FTC Action Against Marketer of "Internet of Things"
By Jason Hicks
The FTC is increasingly concerned with consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, medical devices and, apparently, home security systems.
As explained in this Client Alert by Womble Carlyle attorneys Ted Claypoole and Orla O'Hannaidh, the FTC recently entered into a settlement agreement with a home-security camera maker whose cameras could easily be hijacked over the Internet, allowing voyeurs and plotters to spy inside the house of the consumers. The FTC claimed that the manufacturer failed to implement reasonable security measures and made false promises about the security of its cameras and system, which was marketed under the trade name "SecurView." Instead of being secure, live feeds of the daily lives of the consumers were accessible over the Internet.
This action is indicative of the FTC's increased concern with the so-called "Internet of Things," which the FTC describes as an "everyday product with interconnectivity to the Internet and other mobile devices." A few months ago, the FTC sought public comment on privacy and security implications of the "Internet of Things" and announced a public workshop to be held November 19, 2013 in Washington, DC. The FTC explained:
As explained in this Client Alert by Womble Carlyle attorneys Ted Claypoole and Orla O'Hannaidh, the FTC recently entered into a settlement agreement with a home-security camera maker whose cameras could easily be hijacked over the Internet, allowing voyeurs and plotters to spy inside the house of the consumers. The FTC claimed that the manufacturer failed to implement reasonable security measures and made false promises about the security of its cameras and system, which was marketed under the trade name "SecurView." Instead of being secure, live feeds of the daily lives of the consumers were accessible over the Internet.
This action is indicative of the FTC's increased concern with the so-called "Internet of Things," which the FTC describes as an "everyday product with interconnectivity to the Internet and other mobile devices." A few months ago, the FTC sought public comment on privacy and security implications of the "Internet of Things" and announced a public workshop to be held November 19, 2013 in Washington, DC. The FTC explained:
The ability of everyday devices to communicate with each other and with people is becoming more prevalent and often is referred to as “The Internet of Things.” Consumers already are able to use their mobile phones to open their car doors, turn off their home lights, adjust their thermostats, and have their vital signs, such as blood pressure, EKG, and blood sugar levels, remotely monitored by their physicians. In the not too distant future, consumers approaching a grocery store might receive messages from their refrigerator reminding them that they are running out of milk.
To avoid an FTC enforcement action, a company selling devices that connect to the Internet should carefully review its products and data security policies to ensure that present practices adequately protect consumer privacy.
Connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties such as researchers, health care providers, or even other consumers, who can measure how their product usage compares with that of their neighbors. The devices can provide important benefits to consumers: they can handle tasks on a consumer’s behalf, improve efficiency, and enable consumers to control elements of their home or work environment from a distance. At the same time, the data collection and sharing that smart devices and greater connectivity enable pose privacy and security risks.