Privacy & Information Security Law Blog

On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC (“DesignerWare”) and several rent-to-own companies that rent computers to consumers, such as Aaron’s, Inc., ColorTyme, Inc., and Premier Rental Purchase. The FTC collaborated with Illinois Attorney General Lisa Madigan in its investigation.

In its complaint, the FTC alleged that the actions of DesignerWare and the rent-to-own companies constituted unfair acts or practices in violation of Section 5 of the FTC Act that “cause or are likely cause substantial injury to consumers.” Specifically, the FTC maintained that DesignerWare developed and sold to the rent-to-own companies a software program called “PC Rental Agent” and an add-on program known as “Detective Mode.” According to the complaint, the Detective Mode program had the ability to “log the keystrokes of the computer user, take screen shots of the computer user’s activities on the computer, and photograph anyone within view of the computer’s webcam.” The program then allegedly submitted the data to DesignerWare and onward to the rent-to-own companies, resulting in the collection of sensitive personal data, including usernames and passwords, medical records, Social Security numbers and pictures of individuals engaged in intimate activities.

The FTC also alleged that the PC Rental Agent program tracked the physical locations of computer users without their knowledge by logging the Wi-Fi hotspot location of the computers and then sending that information to DesignerWare, who cross-referenced the locations with public information to determine the physical addresses of the computers’ users. DesignerWare then sent that geolocation information to the rent-to-own companies. Finally, the FTC alleged that DesignerWare collected personal information, such as computer users’ names, physical addresses, email addresses and phone numbers through the use of a fake software registration window.

In the FTC settlement agreement that contained a consent order, DesignerWare agreed to (1) permanently stop using, selling or licensing any monitoring technology, (2) use location tracking technology only after first providing clear and prominent notice to the computer user and obtaining the user’s affirmative express consent, (3) not deceptively gather consumer information, (4) delete any data it had improperly collected, and (5) refrain from making any misrepresentations about the company’s privacy and data security practices. DesignerWare is further ordered to distribute the order to all relevant employees and directors, file a compliance report with the FTC within 60 days of the date of service of the order, and retain records related to its compliance for five years. The agreements with the rent-to-own companies contain similar prohibitions and requirements.

In announcing the settlements, FTC Chairman Jon Leibowitz stated that “[a]n agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes.”

Update: On April 15, 2013, the FTC approved the final settlement order with the computer rental and software companies accused of spying.