By Russ Van Arsdale, Executive Director, Northeast CONTACT
Posted April 20, 2013, at 4:08 p.m.
It was bad enough when criminals were trying to access consumers’ personal information. When some businesses were caught peeking into people’s rented computers, authorities came down hard.
Last week, a settlement was announced between federal investigators and seven rent-to-own, or RTO, companies, plus a software design firm and its two principals. While the settlement allows the companies to avoid admitting they did anything wrong, it requires them to stop doing the things that created all the fuss.
Those things stemmed from the companies’ apparent efforts to cut their losses from theft of their rented computers. According to the Federal Trade Commission, which investigated, the RTOs licensed software from a firm called DesignerWare. That software — installed without the customers’ knowledge — contained a “kill switch” that allowed RTOs to disable a rented computer if, in some cases, even a single payment was missed.
Even more upsetting to consumers may have been the add-on feature in the software called “Detective Mode.” When activated (again without the users’ knowledge) the RTOs could track a computer’s location, log a user’s keystrokes, even turn on a built-in camera to photograph the renter, sometimes in his or her most private moments. It also displayed a fake “registration screen” that tricked consumers into providing their contact information.
The FTC probe determined that the cyberspying gave RTOs access to usernames and passwords for email accounts, financial institutions and social media websites; private emails to doctors; Social Security numbers; bank and credit card statements; data from social media sites; and those photographs that most consumers probably wouldn’t want others to see.
The settlement forbids the companies from using monitoring software and from deceptively gathering personal information. There is to be no geophysical tracking without a consumer’s consent, and the information gathered improperly has to be destroyed (unless it becomes evidence in legal proceedings).
At least one of the companies does business in Maine. You can see the list at http://www.ftc.gov/opa/2013/04/designerware.shtm.
The companies will have to keep good records detailing compliance; the FTC plans to keep tabs on them for the next 20 years. Meanwhile, people who keep an eye on such matters say, since many of us willingly offer up private details, the day is not far off when the law won’t take much notice of privacy violations.
Brian Kabateck and Evan Zucker, attorneys in Los Angeles, wrote an article about the RTO cyberspying. “Everyone must be prepared for a day when these kinds of violations are no longer considered a violation of any right at all because the invitation of so much monitoring technology has completely stripped away any expectation of privacy,” they wrote.
In the Daily Journal, a news service for the legal profession, Kabateck and Zucker urged diligence in protecting consumer information and making sure consumer laws are enforced when breaches occur, “to safeguard these important rights.”
There’s this from the FTC website: “The law balances your right to privacy with a company’s need to provide information for normal business purposes.”
Consumers need to watch carefully, as definitions of terms in the preceding sentence evolve.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email firstname.lastname@example.org.