The FTC ( Federal Trade Commission )is attempting to impose its first ban on a “stalkerware” company. They indicate a willingness to tighten down monitoring technologies that reveal individuals’ real-time actions to snoops, hackers, and dangerous persons.
According to a complaint released by the agency on Wednesday, SpyFone, an app that markets itself as a tool for monitoring loved ones’ internet activity, and its CEO, Scott Zuckerman sold real-time access to illegally harvested phone data, including location and email, allowing stalkers and domestic abusers to spy on their victims.
The FTC also accused SpyFone of failing to implement basic security measures to protect the data it gathers. It resulted in a 2018 data breach that exposed the personal information of approximately 2,200 consumers. According to the FTC, the company failed to keep commitments made to customers about how it would improve security following the incident.
The FTC wants the company to erase illegally collected data and notify owners of devices that have been followed, in addition to a ban on future sales or marketing of surveillance equipment.
“SpyFone is a striking brand name for a surveillance service that let stalkers acquire private information,” Samuel Levine, acting head of the Federal Trade Commission’s Bureau of Consumer Protection, said. “This case serves as a timely warning that surveillance-based corporations pose a major threat to our safety and security; we will be aggressive in seeking surveillance limitations when firms and their CEOs abuse our privacy in egregious ways.”
A request for comment from SpyFone was not immediately returned.
For years, technologies known as “stalkerware” have been used to track and intimidate victims of domestic abuse and harassment. They are generally installed in secret, similar to SpyFone, and require users to disable phone security features. During the COVID-19 outbreak, stalkerware became much more common, according to antivirus vendors.
Due to pushback from privacy experts, companies have taken steps to limit sales of the technology in recent years. Experts warn that continuing to allow stalkerware disguised as parental control offers a large loophole for abusers to exploit.
Furthermore, many of those apps appear to use the same lousy security procedures as SpyFone. Earlier this year, ESET researchers discovered that dozens of stalkerware programs failed to protect the data they collected.
The lawsuit, which passed 5-0, was described by FTC Commissioner Rohit Chopra as “a major departure from the agency’s previous approach”. In 2019, the FTC settled its first-ever stalkerware case, compelling the app creator to pledge to strengthen its privacy measures. They require consumers to attest that the app was only used on children, employees, or consenting adults.
Chopra acknowledged, however, that the agency’s strength alone will not be enough to bring the stalkerware sector down.
“While this move was beneficial,” he added, “I am afraid that the FTC will be unable to employ its civil enforcement capabilities to properly crackdown on the underworld of stalker apps”. “I hope that federal and state law enforcement officials consider using criminal laws… to deter illicit spying, including stalkerware.”
Nonetheless, supporters see the action as a win.
“Congratulations to the FTC for blocking stalkerware business Spyfone and its CEO from the surveillance market,” said Eva Galperin. He’s cybersecurity director at the Electronic Frontier Foundation and a stalkware expert.
The order will be accessible to public comment for 30 days before the Commission decides whether to issue a final decision, which may include financial penalties.