They even have apps for it.
This past October, the FTC brought its first case against developers of “stalking” apps, barring Retina-X Studios from selling apps that monitor consumers’ mobile devices. The company developed and sold MobileSpy, PhoneSheriff, and TeenShield—all apps that were marketed as ways to discreetly monitor employees and children, and provided access to a person’s call history, text messages, and location without their knowledge.
Though these apps were intended to monitor employees and children, bad actors were able to use them for dubious and unsafe purposes, and the FTC ruled that Retina-X was not doing enough to ensure its apps were being used for their original purposes. Andrew Smith, the director of the FTC’s Bureau of Consumer Protection, said, “Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses.” The FTC also alleged that the data collected by these apps was not kept adequately confidential, even for legitimate use.
Unfortunately, these examples represent just a small ratio of apps that enable stalking activity by nefarious actors. According to the Financial Times, Kaspersky Labs “found and removed 58,000 instances of stalkerware after customers used its antivirus app, which looks for malicious code, to scan their devices,” and by July 2019, “its specific anti-stalkerware product, which was released in April, had detected malicious apps on phones belonging to more than 7,000 customers worldwide.”
The availability of these apps has dire consequences. According to a study from the National Network to End Domestic Violence, 54 percent of domestic abusers used stalking apps to track their victims. And an NPR survey of 72 domestic violence shelters found that 85 percent of them are helping victims who had their location tracked by an abuser.
An obvious way to provide stronger protections is simply to outlaw the use of personal information for stalking or other forms of substantial harassment and to hold the makers of these types of apps accountable if they are used in such a way. Our privacy framework puts a premium on the idea that a national privacy law should prohibit outright, rather than allow consent for, a range of practices—including stalking—that make personal data vulnerable to misuse. Enough with lengthy privacy policies that allow for bad actors to use loopholes in dangerous ways. Furthermore, the FTC should be provided with the tools necessary to financially punish these bad actors (the FTC’s consent order with Retina-X did not contain a monetary settlement). Our privacy framework would give the FTC long-sought authority to issue civil penalties against first-time offenders.
We also believe in giving the FTC more power, resources, and clear authority so they can hold companies accountable if they knowingly enable bad actors online.
You can learn more about how we propose ensuring broad-based privacy protections for all Americans here.