A series of “consent agreements” has been proposed for companies that rented computers to consumers – and delivered the units with installed software to capture private email messages, passwords for social media websites, details about financial transactions, Social Security numbers, medical records and “webcam pictures of children, partially undressed individuals and intimate activities at home.”
The proposed decrees are between the Federal Trade Commission and DesignerWare LLC, Timothy Kelly and Ronald P. Koller, Aspen Way Enterprises, B. Stamper Enterprises, C.A.L.M. Ventures, J.A.G. Rents, Red Zone Investment Group, Showplace Inc., and Watershed Development.
An organization that specializes in consumer privacy and electronic invasions into that, the Electronic Privacy Information Center, just days ago filed comments on the proposed agreements, telling the feds they should be able to do better.
“The consent orders flatly prohibit the companies from using or licensing others to use any monitoring technology to secretly collect personal data from any computer rented to a customer. The orders enjoin these companies from using geolocational tracking without ‘clear and prominent notice,’ ‘affirmative express consent,’ and ‘clear and prominent icons,'” the group said.
Further, there are orders to delete or destroy all previously collected information, and it allows the FTC to monitor the companies for the next 20 years.
While all of those provisions are fine, EPIC said additional precautions should be adopted.
“EPIC recommends that (1) the commission require the companies to implement Fair Information Practices similar to those contained in the Consumer Privacy Bill of Rights; (2) the commission make the compliance reports publicly available; and (3) the commission further investigate – perhaps in a workshop format – the relationship between privacy and inequality, i.e. the risk that low-income consumers are more likely to be subject to business practices that place at risk personal privacy,” the group wrote.
“EPIC supports the proposed consent orders in this case,” the group’s statement said. “The orders will help prevent the companies from engaging in similar privacy violations in the future. However, because of the particularly egregious privacy violations at issue in this case and the vulnerability of the targeted consumers, EPIC believes that additional protections are needed.”
The FTC said the companies were accused of spying on their customers, “capturing screenshots of confidential and personal information, logging their computer keystrokes, and in some cases taking webcam pictures of people in their homes, all without notice to, or consent from, the consumers.”
The software allegedly allowed the companies to track the location of rented computers without the consumers’ knowledge, and the FTC said the settlements bar the companies from any further illegal spying, from activating location-tracking software without the consent of computer renters and notice to computer users, and from deceptively collecting and disclosing information about consumers.
Jon Leibowitz, chairman of the FTC, said when the agreements recently were proposed that a rental “doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes.”
DesignerWare LLC provided software to rent-to-own stores that tracked rented computers. The software contained a “kill switch” the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments.
The FTC agreements require record keeping that will allow the FTC to monitor compliance for the next 20 years.