In a lawsuit filed in last month, Nebraska Attorney General Mike Hilgers took aim at Lorex Corporation and Lorex Technology Inc., accusing the home security camera manufacturer of deceiving consumers about critical security vulnerabilities in products sold at major retailers including Costco, Best Buy, Kohl’s, and Home Depot. The case illuminates a growing concern at the intersection of consumer protection, national security, and the increasingly complex global supply chain for connected devices.
The Core Allegations
The 39-page complaint centers on a straightforward but serious claim: that Lorex marketed its surveillance cameras as “private by design” and safe for use in highly sensitive areas like children’s bedrooms, while concealing the devices’ reliance on components and systems from Zhejiang Dahua Technology Co., a Chinese surveillance equipment manufacturer blacklisted by the U.S. government.
According to the Attorney General’s office, Lorex has assured consumers that its cameras are “safe and secure” and that the company is “committed to protecting the integrity, privacy, and security of our customers’ information.” The lawsuit argues these representations are misleading given Lorex’s ongoing operational ties to Dahua, a company that under China’s 2017 National Security Law is legally required to share information with Chinese authorities when requested for intelligence purposes.
The timing of corporate transactions adds a layer of intrigue to the case. In 2022, the Federal Communications Commission severely restricted imports of Dahua products due to national security concerns. One day before the FCC order took effect, Dahua sold Lorex to Skywatch, a Taiwanese holding company. Despite this change in ownership, the lawsuit alleges that Lorex continues to source component parts from Dahua and maintains system and network associations with its former parent company.
Why Dahua Matters
Understanding why U.S. authorities have targeted Dahua provides essential context for the lawsuit’s significance. The Chinese manufacturer was blacklisted by the U.S. government specifically for its involvement in surveillance operations targeting ethnic minorities in China’s Xinjiang region. This wasn’t a mere trade dispute or competitive positioning—it reflected documented concerns about the company’s role in human rights violations and its structural obligation to cooperate with Chinese intelligence agencies.
Security researchers have identified serious vulnerabilities in Dahua’s camera systems that could allow unauthorized access to video and audio feeds, stored archives, network penetration, and remote manipulation of device settings. These aren’t theoretical risks they represent demonstrated weaknesses that sophisticated actors, including those with state backing, could exploit.
For consumers who installed Lorex cameras expecting privacy and security, the alleged connection to Dahua represents a fundamental breach of trust. A camera marketed for monitoring a baby’s nursery or securing a home office could theoretically become a surveillance tool accessible to actors with interests counter to the device owner’s privacy expectations.
The Legal Framework
Attorney General Hilgers filed the lawsuit under Nebraska‘s Consumer Protection Act and Uniform Deceptive Trade Practices Act. These state-level consumer protection statutes generally prohibit deceptive advertising and material misrepresentations in commercial transactions. The legal theory is straightforward: if Lorex represented its products as secure while concealing information about security vulnerabilities and concerning supply chain relationships, those representations constitute actionable deception.
The lawsuit seeks civil penalties, attorney’s fees, and injunctive relief to prevent Lorex from continuing allegedly misleading marketing practices. Importantly, the stated goal isn’t merely to penalize the company, but to raise public awareness about the privacy risks these devices may pose.
This approach reflects a broader trend of state attorneys general using consumer protection authority to address technology-related privacy and security issues, particularly where federal regulatory action may be limited or delayed. While agencies like the FCC can restrict imports on national security grounds, state consumer protection enforcement provides an additional mechanism for addressing how these products are marketed to end users.
Lorex’s Response
Lorex acknowledged the lawsuit in a statement provided to Fox News Digital on September 24, 2025, stating: “We fully intend to contest the allegations made by the Attorney General, and we are confident that a fair hearing will determine that Lorex has taken the appropriate steps to safeguard customer privacy.”
This response suggests the company will mount a vigorous defense, likely arguing that any historical connection to Dahua has been adequately severed and that current security measures are sufficient. The legal battle will likely turn on technical questions about what operational connections remain between Lorex and Dahua, whether those connections create the security risks alleged, and whether Lorex’s marketing materials materially misrepresented these facts to consumers.
Broader Implications for Connected Devices
The Lorex lawsuit represents more than a dispute between one state and one company—it highlights systemic challenges in the connected device ecosystem that affect millions of consumers.
Supply Chain Opacity: Even after corporate restructuring, the underlying technology, firmware, and component supply chains may remain substantially unchanged. A change in corporate ownership doesn’t necessarily eliminate technical dependencies or architectural vulnerabilities. Consumers have limited ability to assess these relationships when making purchasing decisions.
The “Private by Design” Problem: Marketing language around privacy and security has become increasingly sophisticated, but these claims are difficult for average consumers to verify. Terms like “private by design,” “military-grade encryption,” and “bank-level security” sound reassuring but may not reflect the full picture of a device’s actual security posture or the trustworthiness of entities with potential access to data.
Jurisdictional Complexity: When devices are designed in one country, manufactured in another, operated through cloud infrastructure in multiple jurisdictions, and sold globally, determining which legal frameworks apply and how to enforce them becomes extraordinarily complex. A camera installed in Nebraska might route data through servers in multiple countries, potentially including jurisdictions where U.S. privacy expectations hold no legal weight.
The National Security Dimension: Attorney General Hilgers framed the lawsuit partly in national security terms, stating: “The Chinese Communist Party poses a direct threat to American security, including through market actors who create or exploit security vulnerabilities affecting American consumers.” This language reflects growing bipartisan concern in Washington about Chinese technology companies’ potential role in intelligence collection and critical infrastructure vulnerabilities.
What This Means for Consumers
For individuals who have purchased Lorex cameras or similar devices, the lawsuit raises immediate practical questions. Should existing cameras be disconnected? Are there steps users can take to reduce risk if they continue using these devices?
The lawsuit itself doesn’t establish that Lorex cameras have been compromised or that data has been accessed by unauthorized parties. It alleges that security vulnerabilities exist and that the company failed to adequately disclose these risks. The distinction matters—the case is about consumer deception and potential risk, not confirmed exploitation.
That said, consumers concerned about these issues have several options. They can evaluate whether sensitive areas of their homes (bedrooms, bathrooms, home offices with confidential information) should be monitored by any connected camera, regardless of manufacturer. They can review privacy policies and terms of service to understand what data is collected, where it’s stored, and who may have access. They can contact retailers about return or exchange policies if they purchased devices based on security representations they now question.
More broadly, the case underscores the importance of informed decision-making when purchasing connected devices. Price and convenience are important factors, but so are the security architecture, the manufacturer’s reputation and jurisdiction, where data is stored, and whether the company has been subject to government sanctions or security concerns.
The Path Forward
As of early October 2025, the lawsuit remains in its early stages. Lorex has indicated it will contest the allegations, setting up what could be a lengthy legal battle involving technical expert testimony about security vulnerabilities, analysis of marketing materials, and potentially discovery into the company’s ongoing relationships with Chinese suppliers and technology partners.
The outcome could have implications beyond Nebraska and beyond Lorex. If the state prevails, it may embolden other attorneys general to pursue similar consumer protection theories against technology companies whose products involve complex international supply chains and potential security concerns. It could also pressure retailers to conduct more thorough due diligence on the security products they carry, knowing they might face questions from both consumers and regulators.
Conversely, if Lorex successfully defends the case, it might establish that corporate restructuring and certain security measures are sufficient to address concerns about historical connections to sanctioned entities, even if some supply chain relationships continue.
A Wake-Up Call for Privacy Awareness
Regardless of how the Lorex case is ultimately resolved, it serves as an important reminder that the devices we invite into our homes to enhance security may themselves create security and privacy vulnerabilities. The cameras watching our children, monitoring our front doors, and securing our property are also, by their nature, surveillance tools. The question is: who’s doing the watching?
As connected devices proliferate and become more deeply integrated into daily life, consumers, businesses, and policymakers must grapple with difficult questions about trust, transparency, and the trade-offs between convenience and privacy. Nebraska’s lawsuit against Lorex won’t answer all these questions, but it puts them squarely in the public spotlight exactly where Attorney General Hilgers says they belong.
