The US Federal Trade Commission has reached a settlement with seven computer rental companies and a software firm over what the agency said was flagrant computer spying on customers of the rental stores.
In a statement Wednesday, the FTC said that DesignerWare LLC and seven rent-to-own computer stores agreed to cease using malware-like monitoring software to track rental PCs and from using information gathered by the spying software for debt collection purposes.
According to the FTC, the software captured screenshots of confidential and personal information, logged users’ keystrokes, and in some cases took “webcam pictures of people in their homes, all without notice to, or consent from, the consumers.”
The settlement stems from what an FTC complaint (PDF link) says was a years-long campaign of electronic spying by PC rent-to-own firms against customers using PC Rental Agent, a remote monitoring application made and marketed by DesignerWare that can disable or remotely wipe a rented computer, but also monitored a user’s online activity and physical location using a feature called “Detective Mode.”
PC Rental Agent is installed on 420,000 systems worldwide through 1,617 rent to own stores in the United States, Canada and Australia.
According to an FTC complaint, the software was installed and operated without the knowledge or consent of renters. Ostensibly used to track lost or missing rental systems or disable computers in the possession of renters who had stopped or fallen behind on their payments, PC Rental Agent was used for far more nefarious types of surveillance in the hands of DesignerWare’s customers.
By instructing the firm to activate the Detective Mode feature, for example, the rent-to-own shops charged in the FTC complaint collected private and confidential information about the computer user.
This included usernames and passwords for access to email accounts and social media websites, as well as screenshots of websites containing confidential information like medical records, Social Security Numbers and bank account numbers, the FTC said.
A feature added to the software in September, 2011, also enabled remote tracking of computers running the software by tracking the WiFi hotspots the system connects to against a public database of hotspots.
This was hardly a surprise to DesignerWare’s corporate customers.
An excerpt from an email exchange cited by the FTC in its complaint has DesignerWare co-founder Timothy Kelly pitching PC Rental Agent to a prospective customer by saying that it works “like malware” that could “steal credit cards or someone’s information.”
The FTC said that the DesignerWare and its customers took that analogy a bit too far – violating federal laws by monitoring users without their consent, and using fraudulent means (a phony Windows registration page) to collect personal information about them.
Personal and financial information on victims was, in some cases, used by the rent-to-own companies to assist in bill collection, the FTC said. However, it also appears that the software was used for more prurient purposes, as well.
“Consumers are harmed by DesignerWare’s unwarranted invasion into their homes and lives and its capture of the private details of individual and family life, including, for example, images of visitors, children, family interactions, partially undressed individuals, and couples engaged in intimate activities,” the FTC said.
“Sharing these images with third parties can cause consumers financial and physical injury and impair their peaceful enjoyment of their homes,” the FTC complaint reads.
As part of its settlement, the FTC banned DesignerWare and the seven rent-to-own stores named in the complaint from using monitoring software like Detective Mode and from using deception to gather information on customers.
It also prohibits the use of geo-location tracking without consumer consent and notice, and bar the use of fake software registration screens to collect personal information from consumers.
DesignerWare is barred in the settlement from providing others with the means to commit illegal acts and will be monitored by the FTC for compliance for the next 20 years, the FTC said.