A Federal Trade Commission attempt to rein in a poorly secured IoT device is raising questions over whether the U.S. regulator has the power to crack down on vendors suspected of shoddy practices.
On Thursday, the FTC filed a complaint against Taiwanese manufacturer D-Link Systems that charged the company's internet routers and web cameras can easily be hacked, putting consumers at risk.
But the FTC's complaint doesn't cite evidence that the products have been breached, only the potential for harm to consumers.
That's among the reasons D-Link is contesting the complaint. "Notably, the complaint does not allege any breach of a D-Link Systems device," it said in a statement.
"Instead, the FTC speculates that consumers were placed 'at risk' to be hacked, but fails to allege, as it must, that actual consumers suffered," the company said.
-- submitted from IRC
(Score: 4, Informative) by bradley13 on Monday January 09 2017, @06:10PM
Some tidbits:
- The FTC press release [ftc.gov]: They note that "The Commission files a complaint when it has “reason to believe” that the law has been or is being violated".
- The complaint itself [ftc.gov] charges D-Link with "engaging in unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a)"
- Section 5 of the Federal Trade Commission Act [federalreserve.gov] prohibits "unfair or deceptive acts or practices in or affecting commerce."
- Specifically, the FTC is trying to use this definition: "To be unfair, an act or practice must cause or be likely to cause substantial injury to consumers. Substantial injury usually involves monetary harm. ... Trivial or merely speculative harms are typically insufficient for a finding of substantial injury."
D-Link claims that the complaint is speculative, since the FTC does not cite any specific incidents of consumer harm. Moreover, most IoT problems currently involve using devices in BotNets, which generally do no real harm to the device owner.
So, whaddya think? A good complaint? Or nonsense?
Everyone is somebody else's weirdo.
(Score: 3, Informative) by DeathMonkey on Monday January 09 2017, @06:27PM
It's weird that they didn't cite any of the hacks that targeted D-Link devices because they have occurred:
Mirai, for example, targeted D-Link [bleepingcomputer.com]
Maybe it's because they weren't in the US. Or, maybe they simple filed the complaint before this occurred, who knows.