Image source: Federal Trade Commission
By Frank Bajak
The Federal Trade Commission has for the first time banned a company that makes so-called stalkerware — software used to surreptitiously track a cellphone user’s activities and location — from continuing in the surveillance app business.
Wednesday’s action applies to the marketer of SpyFone, Puerto Rico-based Support King LLC, and its CEO, Scott Zuckerman. Such commercial surveillance products secretly obtain unfettered access to someone’s smartphone, leading to serious harm, the FTC said in a statement on its website.
Support King marketed SpyFone as a tool to monitor the activities of children and employees. But it neglected to prevent stalkers and domestic abusers from using it for surveillance, the FTC said.
The company’s products let the installer monitor a person’s online activity, including text and video chats and, in a premium version, even secretly activate the device’s microphone to record phone and video conversations.
The FTC found that not only is SpyFone sneaky — no icon appears on a phone after it is installed — but its developers also were negligent in protecting the data it collected on unsuspecting victims from hackers. It said information from about 2,200 people had been compromised in a hacker’s breach of the company’s server.
There was no immediate response to an email seeking comment sent to the only contact address on the SpyFone website.
“Federal agencies have long been lax when it comes to allowing companies to peddle surveillance products with impunity,” FTC commissioner Rohit Chopra said in a statement.
Online watchdogs led by the Electronic Frontier Foundation and the Citizen Lab at the University of Toronto have long complained of rampant abuse of stalkerware, particularly in targeting victims of domestic violence.
“Practically speaking, this is a bold move by the FTC but now they will have to follow through and enforce it,” said Eva Galperin, cybersecurity director at EFF, via email. “It might be the beginning of the end for stalkerware, but even if that is true, it’s a long process and there is a lot that can go wrong between now and then.”
Chopra said civil action by the FTC is not enough to “meaningfully crackdown on the underworld of stalking apps.” He urged the use of criminal laws including the Computer Fraud and Abuse Act, to combat its use.
Under the proposed settlement, SpyFone’s sellers will have to delete all information collected by their stalkerware apps and alert people victimized by the products, the FTC said.