Several months ago, as part of the Federal Trade Commission's continuing regulation of the Internet of Things ("IoT") security practices, the FTC filed a complaint against D-Link Corporation (and DLS, its U.S. subsidiary), alleging that they failed to take reasonable steps to secure their routers and Internet Protocol cameras, which potentially compromised sensitive consumer information, including live video and audio feeds. The case was notable because the agency did not allege that particular breaches actually occurred, but rather that "the company failed to take steps to address well-known and easily preventable security flaws" and put "thousands of consumers at risk," despite allegedly marketing its products as secure and supporting "the latest wireless security features."
Recently, the judge presiding over the case in the Northern District of California partially granted DLS' motion to dismiss the government's charges. The court rejected the FTC's arguments that consumers were harmed simply because their personal information was at risk of being breached (even though no breach occurred), holding that the FTC failed to allege that "any actual consumer injury in the form of monetary loss" occurred or that there was an "actual incident where sensitive personal data was accessed or exposed." Specifically, according to the court, the FTC failed to, "identify a single incident where a consumer's financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the DLS devices." Noting that the FTC's harm allegations "make out a mere possibility of injury at best," the court dismissed the FTC's harm claim because it was also possible that no injury occurred at all.
However, the court held that the FTC's claims of deception—those alleging that DLS falsely advertised and promoted the security features of its products—were plausible claims and may proceed. The court also allowed the FTC an opportunity to amend its Complaint to resuscitate its unfairness claims if it can identify any actual consumer injury.
As this case continues to develop, additional information will be published here on Ice Miller's blog.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.