By Ronnie London & Elizabeth Soja
On June 2, 2010, the FTC announced a settlement with a company that was selling and distributing spyware and providing customers with instructions for remotely installing that spyware on the computers of unsuspecting third parties. The court’s final order requires CyberSpy Software, LLC and its owner to ensure that any download of “RemoteSpy” keylogger software now provides notice to the computer’s owner that the spyware has been downloaded onto the device. The computer’s owner must also consent before the software can be installed. Along those same lines, the order bans all advertising that says RemoteSpy can be installed surreptitiously on a computer without the owner’s knowledge. The final order follows a preliminary order entered back in November 2008.
The FTC’s complaint against CyberSpy and its owner, filed in federal court in Florida in November 2008, alleged that the defendants provided “customers with instructions on how to disguise the software as an innocuous file, such as 'photos' or 'music' attached to an email, in order to send the software to another computer." When the recipient clicked on the attachment, the software downloaded onto the device without the owner's knowledge. Once the software was installed, it sent information regarding all activity from the computer to CyberSpy's servers via the Internet. RemoteSpy customers could then “access this information by going to remotespy.com and typing in a password that they selected when signing up for Defendants' service,” according to the complaint.
The FTC alleged that these practices violated Section 5(a) of the FTC Act, 15 U.S.C. § 45(a), which prohibits unfair or deceptive acts or practices in or affecting commerce.