- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
March 7th, 2016
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk. In addition to flagging software security issues, the FTC argued that ASUS (1) falsely advertised its routers would "protect computers from any unauthorized access, hacking, and virus attacks"; (2) ignored warnings from security researchers that the product was not living up to its claims; and (3) failed to promptly notify customers that the product's security features were defective.
In August of 2012, ASUS introduced and began marketing a feature known as AiCloud on its routers. ASUS marketed AiCloud as a "private personal cloud for selective file sharing ... [with] the most complete, accessible and secure cloud platform." But the AiCloud applications had vulnerabilities that allowed attackers to gain unauthorized access to consumers' files and router login credentials. After security professionals and hacking victims notified ASUS about the vulnerabilities ASUS delayed rolling out a security patch, leaving consumers at risk. The FTC argued that ASUS's failure to remedy the security risks and delay in notifying consumers subjected consumers to substantial injury.
Under the settlement ASUS will establish a comprehensive security program, including "clearly and conspicuously" notifying consumers about software updates and allowing consumers to register for direct security notices regarding its routers.
The FTC has taken substantial steps over the last year to ramp up security initiatives for businesses with products or services that can have an impact on consumer privacy - including its "Start With Security" business education conference series. The ASUS settlement will certainly be added to the list of cases that can guide companies that handle or secure sensitive customer data.
If you have any questions about the ASUS matter or other privacy and data security law issues, please contact S. Gregory Boyd at (212) 826 5581 or firstname.lastname@example.org, Phillip E. Jackman at (212) 705 4824 or email@example.com, or any other member of the Frankfurt Kurnit Privacy and Data Security Group.
Other Privacy & Data Security Law Alerts
No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation.
February 16 2017
FTC Hits Targeting Platform Turn Inc. for Deceptive Online Tracking
On Tuesday, December 20, the FTC announced a settlement with digital marketing platform Turn Inc. over claims that the company deceptively tracked users across the Internet for advertising purposes.
December 22 2016
FCC Adopts Broadband Consumer Privacy Rules
On October 27, 2016, the Federal Communications Commission (FCC) adopted an Order requiring broadband Internet service providers and all other telecommunications carriers providing telecommunications services to take greater steps to protect the privacy of their customers, including current and former subscribers and new applicants. Here's a summary of the key obligations imposed on carriers:
November 22 2016