By Lesley Fair

At first, consumers may notice their computers are sluggish.  Then it’s an unfamiliar toolbar, a new home page, or a barrage of pop-up ads.  But it’s what consumers can’t see that may be even more dangerous.  

Spyware − stealth software downloaded onto consumers’ computers without their knowledge or without a clear explanation of what’s involved − can give unscrupulous marketers access to follow them around the Internet, log their every keystroke, and steal sensitive data from their computer.  To make matters worse, there’s no easy cure.  Some people have trashed the infected machine rather than try to undo the damage spyware has inflicted.  Consumers are understandably angry about this form of online snooping, and the FTC is fighting back with law enforcement and consumer education.  

A common problem with spyware is that it’s installed without consumers’ knowledge or without a clear and conspicuous disclosure of important terms and conditions.  Some spyware distributors use so-called “drive-by” downloads to install software without even the pretense of obtaining consent.  For example, in one case, the FTC alleged that the defendants exploited a vulnerability in the Internet Explorer browser to download spyware to users’ computers without their knowledge.  According to the FTC, the software changed the consumer’s home page and displayed an incessant stream of pop-ups.  But perhaps the most serious harm alleged was that the spyware secretly installed programs that could monitor Internet activity and even capture personal information entered into online forms.  A federal judge prohibited the defendants from engaging in that practice and ordered them to forfeit their ill-gotten gains.

In other cases, the FTC has alleged that software distributors failed to clearly and conspicuously disclose the nature of what was being installed.  For example, in one law enforcement action, the defendants offered free software that claimed to make consumers anonymous when using peer-to-peer file sharing programs.  However, according to the FTC, the distributors failed to disclose that the program would install other harmful software.  In another action, the FTC charged that a company offered what was advertised as free security software, but failed to clearly and conspicuously disclose that bundled with it was software that tracked consumers’ Internet browsing and force-fed them pop-up ads.

As deceptive as the tactics of spyware purveyors may be, there are steps savvy consumers can take to reduce their risk.  The FTC and a partnership of cybersecurity experts, online marketers, consumer advocates, and other law enforcement agencies have launched OnGuardOnline.gov, a new multimedia consumer education campaign that urges consumers to “Stop Think Click” when surfing the web.  The site features videos, articles, and quizzes to help consumer protect themselves from online risks like spyware.

Why should reputable businesses care about the spyware epidemic?  First, spyware doesn’t infect just home computers.  Corporate systems are vulnerable, too.  Second, although the technology may be new, the form of deception isn’t.  The FTC’s recent cases serve as a reminder that important terms and conditions of an offer must be disclosed to consumers clearly and conspicuously.  Third, any practice that makes consumers more suspicious of advertising hits marketers in the pocketbook.  According to a report by the Pew Internet & American Life Project, 91 percent of Internet users say they’ve changed their online behavior to avoid unwanted software programs.  A total of 48 percent say they’ve stopped visiting certain websites for fear they might install unwanted programs on their computers.  A lack of consumer confidence in new products, new media, or new ways of shopping can disproportionately affect smaller companies, start-ups, and other marketers trying to establish themselves as household names.  Deceptive practices don’t hurt just consumers; they also hurt the advertisers who are trying to play by the rules.

Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.