Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
A retailer that sells internet-connected security video cameras to homes and businesses has settled Federal Trade Commission charges that it failed to reasonably secure its cameras, leading to the online posting of live feeds of some 700 cameras, the FTC announced Sept. 4 (In re TRENDnet, Inc., FTC, No. 122 3090, proposed consent order 9/4/13).
The settlement with Torrance, Calif.-based TRENDnet Inc. is the FTC's “first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices--commonly referred to as the 'Internet of Things,' ” the commission said in a Sept. 4 statement. The commission is hosting a Nov. 19 workshop on the topic (12 PVLR 1059, 6/17/13).
According to the FTC's proposed administrative complaint, TRENDnet's internet protocol cameras allow its customers to monitor the security of their homes or businesses through live video and audio feeds available over the internet and mobile devices.
The FTC alleged that TRENDnet “engaged in a number of practices that, taken together, failed to provide reasonable security to prevent unauthorized access to sensitive information, namely the live feeds from the IP cameras.” Those practices allegedly included:
• the transmission of users' login credentials in clear, readable text over the internet;
• the storage of users' login credentials in clear, readable text on their mobile devices;
• the failure to implement a process to monitor third-party security vulnerability reports; and
• the failure to use “reasonable and appropriate security” when designing and testing the IP camera software.
Between April 2010 and February 2012, a setting in the camera software malfunctioned and failed to honor a user's choice concerning whether login credentials should be required to access the live feeds, the FTC alleged. As a result, all users' live feeds became publicly accessible, the FTC said.
In January 2012, a hacker exploited this vulnerability and posted information about the publicly accessible video feeds online, the commission said. Other hackers then allegedly posted links to the live feeds of nearly 700 cameras. “Among other things, these compromised live feeds displayed private areas of users' homes and allowed the unauthorized surveillance of infants sleeping in their cribs, young children playing, and adults engaging in typical daily activities,” the FTC said.
The FTC said that following the breach, TRENDnet made available new software to correct the vulnerability and alerted customers concerning the new software.
TRENDnet's actions constitute unfair or deceptive acts or practices in violation of Section 5 of the FTC Act, 15 U.S.C. § 45(a), the FTC alleged. Specifically, its representation that its products are a secure means to monitor a user's home or workplace and its representation that it will honor a user's security settings constitute false or misleading representations, the commission said.
In addition, the FTC said TRENDnet's “fail[ure] to provide reasonable security to prevent unauthorized access to the live feeds from its IP cameras” is an unfair act or practice. The FTC's authority to regulate the data security practices of companies under Section 5's unfairness prong is under review in a controversial case involving Wyndham hotels (FTC v. Wyndham Worldwide Corp., D.N.J., No. 2:13-cv-01887, motions to dismiss filed 4/26/13) (12 PVLR 1465, 9/2/13).
Under the terms of the proposed consent order, TRENDnet has agreed to refrain from misrepresenting the security of its devices or the extent to which consumers can control the security of their information.
The proposed pact would require the company to establish and implement a comprehensive security program and obtain third-party assessments of its security programs every two years for 20 years.
In addition, TRENDnet would have to notify its customers that the cameras had a flaw that allowed third parties to access information from the live feeds and provide free support, through phone and email for two years, to help customers update or uninstall their cameras.
According to the proposed order, the company neither admitted nor denied the allegations in the proposed complaint.
The FTC said it is accepting comments on the proposed agreement through Oct. 4. It released an analysis of the proposed consent order to aid public comment.
Laura D. Berger and Andrea V. Arias, of the FTC, in Washington, represented the commission. John Sun, of the Law Offices of John L. Sun, in Tustin, Calif., represented TRENDnet.
The proposed agreement containing consent order is available at http://www.ftc.gov/os/caselist/1223090/130903trendnetorder.pdf.
The proposed administrative complaint is available at http://www.ftc.gov/os/caselist/1223090/130903trendnetcmpt.pdf.
The FTC's analysis of the proposed consent order is available at http://www.ftc.gov/os/caselist/1223090/130903trendnetanal.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)