High-Tech Group Files FTC Complaint Against Adware Firm

The filing outlines a pattern whereby 180, through an affiliate system, “deliberately and repeatedly attempted to dupe Internet users” into downloading intrusive software. The complaint illustrates how 180 continued the practices after being warned by technology experts, privacy advocates and its own auditors that business practices were unethical and in several cases illegal, CDT said. 180 and its affiliates have caused immeasurable harm to individual Web surfers and the Internet itself, said CDT Deputy Dir. Ari Schwartz.

His group -- which once saw promise in the company’s reforms -- wants financial redress for people whose computers are determined to have been slowed or damaged by 180-related adware. The Bellevue, Wash.-based company’s “brazen distribution practices saddle innocent Internet users with intrusive software that they neither want nor need and contribute to a general sense of wariness and distrust that threatens to stifle the growth of the medium,” Schwartz said. CDT urged the FTC to use all tools at its disposal to bring 180’s practices to a halt, since the firm has continually failed to adequately police its distribution network.

Over many months of discussion, CDT alerted 180 about several of its affiliates that were deceptively installing software. At first, executives seemed to cooperate, stopping some practices and going so far as to file lawsuits against affiliates, the Center said. One lawsuit, which resulted in an undisclosed settlement, even helped CDT’s bottom line. Schwartz told us that 180 gave his group $50,000 from the deal it struck with affiliate Internext after CDT warned of the firm’s failure to properly enforce 180’s code of conduct.

But CDT received a “nearly continuous stream” of new complaints about 180 and its partners. The group decided that, despite Band-Aid fixes, 180’s underlying business model is fundamentally flawed, Schwartz told reporters. Until that changes, consumers will continue to become unwitting victims of its deceptive software installations, CDT said. Schwartz said he was “deeply disappointed” that CDT couldn’t persuade 180 to clean up its act because his group prefers to resolve such issues through discussion and voluntary improvements.

A 180solutions spokesman said he hadn’t reviewed CDT’s complaint, but the organizations “share the same vision of protecting the rights and privacy of consumers on the Internet.” He said the shared vision has resulted in “a healthy working relationship that has seen great progress in the fight against spyware and benefitted consumers around the world.” 180 has voluntarily dealt with “every reasonable concern” that CDT has brought forward, and the company wants to “continue the productive dialog” for years to come, the spokesman said.

The Cyber Security Industry Alliance (CSIA) praised CDT for filing the complaint. “Consumers are fed up with spyware and deceptive adware,” said CSIA Exec. Dir. Paul Kurtz: “Congress should help by passing legislation that would allow spyware-blocking companies to focus on product improvement by reducing the number of frivolous, resource-consuming lawsuits they currently face.” Dozens of such suits have been filed by spyware purveyors, alleging their software was unfairly flagged by antispyware programs, CSIA said. In most suits, defendants have been forced to choose between pricy litigation and lowering their standards for protecting customers, he said. “Ultimately, consumers are the victims if their protection programs are weakened.”

Antispyware crusaders lauded CDT for an action some wished had come sooner. “Even in the year 2006, after all these promises of reform and new technologies rolled out, we started off year 2006 with reports of 180 software being installed by an IM worm. It’s just unbelievable,” spyware expert Eric Howes told us. A year ago, 180 was calling itself a changed company after admission to the now defunct Consortium of Anti-Spyware Technology vendors (COAST). COAST, which was abandoned by Webroot, PestPatrol, Aluria Software and Computer Assoc. when 180 joined, stopped operating in the spring (WID April 13 p4).

Howe’s website spywarewarrior.com published a “jaw dropping” summary of 180’s misdeeds in 2005, he said. The company was caught bypassing its own notice and disclosure prompts during installation of its software; its programs were repeatedly illegally or deceptively installed on consumers’ PCs; and its software was being installed on kids sites and through BitTorrent packages in a “decidedly underhanded fashion,” Howe’s year-in-review reported. “180solutions will make just enough changes to their software and to their distribution methods to get people off their back temporarily,” he said.

Howe agreed with CDT that 180’s business model and dealings with sometimes unscrupulous 3rd-party affiliates are to blame. “There’s no way to wash those things clean,” Howe said: “After so many years of being burned by these rogue distributors you'd think this company would have learned, but apparently not. The lure of mass installations was just too great.” Howe credited CDT for working diligently to help 180 but said he couldn’t figure out why the group waited as long as it did to alert the FTC.

Harvard U. spyware expert Ben Edelman called CDT’s approach “valuable and appropriate,” but said it’s not the only avenue. Beyond hoping the govt. will act on consumers’ behalf, computer users can take action directly using private attorneys, Edelman said. Two consumer class action suits are pending against 180, also alleging improper installations of its software, he said.

CDT filed a separate FTC complaint over 180’s relationship with Web host CJB.net. The filing, also released Mon., was submitted with the Technology Law & Public Policy Clinic at the U. of Washington Law School. Users who sign up for free sites hosted by CJB aren’t clearly told that visitors will be prompted to download software, CDT’s complaint alleged. CJB uses a deceptive ActiveX security warning prompt to fool users into installing 180 software, instead of allowing users to opt in. After the ActiveX prompt, pop-ups soliciting user consent suggest that the site is “supported by advertising.” On CJB sites, that means a program that runs continuously and tracks everything that the user does online, CDT said. The group became aware of CJB’s practices in Nov. when a spyware tracking blog called attention to several CJB-hosted sites.