The D-Link Systems’ Consent Order Explained

On Tuesday, August 6, 2019, the U.S. District Court for the Northern District of California entered a consent order between the Federal Trade Commission (“FTC”) and D-Link Systems, Inc., a U.S. company that is a global leader in connectivity for home, small business, mid- to large-sized enterprise environments, and service providers, resolving an FTC lawsuit alleging that D-Link Systems’ security practices violated Section 5 of the FTC Act.  The D-Link Systems order marks the close of the first ever litigated FTC action over the application of Section 5 to the security practices used for Internet of Things (“IoT”) devices.  This result is good for D-Link Systems, and good for the FTC.

Learn More

Media Recap: Court Dismisses FTC’s Unfairness Count Against D-Link Systems

 

Court Orders Dismissal of D-Link Corp. from FTC Data Security Case

SAN FRANCISCO – U.S. District Judge James Donato has instructed the Federal Trade Commission (“FTC”) to dismiss Taiwan-based D-Link Corporation (“D-Link Corp.”) from a case brought by the FTC in the U.S. District Court for Northern District of California involving unfounded allegations as to security practices for routers and IP cameras. On April 3, 2017, D-Link Corp. filed a motion to dismiss the case because the Court lacked jurisdiction over the company. FTC’s dismissal of D-Link Corp. renders that motion moot. The case will now proceed with California-based D-Link Systems, Inc. as the sole Defendant.

Cause of Action Institute Assistant Vice President Patrick Massari: “The FTC sued a Taiwanese-based corporation without any factual predicate or consumer victims, real or imagined, exceeding the bounds of its regulatory authority. We are grateful for the Court’s directive and pleased with this resolution of issues raised by D-Link Corp.’s motion to dismiss.  We look forward to continuing to vigorously defend this case on behalf of D-Link Systems, Inc.”

Background:

In early January, the FTC filed a complaint against D-Link Systems Inc. and D-Link Corp. The complaint makes vague and unsubstantiated allegations, without asserting a single data breach of any product sold in the U.S. by either company. Instead, the FTC’s complaint relies on unspecified press reports and mere speculation that consumers were placed “at risk,” but fails to allege, as it must, that consumers suffered or are likely to suffer actual or substantial injury. D-Link Systems continues to stand behind its products and maintains a robust range of procedures to address potential security vulnerabilities.

For information regarding this press release, please contact Zachary Kurz, Director of Communications: zachary.kurz@causeofaction.org

 

Cause of Action Institute Files Motion to Dismiss FTC’s Baseless Data Security Charges Against D-Link Systems Inc.

WASHINGTON – Cause of Action Institute (“CoA Institute”) on behalf of D-Link Systems, Inc. today filed in the U.S. District Court for Northern California a Motion to Dismiss the baseless charges brought by the Federal Trade Commission (“FTC”) regarding the company’s security practices for consumer routers and IP cameras.

In an eleventh-hour attempt to expand its own authority to regulate the Internet of Things (“IoT”) before the new administration took office, the FTC in early January filed a complaint against D-Link Systems. The complaint makes vague and unsubstantiated allegations, without asserting a single data breach of any product sold by D-Link Systems in the U.S. Instead, the FTC speculates that consumers were placed “at risk,” to be hacked, but fails to allege, as it must, that consumers suffered or are likely to suffer actual substantial injuries. D-Link Systems stands behind its products and maintains a robust range of procedures to address potential security vulnerabilities.

“This is a case of politicized government overreach without justification or any evidence of consumer injury,” said Patrick Massari, assistant vice president, CoA Institute. “In fact, to her credit, Acting Chairwoman Ohlhausen voted not to bring this case and has spoken out against the agency filing other lawsuits ‘on the eve of a new presidential administration’ that are based on a flawed legal theory and lack economic and evidentiary support.

“This case should be dismissed now. Congress did not delegate to FTC the authority to regulate data security for IoT companies, and therefore FTC’s putative regulation is beyond its legal power. Moreover, the FTC fails in its Complaint to plead the basic elements of proof necessary for a Section 5 ‘unfairness’ violation. The FTC’s action sets a dangerous precedent, whereby the federal government could subject liability to any company that makes an internet-connected product. The FTC’s lawsuit violates D-Link Systems’ due process rights, and will no doubt have a chilling effect on innovation. For these reasons we have urged the Court to dismiss this Complaint in its entirety.”

The FTC has no authority under Section 5(n) of the FTC Act to declare unlawful an act or practice “on the grounds that such act or practice is unfair unless the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.” As D-Link Systems Inc.’s Motion to Dismiss points out, the FTC’s Complaint pleads legal conclusions couched as hypothetical, speculative factual allegations.  FTC’s “deception” allegations should also be dismissed for failure to meet the heightened pleading standards set by Federal Rule of Civil Procedure 9(b), which requires such claims to be pled with particularity.

Read the full Motion to Dismiss here Exhibits can be found here

About Cause of Action Institute:  Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

For information regarding this press release, please contact Zachary Kurz, Director of Communications: zachary.kurz@causeofaction.org

Cause of Action Institute to Defend D-Link Systems Against FTC’s Baseless Data Security Charges

Washington, D.C. – Jan. 10, 2017 – Cause of Action Institute (“CoA Institute”) today announced it will represent D-Link Systems, Inc. (“D-Link Systems”) in its defense against recent unwarranted and baseless charges brought by the Federal Trade Commission (“FTC”) regarding the company’s security practices for consumer routers and IP cameras.

“It sets a dangerous precedent for the federal government to go after a good company and put American jobs at risk without a single instance of actual or likely consumer harm,” said Cause of Action Institute Assistant Vice President Patrick Massari. “This lawsuit is another instance of the FTC’s unchecked regulatory overreach. If the FTC can bring a lawsuit on the mere potential of a data security breach, nearly every company will be subject to unconstrained and unexplored data security liability.  Such limitless liability coupled with FTC’s history of unrelentingly litigious oversight will no doubt have a chilling effect on innovation in the Internet of Things. Privacy advocates and consumers at large should applaud our client’s courage for fighting these incendiary claims and refusing to be held hostage by the FTC for the next 20 years.”

D-Link Systems has retained CoA Institute due to its successful track record fighting government abuse. CoA Institute relentlessly defended LabMD, a small cancer diagnostics company, against a similar unwarranted FTC overreach into data security oversight.

“We are pleased Cause of Action Institute will be joining our fight against these false allegations,” said William Brown, chief information security officer, D-Link Systems, Inc. “We are committed to protecting customer security, which the complaint affirmed by citing no actual data breach. Global connectivity relies on an unfettered commitment to security; we will continue to maintain and enhance the integrity of all D-Link Systems products.”

About Cause of Action Institute
Cause of Action Institute is a 501(c)(3) non-profit working to enhance individual and economic liberty by limiting the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from abuse.

About D-Link Systems, Inc.
D-Link Systems is a global leader in connectivity for home, small business, mid- to large-sized enterprise environments, and service providers.

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org

Another Midnight Power Grab: FTC Again Grasping at Straws in Data Security

Agency files desperate eleventh-hour data security complaint against D-Link without a single instance of actual or likely substantial harm to any consumer

Washington D.C. – The Federal Trade Commission (“FTC”) yesterday filed a complaint against D-Link Systems, Inc. (“D-Link”) claiming a violation of the Federal Trade Commission Act resulting from unsupported allegations of data security lapses in D-Link’s Consumer IP routers and IP cameras.

“The FTC has again overstepped its legal authority under Section 5 of the Federal Trade Commission Act and is bringing this enforcement action without precedent or facts on its side,” said Cause of Action Institute Assistant Vice President Patrick Massari. “In D-Link’s 30-year history, there is no evidence of a single security breach that has resulted in harm to any consumer. As was the case in the FTC’s assault on LabMD, a small cancer-detection laboratory that was destroyed by the FTC’s zeal to dismantle any business that dared challenge its authority, the purpose of this case is to again intimidate businesses and attempt to extend its authority beyond what Congress intended.  D-Link’s ongoing vigorous defense of its security practices and fight against the FTC’s overreach through the legal system is a courageous step in the right direction for all consumer router companies who wish to fight against FTC’s disregard for facts and the rule of law.  Commissioners Ramirez and McSweeny have not learned the lesson of the LabMD case.  FTC’s predatory appetite for overzealous and baseless persecution continues unabated.”

The FTC complaint predictably alleges that D-Link has “failed to take reasonable steps to secure the software for their routers and IP cameras, which [are] offered to consumers, respectfully, for the purpose of protecting their local networks and accessing sensitive personal information.”  D-Link denies the unwarranted allegations outlined in the FTC complaint and asserts it will vigorously defend the action.

The FTC has made vague and unsubstantiated allegations relating to Consumer IP routers and IP cameras.  D-Link maintains a robust range of procedures to address potential security issues, which exist in all Internet of Things devices.  Notably, the complaint does not allege any breach of a D-Link device.  Instead, the FTC speculates that consumers were placed “at risk” to be hacked, but fails to allege, as it must, that actual consumers suffered or are likely to suffer actual substantial injuries. 

About Cause of Action Institute:

To enhance individual and economic liberty, we work to limit the power of the administrative state to make decisions that are contrary to freedom and prosperity by advocating for a transparent and accountable government free from waste, fraud, abuse and cronyism.

For information regarding this press release, please contact Zachary Kurz, Director of Communications at CoA Institute: zachary.kurz@causeofaction.org