On November 8, 2021, the National Prosecutor’s Office (NAAG) held its autumn consumer protection conference in person for the first time in two years with more than 170 participants in the live program and around 250 participants virtually. The conference featured a series of panel discussions with Attorney General (AGs), industry advisors, academics, and the Chief Counsel of the Cybersecurity and Infrastructure Security Agency (CISA), focusing on key priorities for both AGs and the challenges of an expanding digital economy. Below are our key takeaways from the presentations.
Attorney General: Consumer Protection Priorities
- AGs continue to focus their enforcement efforts on preventing consumer fraud, including the more common scams by seniors. Addressing consumers on these issues continues to have top priority for the working groups.
- With the rise of online commerce, some AGs are working to combat the threat of counterfeit goods by encouraging collaboration between their consumer protection and criminal justice departments.
- Limited resources continue to pose challenges for the working groups, especially with regard to the timely settlement of cases. One WG lamented “institutional slowness” while another admitted that lack of resources forced them to “make tough decisions about which cases to handle”.
- Several AGs mentioned recent or upcoming meetings with their local governments regarding the recent state opioid settlements. These discussions prompted at least one WG to reconsider whether investigations should be published earlier in order to address concerns of local authorities and avoid unnecessary duplication. Other WGs expressed general concern about the growing interest of local authorities in consumer protection and the challenges this poses for WGs.
- When asked, several working groups agreed that this year’s AMG Capital The decision was a net negative for consumer protection and threw an important “police officer” off course.
Third Party Platforms
- Major online platforms are devoting significant resources and technology to working with law enforcement agencies, including AGs, to reduce retail crime and protect consumers from counterfeiting.
- The panelists discussed the increasing sophistication of bad actors on the internet and the challenges of quickly identifying and sanctioning these actors. In order to meet these challenges, representatives from industry and science agreed on the importance of data exchange and cooperation between industry participants and law enforcement.
- Industry representatives on the panel discussed how they actively work with law enforcement agencies, often through participation in state task forces or referrals to state and federal law enforcement agencies.
Understand non-fungible tokens
- Industry officials stated that a non-fungible token (NFT) is a digital token recorded on a blockchain and programmed to contain unique data attributes and rights for the holder. It is these unique attributes that make any NFT “non-fungible” and different from cryptocurrency.
- Some of the most popular use cases for NFTs today include digital art, digital collectibles, and unique items featured in online games. Scammers hunt down unsuspecting buyers, and the panelists encouraged anyone looking to enter the market to research what rights they are buying, use a reputable exchange, and carefully review all terms and conditions.
- A panelist and former regulator of the CFPB acknowledged that NFTs are subject to state laws on unfair and misleading trading practices, but few other laws get straight to the point. Other panelists pointed to the potential of NFTs to transform the nature of digital transactions, including those involving financial and legal documents
Cybersecurity and ransomware trends
- This panel discussed the importance of preventing ransomware attacks with the right security measures and policies. CISA’s Chief Counsel described the various resources and tools his agency makes available to government agencies and the private sector.
- Every organization must be prepared for the inevitable attack and have a playbook to respond to. This includes, among other things, a plan to contain the incident, recover data, communicate with the public, and notify law enforcement agencies. One panelist noted that even under ideal circumstances (that is, with backup data available), data recovery often takes several weeks.
- The panel also noted that over the past two years, ransomware attacks have increasingly been associated with “data leaks,” where the attacker actually extracts certain data from the system before encryption. From the point of view of the AGs, this could increase the probability that the attack would qualify as a “data breach” under the applicable state law.
- The federal government continues to take the position that ransom should never be paid, while other panellists pointed out that it continues to be a case-by-case assessment based on the circumstances and needs of the organization. All panelists agreed that any victim of ransomware should notify the FBI immediately. The FBI may be able to help the organization limit the damage from the attack.