Cases Flashcards
Designerware
Tracking software on rent-to-own computers actually logged keystrokes, had webcam access, took screenshots, logged GPS. Used registration as way of getting personal info,
FTC issued consent decree.
Geocities
Registration info notice said it wouldn’t sell or use data without consent, but they sold it to 3rd parties.
FTC issued consent decree, made them redo privacy notice.
LabMD
Hacked in ‘09 and ‘12. PII and health ins. data leaked.
FTC brought action and LabMD opted for hearing, which was dismissed. FTC forced them to develop a sec program.
LifeLock
They claimed to protect against ID theft totally, but it was really only certain forms of ID theft. Didn’t use encryption on PI or thoroughly restrict access.
Settled with FTC for $1M and fees, had to establish security program.
In 2015, action for failure to comply and fined $100M
Nomi
Sensors in stores detect MAC addresses on phones. FTC claimed they misled about opt-out in notice and didn’t communicate which stores used the service. FTC issued consent decree.
Snapchat
Snapchat was aware snaps could be saved, and address book details were collected from phones. Additionally, “Find Friends” wasn’t secure enough, got hacked, and users were spammed.
Consent decree with FTC
TrustE
Issues digital certs for privacy, which they claimed to do yearly. FTC claimed 1k+ instances not recerted, but given a badge anyways.
FTC settlement
Wyndham Hotels
3 hacks from 2008 - 2009. FTC said they stored CC info unencrypted, allowed easy passwords, didn’t use firewalls when they should have, had out of data systems, didn’t patch, no 3rd party access control, no unauthorized detection measures, and didn’t change any security protocols after breaches.
Wyndham took it to court and lost. 3rd circuit said FTC has the right to extend regulation to cyberspace if it’s causing harm to consumers.
City of Ontario vs. Quon
4th Amendment. City reviewed pager texts and discovered sexual content. Court held that the search and seizure was OK because it was work-related, didn’t violate 4th Amendment.
Aerospaciale vs. SD of Iowa
French company claimed you could only do discovery under the Hague Convention (one judicial state can request evidence from another) after victims of a plane crash in US were trying to get French info, and French company tried to issue protective order. Court said that convention was to facilitate info, so discovery didn’t need to precisely follow the Hague convention.
Apple vs. FBI
FBI wanted back door to encrypted info on criminal’s iPhone. Apple said no. Case was dropped when 3rd party was able to crack it.
Eli Lilly
Had a website that reminded users to take pills. When discontinued, they sent an email out but exposed al the email addresses in the “to” field. FTC brought enforcement action.
First time a privacy and sec program was required as part of settlement.
Riley vs. California
- SC said you cannot search contents of a cellphone without getting a search warrant first.
Katz vs. US
Katz used a apyphone to transmit illegal gambling bets. the FBI recorded it via wiretap, and Katz said this was a 4th amendment violation.
SC agreed, saying people have a right to “a reasonable amount of privacy”
