ASA Adjudication on Citrix Online UK Ltd

Ad

A TV ad for computer software that allowed users remote access to their PC. The voice-over at the end of the ad stated "It's fast, easy and completely secure".

Issue

One viewer complained that the claim "completely secure" was misleading because, although the users' own PC and the connection might be secure, users could not guarantee the security of the external PC they used to access the service.

BCAP TV Code

Response

Citrix Online UK Ltd (Citrix) said the context of the claim was that the GoToMyPC service was completely secure.  They maintained that the service was designed with security in mind and included such features as an SSL-encrypted Website, end-to-end 128-bit encryption of data streams, multiple passwords, access codes residing only on the host PC and notification when the PC was accessed. Citrix pointed out that they could not control the web browser on the external PC used to access their service because it was not part of their system but believed the ad did not claim or imply that all external PCs were secure. They maintained that the ad referred only to the security of the GoToMyPC service.

Clearcast said they had raised the question of security during the script clearance phase.  They said they had received information that the system met the end-to-end 128-bit Advanced Encryption Standard, which meant all data was encrypted and the service was 100% secure. Clearcast said, based on that information, they felt confident that the claim was acceptable for broadcast.

Assessment

Not upheld

The ASA understood the GoToMyPC service allowed users to remotely access their PCs from other devices that had an internet connection.  We noted the service incorporated a high level of security features safeguarding the transfer of data between the external PC and the user's own PC.  We noted the visuals in the ad featured several different locations where users might access the GoToMyPC service and noted the complainant's assertion that external PCs were beyond the scope of the security features rendering the whole service prone to security breaches. We understood, however, that instances of security threats from an external PC, which might be infected with malicious software or code that could compromise the security of data transmitted via the GoToMyPC service, were rare. We noted Citrix's argument that they could not be held responsible for the security of the external PC and considered that viewers were likely to understand that there was a need to ensure the general security of any computer they used.  We considered that viewers would understand that the claim related only to the GoToMyPC service and  therefore concluded that the ad was unlikely to mislead.

We investigated the ad under CAP (broadcast) TV Advertising Standards Code rules 5.1 (Misleading advertising), 5.2.1 (Evidence), 5.2.2 (Implications) and 5.2.3 (Qualifications) but did not find it in breach.

Action

No further action necessary.

Adjudication of the ASA Council (Broadcast)