Seven rent-to-own computer lenders and a software firm spied on...

Corp., Showplace, J.A.G. Rents, Red Zone, Inc., B. Stamper Enterprises and C.A.L.M. Ventures, none of which carries fines or monetary penalties. DesignerWare software included a “kill switch” the stores could enable to disable a stolen computer or one whose renter wasn’t making timely payments, but an add-on program called “Detective Mode” went further, the FTC alleged. Pitched as a method for stores to track down computers and collect late payments, the mode also logged keystrokes, captured screenshots and took webcam pictures, and a “fake” registration screen prompted renters to provide their contact information, the complaint said. Illicitly collected data included usernames and passwords for email, social media and financial-institution accounts, Social Security numbers, medical records and doctor communications, bank and credit card statements and “webcam pictures of children, partially undressed individuals, and intimate activities at home,” the agency alleged. The proposed settlements, which are subject to public comment for 30 days (http://xrl.us/bnrdra), would ban DesignerWare and the stores from using software similar to Detective Mode, using deception to collect information from consumers including through fake registration screens, or using geolocation tracking without consumer consent. The stores wouldn’t be able to use “improperly” collected contact information to collect debts, and the FTC would monitor compliance with the orders for the next 20 years. “There is no justification for spying on customers,” said Illinois Attorney General Lisa Madigan, whose office partnered with the FTC in the investigations. Madigan entered into a separate “assurance of voluntary compliance” with Illinois-based Watershed Development, a franchisee of Aaron’s, her office said Tuesday (http://xrl.us/bnrdr5). An FTC spokeswoman told us the agency can’t levy fines under the FTC Act, but can collect civil penalties of $16,000 per violation, per day but only for violation of an order’s provisions. Its recent $22.5 million fine to Google for alleged circumvention of browser privacy controls was based on Google’s claimed violation of its Buzz consent order with the commission (CD Aug 10 p3). FTC Commissioner Thomas Rosch told us he abstained from the 4-0 vote because the settlement proposal includes an “unfairness count.” That’s “contrary” to what the commission told Congress in 1980 and 1982, “and I thought that unfairness was an elusive concept that would detract from, not add, certainty, which I think is important in all privacy cases,” he said. Rosch said he had the same disagreement with the FTC’s complaint against the Wyndham Hotels chain in June for lax data-security practices, but filed a concurrence with a dissent rather than abstaining.