Today my project at EPIC filed a complaint before the Federal Trade Commission against several purveyors of amateur spyware. I’ve previously blogged about the uses of spyware to intercept the communications of spouses.
The complaint alleges unfair and deceptive practices by these companies. Specifically, these companies promote illegal surveillance targets; promote the use of “Trojan Horse” email attacks; and fail to warn their customers of the legal risks of the improper use of this software.
Click on this thumbnail for a view of what the marketing looks like:
There are many more examples of the marketing in the complaint.
The FTC does pay attention to spyware. But this is a new beast for them to take on. I suspect that software like this is used in many situations of abuse, but that it goes relatively undetected, unpunished and in general unreported. Undetected because people do not know to look for it. Unpunished because it is difficult to get an otherwise busy police force to focus on the computer forensics needed to effectively prosecute. And unreported because there really is not much data collection going on with these products. We have inklings that the problem is growing, but not much hard data. I hope this also spurs more organizing around this topic and we get a better sense of the malicious uses of this software.
I suspect this is a growing industry, and there will soon be malicious payloads being offered for delivery to your target’s cell phones, iPhones, and other devices, not just PCs. Lets hope the FTC moves and nips it in the bud.