Security Experts:

Rent-to-own PC Companies Spied on Customers

The FTC has reached a settlement with seven rent-to-own companies, and the developer of a tracking tool, which the agency said was used to violate consumer privacy. The problem stems from the tool itself, which used a “Detective Mode” to track computers that were stolen or behind on payments.

According to the FTC, software maker DesignerWare, LLC, collected the data that enabled rent-to-own stores to track the location of rented computers without consumers’ knowledge. The complaint says that in addition to a kill switch the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments; their software also had an add-on program known as Detective Mode that helped rent-to-own stores locate rented computers and collect late payments.

When Detective Mode was activated, the software logged keystrokes, took screen shots, and photographs using a computer’s webcam. Moreover, it presented a fake registration screen that tricked consumers into providing their personal contact information.

The damning part of the complaint however, is that the data gathered by DesignerWare and provided to rent-to-own stores revealed private and confidential details about the computer users. This includes information such as user names and passwords for email accounts, social media websites, and financial institutions; as well as Social Security numbers, medical records, private emails to doctors, bank and credit card statements, and webcam pictures of children, partially undressed individuals, and sexual activities.

“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC.

In addition to DesignerWare, The FTC also reached settlements with seven companies that operate rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase.

The settlements bar the companies from any further illegal spying, from activating location-tracking software without the consent of computer renters and notice to computer users, and from deceptively collecting and disclosing information about consumers.

A copy of the complaint can be seen here

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.