FTC Expresses Concerns Over Mobile Security Updates
Posted on May 17, 2018
In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between identifying a vulnerability and effectively installing a patch on consumers’ devices. Further, the FTC was worried that information about device support and update frequency is not always clear to consumers, and is not always maintained by manufacturers.
To address these concerns the FTC recommended that those in the mobile device industry commit to supporting devices for as long as consumers would expect such support. Customer expectations could be managed through policies and contracts. The FTC also recommended pushing out regularly scheduled updates and, of particular concern, asked device manufacturers to (a) prioritize security-only updates for high-risk vulnerabilities, and (b) ensure that testing and deployment efforts keep pace with update schedules. The FTC called for keeping records showing the actions taken and decisions made throughout the update process. Finally, the FTC called on members of the industry to work with government and advocacy groups to ensure that consumers understand the importance of security updates – in particular, the critical role consumers play in the update process.
PUTTING IT INTO PRACTICE: For those in the mobile device industry, this report gives guidance on steps the FTC expects with respect to how to keep devices updated and secured after they are in the hands of customers.
Dawn of the New FTC
Posted on May 9, 2018
On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and privacy. It has become increasingly active in this area in recent years and wholesale turnover at the top of the Commission could have a lasting effect on this body of law.
For better or worse, the new Commissioners are comparatively thin on privacy and cybersecurity experience. The new Chairman, Joe Simons, joins a long line of FTC Chairs from the ranks of the antitrust bar, having practiced in that area of law for many years as a law firm partner. Similarly, Commissioner Christine Wilson will join the Commission after building a solid reputation as an antitrust litigator, with little apparent experience in cybersecurity or privacy (she will join the Commission as soon as the Commissioner she is replacing, Maureen Ohlhausen, is confirmed as a federal judge). Rohit Chopra, one of two new Democratic Commissioners, does not hail from the antitrust bar, but neither is he steeped in cybersecurity or privacy, having spent much of his career in financial consumer advocacy.
Probably the two Commissioners most familiar with the challenges of today’s cyber world are the two who are joining the FTC from Capitol Hill – Noah Phillips, Chief Counsel to Senate Majority Whip John Cornyn, and Rebecca Slaughter, Chief Counsel to Senate Minority Leader Charles Schumer. Because of the seniority of Senators Cornyn and Schumer, and because both Phillips and Slaughter worked on the Senate Judiciary Committee which has jurisdiction over many of these issues, they have been exposed at high levels to the policy and legislative questions facing Congress with regard to cybersecurity and privacy. Slaughter, in particular, has shown an interest and spent time on these issues.
                 17 Eye on Privacy 2018 Year in Review