A recent Open Letter sent to the Federal Trade Commission (FTC) jointly by consumer advocacy groups, including Consumer Reports, US PIRG and fifteen other entities, may be an early signal of future FTC focus.¹ The letter addresses software issues for connected devices or any other tangible products, whether embedded or separately accessed. More specifically, the letter urges the FTC to address three practices that allegedly hinder consumer’s expected use of the connected device: (1) placing software behind an additional or later subscription pay wall; (2) deprecating or failing to update software, effectively “bricking” the product; and (3) preventing software access from moving to a second-hand buyer.

How Have These Issues Been Addressed Historically?

The FTC has publicly investigated the issue of software deprecation for a connected device under its Section 5 powers in at least one instance in 2016, but declined to take enforcement action.² Simultaneously with this 2016 Closing Letter, the FTC issued a blog post titled What happens when the sun sets on a smart product?, which set out these specific issues for companies to consider when launching a connected device:

1. Would consumers regard the brand’s offering as primarily a device or software? 
2. Are consumers getting a fixed-term rental or subscription, or are they getting something they will own and can rely on for the life of the device?
3. Would reasonable consumers expect to be able to keep using the device – and have it be fully functional – even if the brand “rides off into the sunset”? 
4. Would consumers expect the device to have an “expiration date”?
5. Could consumers keep using the device in the ways they would reasonably expect based on their experience with similar devices?
6. What representations did the brand make to consumers – or what would consumers otherwise expect – about the time period for which security would be provided?

The FTC did not provide answers or any further discussion of these six points. The FTC did raise the related point that failure to maintain technical support and security updates could leave consumer devices more vulnerable to attack, an issue at the forefront of the FTC’s recent proposed settlement against Verkada, Inc. in connection with security failures and misrepresentations for its connected security cameras.³ Privacy and security concerns, specifically, have been the focus of prior FTC comments, including the subject of FTC comments to the Department of Commerce identifying concerns of IoT products in 2016.⁴ 

The recent Open Letter mirrored many of the issues identified in 2016, providing specific recommendations around required disclosures of guaranteed minimum support, obligations related to maintaining unaffected core functionalities and protection of “adversarial interoperability” for products with inoperable original software.

How Does This Impact My Company? 

While neither this Open Letter nor any specific FTC guidance currently requires any specific action,⁵ the Open Letter and past FTC commentary does suggest that this may be an area in which the FTC may initiate rulemaking, an inquiry, administrative proceeding, or court action. 

What Should I Do Now?

It’s an opportune moment to review the breadth of current advertising claims and warranty commitments across relevant products, as well as other documentation and marketing materials to identify any commitments as to continued software use, access and updates.

What if the FTC Contacts Me?

If you receive a confidential inquiry letter or other communication from the FTC, consumer groups, or individual consumers, we can advise you as to next steps, including any potential response.