Featured Research

180solutions & Affiliate Commissions

WhenU Violates Own Privacy Policy

Advertisers Using WhenU

WhenU Spams Google, Breaks "No Cloaking" Rules

WhenU Copies 26+ Articles from 20+ News Sites

Documentation of Gator Advertisements and Targeting

Spyware, Adware, and Malware: Research, Testing, Legislation, and Suits
Benjamin Edelman

[ Introduction - Research - Legislation - Pending Suits ]

Introduction

A number of firms currently design and offer so-called "spyware" software -- programs that monitor user activities, and transmit user information to remote servers and/or show targeted advertisements. As distinguished from the design model anticipated by whatis.com's definition of adware ("any software application in which advertising banners are displayed while the program is running"), these spyware programs run continuously and show advertisements specifically responding to the web sites that users visit. Companies making programs in this latter category include Gator (recently renamed Claria), WhenU, and 180Solutions. Other spyware programs include keystroke recorders, screen capture programs, and numerous additional software systems that surreptitiously monitor and/or transmit users' activities. As programs and practices shift and terms evolve, some practices are more naturally termed "adware" or "malware" -- especially if their tracking is secondary to an advertising purpose.

These programs have prompted a number of legal challenges, as described in the pending suits section, below. They have also attracted attention from legislators, who have proposed laws to rein in the problem

I have followed these developments generally, I have written about the programs and their effects, and I have been retained as an expert in certain of these suits. This page indexes my research and my work in selected cases.

 

Return to top

Research as to Spyware Operation, Advertisements and Targeting

Gator / Claria GAIN

WhenU Save / SaveNow

180Solutions / n-CASE / Zango / SeekMo / Blinkx

Direct Revenue / ABetterInternet / Best Offers Network

Spyware Generally

 

Return to top

Legislation Regulating Spyware

 

Return to top

Pending Suits Against Designers of Spyware

Claria

Claria's activities have prompted a number of legal challenges. This section attempts to chronicle key suits to the best of my ability. Please send suggestions for additions or updates.

WhenU

WhenU has been sued by 1-800 Contacts, Overstock.com, Quicken Loans, U-Haul, Weight Watchers, and Wells Fargo. See summary judgment order (PDF) in U-Haul case (dismissing claims against WhenU) and preliminary injunction order (PDF) in 1-800 Contacts case (granting preliminary injunction enjoining WhenU from delivering certain pop-up advertisements).

1-800 Contacts has also sued (and obtained a preliminary injunction enjoining) Vision Direct, a competitor which used WhenU to cause its advertisements to appear when users requested the 1-800 Contacts web site.

In 2004, WhenU sued the state of Utah seeking that Utah's Spyware Control Act be declared void and invalid.

I served as a technical expert in the Quicken Loans and Wells Fargo matter; I filed two declarations in this matter and provided oral testimony. I served as a technical expert in the Utah matter; I filed a declaration in this matter and provided oral testimony.

180solutions

In September 2005, a consumer class action was filed in Illinois on behalf of all US residents who have had 180solutions software installed on their computers. See Simios v. 180solutions complaint (PDF) and coverage (including 180's claim that the case has "no merit"). This suit was voluntarily dismissed in September 2006.

In October 2005, a further class action was filed in California by Consumer Advocates Rights Enforcement Society. See complaint (PDF).

DMNews reports that Weight Watchers sued 180solutions and eDiets as to eDiets covering Weight Watchers' site using 180solutions software. Case status unknown.

In 2004, 180solutions sued two distributors of its software for installing its software without users' consent, which 180 claims was contrary to the distributors' contract with 180. News coverage. Settlement coverage. In 2005, 180 sued seven additional distriubtors, alleging further nonconsensual installations, but 180 subsequently dropped those suits when defendants failed to reply to 180's complaint.

In November 2005, 180solutions sued Zone Labs for trade libel, tortious interference with business expectancies, unfair and deceptive practices, and unjust enrichment, arising out of Zone Labs's detection of 180's software. See discussion in Threats Against Spyware Detectors, Removers, and Critics. In February 2006, 180 dropped its suit. Zone Labs reports having made no change to its reported classification of 180's software.

Direct Revenue

In March 2005, a consumer class action was filed in Illinois on behalf of all Illinois residents who have had Direct Revenue software installed on their computers. See Sotelo v. Direct Revenue complaint (PDF) and discussion. Decision (PDF) rejecting DR's motion to dismiss, discussion of key points. Settlement (PDF) and notice to class members (PDF).

In October 2005, a further class action was filed in California by Consumer Advocates Rights Enforcement Society. See complaint (PDF). In August 2006, this case was settled.

In April 2006, the New York Attorney General sued Direct Revenue for surreptitiously installing spyware onto users' computers and for making its sotware extremely difficult to remove. The suit includes claims under New York's General Business Law (prohibiting false advertising and deceptive business practices), New York's Penal Law (prohibiting computer tampering), and New York's common law prohibitions against trespass. Case documents at NYAG's site; additional documents and analysis as well as document highlights.

In December 2004, Avenue Media sued Direct Revenue as to "systematic[] delet[ion]" of Avenue's software from users' hard disks. Discussion and case documents. The parties have reportedly reached a settlement, with no money changing hands.

eXact Advertising

In September 2005, a consumer class action was filed in New York on behalf of all US residents who have had eXact Advertising software installed on their computers. See complaint (PDF) and discussion.

In October 2005, a further class action was filed in California by Consumer Advocates Rights Enforcement Society. See complaint (PDF).

Intermix

In April 2005, the New York Attorney General sued Intermix for false advertising, deceptive business practices, and common law trespass. Press release and case documents. In June 2005, the case settled, with Intermix agreeing to pay $7.5 million and to permanently discontinue distribution of its advertising software.

In 2005, a consumer class action was filed in California on behalf of California residents who have had Intermix software installed on their computers. See Kerrins v. Intermix Media. In January 2006, Intermix's motion to dismiss was rejected (PDF) in part, allowing the case to proceed.

In November 2006, the City Attorney of Los Angeles reached a settlement with Intermix as to Intermix's allegedly-illegal business practices. Settlement announcement (PDF). Partial summary of my work in the case.

Ebates

In May 2006, a consumer class action was filed in Illinois on behalf of consumers who have had Ebates software installed on their computers without their consent. Complaint (PDF).

Suits Against Makers of Bogus Anti-Spyware Software

In October 2004, the FTC sued Seismic Entertainment and Sanford Wallace for making unauthorized changes to users' web browsers and performing unauthorized installations of advertising software. In May 2006, Wallace was ordered to forfeit $4 million of ill-gotten gains.

In June 2005, the FTC sued Spykiller for deceptive statements in its marketing of anti-spyware and in its purported detections, including deceptively claimed to have found spyware or to have performed a scan, when it had not done so. A January 2006 settlement entailed payments of more than $900,000, as well as forfeiture of several luxury vehicles, as well as certain injunctive remedies as to accuracy of disclosures.

In March 2005, the FTC sued MaxTheater for deceptive statements about their software and about users' purported need for such software. The December 2005 settlement entailed a payment of $76,000, as well as injunctive remedies (including a prohibition against defendants selling or marketing any anti-spyware software.

In January 2006, the State of Washington sued Secure Computer for violations of the federal CAN-SPAM Act, as well as for violations of the Washington Commercial Electronic Mail Act, Computer Spyware Act, and Unfair Business Practices - Consumer Protection Act. Complaint (PDF) alleges that defendant developed, promoted, and sold anti-spyware products that were marketed improperly, including via improper emails (with false headers, deceptive subject lines, and missing opt-out mechanisms) and via false claims of security problems. In December 2006, the State of Washington announced a settlement including $725,000 of attorneys' fees and costs, $200,000 of civil penalties, and a $75,000 pool for refunds to affected Washington consumers. The settlement also prohibits misrepresenting, directly or by implication, the urgency or need for security software or other programs. Additional terms prohibit deceptive email subject lines, require honoring opt-hours, prohibit claims of "discounts" that are actually ordinary prices, and prohibit simulating system alerts.

In April 2006, the State of Washington sued SoftwareOnline.com for unfair business practices arising out of marketing of Software Online's security software. Complaint (PDF) alleges misrepresenting the extent to which software is necessary for security or privacy, misrepresenting functions on advertisements (e.g. fake user interface ads, where an "x" opened a new ad rather than closing a window), misrepresenting uninstall, and misleading negative-option billing (automatic renewals and future charges). The State of Washington simultaneously announced a stipulated judgment and order (PDF) requiring payment of $40,000 of costs and fees, $400,000 of civil penalties (with $250,000 suspended on condition of compliance with other provisions of settlement). Judgment includes findings of fact as to Software Online's deceptive practices, as well as conclusions of law as to Software Online's liability. Settlement prohibits misrepresentation, directly or by implication, of the urgency or need for security products; utilizing fake user interface elements; showing pop-up or pop-under ads through a trial version; and various other deceptive practices.

In October 2006, the State of Washington sued High Falls Media and ROC Telecommunications for their "Spyware Slayer" software that improperly induces users to install by making false claims that users are, purportedly, already infected. Complaint. Consent decree reflects a $25,000 penalty and $30,000 of costs and fees, as well as restitution to affected consumers, along with restrictions on future advertising practices. Future violations will entail civil penalties of $25,000 per violation.

In November 2006, the State of Washington sued James Lane for his Quickshield software which induced consumers to install by making false statements of security vulnerabilities. Complaint. Consent decree reflects a civil penalty of $5,000, $6,444 of costs, restitution to affected consumers, and restrictions on future advertising practices.

In February 2007, the State of Washington sued Securelink Networks, NJC Softwares, and FixWinReg for misrepresenting the necessity of software for security purposes (in violation of the Washington Computer Spyware Act and Consumer Protection Act). Other claims include misrepresenting that messages are internal operating system security alerts, misrepresenting that the product has deleted critical registry errors, preventing users from declining installations, and modifying computer settings in violation of the Washington Computer Spyware Act. Complaint.

In March 2008, the State of Washington sued Messenger Solutions, LLC for sending user NET SEND popups that 1) claim that a consumer's computer is vulnerable to security attacks, and 2) direct consumers to their web site to buy software to block those very popups. Complaint. In May 2008, the State of Washington won summary judgments requiring the defendants to each pay $400,000 of civil penalties and $141,000 in attorneys' fees and costs.

In September 2008, the State of Washington and Microsoft Corp. sued James McCreary, Branch Software, and Alpha Red as to Registry Cleaner XP, which they claim sent incessant pop-ups that resembled system warnings. Complaint claimed that defendants misrepresented the purported presence of "critical errors" and falsely implied having conducted a scan when no such test had been performed.

Others

In May 2004, Overstock.com sued SmartBargains, Inc. for using pop-up ads to target its web site. Press release.

In October 2005, the FTC sued Odysseus Marketing and Walter Rines for operating the "Clientman" program and causing its installation through a variety of unfair and deceptive practices without requisite consumer disclosures. The FTC's complaint specifically considers and rejects Clientman's license agreement as improperly labeled and otherwise unable to provide consumers with the required notice.

In November 2005, the FTC sued Enternet Media for infecting users with spyware using the lure of free lyric files, browser upgrades, and ring tones. The FTC froze Enternet's assets, and the settlement obliged Enternet to pay more than $2 million.

In November 2006, the FTC sued Media Motor for installing without consent and under deceptive circumstances.

In November 2006, the State of Washington sued Digital Enterprises d/b/a/ Movieland.com, as to software variously named MediaPipe, FileGrabber, and Media Assistant, which also installed other programs, showed pop-ups, etc. Alleges that Movieland took control of users' computers in violation of the Washington Spyware Act, that Movieland misrepresented uninstallation options, that Movieland's practices were unconscionable, that Movieland used threats, harassment, and intimidation in its billing practices, and the Movieland's misrepresentations and failures to disclose violated the Washington Consumer Protection Act. Complaint.

 

Return to top

Related Suits

See Threats Against Spyware Detectors, Removers, and Critics.

 

 

Return to top

This page is a work in progress. Suggestions are welcomed and appreciated.


Last Updated: February 18, 2015 - Sign up for notification of major updates and related work.