Center for American Progress

Online Consumers at Risk and the Role of State Attorneys General

Online Consumers at Risk and the Role of State Attorneys General

State attorneys general should play an important part in keeping consumers safe from malware, phishing, and spam.

A computer displays a warning after being infected with malware. (CAP)
A computer displays a warning after being infected with malware. (CAP)

Read the full report (pdf)

Listen to the press call:

Internet commerce has provided consumers with more convenience, more choices, and lower prices. These benefits, however, are being threatened by high levels of fraud and abuse unique to the online environment. If problems such as malware, phishing, and spam are left unchecked, many consumers may lose trust and abandon e-commerce. Action is urgently needed to ensure this does not happen.

State attorneys general are an important part of the solution. The federal government, in particular the Federal Trade Commission, is beginning to step up, but resources are still limited. State attorneys general can augment the federal capability to protect consumers. Over the past three years, for example, state attorneys general have brought 11 cases against spyware distributors, the same number as the FTC.

State consumer protection laws are sometimes stronger than federal laws. Leading attorneys general, in particular those in New York and Washington, have used such authority against spyware purveyors to levy penalties that are tougher than those the FTC can impose. In part because of this increased enforcement, consumer losses from spyware have declined 35 percent.

This is certainly positive, but the problem of Internet crime is still far from solved. To better assess online fraud and abuse, the Center for American Progress and the Center for Democracy and Technology asked states to provide data on consumer complaints they received in 2007 and 2006, organized by category. Of the 36 states that provided at least some data, most supplied a top 10 list ranking complaint categories (Internet-related and other), with a few going beyond the top 10. In 2007, 24 out of 30 states that provided rankings reported an Internet-related category within their top 10. Eight states ranked Internet-related complaints among their top three most common consumer complaints, including four states that ranked Internet-related complaints No. 1.

For 2007 and 2006, 20 states provided the number of consumer complaints associated with each category—the others merely provided rankings without giving the number of complaints. In both years, these states reported roughly 20,000 Internet-related complaints, with slightly more in 2006. This number generally does not include Internet-related complaints that are not associated with a top 10 category.

The Federal Trade Commission also provides data for all 50 states on consumer complaints related to Internet fraud. These data include not only complaints submitted to the FTC, but also complaints directed to a variety of other actors, including the U.S. Department of Justice, Better Business Bureaus, the National Consumers League, and 13 state attorneys general. The number of contributors to the FTC data is one reason the FTC reports a greater volume of complaints than attorneys general.

In 2007, the FTC reported 221,226 Internet-related fraud complaints, up almost 16,000 from 2006 and more than 24,000 from 2005.1 These numbers may even understate the problem. Consumers are often unaware, and thus may not report, when they are victimized by online threats such as malware, which cyber-security experts say is rising dramatically.

Weaknesses in state data, unfortunately, impede more detailed analysis of various types of Internet-related consumer complaints. State reporting typically groups all Internet-related crime into one or two broad categories. Complaint information is also inconsistently categorized across states, or not categorized at all, preventing reliable comparisons between states. Nonetheless, the large volume of Internet-related complaints demonstrates the seriousness of the problem and the need for action.

To assess how state attorneys general are responding, we reviewed their annual or biennial reports (roughly half of attorneys general create such reports), their websites, news articles, and the bimonthly Cyber-crime Newsletter released by the National Association of Attorneys General.

Attorneys general have brought some notable cases on behalf of consumers, but generally online fraud does not seem to be a top priority. Rather, most investigations and prosecutions involving the Internet appear to be focused on sexual enticement of minors and child pornography. Such cases accounted for more than 60 percent of the cases highlighted in 2007 and 2006 by the Cybercrime Newsletter, which lists Internet-related cases brought by state attorneys general.

Among other cases highlighted, 8.9 percent involved data security, confidential records, or identity theft, and 15.5 percent involved online sales and services, such as failure to deliver on a purchase or failure to provide a product or service that meets advertised quality. This type of crime has clear parallels to fraud conducted in the physical world—the Internet is merely the medium for the transaction.

This is not the case, however, for spyware, adware, spam, and phishing, which represent completely new categories of fraud and abuse. Over the course of 2007 and 2006, the Cybercrime Newsletter highlighted just 14 cases (8.3 percent of the total) brought by state attorneys general in these areas, 10 of which were brought by Washington or New York. We describe a number of these cases on page 22.

These cases and others listed in the Appendix have achieved significant benefits. But given the still-high levels of online fraud and abuse, they should be viewed as just a start. All attorneys general—not just a few standouts—must give priority to this problem to provide consumers the protection they need and deserve. In particular, we recommend that attorneys general:

  • Review relevant laws to provide clarity ƒ for enforcement and to make recommendations for needed legislative action
  • Train investigators and prosecutors on ƒ how to identify online fraud and abuse
  • Develop computer forensic capabilities ƒ to trace and catch Internet fraudsters
  • Devote greater resources to Internet ƒ enforcement efforts
  • Partner with commercial and public-interest coalitions that are fighting online fraud and abuse
  • Establish coordinated efforts with ƒ other attorneys general
  • Aggressively investigate consumer ƒ complaints
  • Develop better data systems to track ƒ complaints regarding Internet fraud and abuse, including the response of the attorney general’s office

Currently, there is insufficient incentive against committing online fraud and abuse. Internet crime requires almost no expense to execute, carries potentially high financial rewards, and involves relatively little risk of being caught and punished. It is thus unsurprising that online fraud and abuse are at such high levels. What’s needed now is a stronger deterrent. Through committed action and vigorous enforcement, state attorneys general can help provide one.

Read the full report (pdf)

The positions of American Progress, and our policy experts, are independent, and the findings and conclusions presented are those of American Progress alone. A full list of supporters is available here. American Progress would like to acknowledge the many generous supporters who make our work possible.