FTC

A New (Old) Sheriff: The FTC’s Authority on Cybersecurity Affirmed

/ Washington Journal of Law, Technology & Arts / Leave a comment

chainsBy Julie Liu

As we know well from news coverage of hacks and leaked information, consumers and employees take a gamble whenever they give their personal information to a company. Consciously or not, these individuals count on the company’s technological savvy in combination with its data security policies to keep the information safe. While this status has not changed much since businesses first became digitized, regulations are gradually catching up. For the Federal Trade Commission (FTC), cybersecurity has been a top priority in recent years, and it will likely tighten its grip on businesses with inadequate security measures.

Late last month, the U.S. Court of Appeals for the Third Circuit issued its long-awaited ruling in FTC v. Wyndham Worldwide Corporation, a case which reevaluated the FTC’s authority to regulate cybersecurity. Litigation began in 2012 when the FTC sued Wyndham Worldwide, a hotel chain company, for unfair business practices. The FTC alleged that Wyndham’s inadequate data security led to three data breaches at Wyndham hotels in two years. According to the complaint, these breaches compromised more than 619,000 payment card accounts and caused over $10.6 million in fraud loss. Wyndham responded with a motion to dismiss the complaint, arguing that the FTC did not have the authority to bring the suit in the first place. The district court denied the motion last year, and the Third Circuit has now affirmed this order on interlocutory appeal.

Continue reading

Securing Dr. Robot

/ Washington Journal of Law, Technology & Arts / Leave a comment

unnamed By Brooks Lindsay

Medical device robots present a number of cybersecurity, privacy, and safety challenges that regulation and industry standards must address in order to safely and rapidly advance innovation in the field.

The University of Washington’s Computer Science Department recently highlighted the problem. Computer Science Researchers hacked a teleoperated surgical robot called the Raven II during a mock surgery. The hack involved moving pegs on a pegboard, launching a denial-of-service attack that stopped the robot, and making it impossible for a surgeon to remotely operate. The researchers maliciously controlled a wide range of the Raven II’s functions and overrode command inputs from the surgeon. The researchers designed the test to show how a malicious attack could easily hijack the operations of a medical device robot. The researchers concluded that established and readily available security mechanisms, like encryption and authentication, could have prevented some of these attacks.  Continue reading

Telecoms’ Latest Attempt to Kill Net Neutrality

/ Washington Journal of Law, Technology & Arts / 1 Comment

unnamed By Brennen Johnson

Last month, the Federal Communications Commission published its new net neutrality rules in the Federal Register. In response to the new rules, there has been an onslaught of legal challenges brought by telecom companies to defeat the rules before they go into effect mid-June. Within several days of publication, seven companies filed suit against the FCC over the rules. Rather than attacking the substance of the rules outright, the companies are instead seeking to block procedural aspects of the rules. The companies challenge both the FCC’s reclassification of the internet as a “public utility” as well as the legal standards and mechanisms that would allow the FCC to enforce the new rules.

By classifying broadband internet as a public utility, the FCC gains broader regulatory powers over internet providers under Title II of the Communications Act of 1934. The reclassification addresses the FCC’s January 2014 failed attempt to enforce net neutrality. The FCC’s rules at that time were struck down in large part because broadband internet was not classified as a public utility, implying that the FCC could not regulate internet providers in the same broad manner as other utility providers. Speaking for the Court in that case, D.C. Circuit U.S. Court of Appeals Judge David Tatel wrote: “[g]iven that the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the commission from nonetheless regulating them as such.” These broader powers significantly fortify the FCC’s position to protect its net neutrality rules from legal attack. However, if telecoms can successfully challenge the FCC’s reclassification of the internet as a public utility, then it seems a near certainty that the FCC’s current attempt at ensuring net neutrality will fail for the same reason it did in 2014.  Continue reading

Faking it by Omission? The FTC Targets Undisclosed Compensation for Online Reviews

/ Washington Journal of Law, Technology & Arts / Leave a comment

Illustration for fake website testimonials By Julie Liu

When we sift through reviews for products and services, one of our top considerations is whether the words genuinely come from the customer’s experience and not a company’s imagination. There is no way, however, to determine a reviewer’s honesty beyond relying upon whatever disclaimers he or she provides. We have previously discussed the state of the law on fake business reviews. But what about “real” reviews incentivized by the reward of a good deal? If there was any question on the matter, the Federal Trade Commission (FTC) has now provided a real-life example of how to abide by the rules.

In a recent chapter in the battle against unfair competition online, the FTC zeroed in on automobile shipment broker AmeriFreight for its persuasive approach to seeking customer feedback. The FTC alleged in its complaint that AmeriFreight offered $50 discounts to customers in exchange for writing reviews on an independent review website and advertised its services to consumers as being “top rated” based on those reviews. In addition to the discount, reviewers automatically became eligible for a $100 “Best Monthly Review Award,” further incentivizing customers to write reviews. The complaint indicated that the issue was not the encouragement of reviews; the complaint alleged that AmeriFreight portrayed the reviews as unbiased and failed to disclose that the reviewers were compensated—a violation of Section 5 of the FTC Act. The case concluded late last month with the FTC’s approval of a final consent order which requires AmeriFreight to clearly disclose any “material connection” it has with an endorser and to not misrepresent customer reviews or product ratings. Continue reading

The FTC Reports on the Internet of Things: Things That May Invade Our Privacy

/ Washington Journal of Law, Technology & Arts / Leave a comment

Screen Shot 2015-02-09 at 3.11.51 PMBy Eric Siebert

The Internet of Things arguably makes our lives easier, but in doing so, does it compromise other values we hold dearly? The Internet of Things is a system whereby objects that are commonplace in a normal lifestyle can connect to the Internet, enabling them to send and receive data to optimize or otherwise increase their abilities and functionality. With such increases in functionality, however, comes the ever-present risk that frequently accompanies changes in technology: Will this have a negative impact on our privacy? This is the very question the FTC sought to address in its report on the Internet of Things distributed last week. (We previously reported on the FTC’s preliminary examination of the Internet of Things here.) The new report discusses general ideas regarding the Internet of Things and sets forth best practices for businesses to follow in order to retain adequate consumer confidence in the products and the distributing companies themselves.

The Internet of Things presents many potential benefits to consumers. Among other things, it can be used to encourage and optimize energy efficiency throughout a household through integration with various appliances. It can also protect drivers on the roadway by warning drivers of various dangers, aiding in the development of autonomous vehicles (a topic previously discussed on this blog here and here). Further, the Internet of Things can help patients with medical conditions better communicate with their physicians to better manage their conditions. However, with such benefits, the FTC has also identified several security risks created by integration of the Internet of Things, namely: (1) enabling potential unauthorized access to personal information, (2) facilitating attacks on other systems, and (3) creating risks to personal safety. Continue reading