Earlier this week, the FTC notified Verizon by letter that it has closed its investigation into whether Verizon violated Section 5 of the FTC Act by failing to secure certain routers supplied to the company’s broadband subscribers. The FTC’s investigation centered on Verizon’s practice of supplying routers that incorporated an outdated default security setting, an encryption standard known as Wired Equivalent Privacy (“WEP”). According to the FTC, flaws in WEP were identified by researchers in 2004, but Verizon continued until recently to ship some WEP router models. According to the FTC, this left some Verizon subscribers vulnerable to hackers.
In its letter, the FTC explained that the following factors led it to close its investigation:
- Verizon’s overall data-security practices related to its routers.
- Verizon’s efforts to mitigate the risk that subscribers using WEP-model routers would be vulnerable to hackers, including:
- by removing the WEP model routers from distribution centers and setting them to Wi-Fi Protected Access 2 (“WPA2”), ensuring that future distributed routers would be set by default to WPA2;
- by implementing an outreach campaign to subscribers currently using WEP or no encryption, and requesting that those subscribers change their security settings to WPA2; and
- offering upgrades to WPA2-compatible units for subscribers in possession of older, incompatible routers.
Continue Reading FTC Closes Investigation After Verizon Fixes Encryption Problems With FiOS and DSL Routers