FTC Closes Data Security Investigation of P2P Software Provider
On August 19, 2010, FTC staff closed an investigation into Limewire, LLC. Limewire provides both a free and purchasable version of P2P software. Based on the staff’s closing letter, available here, the investigation focused on a security vulnerability in legacy versions of the P2P software that put users at risk of inadvertently sharing sensitive information stored on their computers. FTC staff decided to voluntarily close the investigation. Among the factors considered as part of closing the investigation were:
- Limewire’s incorporation of safeguards into the updated software’s user interface to help users avoid the inadvertent sharing of sensitive documents;
- the high attrition rate for legacy versions of the software;
- Limewire’s inability to force users to update to a newer software version; and
- users of some of the older software versions may have been able to avoid disclosure of sensitive PII (noting that an act/practice is not “unfair” under Section 5 unless it causes consumer injury that is not reasonably avoidable by consumers).