In-brief: A conservative legal group, Cause of Action Institute, said that it was joining a legal battle against the U.S. Federal Trade Commission over a case that charges the technology vendor D-Link engaged in deceptive marketing practices and sold products to the public that are insecure. (Updated to add information on Cause of Action’s work on LabMD and analysis of the D-Link case. – PFR 1/12/2017)
A conservative legal group, Cause of Action Institute, said that it was joining a legal battle against the U.S. Federal Trade Commission over a case that charges the technology vendor D-Link engaged in deceptive marketing practices and sold products to the public that are insecure.
In a statement published on the group’s website on Wednesday, Cause of Action Institute said that it would represent D-Link Systems as it defends itself against charges brought by the FTC, calling those charges “unwarranted and baseless” and saying that the FTC suit against the Taiwan-based firm “put American jobs at risk.” The entrance of Cause of Action Institute, which has been linked to conservative groups, suggests that the D-Link case may become a poster child for anti-regulatory forces within Washington D.C., who see data security regulation as a new front in the fight to limit government oversight of the private sector.
The FTC overstepped its bounds by bringing charges against D-Link without any evidence of “actual or likely” consumer harm, the Institute’s Assistant Vice President Patrick Massari said in a statement.
The news came less than a week after the FTC filed a complaint against consumer device maker D-Link, charging that broadband routers and Internet connected cameras the company makes put consumers’ privacy at risk.The complaint, filed on January 5 in U.S. District Court for the Northern District of California, alleges that D-Link and its U.S. subsidiary, D-Link Systems, used “inadequate security measures” to protect its products, leaving its wireless routers and Internet cameras “vulnerable to hackers.” That put “U.S. consumers’ privacy at risk,” the complaint says. All the while, the company promoted its products as having “advanced network security” and being “easy to secure,” claims that the FTC says were not supported by the facts.
The Cause of Action Institute is a 501(c)(3) public interest law firm that represents pro bono clients in government investigations and litigation concerning “regulatory, constitutional, political and public law matters.” The Institute’s focus is on “ensuring the federal regulatory process is open, honest and fair,” according to a statement on its website. While the group is funded by donations from the public, it is also reported to have received substantial funding from groups with ties to the conservative philanthropists Charles and David Koch.
Cause of Action Institute’s statement echo defiant comments made by D-Link, which said in a statement January 5 that the company’s “processes and procedures related to security were more than reasonable.” “D-Link Systems maintains a robust range of procedures to address potential security issues, which exist in all Internet of Things (IoT) devices,” the company said.
The FTC case against D-Link has been described as “aggressive” because it does not proceed from the exposure of consumer data or harm suffered by consumers. Previous FTC cases against similar vendors like surveillance camera maker Trendnet and AsusTek Computer both resulted in settlements.
Other firms have challenged the FTC’s authority to sanction companies that pay short shrift to the security of data they store. LabMD, a medical testing company, challenged an FTC enforcement action over a leaked patient data file calling it “federal agency overreach.” Cause of Action Institute represented the now-defunct testing firm in that case, as well. And, in October, a Federal Appeals Court granted a stay of the order, noting that LabMD lacked the means to comply with the FTC’s data security order.
Data privacy has been a top concern of the FTC during the Obama Administration. At issue is whether the FTC has the authority to enforce data security standards, absent federal legislation that clarifies which part of the U.S. Federal Government is responsible for policing data security.