Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading

FTC Updates COPPA Guidance to Approve New Parental Consent Methods; Clarify Obligations for Sites not Primarily Targeting Children

Share

The Federal Trade Commission (FTC) has updated its guidance applicable to the Children’s Online Privacy Protection Act (COPPA) to reflect developments in the digital advertising ecosystem and a burgeoning Internet of Things marketplace. The Guidance revises its six-step compliance plan to keep current with developing technology.

The Guidance, which had existed in substantially the same form since 2015, contains three new updates relating to new methods for obtaining parental consent, new products covered by COPPA, and new business models.

Continue reading

©2021 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Privacy Policy