Spyware Enforcement – State
Return to the complete report.
State Spyware Case Summary
|
Case |
Company behaviors considered illegal by state Attorneys General |
Laws invoked |
Status |
|
State of New York v. Intermix Media, Inc.
|
• Deceptively and surreptitiously bundling invasive spyware or adware programs with "free" games, cursors, screensavers, or other small software programs. • Employing deceptive methods to prevent users from detecting and removing installed software, including: not making the software accessible in the "All Programs" or "Programs" list, hiding the software in folders not usually associated with programs, not listing the software in the "Add/Remove Programs" utility, not providing an uninstall utility for the software, and reinstalling the software after a user has deleted it.
|
New York General Business Law § 349, 350
New York common law prohibiting trespass to chattels
|
Settlement reached. Defendant agreed to pay $7.5 million in penalties and profit disgorgement, and accepted a ban on adware distribution. Founder and former CEO of Intermix also agreed to pay $750,000 in penalties and profit disgorgement. Acez Software, an affiliate which was downloading Intermix adware with free screensavers, agreed to pay $35,000.
|
|
State of Texas v. Sony BMG Music Entertainment
|
• Failing to disclose on the packaging of an audio CD that software will be installed on the user's computer when the user places the CD in his computer. • Inducing the owner or operator of a computer to install software by ejecting an inserted audio CD unless the computer owner agrees to install the software, even though that software is not necessary for playback of the audio CD. • Surreptitiously installing a file that hides the presence of other files and folders such that the computer owner cannot locate them when performing a search of the file system. • Installing files and folders in a location on the computer such that the computer owner may confuse them for essential files needed to run the computer when this is not the case. • Failing to disclose the presence of a software component that hides other files and folders. • Installing software that remains hidden and active even when its associated music player software is not active. • Making it extremely burdensome if not impossible to remove software by not including an uninstall utility and by requiring the computer owner to contact customer service to remove the software. • Secretly installing files on a user's computer before the user has consented to the installation. • Leaving files secretly installed on a user's computer after the user has declined to accept the related software's EULA. • Failing to disclose to the user the presence of secretly installed files even after the user has declined to accept the related software's EULA. • Failing to provide an uninstall utility for files secretly installed before a user has consented to the installation.
|
Consumer Protection Against Computer Spyware Act (Texas Business and Commerce Code § 48.001 et seq )
Texas Deceptive Trade Practices-Consumer Protection Act (Texas Business and Commerce Code § 17.47 et seq ) |
Settlement reached.
Defendant prohibited from releasing audio CDs containing software that employs technology to hide or cloak files or that does not provide an option to decline installation. Defendant required to provide notice on CD packaging of the functions and features of included software.
Defendant's software is prohibited from gathering personal identifying information without users' express consent, and must be easily removed by users.
Defendant required to provide consumer redress and assistance by posting information on the Web, buying advertising to explain the content protection software's security vulnerability, and offering software patches.
Defendant required to pay restitution to any consumer whose CD-ROM drive was disabled by the software. Defendant also obligated to pay $750,000 to the state of Texas for attorney's fees.
|
|
People of the State of California v. Sony BMG Music Entertainment
|
• Failing to adequately disclose on the outer packaging of a CD or in its EULA that content DRM software would be required to be installed in order to use the CD on a computer. • Failing to adequately disclose that DRM software modifies the Windows operating system in ways unintended by Microsoft. • Failing to adequately disclose that DRM software uses cloaking technology to hide itself on users' computers. • Failing to adequately disclose that DRM software remains in operation at all times, consuming computer resources. • Failing to adequately disclose that DRM software connects to remote Internet servers. • Failing to adequately disclose that DRM software creates computer security vulnerabilities. • Failing to adequately disclose that DRM software cannot be accessed or removed without extraordinary computer sophistication or outside software. • Causing unauthorized software to be installed on users' computers. |
California Penal Code § 502(c)
California Business and Professions Code § 17500 |
Settlement reached. Defendant is enjoined from: • Making false or misleading statements in connection with manufacture, sale or distribution of CDs. • Manufacturing or distributing any CD containing content protection software which hides or cloaks a file or directory. • Manufacturing or distributing any CD containing content protection software which is not readily removable through normal means. • Manufacturing or distributing any CD containing content protection software which tracks, limits or controls transfer or use of music files without disclosure on the outer packaging detailing features and limitations of the use of the CD. • Manufacturing or distributing any CD containing content protection software that tracks or collects personally identifiable information about users and which communicates such information to remote or another entity without express consent.
Defendant required to provide consumer redress and assistance by posting information on the Web, buying advertising to explain the content protection software's security vulnerability, and offering software patches.
Defendant required to pay restitution to any consumer whose CD-ROM drive was disabled by the software. Defendant also obligated to pay $750,000 to the state of California.
|
|
State of Washington v. Secure Computer LLC, Paul E. Burke, Gary T. Preston, Manoj Kumar, Zhijan Chen, Seth T. Traub
|
• Intentionally using deceptive means to alarm the user that his computer may be infected with spyware and thereby inducing the user to download software that claims to be necessary to secure the user's computer. • Inducing the user to run a "free scan" of his computer through false representation and thereby transmitting software to the user's computer that deletes the user's "hosts" file. • Representing that software is an effective spyware removal program when it does not clean the user's computer of virtually any actual spyware. • Labeling something as spyware which is in fact a cookie or harmless registry key, or not installed on the computer at all. • Representing that a removal of infections has been performed when in fact the removed infections were harmless or not present and actual infections were not removed. • Trapping the user in a succession of pop-up warning messages and/or advertisements by simulating buttons on the pop-ups that normally permit the user to close windows or by altering the functionality of standard window-closing buttons. • Engaging in other behaviors including misrepresenting software as a Microsoft product, violations of the CAN-SPAM ACT, and violations of Washington's Commercial Electronic Mail Act.
|
Computer Spyware Act (Revised Code of Washington 19.270)
Consumer Protection Act (Revised Code of Washington 19.86) |
Defendant Chen admitted wrongdoing and agreed to pay $84,000 in fines and restitution as part of a settlement. The settlement prohibits Chen from sending Net Send messages for the purpose of advertising and from creating a false sense of urgency, exclusivity or need for products. Prior to advertising anything, Chen must consult with an attorney.
Defendant Preston agreed to pay $7,200 in attorneys' fees as part of his settlement. The settlement prohibits him from assisting any person or organization in disguising its identity from the public or law enforcement.
Defendant Traub agreed to a settlement in which he will pay $2,000 in attorneys' fees and refrain from illegally using trademarks, making unsubstantiated claims, or otherwise deceiving consumers in a marketing context.
Defendant Secure Computer LLC agreed to pay $75,000 as restitution to Washington State purchasers of Spyware Cleaner and Pop-up Padlock, in addition to $925,000 in civil penalties and attorney fees. Settlement also prohibits defendant from engaging in numerous practices dangerous to consumers.
|
|
State of New York v. Direct Revenue, LLC, and Joshua Abram, Alan Murray, Daniel Kaufman, Rodney Hook
|
• Bundling a spyware program with "free" software without giving consumers any notice of the presence of spyware. • Bundling a spyware program with "free" software, giving consumers notice of the spyware only by following multiple links (in small print) through lengthy license agreements. • Distributing spyware through deceptive "ActiveX" advertisements that bombard consumers with pop-up prompts until they consent to a "free" software download that gives no notice of the presence of spyware. • Distributing spyware through deceptive "ActiveX" advertisements that bombard consumers with pop-up prompts until they consent to a "free" software download that gives notice of the presence of spyware only through a linked license agreement. • Installing spyware by using malicious code that exploits security vulnerabilities without giving any notice to consumers. • Displaying incessant pop-up ads, less than one minute apart, to consumers unwittingly infected with spyware. • Displaying deceptive ads which promote "security" and "anti-spyware" programs to consumers unwittingly infected with spyware. • Distributing spyware that avoids detection and removal by: o failing to inform consumers that the spyware has been installed, o obfuscating the presence of the spyware by scattering its files across a user's computer, using randomly-generated file names, and ascribing false modification dates to the files, o failing to uninstall the spyware when the software with which it was bundled is uninstalled, o preventing the inclusion of the spyware in the Windows "Add/Remove Programs" utility, and o reinstalling the spyware after consumers manually delete it. • Installing additional spyware and other programs after an initial spyware installation, without notifying consumers. • Installing additional spyware and other programs after an initial spyware installation, giving the spyware distributor permanent remote access to consumers' computers without their consent. • Failing to police contracted distributors, or to establish effective controls ensuring, promoting, or encouraging user notice and consent in third-party spyware distributions.
|
New York Executive Law § 63(12)
New York General Business Law § 349-350
New York common law |
Motion to dismiss granted. Notice of appeal filed. |
|
State of Washington v.
|
• Misrepresenting the risk of harm to a user's computer (by falsely finding computers to be at risk and by listing Web sites to which the computer is vulnerable even when the computer blocks access to those sites) in order to induce the user to purchase a security product. • Misrepresenting the functions of standard "buttons" on software advertisements, thereby requiring users to continue to view the advertisements when they try to close them. • Leaving software files on users' computers without their knowledge or consent after they have uninstalled the associated software program. • Engaging in other behaviors including offering misleading negative-option billing to customers.
|
Consumer Protection Act (Revised Code of Washington 19.86.020) |
Settlement reached in which defendants admit violations of the Consumer Protection Act. Defendants ordered to pay $150,000 in civil penalties and $40,000 in attorneys' fees. Settlement terms prohibit the following: • Inducing computer users to install software by misrepresenting that the user's computer is not secure. • Marketing software by means of a "free scan." • Using "buttons" in advertisements that do not function as the user would expect. • Installing software that causes pop-up ads when the user tries to close other ads. • Failing to provide a functional uninstall option. • Failing to obtain a consumer's explicit consent to purchase a product or service.
|
|
State of Washington v. Digital Enterprises, Inc., d/b/a Movieland.com; Alchemy Communications, Inc.; AccessMedia Networks, Inc.; Easton A. Herd; and Andrew M. Garroni
|
• Taking control of a user's computer by means of pop-up videos that the user cannot close out of and thereby obstructing the user's access to the computer and disabling the functionality of the computer. • Providing a software uninstallation option in the "Add/Remove" section of a user's computer which represents to the user that the software can be removed when in fact it cannot be removed. • Failing to disclose that the two practices listed above will be used to force the user to pay for software when the user's 3-day "Free Trial" of the software ends. • Failing to disclose that software downloaded onto a user's computer for a 3-day "Free Trial" will consume a significant amount of computer memory – at least 27 megabytes of RAM. • Failing to disclose that software will be transmitted to a user's computer surreptitiously and activated with the consumer's knowledge or permission. • Representing that software contains "no spyware" when the software itself constitutes spyware insofar as it places files on the user's computer which send repeated, harassing notices that interfere with use of the computer; prevents the user from uninstalling the offending files; and leaves parts of the software on the user's computer if he or she manages to uninstall it.
|
Unfair Business Practices—Consumer Protection Act (Revised Code of Washington 19.86)
Computer Spyware Act (Revised Code of Washington 19.270) |
Settlement reached in which defendants agreed to pay $50,000 to resolve the allegations. Settlement terms require that: • Defendants display all material terms of a service offering on the same page of advertisements for the service such that consumers do not need to scroll down to read them. • Defendants obtain consumer consent to a service offering before collecting payment for that service. • Defendants make all service terms accessible to consumers in connection with any software download. • Defendants disclose clearly and prominently prior to software download the nature, frequency, and duration of any pop-up payment window the software may cause to appear on consumers' computers.
Settlement terms prohibit: • Distributing software without certifying that the computer user owns the computer or is authorized to download software onto it. • Causing any pop-up window to display more than five times in any day or more often than once per hour. • Displaying pop-up windows without a clearly labeled button that causes the window to be invisible and any associated audio to be silenced. • Offering free trial software to Washington residents. • Causing software to appear in the Microsoft add/remove utility unless cliking on such a listing will remove the software.
|
|
State of Washington v. James Lane
(QuikShield Security)
|
• Intentionally and knowingly deceiving consumers by stating that their computers have a malfunctioning security component and thereby inducing consumers to install security software. • Providing an uninstall process that does not work and does not remove the appropriate executable files from consumers' computers. • Misrepresenting that an advertisement for a commercial software product is a Microsoft operating system alert. • Misrepresenting that consumers have malfunctioning security components on their computers when no such components exist. • Misrepresenting the ability to close advertisements with "cancel" or "x" buttons when in fact those buttons open a web site associated with the advertisements. • Misrepresenting that a software product is "absolutely free" when in fact only five free uses of the product are available before consumers are forced to pay for further use. |
Consumer Protection Act (Revised Code of Washington 19.86)
Computer Spyware Act (Revised Code of Washington 19.270) |
Settlement reached in which defendant agreed to pay $10,000 in civil penalties ($5,000 suspended pending compliance) and $6,444 in attorneys' fees. Settlement terms provide restitution to Washington residents and prohibit the following: • Failing to provide an operable install function for any products. • Misrepresenting the source of an advertisement. • Misrepresenting that security or privacy functions on a consumer's computer are not working properly. • Using the "X" button or other images typically associated with closing a window to perform any other function. • Failing to clearly identify the cost of a product. • Creating a false sense of urgency to purchase a product.
|
|
State of Washington v. High Falls Media, LLC; Roc Telecom, LLC; Mark Libutti; Brian Einhaus; and Thomas A. Tortora
(Spyware Slayer) |
• Intentionally and knowingly using deceptive means to alarm consumers that their computers may be infected with spyware and thereby inducing consumers to install security software. • Misrepresenting that scanning a consumer's computer for spyware will not load any software onto the computer when in fact a software download is necessary to perform the scan. • Misrepresenting that a "99% chance" that a consumer's computer is infected has been detected when in fact nothing has been done to detect the presence of malicious programs on the consumer's computer. • Misrepresenting that certain registry keys on consumers' computers are "extreme risk" spyware when in fact the keys are harmless. • Failing to address consumers' software complaints. • Providing a disconnected telephone number for consumers to use for customer service. • Other behaviors involving deception and misrepresentation in violation of the Consumer Protection Act.
|
Consumer Protection Act (Revised Code of Washington 19.86)
Computer Spyware Act (Revised Code of Washington 19.270) |
Settlement reached in which defendants agreed to pay $300,000 in civil penalties ($275,000 suspended pending compliance) and $30,000 in attorneys' fees. Settlement terms provide restitution to Washington residents and prohibit the following: • Creating a false sense of urgency or need for a product. • Failing to respond to consumers' complaints.
|
|
State of
v. SecureLink Networks LLC; NJC Softwares, LLC; Manuel Corona, Jr.; Rudy O. Corella; FixWinReg; and Hoanvinh V. Nguyenphuoc
|
• Installing a software bundle on a user's computer after the user has declined to consent to the bundle installation. • Failure to uninstall bundled software components when the program with which they came is uninstalled, or otherwise providing an obvious means of uninstalling bundled components. • Misrepresenting that advertisements for security software are operating system alerts regarding computer security problems. • Representing that critical security errors have been detected on a user's computer when no such errors were detected, with the purpose of inducing the user to purchase security products.
|
Computer Spyware Act (Revised Code of Washington 19.270)
Consumer Protection Act (Revised Code of Washington 19.86)
|
Defendant HoanVinh Nguyenphoc, owner of WinFixReg, has reached a settlement and agreed to pay $75,000 (suspended pending compliance) and $25,000 in attorney's fees. Defendant is forbidden from: • Misrepresenting a need for their product or the function of their product. • Advertising using simulated system notices, such as security alerts.
Judge ordered defendants Manuel Corona and Rudy O. Corella, operators of SecureLink Networks LLC and NJC Softwares LLC, respectively, to each pay $141,020.45 in costs and fees, $400,000 in civil penalties, and restitution fees to refund all Washington customers. Judge also ordered that defendants be prohibited from the following: • Downloading software on users’ computers without their knowledge or consent. • Inducing installation of software by creating a false sense of urgency. • Using Net Send messages to advertise or market any products. • Using any form of advertising that simulates a security alert. • Misrepresenting the risk level of any “error� found in user’s computer scan. • Any kind of misrepresentation in advertising products, including misrepresenting their benefits or risks. |
|
State of Washington v. Ron Cooke; Messenger Solutions
|
• Modifying computer settings without disclosure, including adding bookmarks and settings. • Taking control of computer by opening multiple, sequential advertisements via the Windows Messenger Service. • Misrepresenting the necessity of software for security purposes, including sending Windows Messenger Service alerts deceptively claiming that the consumer's computer is vulnerable to hackers. • Claiming that the software sold by defendants will block attacks, as well as failing to disclose numerous behaviors of the software including stealth installation of software. • Causing the user to violate computer spyware act by installing software that sends Windows Messenger Service advertisements to other computers. |
Computer Spyware Act (Revised Code of Washington 19.270)
Consumer Protection Act (Revised Code of Washington 19.86)
|
Settlement reached in which defendant agreed to pay $5,000 in attorney cost and fees, $202 in restitution to refund nine consumers, and owes $100,000 in civil penalties (to be waivered upon compliance with provisions). Settlement terms prohibit the following: • Inducing users to install software by creating a false sense of urgency. • Installing software without users’ knowledge or consent, including via deceptive methods such as "free scan" offers. • Failure to provide an easy-to-use uninstall option for downloaded products. • Using Net Send messages to advertise or market any products. • Using any form of advertising that simulates a security alert. • Misrepresenting the risk level of any “error� found in user’s computer scan. • Any kind of misrepresentation in advertising products, including misrepresenting their benefits or risks. |
