FTC Files to Protect Consumers’ Security in the Internet of Things

Theodore Claypoole, Taylor Ey
Womble Bond Dickinson
Contact
LinkedIn
Facebook
X
Send
Embed

As more consumer devices connect to the Internet, regulators take a more aggressive stance requiring security promises be met.

On January 5, 2017, the FTC filed a complaint against computer networking equipment manufacturer, D-Link Corporation, alleging that the company failed to take reasonable steps to secure routers and Internet-protocol cameras from “widely known and reasonably foreseeable risks of unauthorized access,” leaving consumers vulnerable to data privacy and security risks. 

The D-Link case is the FTC’s third case in the Internet of Things (IOT) space.  The first was in 2014 against TRENDnet, Inc., a computer networking devices retailer, and the second was in 2016 against ASUSTek Computer, Inc., a computer hardware manufacturer.  According to the FTC, D-Link put consumers at a significant risk of harm because D-Link failed to take steps “to address well-known and easily preventable security flaws,” including flaws “ranked among the most critical and widespread web application vulnerabilities since at least 2007” by the Open Web Application Security Project.  In response to the FTC’s complaint, D-Link denied the allegations and promised to “vigorously defend the action.” 

The absence of security measures promised to consumers in product brochures and other public statements regarding privacy is problematic for the FTC.  Like in the TRENDnet and the ASUS cases, in the D-Link case, the FTC alleged D-Link misrepresented its security practices to consumers.  Several exhibits to the FTC’s complaint show the security representations D-Link made to customers of its various products.  These include a Security Event Response Policy, and statements like “EASY TO SECURE” and “ADVANCED NETWORK SECURITY.”  According to the FTC, D-Link told its customers that their equipment is secure, and the FTC expects that D-Link will honor its representations to its customers by taking the necessary steps to secure its products against hackers. 

IOT companies need to remain vigilant and use resources such as the Open Web Application Project, the NIST and the FTC’s published guidance to learn about the latest security practices in the industry.  IOT companies likely will not be safe from regulatory scrutiny if they do not remain current with the latest security practices.

[View source.]

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Womble Bond Dickinson

Written by:

Womble Bond Dickinson
Womble Bond Dickinson
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Womble Bond Dickinson on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide