- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
November 19th, 2014
FTC Closes Investigation of Verizon Router Security Citing Company’s Steps to Mitigate Consumer Harm
The FTC recently closed an investigation into whether Verizon engaged in unfair or deceptive acts or practices by failing to ensure that routers it shipped to customers, in connection with its DSL and FiOS services, had proper encryption security. Verizon took steps to mitigate consumer harm, and the company's efforts helped avoid regulatory sanctions. Here's what happened.
The Institute of Electrical and Electronics Engineers ("IEEE") is an influential professional association that, among other things, publishes standards for wireless local area network ("WLAN") products. Way back in 1999, the IEEE's standard for encryption security was called Wire Equivalent Privacy ("WEP"). For a while, WEP was the default setting on many devices. But In 2004, once it was discovered that WEP leaves WLANs vulnerable to attacks from hackers (who could intercept and modify transmission and gain access to restricted networks), the IEEE announced a new, more secure, standard called Wi-Fi protected Access ("WPA"), and later, Wi-Fi Protected Access 2 ("WPA2").
The problem was that Verizon accidentally shipped router models to its consumers with the WEP security standard set as the default, instead of the WPA2 standard.
The FTC closed its investigation into whether the error was a violation of section 5 of the FTC Act, citing Verizon's 1) "overall data security practices related to its routers;" and 2) efforts "to mitigate the risk to its customers' information." The closing letter noted that Verizon did a few things to fix its mistake: It recalled all WEP-defaulted routers from distribution centers and set them to WPA2; implemented a vigorous outreach campaign to customers that were defaulted to WEP, or defaulted to no encryption, and asked them to update their settings; and perhaps most impressively, for customers with older routers incompatible with WPA2, Verizon offered to upgrade them to WPA2-compatible units.
The FTC remarked in closing that although in the past a WEP default setting "may not have been unreasonable," it is now; cautioning: "what constitutes reasonable security changes over time as new risks emerge and new tools become available to address them."
We urge all Internet Service Providers or router manufacturers to default consumer routers to WPA2. If some of your products are still defaulted to WEP, we recommend calling a data security and privacy lawyer, or a data breach specialist, and to consider beginning a public outreach plan to ensure that no harm comes to your consumers' information. Preemptively addressing router encryption problems now may prevent data privacy and security problems, as well as consumer trust violations, down the road.
For more information on this closing letter, or on any other technology, or data privacy and security law issues, please contact Greg Boyd at (212) 826-5581 or firstname.lastname@example.org, Sean Kane at (212) 705-4845 or email@example.com, or Jessica Smith at (212) 705-4876 or firstname.lastname@example.org, or any other member of the Frankfurt Kurnit Technology, Digital Media, & Privacy Group.
Other Advertising Law Alerts
The Truth Will Set You Free: The FTC Provides New Guidance on Consumer Reviews
Late last year, Congress passed the Consumer Review Protection Act, a law designed to stop businesses from using contracts to prevent customers from posting honest reviews about the business.
March 8 2017
FTC Finds “All Natural” Claim Violated FTC Act
The FTC has issued a Final Order against California Naturel, Inc., a seller and marketer of personal care products, finding that the company's "all natural" claims were false and misleading in violation of the FTC Act.
December 15 2016
FTC Policy Statement Focuses on Homeopathic Health Claims
Last week, the Federal Trade Commission issued its new "Enforcement Policy Statement on Marketing Claims for Over-the-Counter (OTC) Homeopathic Drugs," as well as a staff report on a workshop that the Commission held last year on OTC homeopathic drug advertising.
November 28 2016