US Senator Al Franken is introducing legislation to ban so-called stalking apps, as part of a broader law to protect consumers from apps and devices that secretly track users’ location.
Franken, one of the Senate’s staunchest defenders of privacy rights, has introduced similar legislation before and has been trying to ban stalking apps since 2011.
If it seems inconceivable that apps marketed and sold for the purpose of monitoring their users are legal, there’s a maddeningly logical explanation.
Spying apps that can track location, read text messages, monitor calls (and much more) also have legitimate purposes, despite the likelihood for abuse.
Franken’s proposed law underscores the conundrum: Franken wants to ban the use of these apps for cyberstalking, while still permitting uses such as parents monitoring their children, emergency services locating people in distress, and “similar scenarios.”
In 2014, Franken called on the US Department of Justice (DOJ) to crack down on stalking apps, and in May 2015 requested an investigation by the DOJ and the Federal Trade Commission of the stalking app called mSpy, after a huge trove of mSpy data was leaked on the Dark Web.
Franken says his proposed legislation would close legal loopholes by requiring all companies to have users’ permission before collecting location data or sharing it with third parties, and would ban the “development, operation, and sale of GPS stalking apps.”
Yet companies that produce these apps operate in a legal limbo because of legitimate uses for their software.
Even requiring permission of the user to track someone’s location is another potential loophole, because the “users” of the app are the people doing the stalking, not their victims.
A US court case in 2014 demonstrates the fine legal line stalking app makers are dancing around.
In his legal case, the StealthGenie CEO’s defense denied any liability for illegal behavior and placed blame for stalking on whoever uses the app.
The DOJ noted that StealthGenie’s CEO, Hammad Akbar, had admitted in emails that the company’s business plan involved explicitly targeting the “spousal cheat” market for his stalking app – and that seems to have been his downfall (it appears that StealthGenie is no longer in business).
However, mSpy is still in business, selling their spy apps openly online, but they market these apps for uses that might allow them to avoid breaking laws prohibiting the sale of spyware.
The mSpy website says its app is “monitoring software” (emphasis is ours):
mSpy is the most popular and user-friendly application for watching over your kids, preventing theft, and supervising your employees' performance. Our mobile monitoring software runs on the target device to track all activity including call log history, GPS location, calendar updates, text messages, emails, web history, and much more! After following our easy, step by step instructions on how to create your own personal online mSpy account, you may log in to immediately begin viewing the tracked data.
Laws against spyware and cyberstalking do prohibit users from surreptitiously tracking an un-consenting victim.
Recently, law enforcement in Germany, Switzerland and the UK made several arrests of users of a stalking app called DroidJack.
But DroidJack’s developers haven’t been arrested, and by operating in the shadows between what is legal and what is ethical, they are still in business.
Franken rightly says spyware apps like DroidJack, StealthGenie and mSpy pose a threat, including to victims of domestic violence and stalking, calling the use of these apps “unconscionable,” while noting that they are “perfectly legal” in the US.
Even if they’re legal in your jurisdiction, stalking apps are not something you want on your phone without your knowledge or consent.
Mobile security software will typically flag this sort of app so that you – or your network administrator – can decide whether it should be allowed or not.