different category but you're talking about price regulation, we're talking about at least, to some extent, dealing with very legitimate enterprises and the bright line rule in law. at least it has been for us. >> clarity is always good for enforcement. let me ask you, and this is a
little bit of an unfair question because senator moran is not here. if we were to adopt a federal statute, i personally would be of against making it preemptive of all state laws, probably preemptive. i don't know how you feel about that issue of preemption when it comes to either price gouging or other federal statutes. >> philosophically, as i guy,sted early, as a state i'm not a fan of federal preemption generally as a philosophical matter. having said that, i recognize there are times makes perfect sense, as i discussed in the senator black, data privacy, i understand why you cannot have, as a practical matter, 50 plus, with territories, different sets of standards, or focus to manage -- folks to manage that privacy
. so, the one thing i say on that, and i am quick to say, this is always true, but it is particularly true in this area, i speak only for myself, i have colleagues in the state and territory attorney general community who are very different views on this but speaking for myself, when congress is made the determination appropriately by subject matter for a federal standard, and some area, let's say data privacy or maybe it is on price gouging, or whatever it is, as a general matter, if that is gonna be what congress does and if it's going to preempt state from having any different standard, my own preference would be, don't go further than that in the preemption. don't prevent me from having a state law that quantifies in state law the same standards so, it is the same performance part of the regulated entity that i can then enforce independently
under state rules and state court with our state procedures because that is what my team is accustomed to doing and perhaps in some larger states where they have very large protection shops, consumer protection shops, they are accustomed to going down every day to enforcing federal law, whether it is a super statute overrun for it might be. i think it is not true for a lot of smaller states and so as i'm making enforcement decisions, just to be blunter than i should, but just to make the point, i will overstate it, i mean, i've got enough to do and forcing the laws of the state of kansas that i was hired by my voters to enforce, and forcing federal law is not a great privilege than i aspire to. it is something else to do. it is not very high on the pecking order. so i would much rather, if congress is going to set a standard, set it, but then let me work with my legislation, perhaps in addition, i have no objection to that. don't make it my exclusive option. let me work with my legislature to find a way to bring state law alongside and enforce that standard our way. >> thank you. i appreciate your perspective
which i find very valuable. on this topic of privacy, i want to ask you, mr. smith, contact tracing apps are not regulated under hipaa or any other privacy laws. i have introduced bicameral legislation to regulate these acts. the proposal is called the public health emergency privacy act, but isn't there more than bash that -- more that the ftc could do? i know you have issued general guidance but nothing recent and nothing specific, as far as i'm aware, such as advisory notices to the tech company. if the system of contact
tracing is going to have any chance of work, privacy has to be assured to consumers. that is the ftc's job and i'm concerned that the ftc has been silent. >> so, the privacy of contact tracing have to be would address now in the absence of any federal legislation, using our unfairness and deception authority and i can't comment at specific companies or any specific investigations, whether we might have them open or not, but this is an area where we have been heavily focused and part of that is because consumers, you are right, consumers have to trust these contact racing apps if they're going to work. we need a lot of updating in order for contact tracing apps to work. apps developers also need to know the rules of the road, so, we have recently within the last
month issued business guidance to app developers where we have five or six specific points that they should take into account when developing apps. now, some of these are not going to be anything new to you, like privacy by design, for example. but there is one that's kind of interesting which is, use privacy protective design features, such as decentralized protocols. so, one of the things that i think is really interesting about these contact racing apps that we've been running into recently is that they don't actually collect everybody's location in one big centralized database, and everybody's health information in one big centralized database. it lives here, and it is, and i have my bluetooth turned on, and you have your bluetooth turned on, and it has, these devices all have a single bluetooth identifier and if i test positive for coronavirus then that gets uploaded to the database and you dial into the database and you see, is anyone
in any of these bluetooth ideas that i've been in close proximity with, is in the database or not? so, by using those kind of decentralized protocols we solve a lot of privacy issues up front. other guidance which, again, no surprise, don't use identifiable data, use aggravated data to the extent you're able. some of these apps will do things like display heat maps for where there is particular risk of exposure so that you don't need to know, you don't need to have even unique personal data, much less personally identifiable data. the aggregated data will be just fine. so, we have in the last month or so issued business guidance for app developers but, you are right, that this is an area where we need to be vigilant and we are heavily focused on it because this is the privacy issue but 2020. -- for 2020. >> it is one of the key privacy
issues and has such freedom implications, as you know, as well or better than i, and i'm just thinking that more clarity and specificity. more information made available to the public, i am aware of those protocols of decentralization, the use of bluetooth, amazon and google are working on systems. there is a coalition of groups that is hoping, i think, to have it ready by the end of the summer but an explanation to the american public about how this data is safe, what those rules of the road will be and how they will be impervious or at least highly protected against intrusion or interference. i think it would be very valuable. >> excellent point. our consumer ad so far has to spot a scam. if they ask for money, it's not
legitimate, that kind of stuff. but we might have to explain that this is what a contact tracing app does and how it works. >> because, as you know, as you well know, contact tracing does not work unless you reach a threshold level of participation. and now, we are nowhere near anywhere in this whole country, and very few places in the world, if any have reached that threshold level. so you know, we talk so broadly and frequently about, we need testing, we need contact tracing, we need a vaccine, we need therapeutics, and in some ways the contact tracing maybe the most difficult of all to achieve because we don't have that trust and credibility. >> so, i'm not up to date us today but i do not believe there
are very many statements of help -- state boards of health that have contact tracing apps and i do think in the past, cases passed a contact racing law but i have heard only one or two states that have developed these apps and then of course the apps are going to have to be able to work together, right? virginia will have to be with oklahoma and the different apis, whether it be google or apple, will have to work together so, it is a significant challenge. >> right, well, we can talk about a lot more. i have one more area of questioning that i want to cover. you mentioned that the warning letters are, i think you said, effective, maybe even very effective. maybe in some cases, but i talked about 255 warning letters. a lot of those scammers have come back, maybe not with exactly the same language, but
they are back, and in some part due to the lack of vigilance on the tech platforms that i mentioned earlier and miss mick larry very articulately described need to be held more accountable but i just want to say about warning letters. speaking as a prosecutor, you know, i used to try to get actual court judgment. not even consent order, because you have to go back to court to enforce it. with a warning letter, you have nothing to enforce. it is no deterrent. if you leave here and you drive above the speed limit, 85 miles an hour in a 60 mile an hour zone, and you get a warning letter, the deterrent effect, especially if you know that the next time you'll get another warning letter, has very little impact.
so, i wonder whether a more aggressive use of, whether it is administrative or actual judicial process for judgments, for fines, for even criminal reform, would be appropriate. >> there is a lot there and i agree with you 100% than a warning letter by definition is a warning letter. there is nothing to enforce, but, in the last, let's say we've been at this for three and a half months, middle of march. maybe four months. in that time, we have succeeded in getting almost all of those 255 companies to take down the claims and for those that have, that haven't.
haven't, thereat are some, taking the claims down only to replace it with something that is equally misleading, we are pursuing law enforcement action, both in federal court and in front of our administrative law judges. you've seen the fruits of some of that and it is outlined in our testimony, there is a lot more than in the pipeline, though. those cases take time. particularly when you're talking about fake cures, the way that we will typically prove that it is with the expert testimonies. that takes time. it also takes money but i think we have the resources, i think we have the man power to do it. we are doing it but it is not something that can be easily done overnight and so, you know, these warning letters have been very fast and very effective and
when not we backing up with law enforcement but you are absolutely right that a warning letter on its face is not worth much. now, general smith said that with respect to price gouging that a lot of the challenges just telling companies that are legitimate that hey, look, you cannot do this. you cannot say this, and when you do that, if we can fix the problem through that kind of communication, then we need to be doing that, but i appreciate your concern, absolutely. >> i think there are all kinds of different potential violations close to the line. some are in a gray area. you know, when you recommend the equivalent of somebody swallowing hand sanitizer or something like that -- >> right. >> or bleach or whatever and you're making money from it -- >> right.
>> i think that something more than a warning letter may be appropriate. >> well, there are also -- we have been working with the fda, as you know. >> yeah. >> and fda has been -- as they outlined in their testimony, they've been bringing actions criminally. we've been making criminal referrals. so, we work with a wide variety of partners. sometimes in our cases we get there and realize that the crims are involved too. we'll defer to them unless they want us to come along with them which has happened in a couple of cases. we can sometimes get relief more quickly than they can. they can do their search warrant and at the same time we can get our asset freeze. >> thank you. at the risk of being tossed out, him -- which has not yet happened to me as a senator, tossed out of the room, i'm going to close the hearing. but i am certainly interested in following up on many of these issues.
i want to thank each of our witnesses, mr. smith, attorney general schmidt, all of you for your excellent testimony, and for important for your excellent work. you are trying to make these laws work. we make the laws, but you try to make them work. and i really appreciate your being here today. i'm sure the chairman joins me in that sentiment and hope we have an opportunity to talk soon again. this hearing record will remain open for two weeks. during this time, senators are asked to submit any questions for the record. upon receipt, the witnesses are requested to submit their written answers to the committee as soon as possible. i, again, thank the witness, witnesses, for being here, and this hearing is adjourned. thank
♪ washington journal, every day we take your call live on the news everyday to discuss policy issues. morning, ahis campaign advisor discusses reelection strategy and we have a political set terrorist joining us to discuss his book. watch "washington journal" this morning and be sure to join the discussion with your phone calls and facebook messages and tweets.