FTC Testifies on Spyware

The Federal Trade Commission today told the Senate Committee on Commerce, Science, and Transportation Subcommittee on Trade, Tourism, and Economic Development that spyware and other “malware” that is downloaded to consumers’ computers without their consent can cause problems ranging from sluggish computer performance to loss of sensitive personal data. Chairman Deborah Platt Majoras said the FTC has an active program to address concerns about spyware and other malware, including research, law enforcement, and consumer education.
“The Commission’s spyware law enforcement strategy focuses on three key questions,” the testimony says. “First, were consumers aware of the installation of the software on their computers? Second, what harm did the installation of the software cause? Third, how difficult was it for consumers to uninstall the software after it had been installed?”

In the case of FTC v. Odysseus Marketing, Inc., www.ftc.gov/opa/2005/10/odysseus.htm announced today, the agency alleged the defendant used deceptive claims that their free software would make illegal peer-to-peer file sharing anonymous. They did not disclose that their software would automatically install other, harmful software on consumers’ computers. According to the testimony, the agency has filed suit in U.S. district court to halt the deceptive and unlawful acts and is expecting a ruling from the judge shortly.

In another FTC law enforcement case targeting spyware that violates federal law,
FTC v. Seismic Entertainment www.ftc.gov/opa/2004/10/spyware.htm the agency alleged the defendants engaged in “drive-by” downloads to install their software. The agency charged that downloading software without consumers’ consent was unfair, in violation of the FTC Act, and a federal district court judge barred the defendants from distributing their software in that way, the testimony says.

According to the testimony, the FTC case challenging Advertising.com www.ftc.gov/opa/2005/08/spyblast.htm charged that the defendants bundled adware with their free security software, secretly collecting information about the consumers, and pelting them with pop-up ads. The agency alleged the bundled adware was material to consumers’ decisions about whether to download the security software, and the failure to disclose it was deceptive and violated the FTC Act.

In two other cases, FTC v. MaxTheater www.ftc.gov/opa/2005/03/maxtheater.htm and FTC v. Trustsoft, www.ftc.gov/opa/2005/06/trustsoft.htm the agency alleged the defendants made false claims to consumers about the existence of spyware on their computers and sold spyware removal products at prices ranging from $30 to $40. The “spyware removal programs” did not perform as promised. The FTC alleged violations of the FTC Act, and the courts have barred the false claims in both cases, the testimony says.

“Given the prevalence of spyware and the consumer harm it inflicts, the FTC has made spyware investigations and prosecutions an enforcement priority, and we will continue to file law enforcement actions against those who distribute spyware in violation of the FTC Act,” Majoras said. “The Commission would like to emphasize four additional measures that it believes would enhance its efforts to combat the dissemination of spyware,” she said.

Webroot, a well-known anti-spyware product distributor reports that a majority of spyware programs comes from foreign distributors, the testimony says. The agency supports legislation, the US SAFE WEB Act, to make it easier for the FTC to share information and cooperate with foreign law enforcers. “The Internet knows no boundaries, and it is critical to improve the FTC’s ability to work with the officials of other countries to prevent online conduct that undermines consumer confidence in the Internet as a medium of communication and commerce,” Majoras said.

The agency will continue to work in cooperation with federal and state criminal law enforcers. “Federal criminal and state law enforcement actions are a critical complement to the FTC’s law enforcement actions,” the testimony says.

Majoras said the FTC and others need to continue to play an active role in educating consumers about the risks of spyware and anti-spyware tools. An FTC Spyware Alert www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt142.shtm that lists clues that spyware may have been installed, has been accessed over 100,000 times. A new consumer education initiative, OnGuardOnline.gov has general information on online safety, as well as sections with specific information on a range of topics, including spyware, the testimony says.

“The FTC will continue to execute aggressive law enforcement and innovative consumer education programs in the spyware arena,” Majoras said.

The Commission vote to authorize the testimony was 4-0.

Copies of the testimony are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.