BULLETIN: FTC Says Rent-To-Own Companies Used Software To Spy On Customers In Their Own Homes And At WiFi Spots; Agency’s Complaints Introduce Specter of Private Big Brother

BULLETIN: In announcing deeply troubling allegations today, the FTC said that seven rent-to-own companies and a software firm spied on customers who leased computers.

The customers were spied on in their own homes and at WiFi spots, the FTC alleged.

Although the companies agreed to settle the FTC’s charges, the allegations alone introduce the specter that private businesses that leased computers to financially strapped Americans licensed themselves to go into the spy business, effectively snooping on potentially hundreds of thousands of people and creating a condition under which data could be harvested to track their public movements.

Software installed on the computers gave the rental companies the ability to take remote screen shots, log keystrokes and, in some instances, use the computer’s installed webcam to snap photos not only of customers, but also of visitors in their homes, the FTC said.

“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said FTC Chairman Jon Leibowitz.

Some of the firms that put themselves in the spy business were “franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase,” the FTC said.

Named in a series of FTC complaints are software firm DesignerWare LLC and its principals, Timothy Kelly and Ronald P. Koller; Aspen Way Enterprises Inc.; Watershed Development Corp.; Showplace Inc., d/b/a Showplace Rent-to-Own; J.A.G. Rents LLC, d/b/a ColorTyme; Red Zone Inc., d/b/a ColorTyme; B. Stamper Enterprises Inc., d/b/a Premier Rental Purchase; and C.A.L.M. Ventures Inc., d/b/a Premier Rental Purchase.

From an FTC statement today (italics added):

DesignerWare’s software contained a “kill switch” the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments. DesignerWare also had an add-on program known as “Detective Mode” that purportedly helped rent-to-own stores locate rented computers and collect late payments.  DesignerWare’s software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.

When Detective Mode was activated, the software could log key strokes, capture screen shots and take photographs using a computer’s webcam, the FTC alleged.  It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.

Detailed allegations are laid out in the various complaints — and those details might be enough to make Americans’ skin crawl.

“Data gathered by DesignerWare and provided to rent-to-own stores using Detective Mode revealed private and confidential details about computer users, such as user names and passwords for email accounts, social media websites, and financial institutions; Social Security numbers; medical records; private emails to doctors; bank and credit card statements; and webcam pictures of children, partially undressed individuals, and intimate activities at home,” the FTC said.

Customers even were tracked while away from their homes, the FTC charged. From the complaint against DesignerWare (italics/bolding added):

16. Since at least September 2011, on every computer that has a wireless card
installed, PC Rental Agent automatically logs the WiFi hotspots that the wireless card either sees or uses to connect to the Internet. When a computer connects to DesignerWare’s servers, it reports the WiFi hotspot location information along with the computer’s IP address.

17. DesignerWare cross-references the information logged by a rented computer to PC Rental Agent with a publicly available list of WiFi hotspots’ physical locations and provides its licensees with street addresses for the particular WiFi hotspots viewed or accessed by the computer. The information derived from WiFi hotspot contacts can frequently pinpoint a computer’s location to a single building, and, when aggregated, can track the movements and patterns of individual computer users over time. DesignerWare provides its licensees with this location information for the ten most recent reporting cycles. DesignerWare recommends that rent-to-own stores only use this data in connection with recovering stolen property, but it does not monitor, restrict, or otherwise limit its licensees’ access to such location information.

18. DesignerWare applied its location tracking upgrade of PC Rental Agent to every computer on which PC Rental Agent was installed, without obtaining consent from, or providing notice to, the computers’ renters. After the September 2011 upgrade, in numerous instances PC Rental Agent has been installed on rented computers without the computer renter’s knowledge or consent. Thus, consumers using those computers on which PC Rental Agent is installed – who may or may not be the computers’ renters, and who may or may not be current in their lease payments – do not know that their physical location can be identified from the WiFi hotspots that their computers encounter. Nor do they know that employees of the rent-to-own stores from which their computers are rented can monitor their physical locations and the patterns of their movements.

The software also gave the rental companies the ability to dupe people into filling out a form when a “fake registration window” appeared on the computer screens, the FTC charged.

Customers, according to the FTC complaint against Watershed, for example, saw a screen that claimed their computer did not contain an “activated” copy of Microsoft Windows.

“No actual software is registered as a result of a consumer providing the requested information,” the FTC charged. “Instead, Detective Mode captures the information entered in the prompt boxes and sends the data to Watershed. In numerous instances, Watershed has used this information to find, require payment for, or repossess a computer.”

Read the FTC’s extraordinary statement and see links to the complaints by clicking here.

About the Author

4 Responses to “BULLETIN: FTC Says Rent-To-Own Companies Used Software To Spy On Customers In Their Own Homes And At WiFi Spots; Agency’s Complaints Introduce Specter of Private Big Brother”

  1. This *could* be an overreaction, but troubling nonetheless. These are basically the SAME THINGS that anti-theft software, like “Prey”, “Lojack for Laptops” and such software does. Do customers GIVE UP rights when they used a LEASED computer instead of OWNED computer? Absolutely. But how much?

      (Quote)

  2. Quick note: The FTC complaints in the rent-to-own matter and the software’s alleged tracking ability reminded me very much of the Narc That Car MLM debacle in 2010.

    To the best of my knowledge, Narc never came under investigation by the FTC. But it did get on the radar of the BBB and investigative reporters.

    For newer readers, Narc and its affiliates recruited affiliates to write down the license-plate numbers of cars for entry in a purported database that purportedly would:

    * Help the Repo Man locate the cars of borrowers who were behind on their payments.

    * Help the U.S. AMBER Alert system locate abducted children.

    Narc’s MLM members — purportedly tens of thousands of them — were told to fan out into the parking lots of America: Big Box retailers, restaurants, supermarkets, etc. Members were told to write down the plate numbers and the addresses where the cars were parked.

    Before long, video cameras and cell-phone cameras came into play — with the Narc members cruising parking lots and videotaping or snapping photos of plate after plate. The data could have been used to create movement maps of people.

    There were many oddities associated with Narc, not the least of which was that it was an obvious pyramid scheme. But the truly odd thing was how Narc members seemed to have spent little or no time even considering the privacy ramifications, not to mention issues of legality and propriety.

    Before Narc’s collapse, it was a private Big Brother in the making.

    The apparent theory behind the scheme was that the Repo Man would have a hard time recovering cars at the homes of delinquent borrowers and it therefore followed that there was a need to record plate numbers in all the parking lots of America.

    If the target car wasn’t at a borrower’s home, the Repo Man could tap the Narc database to check it against sightings of the car’s license plate elsewhere and perhaps stake out the supermarket parking lot or the parking lot at the gym — wherever, really.

    As a matter of pure math, the scheme was dubious and even dangerous. But the privacy issues were completely overlooked.

    Here’s just one of our columns on Narc and a purported competitor known as Data Network Affiliates.

    http://patrickpretty.com/2010/05/06/essay-why-narc-that-car-has-a-duty-to-reveal-the-names-of-its-database-clients-and-police-departments-whose-members-may-be-narc-consultants/

    It perhaps is worth noting that USHBB Inc., the company that produced ads for Narc, later produced ads for Zeek Rewards.

    Patrick

      (Quote)

  3. It is always a bad financially decision to rent to own. I saw a few examples of rent-to-own examples and it always cost 2.5-4 times more to rent-to-own than just save money and buy or layaway. If you need something that urgently, buy a used computer. I will cost you no more than first two month payment on rent-to-own.

    To the question of tracking. I read stuff from former sales people from own-to-rent companies. What they say that companies do not expect customers to pay for more than three months. It is recovery mode for most of their sales after few months. Obviously they want to know where to recover their stuff from and some started to cheat law.

      (Quote)

  4. It is not just the rent to own companies that are doing that. The buy here pay here car lots are doing the same thing with devices on the vehicles that disable them remotely if you do not make a payment or remove the car from the state you are buying it in. I have even heard of some major car lots doing the same thing for their finance companies.

    Several major lawsuits have been filed over the years concerning that practice.

      (Quote)

Leave a Reply