The consumer center NRW creates a novelty with the civil court case filed against a MediaMarkt branch in Cologne before the Cologne Regional Court. This would like to reach the unconventional step that salespeople will have to inform their customers about known security problems in obsolete software.
Engraving safety deficiencies revealed by BSI
The retailer in Cologne sold from August 2016 the smartphone model Cynus T6 of the Korean manufacturer Mobistel for 99 euros, which was sold with the already outdated Android version 4.4 KitKat. In September 2016, the Federal Office for Information Security (BSI) discovered dangerous gaps during a check, inter alia, in the said device. At this time, the mobile operating system already had 15 known and serious security deficiencies, which were not corrected due to missing updates. The consequences for the buyer were drastic, because with the security gaps, according to BSI attackers it was an easy thing to gain complete control over the smartphone.
Manufacturers did not react to this day
The BSI initially informed the manufacturer Mobistel, who, however, did not respond to the request. At the same time, the Office also informed the consumer protection authorities that they were reacting. Compared to the Süddeutsche Zeitung, Christine Steffen, the expert responsible for the case, said the complaint was still at an early stage, but she believed that the incidents were of “fundamental importance” for smartphone buyers. Volker Tripp, Managing Director of the non-profit organization Digitale Gesellschaft (Digiges), which is committed to “fundamental rights and consumer protection in digital space”, agrees. For him it is “the least that consumers receive transparent information”. However, according to Consumer Center NRW, the MediaMarkt branch has left its customers unaware of the dangers. Currently, the smartphone is no longer offered.
Dealer as contract partner of the buyer
Now the question arises, why against the seller and not the manufacturer or even against Google as a developer of the operating system is proceeded? The retailer represents the direct contractual partner for the consumer. The consumer believes that the consumer is obliged to inform the purchaser about the system’s uncertainty and the associated consequences in the case of known security flaws. “It can not be that I buy a brand new device in a market that is fraught with security gaps, which will not be closed after I have it put into operation, and I do not know that,” says Christine Steffen. At the same time, however, it clarifies that consumer protection is not a matter of prohibiting the sale of the corresponding equipment, but of obliging traders to inform customers about the dangers that may arise.
Hope for signal effect
The civil lawsuit currently concerns only one MediaMarkt branch in Cologne, but could have a signal effect in a decision for the Consumer Protection Center NRW and lead to complaints in other federal states. It would also be possible to take action against other branches of the trading chain or even against other traders.
Problems with updates also in other countries
However, the problem with smartphones affected by security gaps does not only affect Germany. In the United States, in April 2013, the American Civil Liberties Union, the American Civil Liberties Union, filed a complaint to the FTC Competition Authority alleging that various US mobile operators would not pass Google’s Android updates on to their customers’ devices. In May 2016, these manufacturers again asked various manufacturers to explain the criteria for the supply of smartphones with security updates.