Interactive Counsel

Arent Fox's interactive media law blog - latest news and trends in advertising, data security & privacy, and IP.

Interactive Counsel

Detour – Rerouting: Unsecure Routers Lead to FTC Action

alert

Detour – Rerouting: Unsecure Routers Lead to FTC Action

Key Takeaways

  • Following a settlement, ASUSTeK must maintain a comprehensive security program and endure 20 years of independent audits 
  • The onus is on technology companies to ensure reasonable security measures and practices

What the News?

ASUSTeK Computer Inc., a company that sells routers for home use and has touted the security features of its devices and services, recently reached a proposed consent agreement over Federal Trade Commission charges that serious security flaws in its system compromised the home networks of hundreds of thousands of consumers. Following the settlement, the company will be required to establish and maintain a comprehensive security program and will be subject to 20 years of independent audits. This is an interesting case in which the FTC is demonstrating a focus on not only claims made by a company, but on data security.

What Went Wrong?
 
ASUS, a company in the business of marketing home routers, touted the security features of its systems. According to the FTC, the company claimed that its routers could “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” The company also marketed its cloud services as a means for consumers to engage in “selective file sharing” and as a helpful tool to safely access data.  Despite these claims, the systems were actually vulnerable to hackers based upon serious design flaws including a standard username and password permitted on multiple systems: “admin” and “admin." Hackers were able to use the various vulnerabilities to access consumer web traffic and access consumers’ cloud storage. Further, when security flaws were brought to ASUS’ attention, the FTC alleges that the company failed to act in a timely manner to address the issues and notify consumers of necessary updates.

Key Takeaway
 
As the “Internet of Things” continues to grow and consumers increasingly rely upon Internet-connected devices to share and store their sensitive information, the onus is on technology companies to ensure reasonable security measures and practices.  Companies should also take care to tailor their marketing messages to ensure that all claims are adequately substantiated. As demonstrated by this recent FTC action, failure to take appropriate measures can lead to an enforcement action.
 
Arent Fox will continue to monitor developments related to the Internet of Things and data privacy. For questions, please contact Sarah Bruno or Eva Pulliam.

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.