FTC gets broader authority to pursue foreign spammers

A new law grants the agency more authority to pursue international online scammers.

By Jim Puzzanghera
Times Staff Writer

December 26, 2006

WASHINGTON — It's the start of an Interpol for the Internet.

The Federal Trade Commission soon will go global in its hunt for spammers, phishers and other online scammers. President Bush signed a bill Friday that gives the commission broader authority to pursue e-crooks in other countries.

The FTC had pushed for more than three years for the new powers, which will help it shut down scammers such as the polite Nigerians who e-mail thousands of people a day with tales of woe and promises of riches to those kind enough to help. Those e-mails can be more than just an annoyance: A 76-year-old Florida woman reportedly lost $42,000 in the scam this year.

Increasingly, people operating e-mail scams or launching attacks with secretive programs that can steal personal information operate from Eastern Europe, Southeast Asia, Africa and other foreign locations.

Sometimes they simply route their efforts through computer servers in multiple countries to make it more difficult for authorities to track them down.

"By the very nature of online commerce, you can be located anywhere in the world and transact business anywhere in the world," said Lydia Parnes, director of the FTC's Bureau of Consumer Protection. "Commerce has gone global and so fraud follows."

But the FTC said it had been hindered in such probes by legal barriers preventing it from sharing information with foreign countries or assisting them in their own investigations.

"Though scams may be borderless, in many instances, the FTC's ability to share information and take action are limited by geographic boundaries," the commission wrote in a 32-page report to Congress in 2005.

The legislation gives the FTC abilities similar to those granted in the 1990s to the Securities and Exchange Commission and the Commodity Futures Trading Commission to share information with foreign counterparts. In that sense, it's similar to Interpol, the international organization that helps coordinate police efforts in different countries.

Specifically, the US SAFE WEB Act — which stands for Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders — gives the FTC the legal authority to share confidential information from its own investigations with foreign law enforcement authorities and assist them in their cases.

The bill, sponsored by Sen. Gordon H. Smith (R-Ore.), originally passed the Senate unanimously in March. The House changed it slightly and both chambers passed it by voice vote Dec. 9.

The FTC has been prevented from helping other countries track down suspects in the United States unless the commission opened its own investigation. That made cooperation cumbersome and denied the FTC the goodwill it needed when asking other countries for help.

"It's important that we're able to step up to the plate when our colleagues in other countries ask us to so they're willing to do the same for us," Parnes said. "If they ask us to check something out, we can do that without opening our own investigation."

The number of complaints of Internet fraud crossing U.S. borders (from Americans about foreigners and vice versa) more than quadrupled from 10,906 in 2002 to 44,310 in 2005, the latest figures available, according to the FTC.

But the commission said those numbers understated the problem because many people filing complaints don't know whether the fraud is domestic or foreign.

"These purveyors of bad applications can live in one country and affect people in 200 other countries," said John Palfrey, executive director of the Berkman Center for Internet & Society at Harvard University.

Take FastMP3Search.com.ar, a site apparently based in Argentina. It distributes software that can be downloaded to help search for digital music on the Internet.

But that's not all it does.

The software contains several malicious programs known as adware and Trojan horses that secretly disable the computer's firewall, allowing personal data to be extracted, said Palfrey, who also helps run an organization called StopBadware.org.

FastMP3Search is registered to a company in Argentina, but there are indications it's connected to a company in Washington state, Palfrey said. His group, along with the Center for Democracy and Technology, filed a formal complaint about the site with the FTC this month.

The center originally had some concerns with Smith's legislation, particularly if the U.S. assisted investigations in other countries that have more restrictions on freedom of speech, said Ari Schwartz, the center's deputy director. But the legislation was changed to specify that the FTC would assist only in cases involving violations of laws "substantially similar" to those in the U.S.

Schwartz said the FTC desperately needed the new powers as Internet scammers got more creative, sometimes routing their attacks through several countries to hide the trail. He hopes the FTC will be aggressive about using the new powers.

"It's one thing to say that you want to be able to cooperate, but actually cooperating with foreign governments on these types of issues is more difficult," said Schwartz, who recently attended a meeting in Brussels of the London Action Plan, a group promoting international cooperation on Internet fraud.

Schwartz said an Austrian enforcement agent told him that there had been little cooperation with its U.S. counterparts even though 90% of the spam coursing through the country was either from the U.S. or headed for it.

"They're not solving their problem," Schwartz said, "and we're not solving our problem."