The Federal Trade Commission has submitted two reports to Congress detailing the agency’s efforts to combat cross-border fraud through the U.S. SAFE WEB Act and work contributing to the fight against ransomware and other cyber attacks that originate outside the United States.
The first report provides an update on the FTC’s efforts to implement the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act, or U.S. SAFE WEB Act (SAFE WEB). The second report, which was required by the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act (RANSOMWARE Act), addresses questions about FTC activities concerning China, Russia, North Korea, and Iran and the FTC’s efforts to combat ransomware—a type of cyber-related attack in which bad actors hold data or computer access hostage until they receive payment— and other types of cyber attacks.
SAFE WEB, passed by Congress in 2006, provides a framework to engage in cross-border assistance, including information sharing and investigative support. As the report notes, the law has been an indispensable tool in helping the FTC combat cross-border fraud and protect consumers in an increasingly global and digital economy. Thirty years ago, less than 1% of fraud reported to the FTC was cross border, while in 2022 more than 11% of complaints were cross border.
With the authority provided by SAFE WEB, the FTC has pursued and stopped harmful conduct in the United States and successfully defended against challenges to its jurisdictional authority over foreign companies targeting American consumers. The FTC has also worked with numerous foreign enforcers to stop cross-border injury and frauds.
SAFE WEB was reauthorized by Congress in 2020 for seven years. In the new report, the Commission urges Congress to permanently reauthorize SAFE WEB by removing the sunset provision currently set to expire on September 30, 2027, thus preserving the agency’s ability to effectively cooperate with foreign law enforcement to protect consumers. The report also reiterates the FTC’s call for Congress to restore the agency’s ability to get money back to consumers harmed by unlawful conduct and to prevent bad actors from profiting from their misconduct. The FTC’s authority to do so was severely hampered by the Supreme Court’s 2021 AMG decision.
Report on Ransomware and other Cyber Attacks
The second report details the FTC’s work to target ransomware and other cyber attacks. The report notes that one of the key ways the FTC has done this is by implementing a robust data security enforcement program aimed at ensuring companies take appropriate steps to protect personal data they hold from such attacks. The FTC has brought more than 80 enforcement actions involving data security. The agency also has pursued bad actors involved in ransomware-related tech support scams and worked to educate the public and businesses on how to secure and protect data from cyber attacks.
Only a small fraction of the millions of complaints the FTC receives each year involve ransomware and other cyber attacks, and these complaints rarely mention Iran, North Korea or Russia, according to the report. While China is the leading source of complaints about cross-border fraud, they rarely relate to ransomware and other cyber attacks, the report notes. The report details enforcement actions, mostly involving privacy and data security, the FTC has taken involving known or unverified connections to China and Russia.
The report reiterates the importance of SAFE WEB in helping to combat ransomware and other cyber attacks. The Commission also urges Congress to enact privacy and data security legislation, enforceable by the FTC, asserting that such legislation would advance the security of the United States and U.S. companies against ransomware and other cyber attacks.
The Commission votes to approve each report were 3-0.
The lead staffers on both reports are Stacy Procter and Angel Martinez in the FTC’s Office of International Affairs.