Seven companies settled spyware charges with the Federal Trade Commission (FTC) for offering rental computers that included spyware to photograph users without their consent. The FTC charged the maker of the software, DesignerWare in Pennsylvania, and seven companies with recording keystrokes, taking photographs of users and using the laptop webcams to record any activity within view, including users undressing, their intimate activities and a few having sex.
The media seems to have downplayed this story but read just one paragraph from the actual FTC settlement document:
Detective Mode to record data every two minutes until prompted to stop doing so. DesignerWare’s servers collect this information and transmit it to the licensee for however long the licensee leaves “the Detective” turned on. In numerous instances, data gathered by Detective Mode has revealed private, confidential, and personal details about the computer user. For example, keystroke logs have displayed usernames and passwords for access to email accounts, social media websites, and financial institutions. Screenshots have captured additional confidential and personal information, including medical records, private emails to doctors, employment applications containing Social Security numbers, bank and credit card statements, and discussions of defense strategies in a pending lawsuit. When activated, Detective Mode can also cause a computer’s webcam to surreptitiously photograph not only the computer user, but also anyone else within view of the camera. In numerous instances, Detective Mode webcam activations have taken pictures of children, individuals not fully clothed, and couples engaged in sexual activities.
No small infraction here – the spyware was on some 420,000 laptops that were distributed to renters. All of this done without consent and the data, photographs and video was transmitted to DesignerWare, which then redistributed it to the store from which the laptop came.
Unfortunately, it seems the FTC has no criminal jurisdiction in a case like this and with only civil authority cannot even level fines against the companies. Instead, the settlement only requires the companies to now notify users in advance of the spyware on the machines.
The companies claim this is the only way they can track customers who fall behind in the payments. But they were able to gather a wealth of data including social security numbers, passwords and account information, medical data and any activities that went on in front of the laptops while they were open.
Somehow, one feels that this is like seeing a cockroach – if you see one, you know there are many more – and we have already seen other cases of this with a couple in Wyoming and a well-reported case of the school system (also in Pennsylvania) that spied on children through their laptops.
We hardly seen the last of these corporate intrusions on privacy. And here’s one final ploy they used – a “Windows Registration” screen that was nothing but a ploy to collect more data – the Windows OS on the laptops was previously registered when the laptops were configured.
Fake Microsoft Windows registration spyware screen
