Whistleblower figures that protecting privacy on the Internet is a lost cause. I assume that every email I send or online purchase I make is automatically compiled on databases all over the world. Nevertheless, the enforcers at the Federal Trade Commission are still fighting the fight. On Thursday, the FTC announced that Sears Holding Management Company, owned by Sears, Roebuck and Co. and Kmart Management Corporation, agreed to change its practice of installing tracking software on customers’ computers and destroy data on customers it had collected improperly.

According to the FTC statement and complaint, the company’s explanation of its tracking software was clearly “deceptive.”

According to the FTC’s administrative complaint, Sears represented to consumers that the software would track their “online browsing.” The FTC charges that the software would also monitor consumers’ online secure sessions – including sessions on third parties’ Web sites – and collect information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails. The software would also track some computer activities that were not related to the Internet.

The software was installed on the computers of select customers of sears.com and kmart.com, who were paid $10 in exchange to join something called My SHC Community, which allowed the company to snoop into their online habits. But the FTC determined that the company failed to advise members of exactly how much privacy they were giving up. The only full description was buried deep in a user agreement. You would have to scroll down 75 lines in a text box that displayed 10 lines of type at a time.

In its agreement with the FTC, Sears Holding Management Company agreed to a hardly radical solution - actually telling customers, in a clear and prominent way, what they are getting into by allowing the tracking software on their computers. The company also has to tell existing customers what it has been doing, and give them instructions on how to evict the tracking software from their hard-drives.

Respondent failed to disclose adequately that the software application, when installed, would: monitor nearly all of the Internet behavior that occurs on consumers’ computers, including information exchanged between consumers and websites other than those owned, operated, or affiliated with respondent, information provided in secure sessions when interacting with third-party websites, shopping carts, and online accounts, and headers of web-based email; track certain non-Internet related activities taking place on those computers; and transmit nearly all of the monitored information (excluding selected categories of filtered information) to respondent’s remote computer servers. These facts would be material to consumers in deciding to install the software. Respondent’s failure to disclose these facts, in light of the representations made, was, and is, a deceptive practice

This entry was posted on Thursday, June 4th, 2009 at 12:08 pm and is filed under Businesses in hot water, Civil liberties. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.