For quite some time, a tech company called Retina-X has been developing and selling stalkerware applications that are marketed as a way for parents and employers to track and “spy” on their children and employers. Just recently, the Federal Trade Commission (FTC) announced a settlement that prohibits the app manufacturer from producing and selling three of its spyware apps “unless they take certain steps to ensure the apps will only be used for legitimate purposes.”
The settlement comes after complaints to the FTC that Retina-X are manufacturing apps compromising the privacy and security of users because the company is not able to properly protect the data collected by their users. In recent years, the company suffered a series of multiple data breaches that have exposed the data collected by its users through their apps.
In addition to banning the company from selling and distributing their stalkerware apps, the FTC settlement also requires Retina-X and its owner, James N. Johns, Jr., to delete all the information that was collected by the app during the time that it was available to consumers.
The FTC’s settlement focuses on three of the apps developed by Retina-X: MobileSpy, PhoneSheriff, and TeenShield. According to the regulatory body, these apps require rooting the phones where the apps would be installed, which exposes the user to more vulnerabilities as it foregoes all the built-in security mechanisms of the device.
“This is our first action against a so-called ‘stalking app,'” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “Although there may be legitimate reasons to track a phone, these apps were designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses. Under these circumstances, we will seek to hold app developers accountable for designing and marketing a dangerous product.”
But this settlement is an oxymoron. That is simply because stalkerware apps are fundamentally problematic. The premise behind stalkerware is for users to spy on other people without them knowing. It means that the principle behind the products themselves violate the basic tenets of data privacy rights.
The FTC argues that there is some sort of legitimate use for mobile apps and before Retina-X can resume with its usual operation selling apps that are basically stalking people, the company has to make sure that users should secure agreement from the person being stalked before the said apps can be installed in their devices.
The problem with this is that there is no way that Retina-X will know whether people being stalked (employees, for example) willingly gave their consent for a stalking app to be installed in their devices so that their bosses can track their behavior. There is just no way that the app can police consent.
Furthermore, the settlement agreement assumes that there is a “legitimate purpose” for stalking children or employees. The FTC ignores the fact that apps and software have been used and are continued to be exploited against children by malicious individuals. The exception laid out by the settlement does not only erase the fact that there is no legitimate reason for a private individual to stalk and spy on another private individual, but it also opens the gate for a slippery slope where users can abuse technology in order to hurt or exploit others.