Posts tagged with "FTC"

‘Cold case’: FTC said to be investigating McDonald’s broken McFlurry machines

September 6, 2021

The feds have had it with McDonald’s broken McFlurry machines, reports the New York Post.

The Federal Trade Commission is said to be investigating why the burger chain’s ice cream machines break down so often—a matter that’s become the butt of late-night TV jokes and viral social media posts.

The FTC contacted McDonald’s franchise owners this summer seeking information on what the problem is with the chain’s ice cream machines, The Wall Street Journal reported on Wednesday, September 1—citing a letter from the FTC and sources familiar with the matter.

When reached for comment by The Post, representatives for the FTC declined to comment.

The broken machines have drawn the ire of franchisees, who say it leaves them unable to serve milkshakes, soft cones; and the preeminent McFlurry, a cup of ice cream blended with candy and cookies.

The machines require a nightly automated heat-cleaning cycle that can take up to four hours, the Journal reported; and the cleaning cycle can fail, which makes the machines unusable until a repair technician can fix them.

The dysfunctional machines make treats that account for about 60% of the chain’s dessert sales in the United States, the Journal reported, citing a consumer survey by research firm Technomic.

And the repeated breakdowns rub customers the wrong way, spurring some to even pen petitions calling for action.

We are tired of being the butt of late night jokes. So are our customers and crews,” The National Owners Association, a group of franchisees, said in a May message to owners, according to the Journal.

Some franchise owners aren’t waiting for the corporate bosses to do something. Instead, they’re reportedly paying on their own to train staff on how to fix the machines.

Others have reached out to the machine’s manufacturer, Taylor Commercial Foodservice, which says the machines, themselves, are fine.

“A lot of what’s been broadcasted can be attributed to the lack of knowledge about the equipment and how they operate in the restaurants,” a Taylor representative told the Journal.

When working with dairy products, “you have to make sure the machine is cleaned properly. The machines are built up with a lot of interconnecting parts that have to operate in a complex environment and manner,” the representative added.

“There is no reason for us to purposely design our equipment to be confusing or hard to repair or hurt our operators.”

One startup, called Kytch, has tried to help franchisees address the problem by building a device that mounts on the ice cream machines and alerts owners about a breakdown through real-time text and email alerts.

The company told the Journal that its devices can prevent damage to the machines and help franchisees keep them running.

At one point, McDonald’s franchisees in 30 states used Kytch’s devices, the company told the Journal, but then McDonald’s told franchisees that the devices aren’t sanctioned and that they could pose a safety hazard, which Kytch denies.

“Nothing is more important to us than delivering on our high standards for food quality and safety,” the corporate parent reportedly said to franchisees, “which is why we work with fully vetted partners that can reliably provide safe solutions at scale.”

Kytch responded in May with a lawsuit that accused Taylor, a separate repair company authorized to work on the ice cream machines and a McDonald’s franchisee of conspiring to steal Kytch’s technology and replicate its device.

This is a case about corporate espionage and the extreme steps one manufacturer has taken to conceal and protect a multimillion-dollar repair racket,” attorneys for Kytch wrote in the complaint in California Superior Court in Alameda County. The case is pending.

But Taylor denied it had a copy of Kytch’s device or that it wanted to steal the startup’s technology.

“This is a case of a hacker—Kytch—incredibly accusing the hacked—Taylor—of theft,” lawyers for Taylor said in a court filing.

The Tennessee-based franchisee who was named in the suit also denied the allegations.

In an interview with the Journal, Kytch co-founder Jeremy O’Sullivan then accused Taylor of infringing on McDonald’s franchisees’ rights to alter and repair their ice cream machines.

Taylor responded by saying that owners are allowed to repair equipment as they see fit, but that the warranty on the machines isn’t valid if they fix them on their own, according to the Journal.

According to the Post, the FTC’s interest in the matter may stem from the Biden administration’s previously announced efforts to crack down on various manufacturers of products ranging from phones to farming equipment. Critics have alleged that major manufacturers of such products restrict customers from fixing the products themselves.

In July, Biden signed an executive order directing agencies to take the matter on, saying at the time in a fact sheet that Americans should be able to repair good they purchased on their own.

At the root of the FTC’s inquiry is how McDonald’s reviews suppliers and equipment, including the ice cream machines, and how often restaurant owners are allowed to work on their machines. The FTC inquiry is preliminary, and “the existence of a preliminary investigation does not indicate the FTC or its staff have found any wrongdoing,” the agency’s letter reportedly said.

In a statement, McDonald’s said it “has no reason to believe we are the focus of an FTC investigation.”

Research contact: @nypost

Seriously, stop sharing your vaccine cards on social media

March 19, 2021

When one of her editors at CNN Business recently shared a celebratory picture of his vaccine card on Instagram, Samantha Murphy Kelly sent him a direct message: “Didn’t you read our story about not posting your record? Scammers are watching!”

He argued they’d be hard pressed to dupe him based on anything listed on the card: “What scam are you gonna run on me just by knowing my name and my birthday? Unless it’s that you sign up for free ice cream scoops on my birthday and don’t give them to me in which case, yes, that is very serious.”

But it’s not just his birthday that was listed. The card showed medically sensitive information, including his vaccine lot number, clinic location and the brand of vaccination received. And for some people, the card contains even more.

As the COVID vaccine rolls out to more people around the country, Kelly writes that she has lost track of how many vaccine information cards I’ve seen across social networks and chat apps.

While selfies are encouraged as a way to express joy at being vaccinated and broadcast that people are doing their part to help stop the spread of Covid-19, multiple government agencies have warned about the risks of posting vaccine card images online.

“Think of it this way—identity theft works like a puzzle, made up of pieces of personal information. You don’t want to give identity thieves the pieces they need to finish the picture,” the Federal Trade Commission said in a blog post last month. “Once identity thieves have the pieces they need, they can use the information to open new accounts in your name, claim your tax refund for themselves, and engage in other identity theft.”

Cybersecurity experts said they’re not aware of any widespread hacks or scams specific to vaccine cards—although the roots of identity theft are hard to uncover. But some also said these security threats would be easy to execute.

For now, it’s mostly “speculation but plausible,” Mark Ostrowski, head of engineering at cybersecurity company Check Point Software said in an interview with CNN. “We will have hundreds of millions of people getting vaccinated. If cyberattack history repeats itself, these threat actors or scammers will try to find a way to take advantage of this situation.”

At the same time, there have been a number of COVID-19 scams—ranging from people pretending to be COVID-19 contact tracers to fake websites promising vaccine appointments.

Many of us (perhaps Kelly’s boss included) may be desensitized to the risks given how much information we assume is already available online about us—either because we posted it ourselves, it’s been harvested from public data, or because it was dumped as part of a previous security breach.

But Rachel Tobac, an ethical hacker who specializes in social engineering, told CNN that one of the biggest concerns around the vaccine card trend is that the information is visible all in one place and easy to access.

“Posting an unedited vaccination card, unfortunately, makes it much easier for a criminal to target a specific person,” she said. In some cases, a person’s medical record number is listed on the card. “To gain access to sensitive medical records over the phone, having the medical record number, last name, and date of birth—all of which are listed on the vaccination card—are all I need to authenticate as that individual and gain access to sensitive details.”

A cybercriminal could attempt to impersonate you and call your healthcare company to learn about your medical history or diagnoses, cancel upcoming procedures, change prescription doses and more.

With or without the medical record number, she said, vaccine cards could also allow a hacker to conduct a phishing scheme to steal data and passwords. With the lot number of the vaccine you received or the location of the place where you got the shot, they’d be able to spoof the email address of that facility with a message about, for example, a recall urging you to click a link, supposedly to reschedule an updated dose but really intended to take information from you.

This doesn’t mean you should ignore any email you get about your vaccine, but it is a good reminder to be thoughtful about links you click with any email about any subject and to make sure the sender is who they say they are.

People who are in the public eye more, whether they’re influencers, celebrities or journalists like my editor, have a higher threat of this because criminals are more likely to target them. Stealing their free ice cream scoops on their birthday would be just the start of it.

“There are all kinds of issues related to potential identity theft,” said Michela Menting, a research director who specializes in cybersecurity at tech market advisory firm ABI Research. “Individuals should be as wary of posting vaccine records information as they would be about posting their credit card numbers online.”

Research contact: @CNNBusiness

Facial recognition goes to camp

July 31, 2019

 “Hello Mudddah, Hello Faddah, Here I am at Camp Granada. Camp is very entertaining.  And they say we’ll have some fun if it stops raining.”

Those lyrics were written by comedian Allan Sherman—and produced as one of the most popular songs of 1963. Meant to satirize the sleepover camp experience through the eyes (and vocal cords) of a homesick child, the song is punctuated by the chorus, “Take me home, Oh Muddah, Fadduh, Take me home. I hate Granada.”

But the reality is that, when kids leave for summer camp for the first time (or any time), their parents miss them, too—and wonder what they are doing, if they are making friends, and if they are settling in. They wait anxiously for cards and emails—and check the camp’s daily photos for what they hope will be a happy and smiling face.

And that part is getting easier all the time: Summer camps across the country are allowing parents to  opt into facial-recognition services to receive photos of their camper without having to sift through hundreds of group shots for proof that little Susie is having a good time climbing ropes, The Wall Street Journal reported on July 30.

Camp photographers can upload photos to a service, where they are scanned and identified. Parents then receive photos of their kids via text or through a website.

Waldo Photos of Austin, Texas, Inc. is one of the services, now offered at more than 150 summer camps across the country. The service is starting to be adopted by schools and sports leagues, too.

Camps either pay for Waldo, themselves, and offer it to parents or they ask parents to pay directly at a price of $1 to $2 per child a day, the Journal reports. If parents want to sign up to receive photos through Waldo, they have to submit a reference photo of their child so that the artificial intelligence (AI )can detect a match. The images are stored until a parent asks for them to be deleted.

Is that a good thing?

Rodney Rice, Waldo’s founder, said the facial data the company uses to identify kids would be no good to anyone else. “The misperception is that facial recognition is a fingerprint. I could hand a 40-digit alphanumeric hash to Google or Facebook and they couldn’t do anything with it,” he said. “I’m a father of three and I’d have never started this business if I was going to be putting kids at risk.”

Privacy and cybersecurity experts say parents may well trust a company’s intentions, but what happens if the company changes hands? Waldo’s privacy policy contains the boilerplate legalese explaining that if the company were sold, its customers’ personal information could be transferred.

While commercial applications of facial-recognition software abound—and bear their own fair share of controversy—the fact that this latest wave is geared toward children has privacy experts and politicians urging parents, camps, and school districts to think twice.

Concerns over this precious data—children’s faces—range from accuracy to abuse, the Journal says. Could it one day be used for purposes other than that for which it’s currently intended?

In the movie, Minority Report, biometric systems created for marketing are commandeered to hunt down citizens suspected of wrongdoing. There’s no evidence of this happening yet, but as science fiction goes, it’s not too far-fetched.

“We’re in the very early stages of commercial, nongovernmental use of facial recognition and we shouldn’t be waiting until harms occur to do something, we should be acting now to mitigate the harms,” Nathan Sheard, a grass-roots advocacy organizer with the Electronic Frontier Foundation, told the news outlet.

Facial data also is coming under scrutiny by the Federal Trade Commission—which earlier this month launched a review of the Children’s Online Privacy Protection Act, a 1998 law that requires children’s websites to obtain parental consent before collecting, using or disclosing a child’s personal information. The FTC now is seeking comment on whether the definition of “personal information” should be expanded to include biometric data.

The makers of facial-recognition software argue that concerns about the technology are overblown because people don’t really understand it. For these companies, facial data isn’t captured and stored as a usable image, but rather as lengthy chains of numbers and letters that can only be deciphered by proprietary software. Developers argue the data would be meaningless to anyone who doesn’t have their model.

“At some point we have to stop and ask ourselves whether the costs to our privacy are no longer outweighed by the benefits,” Sean McGrath, managing editor at ProPrivacy.com, a digital privacy advocacy group, told the Journal, adding,. “With facial recognition, more than any other technology, we’re at one of those watershed moments where we really need to step back and assess the bigger picture.”

Julie Jargon, a tech writer for The Wall Street Journal advises parents to ask the following questions before consenting to facial recognition for their children:

  1. Where will my child’s facial data be stored and for how long?
  2. Will the data be shared with third parties and, if so, what are their policies for storing and sharing the data?
  3. Are there purposes for the data other than what’s being advertised? For example, will my child’s facial data be used to train AI for law enforcement or corporate partners?
  4. What happens to my child’s data if the service provider is sold?
  5. What happens to the data if I decide I no longer want to use this service? Will it be deleted immediately?

Research contact: @WSJ