Federal Trade Commission Publishes Report Regarding Mobile Security Updates

Julie Crawford
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

In May 2016, the Federal Trade Commission (“FTC”) issued Orders to File Special Reports under section 6(b) of the Federal Trade Commission Act to the major mobile device manufacturers in an effort to address concerns that mobile devices were not receiving security patches needed to protect the devices from critical vulnerabilities. The Orders were intended to collect information about each manufacturers’ security update procedures and practices for patching mobile operating system software. A parallel investigation of wireless carriers was also initiated by the Federal Communications Commission. The FTC released the collective findings and recommended practices in a report (the “Report”) published on February 28.

While the FTC acknowledges the breadth and complexity of enacted industry measures to streamline the security update process, it recommends that government, advocacy groups, and industry participants take additional steps to increase the number and frequency of updates to user devices. The Report points to a variety of reasons devices remain without vital security updates for extended lengths of time such as: no update is issued, the lengthy process to deploy a patch, or because the user simply does not install an available update. Further, many users are unaware of the period of time their device will receive security updates and when that support window ends.

The Report concludes that the following steps should be taken for an enhanced security update process by consumers, government, advocacy groups, and industry participants:

  • Educate consumers as to their role and the significance of the security update process;
  • Implement and expand security into industry support culture and product design;
  • Improve manufacturer record-keeping of security update frequency and decisions;
  • Streamline security update processes, most notably by offering security-only updates instead of bundling security updates with other general software updates; and
  • Establish and disclose to consumers the device support periods with additional notification of anticipated support expiration.

Concluding with an invitation for feedback, the Report serves as part of an “ongoing dialogue” and adds that the FTC “will continue to work with industry, consumer groups, and lawmakers to further the goals of reasonable security and greater transparency.”

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide