The D-Link Systems’ Consent Order Explained

On Tuesday, August 6, 2019, the U.S. District Court for the Northern District of California entered a consent order between the Federal Trade Commission (“FTC”) and D-Link Systems, Inc., a U.S. company that is a global leader in connectivity for home, small business, mid- to large-sized enterprise environments, and service providers, resolving an FTC lawsuit alleging that D-Link Systems’ security practices violated Section 5 of the FTC Act.  The D-Link Systems order marks the close of the first ever litigated FTC action over the application of Section 5 to the security practices used for Internet of Things (“IoT”) devices.  This result is good for D-Link Systems, and good for the FTC.

Learn More

Court Approves Consent Agreement in Federal Trade Commission v. D-Link Systems

WASHINGTON D.C. (August 6, 2019) – Today, the U.S. District Court for the Northern District of California entered a consent order between the Federal Trade Commission (“FTC”) and D-Link Systems, Inc. Cause of Action Institute has represented D-Link Systems throughout this matter. This joint resolution resolves the FTC’s allegations about the security practices D-Link Systems used for its products. D-Link Systems is an industry leader in Internet of Things (“IoT”) and networking solutions.

Learn More

Settlement in Federal Trade Commission v. D-Link Systems Includes No Finding of Liability

WASHINGTON D.C. – Today, Cause of Action Institute (CoA Institute) announced the resolution its client, D-Link Systems, Inc., has reached with the Federal Trade Commission (FTC) regarding the FTC’s allegations about the security practices D-Link Systems used for its products. D-Link Systems is an industry leader in Internet of Things (IoT) and networking solutions.

Learn More

Media Recap: Court Dismisses FTC’s Unfairness Count Against D-Link Systems

 

D-Link Systems Secures Significant Victory in Court Battle Against FTC

Judge dismisses ‘unfairness’ allegations citing complete lack of consumer harm

SAN FRANCISCO – A federal judge has dismissed three counts against D-Link Systems, Inc. from a complaint brought by the Federal Trade Commission (“FTC”) involving baseless charges regarding the company’s data security practices for its consumer routers and IP cameras. Cause of Action Institute (“CoA Institute”) represents D-Link Systems in its defense.

The Court dismissed the FTC’s Section 5 “unfairness” claim due to the “absence of any concrete facts” supporting the FTC’s allegations of potential consumer harm. The Order states:

The FTC does not identify a single incident where a consumer’s financial, medical or other sensitive personal information has been accessed, exposed or misused in any way, or whose IP camera has been compromised by unauthorized parties, or who has suffered any harm or even simple annoyance and inconvenience from the alleged security flaws in the DLS devices.

In March, Michael Pepson, counsel at CoA Institute, argued before the Court that the case should be dismissed due to, among other things, the lack of facts supporting the government’s claims. Pepson argued that the FTC’s complaint includes only vague, unsubstantiated allegations with no mention of an actual breach of any D-Link product, or any harm to a single consumer.

In response to the ruling, Pepson stated: “We are grateful to the Court for taking the time to hear the arguments, carefully study the questions presented, and issue a well-reasoned decision on D-Link Systems’ motion to dismiss. Cause of Action Institute remains proud to represent D-Link Systems in this litigation.”

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org

Cause of Action Institute Files Motion to Dismiss FTC’s Baseless Data Security Charges Against D-Link Systems Inc.

WASHINGTON – Cause of Action Institute (“CoA Institute”) on behalf of D-Link Systems, Inc. today filed in the U.S. District Court for Northern California a Motion to Dismiss the baseless charges brought by the Federal Trade Commission (“FTC”) regarding the company’s security practices for consumer routers and IP cameras.

In an eleventh-hour attempt to expand its own authority to regulate the Internet of Things (“IoT”) before the new administration took office, the FTC in early January filed a complaint against D-Link Systems. The complaint makes vague and unsubstantiated allegations, without asserting a single data breach of any product sold by D-Link Systems in the U.S. Instead, the FTC speculates that consumers were placed “at risk,” to be hacked, but fails to allege, as it must, that consumers suffered or are likely to suffer actual substantial injuries. D-Link Systems stands behind its products and maintains a robust range of procedures to address potential security vulnerabilities.

“This is a case of politicized government overreach without justification or any evidence of consumer injury,” said Patrick Massari, assistant vice president, CoA Institute. “In fact, to her credit, Acting Chairwoman Ohlhausen voted not to bring this case and has spoken out against the agency filing other lawsuits ‘on the eve of a new presidential administration’ that are based on a flawed legal theory and lack economic and evidentiary support.

“This case should be dismissed now. Congress did not delegate to FTC the authority to regulate data security for IoT companies, and therefore FTC’s putative regulation is beyond its legal power. Moreover, the FTC fails in its Complaint to plead the basic elements of proof necessary for a Section 5 ‘unfairness’ violation. The FTC’s action sets a dangerous precedent, whereby the federal government could subject liability to any company that makes an internet-connected product. The FTC’s lawsuit violates D-Link Systems’ due process rights, and will no doubt have a chilling effect on innovation. For these reasons we have urged the Court to dismiss this Complaint in its entirety.”

The FTC has no authority under Section 5(n) of the FTC Act to declare unlawful an act or practice “on the grounds that such act or practice is unfair unless the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” As D-Link Systems Inc.’s Motion to Dismiss points out, the FTC’s Complaint pleads legal conclusions couched as hypothetical, speculative factual allegations.  FTC’s “deception” allegations should also be dismissed for failure to meet the heightened pleading standards set by Federal Rule of Civil Procedure 9(b), which requires such claims to be pled with particularity.

Read the full Motion to Dismiss here Exhibits can be found here

About Cause of Action Institute:  Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

For information regarding this press release, please contact Zachary Kurz, Director of Communications: zachary.kurz@causeofaction.org

Cause of Action Institute to Defend D-Link Systems Against FTC’s Baseless Data Security Charges

Washington, D.C. – Jan. 10, 2017 – Cause of Action Institute (“CoA Institute”) today announced it will represent D-Link Systems, Inc. (“D-Link Systems”) in its defense against recent unwarranted and baseless charges brought by the Federal Trade Commission (“FTC”) regarding the company’s security practices for consumer routers and IP cameras.

“It sets a dangerous precedent for the federal government to go after a good company and put American jobs at risk without a single instance of actual or likely consumer harm,” said Cause of Action Institute Assistant Vice President Patrick Massari. “This lawsuit is another instance of the FTC’s unchecked regulatory overreach. If the FTC can bring a lawsuit on the mere potential of a data security breach, nearly every company will be subject to unconstrained and unexplored data security liability.  Such limitless liability coupled with FTC’s history of unrelentingly litigious oversight will no doubt have a chilling effect on innovation in the Internet of Things. Privacy advocates and consumers at large should applaud our client’s courage for fighting these incendiary claims and refusing to be held hostage by the FTC for the next 20 years.”

D-Link Systems has retained CoA Institute due to its successful track record fighting government abuse. CoA Institute relentlessly defended LabMD, a small cancer diagnostics company, against a similar unwarranted FTC overreach into data security oversight.

“We are pleased Cause of Action Institute will be joining our fight against these false allegations,” said William Brown, chief information security officer, D-Link Systems, Inc. “We are committed to protecting customer security, which the complaint affirmed by citing no actual data breach. Global connectivity relies on an unfettered commitment to security; we will continue to maintain and enhance the integrity of all D-Link Systems products.”

About Cause of Action Institute
Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

About D-Link Systems, Inc.
D-Link Systems is a global leader in connectivity for home, small business, mid- to large-sized enterprise environments, and service providers.

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org