By: Sarish Siddiqui

Earlier this summer, the Federal Trade Commission (“FTC”), banned the use of “stalkerware” applications.  Stalkerware apps are often used to track a user’s movements or online activities without their consent or knowledge.  These applications are marketed as a method to catch a cheating significant other, to monitor elderly adults with Alzheimer’s or dementia, and to monitor employees or children.  The Coalition Against Stalkerware even categorizes these applications as instruments used to perpetuate harassment and abuse.

Support King conducted business as SpyFone.com and sold smartphone applications that, “secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack” on people’s smartphone devices without their consent or knowledge.  These applications sold “real-time” access of information to domestic abusers and stalkers that provided them unfettered access to track their targets.  SpyFone software customers were required to bypass several Android restrictions when purchasing the software.  Customers used a method to void their phone warranties and unknowingly exposed themselves to hackers, identity thieves, and other cyber threats.  This business model can monitor email activity and even video chats.

In 2018, when SpyFone had a data breach that affected 2,200 consumers’ personal data, it failed to follow up on its promise to work with an outside security firm and law enforcement to investigate.  The FTC ordered Spyfone to delete any secretly harvested data and illegal data and to notify device owners that the app was secretly installed.  Moreover, the Commission ordered SpyFone to notify victims that its app had been secretly installed on their devices.

Under a unanimous vote, the FTC banned Support King and CEO Scott Zuckerman from the surveillance business.  This is the first ban of its kind and a noteworthy change from the agency’s past approach.  Samuel Levin, the FTC’s acting director of the Bureau of Consumer Protection claimed, “This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security.”  Organizations like the Coalition Against Stalkerware praised the Commission for focusing on stalkerware victims.  Now, these victims are provided an outlet to find support and comfort in the fact that regulatory agencies understand the serious implications of using stalkerware.

Stalkerware applications are incredibly invasive vehicles linked to invasions of privacy and even intimate partner abuse.  These applications live in a gray area of the law.  There are legitimate uses for surveillance apps, like parental control or monitoring the safety of elderly people with memory problems.  However, stalkerware aps become a serious issue when a partner stealthily installs it on a partner’s phone without their consent and an intention to spy.  It is important to note that cyberstalking is closely related to sexual violence against women.  Based on a Kaspersky study, with the assistance of stalkerware, an abusive person stalking their victim can log each keystroke on a device, track that individual’s movements, and even eavesdrop on calls.

Have no fear though, the Coalition Against Stalkerware has provided a number of self-defense mechanisms one may use to protect oneself.  For instance, one should be aware if there is any unusual behavior on their device, for example if a device battery is constantly dying quickly. In that case, there is a possibility that a stalker app has been installed in the background.  Another tactic is to scan your device using apps, like MalwareBytes, Certo, or NortonLifeLock to detect stalkerware.  If one does come across a piece of stalkerware consider using it as evidence if you decide to report abuse to law enforcement.

The oldest trick in the book is to change your passwords for any important online accounts and avoid reusing passwords across sites. It is best practice to create long, complex, and unique passwords for each account. Also, enable two-factor authentication, which requires two forms of identity verification before allowing one to log into an account.  Even if a user can figure out your password by using stalkerware, he or she would not be able to log into your device without that code.  The final helpful tip is to update your software. Apple and Google regularly issue software updates that advance security measures and will remove stalkerware.

The growth of these intrusive instruments and ease of their use has created greater risks for our personal privacy. The Commission’s banning of SpyFone could help survivors of domestic abuse move one step closer to escaping unsafe situations. Advocates against intimate partner abuse and cybersecurity researchers welcome this news with open arms.  The FTC’s latest actions are only a stepping-stone in the right direction though. The Commission, federal, and state law enforcers should consider Computer Fraud and Abuse Act, the Wiretap Act, and other criminal laws, as we learn to combat illegal surveillance and stalkerware.  Although cellular device stalking is getting easier, regulators need to consider how stalkers may gather information from smart devices, like smartwatches too.

 Student Bio: Sarish Siddiqui is a second-year law student at Suffolk University Law School. She serves as a Staff Member on the Journal of High Technology Law and Director of Fundraising of the Business Law Association. Sarish obtained a Bachelor’s degree in Business Law & Financial Accounting from the University of Massachusetts Amherst.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.