The FTC announced today that it has reached a settlement with TRENDnet regarding allegations that it failed to protect consumers’ privacy and thus caused consumers to unknowingly broadcast private video feeds on the internet. The settlement marks the FTC’s first enforcement action regarding the “Internet of Things,” or an everyday consumer product with connectivity to the internet or other devices. The FTC is hosting a workshop on the Internet of Things on November 9.
In the complaint, the FTC alleged that TRENDnet failed to provide reasonable security precautions for its Internet Protocol (“IP”) cameras, which are sold to home users and small- and medium- businesses to provide security monitoring. Specifically, the complaint provides that TRENDnet “failed to implement a process to actively monitor security vulnerability reports” and “failed to employ reasonable and appropriate security in the design and testing of the software that it provided consumers for its IP cameras.”
As a result of these failures, according to the complaint, a hacker was able to post links to live feeds of nearly 700 TRENDnet cameras, including live fees displaying private areas of users’ homes. While some of these feeds were intentionally made available to the public by the consumer, the hacker was also able to post links to feeds that had not been made available to the public due to a flaw in the cameras’ technical settings.
The settlement prohibits TRENDnet from misrepresenting the security of any of its products or services and requires it to establish a comprehensive information security program designed to address security risks that could result in unauthorized access of private information. As part of this security program, TRENDnet must obtain third-party assessments of its security measures every two years for twenty years.
We will continue to monitor developments in FTC’s regulation and enforcement of the Internet of Things and post updates regularly here.