The Office of Technology Research and Investigation (OTech) is located at the intersection of consumer protection and new technologies. As a trusted source for research and information on technology’s impact on consumers, the Office conducts independent studies, evaluates new marketing practices, and provides guidance to consumers, businesses and policy makers. It also assists the FTC’s consumer protection investigators and attorneys by providing technical expertise, investigative assistance, and training. The Office is housed in the Bureau of Consumer Protection and its work supports all facets of the FTC’s consumer protection mission, including issues related to privacy, data security, connected cars, smart homes, algorithmic transparency, emerging payment methods, fraud, big data, and the Internet of Things.
For additional technology-related content, please visit the Tech@FTC blog.
Help protect consumers through research. The FTC welcomes researchers to inform us of their latest findings by emailing papers to email@example.com. Please note that the FTC does not offer compensation of any kind to research submitters and that submitted research may be made public by the FTC. If your research reveals a security vulnerability or otherwise contains information that could pose a risk of harm to the public, before submitting the research to the FTC, please contact Dan Salsburg, Chief Counsel of OTech, at firstname.lastname@example.org or 202-326-3402.
Misuse of two-factor authentication phone numbers
On August 7, OTech’s Min Hee Kim presented “Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers” at the peer-reviewed WAY 2020 conference. The paper examines whether top online merchants that offer SMS-based two-factor authentication send marketing messages to the 2FA phone numbers provided by consumers. Min Hee and her colleagues in OTech examined web traffic for evidence that sites share numbers with third parties when the user enrolls in 2FA and monitored the phone numbers for a two-month period after enrollment. They did not observe either the transfer of phone numbers in the web traffic or any marketing calls or messages, suggesting a consistent norm against sending marketing messages to phone numbers that consumers only provide for 2FA purposes.
Joe Calandrino wins Best Reviewer Award at IEEE Symposium on Security and Privacy
OTech’s Research Director, Joe Calandrino, was awarded the Best Reviewer Award at the 41st IEEE Symposium on Security and Privacy. This award is given to the top reviewer of papers submitted to this preeminent conference on security and privacy research. Joe will also be chairing the symposium’s session on Web Privacy and is the co-chair of ConPro, the consumer protection research workshop that is co-located with the IEEE Symposium.
You Don’t Say: An FTC Workshop on Voice Cloning Technology
Advances in artificial intelligence and text-to-speech (TTS) synthesis have allowed researchers to create a near-perfect voice clone with less than a five second recording of a person’s voice. These technologies could help people with tracheotomies and other conditions use TTS systems using voices derived from their previously-recorded audio samples. These technologies, however, could also cause substantial harm when used to impersonate a trusted person. On January 28, 2020, OTech and the Division of Marketing Practices hosted a workshop that examines the promise of voice cloning technologies, the serious risks these technologies pose, and whether there are ways to ensure that these technologies are not abused.
Guiding to Safety: How Technical Documentation Writers Can Encourage Software Security
This piece aims to assist writers of formal developer documentation, such as a detailed programming language reference or tutorials on programming for a platform. The Federal Trade Commission has more than twenty years of experience in protecting consumer privacy and security. For this piece, we consulted with experts on documentation for developers. Based on those discussions, we suggest ways that documentation writers can guide software developers toward more secure practices.
Nixing the Fix: Call for Research on Manufacturers’ Repair Restrictions
What do glue, non-standard machine screws, and proprietary diagnostic software have in common? They make it harder for consumers and independent repair shops to fix electronic devices and other consumer goods. Are these restrictions justified by manufacturers’ concerns about safety, quality, liability and intellectual property rights? On July 16, 2019, OTech and the FTC’s Division of Marketing Practices held a workshop examining the issues raised by repair restrictions. Video of the event and related materials can be found here.
Last updated: 9/11/2020