When it comes to marketing tactics, security products are no different than any other consumer products – advertisers sometimes fall victim to their own hype. A walk across the floor at a security expo presents a bewildering range of product claims, ranging from the mundane to the questionable to the implausible. Marketers sometimes exploit potential customers' fear, uncertainty, and doubt (FUD), banking that emotional appeals will overtake reason.
But marketers of security products are subject to the same truth-in-advertising laws as all other advertisers. In this talk, we will discuss the Federal Trade Commission's (FTC) longstanding authority to protect consumers from unfair and deceptive practices. We will focus on how deceptive claims and advertising are violations of the FTC Act, and offer guidance on what security companies should do to avoid making deceptive claims. We also offer questions researchers and security professionals can ask to challenge claims companies make.