FTC MGM Investigation Could Be Thwarted by New Spending Bill
Posted on: July 24, 2024, 03:29h.
Last updated on: July 24, 2024, 03:29h.
A spending bill approved by the House Appropriations Committee contains a provision that could stymie the Federal Trade Commission’s (FTC) investigation into the September 2023 cybersecurity incident that temporarily crippled the casino giant’s domestic operations. The bill was advanced by a Republican representative that has received campaign contributions from the gaming company.
The Republican-controlled committee passed the bill last month. Not only does it propose to trim the FTC’s budget by 27%, it contains an amendment that would halt the FTC’s efforts to force MGM to comply with a Civil Investigative Demand (CID) issued in January. The following month, MGM attempted to quash that request, noting that some of the information demanded by the FTC could jeopardize the gaming company’s efforts to assist law enforcement agencies in pursuing criminal charges against Scattered Spider — the hacking group that carried out the cyber attack against MGM.
The core mission of this bill is to protect the integrity of America’s financial and judicial systems,” said Rep. Dave Joyce (R-OH) in a statement. “In order to fulfill that mission, this bill makes cuts to prevent agency overreach by prohibiting funds for dozens of regulating actions such as blocking the FCC from regulating broadband rates, the FTC from controlling how every day Americans purchase a car, and the SEC from collecting and surveilling transactions of everyone who invests in the stock market.”
Joyce is the chairman of the Subcommittee on Financial Services and General Government. It’s not clear when the full House will consider the legislation.
MGM Capitalized on the System
Earlier this year, MGM fired back at the FTC, suing the commission on the grounds that as a gaming company, the Red Flag and Safeguards statutes the agency is attempting to enforce aren’t pertinent. Those guidelines are typically used in enforcements against financial services firms.
Included in the suit was a request to the court by the gaming company that FTC Chairwoman Lina Khan recuse herself from the case because she and several staffers were guests of the MGM Grand on the Las Vegas Strip during the data breach.
It remains to be seen if MGM will win its effort to kill the CID, but it is clear the Aria operator knows how Washington, DC works. For the current election cycle, the gaming company contributed $10,000 to Joyce’s Defending American Values Everywhere political action committee (PAC), according to Open Secrets.
MGM has donated $104,801 to individual candidates and PACs this cycle and spent $230,000 on lobbying this years, according to Open Secrets. The largest individual recipient of the company’s political donations this cycle is Rep. Susie Lee (D-NV) who represents suburban Las Vegas.
Congressional Attacks on FTC Not Uncommon
The aforementioned spending bill contains several other provisions aimed at reining in FTC enforcement efforts and potential overreach. It’s also not unheard of for Congress to use the power of the purse string to halt various FTC enforcement efforts.
In 1980, Congress passed a law that gave it veto power over some FTC actions and allowed lawmakers to cap the commission’s use of administrative subpoenas. Whether or not that helps MGM in its case against the FTC isn’t clear, but some legal experts believe the company’s status as a multiple offender on the cybersecurity front is hard to ignore.
The FTC could leverage MGM’s reputation for slack cyber defenses prior to the hack against it. Last September, Boston-based BitSight, a cybersecurity ratings and analytics company, graded MGM’s patching cadence with an “F.” Patching cadence is the speed at which an organization addresses known cyberissues and vulnerabilities.
