Federal Trade Commission Files (and Boasts About) New Internet of Things Lawsuit

January 13, 2017 by George A. Gasper, Partner
Federal Trade Commission Files (and Boasts About) New Internet of Things Lawsuit

The FTC recently filed a complaint against D-Link Corporation (a Taiwan-based computer networking equipment manufacturer) and its U.S. subsidiary, alleging that they failed to take reasonable steps to secure their routers and Internet Protocol cameras and, therefore, potentially compromised sensitive consumer information, including live video and audio feeds.  The FTC has further been quick to characterize this case on its own blog as continuing the agency’s regulation of the Internet of Things (“IoT”) and challenging what it considers to be inadequate IoT security practices.

The FTC’s claims are two-fold.  First, the FTC alleges D-Link misrepresented its offerings to be safe and secure, including in marketing materials that claimed its products were “EASY TO SECURE” and featured “ADVANCED NETWORK SECURITY.”  The FTC alleges that despite such claims, “the company failed to take steps to address well-known and easily preventable security flaws.”

The FTC further asserts that the alleged inadequate security features violate Section 5 of the FTC Act even in the absence of any misrepresentations by defendants.  According to the FTC, D-Link failed to take reasonable steps to secure its software in a manner that: (i) causes or is likely to cause substantial injury to consumers, and (ii) leaves consumers unable to reasonably avoid such harm.

D-Link has promised to fight this case in court, characterizing the allegations as “unwarranted and baseless.”  The company further claims that its devices have not actually been breached and no consumers have actually been injured, arguing that the FTC is merely speculating that consumers were somehow placed at risk.

According to the FTC, the security flaws at issue include: (i) “leaving users’ login credentials for D-Link’s mobile app unsecured in clear, readable text on their mobile devices, even though there is free software available to secure the information,” and (ii) the “mishandling of a private key code used to sign into D-Link software, such that it was openly available on a public website for six months.” 

The case is pending in the Northern District of California and additional developments will be published here on Ice Miller’s blog.

George Gasper is a member of Ice Miller’s Internet of Things Industry Group. Read Ice Miller’s IoT Smart Connections guide here.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.


View Full Site View Mobile Optimized