- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
March 7th, 2016
FTC Settles Privacy Charges Against ASUS
Computer hardware maker ASUSTeK Computer, Inc. ("ASUS") recently settled FTC charges that the company failed to take steps to secure the software on its routers, putting hundreds of thousands of consumers at risk. In addition to flagging software security issues, the FTC argued that ASUS (1) falsely advertised its routers would "protect computers from any unauthorized access, hacking, and virus attacks"; (2) ignored warnings from security researchers that the product was not living up to its claims; and (3) failed to promptly notify customers that the product's security features were defective.
In August of 2012, ASUS introduced and began marketing a feature known as AiCloud on its routers. ASUS marketed AiCloud as a "private personal cloud for selective file sharing ... [with] the most complete, accessible and secure cloud platform." But the AiCloud applications had vulnerabilities that allowed attackers to gain unauthorized access to consumers' files and router login credentials. After security professionals and hacking victims notified ASUS about the vulnerabilities ASUS delayed rolling out a security patch, leaving consumers at risk. The FTC argued that ASUS's failure to remedy the security risks and delay in notifying consumers subjected consumers to substantial injury.
Under the settlement ASUS will establish a comprehensive security program, including "clearly and conspicuously" notifying consumers about software updates and allowing consumers to register for direct security notices regarding its routers.
The FTC has taken substantial steps over the last year to ramp up security initiatives for businesses with products or services that can have an impact on consumer privacy - including its "Start With Security" business education conference series. The ASUS settlement will certainly be added to the list of cases that can guide companies that handle or secure sensitive customer data.
If you have any questions about the ASUS matter or other privacy and data security law issues, please contact S. Gregory Boyd at (212) 826 5581 or email@example.com, or any other member of the Frankfurt Kurnit Privacy and Data Security Group.
Other Privacy & Data Security Law Alerts
iOS 15 Brings New Privacy Controls That Will Impact Advertising Initiatives
After months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5, iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. Read more.
September 20 2021
New York City Restricts Collection of Biometric Identifiers
Major US municipalities are lining up to regulate business use of technologies to collect biometric identifiers and information. For example, Portland, Oregon, banned the use of face recognition technologies earlier this year. Now, New York City businesses must comply with a new law too: Effective July 9, 2021, any commercial establishment in New York City that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity using clear and conspicuous signage near all customer entrances. Read more.
July 7 2021
Business Takeaways from the FTC $5 Billion Settlement with Facebook
On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. Read more.
July 26 2019