Court Upholds FTC’s Power to Sue Hacked Companies

A federal court rejects a bid from Wyndham Hotels to undercut federal authority over data security.

Wyndham hotel in Pittsburgh, Pa.
National Journal
Brendan Sasso
April 7, 2014, 12:56 p.m.

The Fed­er­al Trade Com­mis­sion has the power to sue com­pan­ies that fail to pro­tect their cus­tom­ers’ data, a fed­er­al court in New Jer­sey said Monday.

The rul­ing shoots down a chal­lenge from Wyndham Ho­tels, which ar­gued that the FTC over­stepped its au­thor­ity with a 2012 law­suit against the glob­al hotel chain.

The de­cision by U.S. Dis­trict Court Judge Es­th­er Salas is a ma­jor win for the agency. If the court had sided with Wyndham, it would have stripped the fed­er­al gov­ern­ment of over­sight of data se­cur­ity prac­tices just as hack­ers be­gin to pull off more and more high-pro­file at­tacks.

Salas said her de­cision “does not give the FTC a blank check to sus­tain a law­suit against every busi­ness that has been hacked,” but that she must fol­low the “bind­ing and per­suas­ive pre­ced­ent” to up­hold the agency’s au­thor­ity.

The FTC is cur­rently in­vest­ig­at­ing Tar­get over the massive hack last year that ex­posed in­form­a­tion on 40 mil­lion cred­it cards. Tar­get could have pre­ven­ted the at­tack with bet­ter se­cur­ity prac­tices, ac­cord­ing to a re­cent re­port from the Sen­ate Com­merce Com­mit­tee.

The FTC has sued dozens of com­pan­ies in re­cent years for fail­ing to take reas­on­able steps to pro­tect cus­tom­er data. The agency says it has the au­thor­ity to po­lice data se­cur­ity prac­tices be­cause Con­gress gave it power over “un­fair” busi­ness prac­tices.

The FTC sued Wyndham in 2012, main­tain­ing that the hotel chain didn’t use ba­sic se­cur­ity meas­ures such as fire­walls, com­plex pass­words, or sep­ar­at­ing net­works in dif­fer­ent loc­a­tions. As a res­ult, hack­ers were able to pen­et­rate a com­puter net­work in a Wyndham hotel in Phoenix and ul­ti­mately make off with in­form­a­tion on 500,000 cred­it cards, the FTC charged.

Wyndham asked the fed­er­al court to throw out the suit, ar­guing that in­ad­equate data se­cur­ity prac­tices aren’t “un­fair” un­der the leg­al defin­i­tion. The com­pany also claimed the FTC should have pub­lished clear rules on data se­cur­ity be­fore fil­ing suit.

But Judge Salas said she wouldn’t “carve out a data-se­cur­ity ex­cep­tion” to the FTC’s power over un­fair prac­tices. She also con­cluded that the agency isn’t re­quired to spell-out spe­cif­ic data se­cur­ity rules. 

Al­though the court dis­missed Wyndham’s at­tempt to block the suit, the FTC will still have to prove the charges.  

FTC Chair­wo­man Edith Ramirez said she’s “pleased” with the de­cision and looks for­ward to try­ing the case against Wyndham. 

“Com­pan­ies should take reas­on­able steps to se­cure sens­it­ive con­sumer in­form­a­tion,” she said. “When they do not, it is not only ap­pro­pri­ate but crit­ic­al that the FTC take ac­tion on be­half of con­sumers.”

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.   “We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.”  

Mi­chael Valentino, a Wyndham spokes­man, noted that the de­cision is lim­ited to the FTC’s power and does not ad­dress wheth­er Wyndham broke the law.

“We con­tin­ue to be­lieve the FTC lacks the au­thor­ity to pur­sue this type of case against Amer­ic­an busi­nesses, and has failed to pub­lish any reg­u­la­tions that would give such busi­nesses fair no­tice of any pro­posed stand­ards for data se­cur­ity,” he said. “We in­tend to de­fend our po­s­i­tion vig­or­ously.” 

Al­though the FTC can or­der com­pan­ies to change their busi­ness prac­tices, the agency has no fin­ing au­thor­ity. Demo­crats are push­ing sev­er­al bills in Con­gress that would ex­pand the FTC’s au­thor­ity over data se­cur­ity, in­clud­ing give the agency the power to fine com­pan­ies for non­com­pli­ance.

What We're Following See More »
LEGACY PLAY
Sanders and Clinton Spar Over … President Obama
8 hours ago
WHY WE CARE

President Obama became a surprise topic of contention toward the end of the Democratic debate, as Hillary Clinton reminded viewers that Sanders had challenged the progressive bona fides of President Obama in 2011 and suggested that someone might challenge him from the left. “The kind of criticism that we’ve heard from Senator Sanders about our president I expect from Republicans, I do not expect from someone running for the Democratic nomination to succeed President Obama,” she said. “Madame Secretary, that is a low blow,” replied Sanders, before getting in another dig during his closing statement: “One of us ran against Barack Obama. I was not that candidate.”

THE 1%
Sanders’s Appeals to Minorities Still Filtered Through Wall Street Talk
9 hours ago
WHY WE CARE

It’s all about the 1% and Wall Street versus everyone else for Bernie Sanders—even when he’s talking about race relations. Like Hillary Clinton, he needs to appeal to African-American and Hispanic voters in coming states, but he insists on doing so through his lens of class warfare. When he got a question from the moderators about the plight of black America, he noted that during the great recession, African Americans “lost half their wealth,” and “instead of tax breaks for billionaires,” a Sanders presidency would deliver jobs for kids. On the very next question, he downplayed the role of race in inequality, saying, “It’s a racial issue, but it’s also a general economic issue.”

DIRECT APPEAL TO MINORITIES, WOMEN
Clinton Already Pivoting Her Messaging
10 hours ago
WHY WE CARE

It’s been said in just about every news story since New Hampshire: the primaries are headed to states where Hillary Clinton will do well among minority voters. Leaving nothing to chance, she underscored that point in her opening statement in the Milwaukee debate tonight, saying more needs to be done to help “African Americans who face discrimination in the job market” and immigrant families. She also made an explicit reference to “equal pay for women’s work.” Those boxes she’s checking are no coincidence: if she wins women, blacks and Hispanics, she wins the nomination.

THE QUESTION
How Many Jobs Would Be Lost Under Bernie Sanders’s Single-Payer System?
17 hours ago
THE ANSWER

More than 11 million, according to Manhattan Institute fellow Yevgeniy Feyman, writing in RealClearPolicy.

Source:
WEEKEND DATA DUMP
State to Release 550 More Clinton Emails on Saturday
17 hours ago
THE LATEST

Under pressure from a judge, the State Department will release about 550 of Hillary Clinton’s emails—“roughly 14 percent of the 3,700 remaining Clinton emails—on Saturday, in the middle of the Presidents Day holiday weekend.” All of the emails were supposed to have been released last month. Related: State subpoenaed the Clinton Foundation last year, which brings the total number of current Clinton investigations to four, says the Daily Caller.

Source:
×