Ride the Lightning

THE DEVIL DEFROCKED: TRO GRANTED AGAINST CYBERSPY SOFTWARE

November 21, 2008

On November 17th, the Federal Trade Commission announced that it had secured a temporary restraining order against a Florida company accused of peddling spyware. At the request of the FTC, a U.S. district court in Florida issued a TRO against CyberSpy Software, LLC, halting the sale of the company's "RemoteSpy" software. The defendants were also ordered to disconnect from the Internet any of their servers that collect, store, or provide access to information gathered by the spyware.

The FTC’s endgame is to seek a permanent injunction and to have the defendants give up any ill-gotten gains. The agency is suing under the FTC Act, which prohibits unfair and deceptive practices.

Like all spyware manufacturers, defendants touted RemoteSpy as "100 percent undetectable" and able to "spy on anyone from anywhere.” Unfortunately, the rubes that these folks sucker have to pay the price for violations of the federal and state wiretap acts when computer forensics technologists prove just how wrong the ad hype is.

Like so many modern spyware products, this one was intended to be disguised as an innocuous file, such a photo attachment (“want to see the cute pictures I took of the girls this weekend?” is a common line that induces women to open attachments). Click on the attachment and the spyware silently and invisibly installs itself, after which it records the victim’s every keystroke, captures images of the computer screen and records websites visited. To access the information gleaned, CyberSpy clients would log into a website maintained by the defendants.

The commission accused the company of violating the FTC Act by engaging in the unfair advertising and selling of software that could be deployed remotely by someone other than the owner or authorized user of a computer; installed without the knowledge and consent of the owner or authorized user; and used to surreptitiously collect and disclose personal information. The company is also accused of unfairly collecting and storing personal information gathered by the software and disclosing the data to third party clients.

We’re glad to see the FTC work on these cases, but disappointed that the Department of Justice’s policy is generally to keep hands off. Only rarely does the DOJ tackle these cases, in spite of blatant Net advertising that clearly violates federal law. Just last night, we had the pleasure of speaking as a panelist with Eric Welter, from the Department of Justice, who did a splendid job of explaining the law, but could only reiterate DOJ policy that these kinds of cases “are not a priority.”

It was clear at the seminar that most of the attending lawyers thought it should be!

Hat tip to friend and colleague Dave Ries for sending this story along. 
Documents in the case are available at
http://www.ftcgov/os/caselist/0823160/index.shtm.

E-mail:     Phone: 703-359-0700