By Julie Liu
Among the countless mobile applications that allow us to control much of our lives, the growing wave of medical apps allows us to manage and improve our health with the convenience of a phone or tablet. But, as illustrated by the Federal Trade Commission’s approval of its final order against the maker of the UltimEyes app, this possibility comes with important limitations. Read More
By Alex Bullock
Think of the last time you were in the market for a product or to find a restaurant for dinner – did you search online for reviews of the product or the business? If you’re like me and many other modern consumers, the answer is likely, “Yes.” And again, if you’re like me, you may take for granted that those online reviews are objective and real. That is why it is encouraging to hear that a company like Amazon, as well as the Federal Trade Commission (FTC), are taking steps to ensure that consumers can trust those reviews.
In October, Amazon filed suit against more than 1,000 people who allegedly offered to write reviews of products they had not used in exchange for a fee. According to the company’s complaint in King County Superior Court, each of the individuals sued in this case used the website Fiverr, a global online marketplace for individuals offering tasks and services in order to offer to create fake reviews for a fee. The complaint outlines a typical encounter between an Amazon seller and a prospective fake reviewer. Read More
By Julie Liu
As we know well from news coverage of hacks and leaked information, consumers and employees take a gamble whenever they give their personal information to a company. Consciously or not, these individuals count on the company’s technological savvy in combination with its data security policies to keep the information safe. While this status has not changed much since businesses first became digitized, regulations are gradually catching up. For the Federal Trade Commission (FTC), cybersecurity has been a top priority in recent years, and it will likely tighten its grip on businesses with inadequate security measures.
Late last month, the U.S. Court of Appeals for the Third Circuit issued its long-awaited ruling in FTC v. Wyndham Worldwide Corporation, a case which reevaluated the FTC’s authority to regulate cybersecurity. Litigation began in 2012 when the FTC sued Wyndham Worldwide, a hotel chain company, for unfair business practices. The FTC alleged that Wyndham’s inadequate data security led to three data breaches at Wyndham hotels in two years. According to the complaint, these breaches compromised more than 619,000 payment card accounts and caused over $10.6 million in fraud loss. Wyndham responded with a motion to dismiss the complaint, arguing that the FTC did not have the authority to bring the suit in the first place. The district court denied the motion last year, and the Third Circuit has now affirmed this order on interlocutory appeal.
By Brooks Lindsay
Medical device robots present a number of cybersecurity, privacy, and safety challenges that regulation and industry standards must address in order to safely and rapidly advance innovation in the field.
The University of Washington’s Computer Science Department recently highlighted the problem. Computer Science Researchers hacked a teleoperated surgical robot called the Raven II during a mock surgery. The hack involved moving pegs on a pegboard, launching a denial-of-service attack that stopped the robot, and making it impossible for a surgeon to remotely operate. The researchers maliciously controlled a wide range of the Raven II’s functions and overrode command inputs from the surgeon. The researchers designed the test to show how a malicious attack could easily hijack the operations of a medical device robot. The researchers concluded that established and readily available security mechanisms, like encryption and authentication, could have prevented some of these attacks. Read More
By Brennen Johnson
Last month, the Federal Communications Commission published its new net neutrality rules in the Federal Register. In response to the new rules, there has been an onslaught of legal challenges brought by telecom companies to defeat the rules before they go into effect mid-June. Within several days of publication, seven companies filed suit against the FCC over the rules. Rather than attacking the substance of the rules outright, the companies are instead seeking to block procedural aspects of the rules. The companies challenge both the FCC’s reclassification of the internet as a “public utility” as well as the legal standards and mechanisms that would allow the FCC to enforce the new rules.
By classifying broadband internet as a public utility, the FCC gains broader regulatory powers over internet providers under Title II of the Communications Act of 1934. The reclassification addresses the FCC’s January 2014 failed attempt to enforce net neutrality. The FCC’s rules at that time were struck down in large part because broadband internet was not classified as a public utility, implying that the FCC could not regulate internet providers in the same broad manner as other utility providers. Speaking for the Court in that case, D.C. Circuit U.S. Court of Appeals Judge David Tatel wrote: “[g]iven that the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the commission from nonetheless regulating them as such.” These broader powers significantly fortify the FCC’s position to protect its net neutrality rules from legal attack. However, if telecoms can successfully challenge the FCC’s reclassification of the internet as a public utility, then it seems a near certainty that the FCC’s current attempt at ensuring net neutrality will fail for the same reason it did in 2014. Read More