Companies agree to stop spying, taking secret photos on rented home computers

Filed Under: Law & order, Malware, Privacy

Webcam. Image from ShutterstockThe US Federal Trade Commission has reached a settlement with seven computer rental companies and a software firm over what the agency said was flagrant computer spying on customers of the rental stores.

In a statement Wednesday, the FTC said that DesignerWare LLC and seven rent-to-own computer stores agreed to cease using malware-like monitoring software to track rental PCs and from using information gathered by the spying software for debt collection purposes.

According to the FTC, the software captured screenshots of confidential and personal information, logged users' keystrokes, and in some cases took "webcam pictures of people in their homes, all without notice to, or consent from, the consumers."

The settlement stems from what an FTC complaint (PDF link) says was a years-long campaign of electronic spying by PC rent-to-own firms against customers using PC Rental Agent, a remote monitoring application made and marketed by DesignerWare that can disable or remotely wipe a rented computer, but also monitored a user’s online activity and physical location using a feature called "Detective Mode."

PC Rental Agent is installed on 420,000 systems worldwide through 1,617 rent to own stores in the United States, Canada and Australia.

According to an FTC complaint, the software was installed and operated without the knowledge or consent of renters. Ostensibly used to track lost or missing rental systems or disable computers in the possession of renters who had stopped or fallen behind on their payments, PC Rental Agent was used for far more nefarious types of surveillance in the hands of DesignerWare’s customers.

By instructing the firm to activate the Detective Mode feature, for example, the rent-to-own shops charged in the FTC complaint collected private and confidential information about the computer user.

Username and password. Image from ShutterstockThis included usernames and passwords for access to email accounts and social media websites, as well as screenshots of websites containing confidential information like medical records, Social Security Numbers and bank account numbers, the FTC said.

A feature added to the software in September, 2011, also enabled remote tracking of computers running the software by tracking the WiFi hotspots the system connects to against a public database of hotspots.

This was hardly a surprise to DesignerWare’s corporate customers.

An excerpt from an email exchange cited by the FTC in its complaint has DesignerWare co-founder Timothy Kelly pitching PC Rental Agent to a prospective customer by saying that it works "like malware" that could "steal credit cards or someone’s information."

The FTC said that the DesignerWare and its customers took that analogy a bit too far - violating federal laws by monitoring users without their consent, and using fraudulent means (a phony Windows registration page) to collect personal information about them.

Personal and financial information on victims was, in some cases, used by the rent-to-own companies to assist in bill collection, the FTC said. However, it also appears that the software was used for more prurient purposes, as well.

"Consumers are harmed by DesignerWare’s unwarranted invasion into their homes and lives and its capture of the private details of individual and family life, including, for example, images of visitors, children, family interactions, partially undressed individuals, and couples engaged in intimate activities," the FTC said.

Detective. Image from Shutterstock"Sharing these images with third parties can cause consumers financial and physical injury and impair their peaceful enjoyment of their homes," the FTC complaint reads.

As part of its settlement, the FTC banned DesignerWare and the seven rent-to-own stores named in the complaint from using monitoring software like Detective Mode and from using deception to gather information on customers.

It also prohibits the use of geo-location tracking without consumer consent and notice, and bar the use of fake software registration screens to collect personal information from consumers.

DesignerWare is barred in the settlement from providing others with the means to commit illegal acts and will be monitored by the FTC for compliance for the next 20 years, the FTC said.


Webcam, detective, username and password images from Shutterstock.

, , , , , , , , ,

You might like

10 Responses to Companies agree to stop spying, taking secret photos on rented home computers

  1. Mark · 665 days ago

    As mentioned on Facebook if an individual (or even worse, a hacker!) had done this there would be jail time. This isn't even a slap.

  2. Phil · 665 days ago

    "DesignerWare is barred from the settlement from providing others...."
    I think you mean "...barred IN the settlement...."

  3. Freida Gray · 665 days ago

    Are the general rent-to own companies such as EZ Rental,Rentway,Rent-a-Center,or Aaron's,included in the settlement? This is enough to make it plain that getting a computer from a rental agency is an "at your own risk" sort of deal.

  4. Trent · 664 days ago

    Not one of the 420,000 users had installed security software that should have noticed these actions?

    • Jason · 664 days ago

      What would security software detect, exactly?

      This is a legitimate application installed by authorized users before resale.

      The app is doing what it was designed to do in a way that doesn't use any sort of exploits or vulnerabilities to do its job.

      About the only thing that would be possible to detect would be the signal coming from the 3rd party that activates "Detective Mode." And if the systems were using the Windows Firewall (or something else pre-installed) the 3rd party was probably already white-listed.

  5. beth h · 664 days ago

    Creepy.

  6. Trent · 664 days ago

    Well from this quote, "malware-like monitoring software to track rental PCs and from using information gathered by the spying software for debt collection purposes." and also taking pictures using the webcam is typical of malware, keyloggers, hidden processes for instance..is this not what many security suites tell us they protect us from?

    I would hope my anti-keylogger, anti-screenlogger, webcam logger & clipboard logger etc is catching anything that even if it is a hidden process, before it is sent to those who installed it & informing me of what, where, etc, so I can stop it in it's tracks & remove it.

    If I had a system I could spare, I'd install this just to see if the programs I have would inform me of the suspicious activity so I could find it & clean the computer. Not sure about windows firewall, I wouldn't use it & I'm looking at this from my perspective, I don't use pre-installed security software, but I do see your point in that some people would.

  7. Pete Miles · 660 days ago

    If you think someone might be spying via the inbuilt camera then stick a piece of black electrical tape over the lens with something to stop the lens getting sticky. It's not magic. Or be like me and turn off the camera.

    Pete

  8. Azrael · 659 days ago

    well if you rent to own a computer I guess that means you wipe it first and remove their bogus software

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.