FTC bars alleged ‘stalkerware’ company and its CEO from the surveillance business

Lina Khan, commissioner of the Federal Trade Commission (FTC) nominee for U.S. President Joe Biden, speaks during a Senate Commerce, Science and Transportation Committee confirmation hearing in Washington, D.C., U.S., on Wednesday, April 21, 2021.

The Federal Trade Commission voted unanimously to ban what it called a “stalkerware app company” and its CEO from the surveillance business, the agency announced Wednesday.

This marks the first time the FTC has obtained such a ban, the commission said in a press release touting the proposed settlement. The agency made clear it likely won’t be the last.

“This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security,” Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection, said in a statement. “We will be aggressive about seeking surveillance bans when companies and their executives egregiously invade our privacy.”

In a separate statement, Democratic Commissioner Rohit Chopra called the pursuit of a ban “a significant change from the agency’s past approach.” The agency pursued its first stalkerware settlement in 2019, but that agreement “allowed the violators to continue developing and marketing monitoring products,” according to Chopra.

The company, Support King, did business as SpyFone.com and ran the Android app SpyFone, the FTC said. The commission alleged that Support King and its CEO, Scott Zuckerman, “secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.” The company also allegedly sold “real-time access” to the surveillance, which could help stalkers and abusers track their targets, according to the FTC.

Customers who bought the SpyFone software had to bypass several restrictions on Android-operated phones, the FTC claims. SpyFone allegedly told customers how to hide the app from the surveillance target. To monitor emails or use other features, the FTC alleged, customers would have to use a method that could void the phone’s warranty and expose it to further security risks.

On top of that, the app lacked even basic security measures, the FTC claimed, leaving consumers open to cyber threats. Even when a hacker obtained personal data of more than 2,200 consumers in 2018, the FTC alleged, SpyFone failed to follow through on its promise to work with an outside security firm and law enforcement to investigate.

The FTC ordered SpyFone to delete any secretly harvested and illegally obtained data and notify device owners that the app had been secretly installed.

SpyFone and Support King did not immediately respond to requests for comment.

Subscribe to CNBC on YouTube.

WATCH: Concern is growing over police use of facial recognition