In 2004, SearchHelp, Inc., now Echometrix, Inc., announced the launch of parental control software products that allow parents to monitor their children’s online activities remotely. Echometrix develops FamilySafe and Sentry Parental Control products. These software products offer real-time alerts to parents when their children have encountered suspicious and potentially dangerous online material in chat rooms and instant message conversations, and allow parents to control, block, and filter their children’s computers.
In 2009, Echometrix launched PULSE, which is described as “a proprietary software engine that reads digital content from multiple sources across the web, including: instant messages (“IM”), blogs, social environment communities, forums, and chat rooms.” PULSE analyzes the data and provides market research intelligence about children to firms. Echometrix licenses the PULSE software for a fee.
EPIC conducted an in-depth study of these products and recognized several significant flaws with regard to consumer privacy protection. EPIC found that Echometrix (1) fails to fully disclose its information collection and disclosure practices on its websites; (2) collects sensitive information from children and simultaneously discloses it to third parties for marketing purposes; and (3) fails to warn users of the dangers of misusing the products.
EPIC filed a complaint to the FTC alleging that Echometrix engages in unfair and deceptive trade practices and also violates the Children’s Online Privacy Protection Act (COPPA). The complaint asked the FTC to conduct an investigation into Echometrix’s products, enjoin its unfair and deceptive practices, and seek damages for aggrieved individuals. Further, EPIC requested that the FTC enjoin Echometrix from offering these products until the company verifiably establishes that its data collection, use, and disclosure practices comply with the FTC Act, COPPA, and other applicable federal laws.
EPIC’s complaint describes the harm from Echometrix’s online data collection – harm that is experienced by the millions of children and teenagers in the United States who are not aware they are being monitored. The harm is also experienced by parents who unwittingly subject their children’s private information to third parties for marketing purposes. The deployer of the software is also harmed – in this case, a licensor of the PULSE software who is exposed to legal risks by using the software as advertised. Parental control software, if used for its narrow purposes as advertised, is not inherently deceptive. However, risks come with the company’s failure to disclose their practices concerning information collection, disclosure, and use.
The FTC’s primary enforcement authority with regards to privacy is derived from 15 U.S.C. § 45, commonly known as section 5 of the Federal Trade Commission Act (FTCA). Section 5 of the FTCA allows the FTC to investigate “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” This law provides a legal basis for the FTC to regulate business activities that threaten consumer privacy.
The FTC has the authority to enforce the Children’s Online Privacy Protection Act (COPPA) under 15 U.S.C. §§ 6501-06. The FTC has used this enforcement authority to prosecute fourteen COPPA violators. Although many FTC COPPA cases concern violations by website operators, the FTC has also successfully penalized the “information collection practices of [one] online service in connection with a software product.”
- EPIC’s Complaint to the FTC (pdf) (September 25, 2009)
- Brian Tarran, Privacy Group Logs FTC Complaint over Echometrix, Research (September 30, 2009).
- Wendy Davis, Company Allegedly Uses Monitoring Software to Collect Data from Children, MediaPost (September 29, 2009).
- Deborah Yao, Web-Monitoring Software Gathers Data on Kid Chats, ABC News (September 4, 2009).