Nice...really nice!

September 13, Ars Technica – (International) FTC forces Sears, Kmart out of the spyware business. The Federal Trade Commission (FTC) has busted a strange set of spyware purveyors — U.S. retailing giants Sears and Kmart. The FTC recently approved its final consent order against the companies (which share the same owner) over an episode that can only be chalked up to incompetence of a truly epic scope. Sears Holding Management Company decided that it could really use a lot more marketing data to fuel its decision-making process, so it began offering visitors to sears.com and kmart.com a special invite — sign up for “My SHC Community,” download a piece of “research” software, and earn 10 American dollars. All one had to do was turn over to the company every single bit of information about one’s Web browsing. This was not just about the websites visited, or even about specific URLs; the “research” software transmitted the complete contents of a browsing session, even secure sessions. This meant that Sears and its data collection partner would have access to the “contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails,” said the FTC. Among other things — the software also collected non-Web information about the user’s personal computer. Sears did tell people that it would track their “online browsing,” but when security researchers looked into the software in early 2008, they charged that the disclosure was mostly buried in legalese. Under the settlement with the FTC, Sears has now agreed to destroy all data gained from the experiment and stop collecting data from any software still running in the wild. In addition, if it wants to do any tracking in the future, the company has committed to “clearly and prominently disclose the types of data the software will monitor, record, or transmit. This disclosure must be made prior to installation and separate from any user license agreement. Sears must also disclose whether any of the data will be used by a third party.” Source: http://arstechnica.com/tech-policy/news/2009/09/ftc-forces-sears-kmart-out-ofthe- spyware-business.ars