A stalkerware maker who faced a ban from the surveillance industry following a significant data breach that compromised the personal information of both customers and the individuals they were monitoring will not be allowed to resume selling the invasive software, according to the U.S. Federal Trade Commission (FTC).
The FTC has rejected a request to overturn the ban issued to Scott Zuckerman, the founder of consumer spyware company Support King and its subsidiaries SpyFone and OneClickMonitor.
The denial was announced by the FTC in a press release after Zuckerman petitioned the agency in July of this year to revoke or amend the ban order. In 2021, the FTC prohibited Zuckerman from engaging in the offering, promotion, sale, or advertisement of any surveillance app, service, or business, effectively preventing him from operating another stalkerware enterprise. Additionally, Zuckerman was required to delete all data collected by SpyFone, undergo regular audits, and implement specific cybersecurity measures for his businesses.
Samuel Levine, the former acting director of the FTC’s Bureau of Consumer Protection, condemned SpyFone as a brazen surveillance business that facilitated stalkers in stealing private information. The stalkerware was surreptitiously installed on devices, making it accessible to hackers due to the company’s poor security practices.
Zuckerman, in his petition to the FTC, argued that the security obligations imposed by the ban order had imposed financial burdens that hindered his ability to operate his other ventures. Despite Support King ceasing operations, Zuckerman now focuses on running a restaurant and planning tourism endeavors in Puerto Rico.
The FTC’s ban was prompted by a 2018 incident in which a security researcher discovered an Amazon S3 bucket linked to SpyFone that exposed highly sensitive data, including photos, text messages, audio recordings, contact information, location data, and hashed passwords, from thousands of devices with the stalkerware installed.
Less than a year after the initial FTC order, it was reported that Zuckerman was involved in another stalkerware company, SpyTrac. Data breaches revealed that SpyTrac was operated by freelance developers connected to Support King, potentially to circumvent the FTC ban. The breached data also included records from SpyFone and access keys to the cloud storage of OneClickMonitor.
Eva Galperin, an expert on stalkerware, praised the FTC’s decision to uphold the ban, emphasizing that Zuckerman’s actions indicated a lack of remorse or respect for the regulatory authority. Stalkerware applications have been at the center of numerous data breaches over the years, highlighting a pattern of negligence in safeguarding customer privacy and security.
In conclusion, the FTC’s refusal to lift the ban on Zuckerman underscores the agency’s commitment to holding individuals and companies accountable for engaging in unethical surveillance practices. The prevalence of stalkerware-related incidents serves as a stark reminder of the importance of prioritizing data privacy and security in the digital age.
