date, FTC v. Fortuna Alliance,16 the defendants allegedly promised consumers that, for a payment of $250, they would receive profits of over $5,000 per month. The program spawned numerous web sites on the Internet and appealed to victims all around the globe seeking to get rich quickly for little effort. Yet sheer mathematics dictated that 95 percent of the consumers who joined the program could never make more than they paid in. The Commission obtained a temporary restraining order halting the unlawful practices and freezing the assets of the individuals who developed and operated the Fortuna program. The court order also required the defendants to repatriate the assets they had deposited overseas. In February 1997, the defendants stipulated to a permanent injunction that prohibited their alleged pyramid program and provided for redress to consumers who requested refunds. The defendants subsequently balked at paying many consumers, and the Commission filed a contempt motion. The court did not impose sanctions but issued a compliance order against the defendants on January 6, 1998. The compliance order clears the way for over 8,600 Fortuna members to begin receiving refunds.

Another alleged Internet pyramid scheme targeted in a recent Commission law enforcement action was Credit Development International.17 The scheme was propelled by allegedly false promises that those who joined CDI would receive an unsecured Visa or MasterCard credit card with a $5,000 limit and a low interest rate, as well as the opportunity to receive monthly income of $18,000 or more. The Commission filed its complaint on October 29, 1997, and on October 31, the court granted a temporary restraining order, appointed a receiver to oversee the corporate defendants, and froze both the corporate and individual defendants' assets. After a hearing, on November 20, 1997, the court issued a preliminary injunction against the defendants. The Commission's staff estimates that over 30,000 consumers collectively may have lost 3 to 4 million dollars in this alleged scam. This matter is still in litigation.

The Commission's investigators discovered the Credit Development International scam as part of an ongoing effort to monitor "spam"-also known less colloquially as unsolicited commercial e-mail (“UCE") on the Internet. One theme sounded in the_Commission's recent privacy hearings was that an ever-increasing volume of UCE strains the capacity of on-line service providers and threatens the development of the Internet as a conduit for commerce. For example, at the Commission's privacy hearings held in June 1997, America_Online (“AOL”) reported that it handled 15 million electronic messages per day. By September 1997, that number had quadrupled to 60 million messages per day. Significantly, AOL has estimated that UCE comprises as much as one-third of all e-mail traffic.

Beyond the sheer volume and potential annoyance of UCE, many UCE messages may be misleading or deceptive. 18 Alleged scams like Fortuna and Credit Development International generate huge quantities of UCE, because e-mail is unparalleled as a means of cultivating a “downline"-additional recruits to a pyramid-—for virtually no cost and little effort. The same attributes make UCE attractive to other types of scams as a means to solicit millions of consumers for little cost.

Although most Internet fraud is fairly traditional, the Commission has taken action against one scheme that uniquely and ingeniously exploited what can be done on the Internet and only on the Internet. The case FTC v. Audiotex Connection, Inc., CV-97 0726 (DRH) (E.D.N.Y.), presented a scheme that allegedly "hijacked" consumers' computer modems by surreptitiously disconnecting them from their local Internet Service Provider (such as AOL) and reconnecting them to the Internet through a high-priced international modem connection, purportedly going to Moldova but actually terminating in Canada. On various Internet sites, the defendants offered access to free computer images through a special "viewer" program. If a consumer downloaded and activated the viewer software, the alleged hijacking automatically ensued, and an international long-distance call (and the charges for it) continued until the consumer turned off the computer-even if he or she left de

16 Civ. No. C96-799M (W.D. Wash., filed May 23, 1996).

17 FTC v. Nia Cano d/b/a Credit Development Int'l & Drivers Seat Network, No. 97-7947 IH (AJWx) (C.D. Cal. filed Oct. 29, 1997).

18 In addition, UCE often contains fake or altered routing information in the address portion of a message, i.e., the "From," "Received from," or "Reply to" lines. Thus, consumers may not know who sent the e-mail or to whom they should reply. Fake "Reply to" lines also may send undeliverable or reply messages back to the wrong address, thereby tying up a legitimate business's computer. This may confuse consumers, but in addition, UCE may directly deceive them through misleading advertisements or solicitations that appear in the body of the e-mail itself. The Commission has received, directly or by referral from consumers, over 50,000 UCE messages. Our staff actively reviews these messages and investigates purveyors of UCE that may violate the FTC Act's prohibition against unfair or deceptive practices.

fendants' sites and moved elsewhere on the Internet, or left the Internet entirely to use a different computer program.

Commission staff were first alerted to the Audiotex scheme by security experts at AT&T. The United States Secret Service assisted staff in ascertaining how this "Trojan horse" viewer software worked, and AT&T lent further assistance in tracing the software back to specific web sites. With this help, the Commission's staff completed its investigation, filed a complaint, and obtained an ex parte temporary restraining order and asset freeze against the defendants within just 31 days of learning about the alleged scam. The lawsuit was recently resolved by entry of a stipulated permanent injunction against the main defendants named in the Commission's complaint and the issuance of a virtually identical administrative order against additional parties found to have played a role in the alleged scam. Under the two orders, the defendants and administrative respondents are barred from engaging in the alleged unlawful practices, and over 38,000 consumers should receive full redress worth an estimated $2.74 million. 19

Consumer Education

The Commission has gone on-line to reach Internet users. Since April 1995, the Commission has used its web site at "www.ftc.gov" to make instantly available to consumers a rich and continuously updated body of advice and information. The Commission_receives approximately 60,000 to 75,000 "hits" per day on this home page.20 In September 1997 alone, FTC.GOV received almost 2 million hits from 114,000 visitors.

In constructing its web site, the Commission has put a premium on making it not only comprehensive, but also user-friendly. FTC.GOV contains a search engine that allows consumers to pull up information by typing in a few key words. The site also contains a special section called ConsumerLine that provides news releases, consumer alerts, and on-line versions of all of the Commission's consumer and business education publications.21

Building on the success of the FTC's home page, the Commission's staff conceived a plan to create a new site at "www.consumer.gov" and has developed the site in partnership with sister agencies-the Securities and Exchange Commission ("SEC"), the U.S. Consumer Product Safety Commission ("CPSC") the Food and Drug Administration ("FDA"), and the National Highway Traffic Safety Administration ("NHTSA"). CONSUMER.GOV provides the public with "one-stop shopping" for federal information on a broad spectrum of consumer issues, ranging from auto recalls to drug safety to investor alerts.22

Extending a hand to consumers at their most vulnerable point-when they are surfing in areas of the Internet likely to be rife with fraud and deception-the staff of the Commission has posted several "teaser" web sites. The "Ultimate Prosperity Page" is one example advertising a fake deceptive business opportunity. The "Ultimate Prosperity Page" uses "buzz words" and promises of easy money common to many such scams. When the consumer clicks from the "Ultimate Prosperity Page" to the next page in the series, he or she finds glowing testimonials from fictitious persons who purportedly have achieved fabulous success through the business opportunity-again mirroring the typical get-rich-quick business opportunity scam. Clicking through to the third and final page in the series, however, brings the consumer to a sobering warning: "If you responded to an ad like [this], you could get scammed." The warning page gives advice on how to avoid fraudulent business opportunities and provides a hyper-text link back to FTC.GOV, where consumers can learn more about investing in franchises or business opportunities.23

There are now other teaser sites, posted by the Commission's staff, that mimic pyramid schemes, scholarship scams, deceptive travel programs, false weight-loss claims, and fraudulent vending opportunities-all perennial frauds that have been practiced on consumers for years through direct mail, telemarketing, and other means, and are now enjoying new life on the Internet.24 The Commission's staff has registered each "teaser" site with major search engines and indexing services on the

19 The Commission would like to acknowledge the assistance of AT&T and MCI in administering the redress program. AT&T and MCI will distribute refunds to most consumers in the form of telephone credits on their long-distance telephone bills.

20 A "hit" occurs when someone accesses a web site.

21 After the home page for FTC.GOV, the search engine is the most popular area visited on the web site, followed by the ConsumerLine section. See Exhibit 2, excerpts from "www.ftc.gov". 22 Exhibit 3, homepage of "www.consumer.gov".

23 To alleviate any privacy concerns that consumers may have, the warning page makes it clear that the FTC has not gathered any personal information about individuals visiting this

teaser site.

24 Exhibit 4, examples of FTC teaser sites.

Internet. Thus, consumers may encounter the site when they are perhaps most receptive, just when they may be about to become ensnared in a fraud by responding to a plausible but untrue come-on. Private on-line service companies have worked with the Commission's staff to highlight various teaser pages and have billed some as the "new" or "cool" site of the week.25

In another effort to use new technology to reach the public, the staff of the Commission partnered with the North American Securities Administrators Association and held a real time on-line forum on the Internet in April 1997. Over 100 consumers participated, posing questions to, and receiving instantaneous responses from, state and federal experts about how to invest wisely in new business ventures or franchises. The Commission posted the transcript of this "chat" session on its web site so that other consumers could access it and benefit from the exchange.

The Commission has actively sought Internet companies and trade groups to join with us as partners in disseminating consumer protection information to consumers on-line. As a result, the Interactive Services Association, a leading on-line trade association, and companies such as AT&T, NetCom, and America Online have helped circulate public service announcements over the Internet, cautioning consumers to avoid particular scams and "hot linking" consumers to the Commission's web site where they can find "Cybershopping" guides, "Safe Surfing" tips, and other helpful information.

Business Education

At the forefront of its business education efforts, the Commission has conducted a number of "Surf Days" aimed at providing information to new entrepreneurs who may unwittingly violate the law. The first Surf Day was conducted in December 1996 and focused on pyramid schemes that had begun to proliferate on the Internet. Commission attorneys and investigators enlisted the assistance of the SEC, the U.S. Postal Inspection Service, the Federal Communications Commission, and 70 state and local law enforcement officials from 24 states. This nation wide ad hoc task force surfed the Internet one morning, and in three hours, found over 500 web sites or newsgroup messages promoting apparent pyramid schemes. The Commission's staff e-mailed a warning message to the individuals or companies that had posted these solicitations, explaining that pyramid schemes violate federal and state law and providing a link back to FTC.GOV for more information. In conjunction with the New York Attorney General's Office and the Interactive Service Association, the Commission announced the results of Internet Pyramid Surf Day at a televised press conference held during the Internet World '96 convention in New York City. A month later, the Commission's investigative staff checked on the status of web sites or newsgroups identified as likely pyramids during Surf Day and found that a substantial number had disappeared or been improved. 26 The Commission has employed this technique several times since, conducting additional Surf Days focused on Internet web sites or newsgroup messages that promoted potentially problematic business opportunities, credit repair schemes, and "miracle cure" health products.

The Commission has now taken its Surf Day concept to the private sector, the global law enforcement community, and sister agencies as well. In August 1997, the Coupon Information Center, a private trade association, and its members from the national merchandising community joined Commission staff in surfing for fraudulent opportunities that promoted coupon certificate booklets. Then on October 16, 1997, the Commission helped coordinate the first "International Internet Surf Day." Agencies from 24 countries joined this effort and targeted "get-rich-quick" schemes on the Internet.27 Australia's Competition and Consumer Commission oversaw the world-wide effort while the FTC led the U.S. team consisting of the SEC, the Commodities Futures Trading Commission ("CFTC") and 23 state agencies.

In November 1997, the Commission used the Surf Day concept to help the Department of Housing and Urban Development (“HUD") target unscrupulous "HUD TracThese "tracers" track down consumers to whom HUD may owe a refund for FHA mortgage insurance. Consumers can claim their refund for free by contacting

ers.

25 Exhibit 5, example of FTC teaser site highlighted as "new" site of the week by Yahoo!, a large Internet search engine and indexing service.

26 Apart from newsgroup messages that had terminated automatically, 66 (18%) of the notified web sites had been improved or taken down within a month. In the wake of a subsequent Surf Day that targeted a separate type of fraud, 24% of the notified web sites improved or removed their solicitations.

27 International participants included Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Hungary, Ireland, Jamaica, Japan, Korea, Mexico, New Zealand, Norway, the Philippines, Poland, Portugal, South Africa, Spain, Sweden, Switzerland, and the United Kingdom.

HUD directly; however, unscrupulous "tracers" may falsely claim that refunds cannot be secured without their assistance (and they may charge up to 30 percent in commissions), may falsely claim an affiliation with the government, and may falsely represent to other entrepreneurs how much money they can make as "HUD tracers." The HUD Tracer Surf Day not only helped to generate publicity to inform consumers about HUD's refund program, but it also helped eliminate many potentially deceptive solicitations from the Internet. A month after sending out warning messages, the Commission's staff checked on suspect tracer sites and found that 70 percent had shut down entirely or removed questionable claims about earnings potential or their affiliation to HUD.

Earlier this month, the Commission announced yet another innovative use of the Surf Day concept, this time targeting deceptive UCE messages. Commission staff conducted a "fall harvest" by surfing the Commission's large database of UCE solicitations, topic by topic, and identifying over 1000 individuals or companies potentially responsible for misleading e-mail solicitations, for example, for pyramid or other get-rich-quick schemes. Ironically, most of these UCE messages did not allow any reply by e-mail, due to inaccurate or deceptive "sender" information, so in January through the U.S. Postal system the Commission sent out letters warning the sources of the UCE that their messages may be in violation of the law.

Our messages to businesses on the Internet are straightforward-e.g., don't lie or make misleading statements; don't make product or earnings claims that you can't support, don't mislead consumers with unrealistic testimonials. The difficulty lies in finding a way to get these basic messages to new entrepreneurs who may have no prior business or advertising experience. Surf Days help us overcome this hurdle, but in addition, we have put together a "road show" that our ten regional offices can use in their local communities to help explain how basic legal principles apply on the Internet. The Commission also is preparing a business guide for Internet entrepreneurs and a continuing legal education ("CLE") course for lawyers who counsel new Internet businesses. Finally, the Commission is going directly to the computer industry for help. In July, Commission representatives met with Silicon Valley executives at Stanford University's Technology and Business Strategy Summit '97, and asked them to lend us their contacts and marketing expertise in order to reach new Internet entrepreneurs.

Looking Ahead

Currently, the Commission receives approximately 100 to 200 Internet-related complaints per month. Many of these complaints are forwarded to us by the National Fraud Information Center, with which the Commission works closely. The Commission has seen an increase in complaints over the last year, but fortunately on-line problems seem to be growing at a slower pace than the Internet marketplace itself. At the moment, complaints about Internet fraud remain a small fraction of the number of complaints the Commission receives about more traditional problems concerning credit cards or telemarketing. However, the Commission expects that as the Internet marketplace grows, reports about consumer fraud also will continue to grow.

The potential for fraud is likely to be fueled by easy on-line access that exists for legitimate and fraudulent businesses alike. Also, it is likely that many first-time entrepreneurs, because of their lack of marketing experience or knowledge of their obligations under basic consumer protection principles, will unwittingly engage in Internet practices that violate the law. Finally, keeping up with the introduction and application of new technologies will prove daunting. The growing problem of “spam” already threatens to outstrip our resources. The Commission currently receives approximately 500 pieces of UCE per day, forwarded by disgruntled consumers and others-far more than we can read or analyze on an individual basis and a volume that strains the capacity of the agency's computers.

Mr. ROGAN [presiding]. Ambassador Aaron, welcome to the subcommittee.

STATEMENT OF AMBASSADOR DAVID AARON, UNDER SECRETARY OF COMMERCE FOR INTERNATIONAL TRADE, U.S. DEPARTMENT OF COMMERCE

Mr. AARON. Thank you very much, Mr. Chairman.

The Clinton Administration appreciates the opportunity to testify on Administration policies related to information privacy. I am acmpanied today by Becky Burr, the Acting Associate Adminis

trator for the National Telecommunications and Information Administration of the Department of Commerce, and Barbara Wellbury, Special Counsel for Electronic Commerce in our General Counsel's Office, both of whom have major responsibilities in this field.

Americans treasure privacy. It's fundamental to our concept of personal well-being and our concept of liberty. The Internet's great promise, that it facilitates the collection, re-use and instantaneous transmission of information, can also, if not managed carefully, diminish personal privacy. It's essential, therefore, to assure personal privacy in the networked environment.

At the same time, fundamental and cherished principles like the First Amendment protect the free flow of information. Commerce on the Internet will thrive only if the privacy rights of individuals are guaranteed and also balanced with the benefits associated with the free flow of information.

The Clinton Administration has been aggressive about privacy protection in general and the Internet in particular. Apart from the Internet, the Administration has called for legislation to protect the privacy of medical records and genetic information. Moreover, the Administration supported the 1996 amendments to the Fair Credit Reporting Act that extended the coverage of the Act to hundreds of information providers to strengthen privacy protection of financial information generally. And we supported adoption of new limits on the use of telephone subscriber information by telephone common carriers in the Telecommunications Act of 1996. Moreover, we also supported the Drivers' Privacy Protection Act of 1994 which governs how states make motor vehicle and licensed driver information available. And of course we have supported the efforts of the FTC just described by Mr. Medine.

I want to stress in this connection that existing applicable statutory protections, such as the Fair Credit Reporting Act and the others I just mentioned, apply to personally identifiable information on the Internet. The obligations to protect privacy do not change just because the medium is electronic.

The Clinton Administration is concerned, however, that the nature of the Internet reduces the effectiveness of legislative and regulatory solutions. Congress could certain pass a law mandating privacy protections on the Internet, but enforcement of such a law, even if possible, might require enormous resources. We don't want to give Internet users a false sense of security based on an unenforceable law.

Instead, as set forth in A Framework for Global Electronic Commerce, the Clinton Administration supports private sector efforts to implement meaningful, consumer friendly, self-regulatory regimes based on fair information practice principles. Fair information practice principles include consumer awareness, choice, appropriate levels of security, and consumer access to their personally identifiable data.

Consumer awareness of information practices is a first step in advancing on-line information privacy. At a minimum businesses must develop and post prominently, clearly- written policies that inform consumers about the identity of the collector of their per