Court Refuses To Issue Injunction Stopping Secret Web Spycams From Running On Rental Laptops
from the really? dept
A couple months ago, we wrote about the class action lawsuit from a family who discovered that the company from whom they had rented a laptop, Aaron’s, had secretly installed spying software that would surreptitiously turn on the laptop’s webcam, take pictures, and send them back to the company. That seems like a pretty big privacy issue, and a no brainer for the judge in the case to issue an injunction, getting the company to stop using such software until the case is sorted out.
But, no such luck. The judge refused to order an injunction, pointing out, first of all, that the people suing no longer had that laptop, so there was no additional harm to them. As for everyone else in the class, there’s this stunner of a line from the judge:
Moreover, it is purely conjecture that the other members of the putative class will be subjected to remote access of personal information.
That doesn’t make sense to me at all. If they’re not subject to remote access, then such an injunction wouldn’t matter anyway. Yet, if they are subject to the remote access, then the injunction can help. In other words, the judge’s logic is backwards: it might not happen, so let’s not try to prevent it? The court could still issue the injunction — and if people aren’t subject to that kind of remote access to their personal information, then nothing would happen.
Separately, the judge suggested that the family has a weak case, because the CFAA computer hacking law they’re relying on requires interception of electronic communications… and the court isn’t sure that snapping a photo of you captures electronic communications. That certainly does raise an interesting legal question. I’m not a fan of the CFAA, but if you’re just spying on someone via a webcam, is that the same thing as spying what’s on their desktop? I think the common sense solution is that of course both should be seen as violating the law… but it is a unique situation.
I’m not the only one surprised and confused by this. Internet lawyer Venkat Balasubramani was surprised as well:
Yikes! Privacy class actions seem out of control to me, but I’ll admit even I was surprised by this result. I’m equally surprised that the Aaron’s-affiliated defendants did not all just stipulate to suspending use of the software until things were sorted out. (Aarons, Inc. did, but its franchisee Aspen Way did not. In fact, Aspen Way did not participate in the hearing, which makes the denial of injunctive relief all the more perplexing.) Setting aside whether the court was correct in its view of the merits of the case, the court takes an unduly restrictive view of the facts when it states that no “interception” of an electronic communication occurred because there was no evidence that Mr. Byrd was online or communicating with someone else when the image in question was captured. Surely, given the ex-employee’s testimony as to what type of information was viewed through use of the software, it’s fair to presume that the Aspen Way employees are not sitting around making sure that the capture only occurred while the computer user was offline or not communicating with another person.
But seriously, think about what this ruling could mean. It could certainly open up the opportunity for more software products to secretly turn your camera on, claiming it’s fine because there’s no “communication” going on.
Comments on “Court Refuses To Issue Injunction Stopping Secret Web Spycams From Running On Rental Laptops”
“But seriously, think about what this ruling could mean. It could certainly open up the opportunity for more software products to secretly turn your camera on, claiming it’s fine because there’s no “communication” going on. “
You are on the right track Mr. Masnick, but you think small.
If private companies can spy on you in your own home, why shouldn’t the government? Say goodbye to your privacy. Freedom of speech is next.
Re: Telescreens are supposed to have cameras
Telescreens have cameras for a reason.
Only inner party members are allowed to turn them off. The rest of us can only turn down the volume.
Big brother only wants to protect you.
cover the camera
Since I know as a programmer how easy it is to have access to the camera, I have got into the habit of keeping the camera lens covered when my laptops are plugged in at home.
On a rental machine, I would certainly tape over it. The only reason I don’t tape over my own is that I run Prey on them.
Re: cover the camera
I had to look a long time for a laptop that DIDN’T have a built in webcam, and have never installed any other webcam on any of my computers.
If I had to rent one, I’d be finding the webcam and taping over it too…before I even plugged it in or turned it on.
Re: cover the camera
A little square of black vinyl tape covers mine except when I want to use it myself. Further, on an MacBook Pro, the camera turns on a light when it is on and the light cannot be separately extinguished. All computers should be like that.
Re: Re: cover the camera
“Further, on an MacBook Pro, the camera turns on a light when it is on…”
My iMac has the same thing. Since these types of stories started popping up I find myself occasionally glancing at it, just to check. Paranoid much? 😉
Re: Re: Re: cover the camera
Are you sure the little light is still working?
Re: Re: cover the camera
Many cameras have that little light. That light can be disabled just as easily as the camera can be enabled. Don’t trust it just because it’s there.
Re: Re: cover the camera
There was a bug in the firmware of some MacBooks that caused the light to randomly come on even if the camera was off…
If the light can be controlled by firmware or software, then it can be turned off. Tape, however, is infallible…
Chris.
The mind boggles...
It’s not illegal to take vids of people without their knowledge if you own the computer with the webcam? Hmm, handing out netbooks and gyms and strip clubs could become lucrative. Just so long as the women are only “borrowing” them…
Re: The mind boggles...
If you’ve ever seen the broad language of “peeping tom” statutes, it’s hard to believe that the word “felony” isn’t in play here. But, then again, that would mean a local enforcement action, not a preventative injunction; guess we just need to wait until it actually happens. Brilliant.
Re: The mind boggles...
What if the person renting the laptop and was in the privacy in their own home?
Then add this to the scenario, what if the person was underage and lets say recently got out of the shower and was undressed at the time?
Then will the company be making child pornography? I know that will be a key incentive to stop this.
Well, from now on anytime i purchase a new laptop it is getting a complete reformat before i start using it.
Re: Re:
Two things:
1) This is a rental computer, so reformatting it might be a breech of the rental contract.
2) When you purchase a new laptop, most OEM reinstall disks they give you come with the same bloatware that existed before the reformat, so you’ll probably be screwed anyways, sadly.
Re: Re: Re:
2)
After unwrapping the kleenex
Just install Linux.
Re: Re: Re:
… 2) When you purchase a new laptop, most OEM reinstall disks they give you come with the same bloatware that existed before the reformat, so you’ll probably be screwed anyways, sadly. …
Sounds like a user to me. Any tech savy person can uninstall unwanted ‘bloatware’.
Compare to apple store
Its interesting to compare this case to the incident with the Apple Store and performance artist taking photos of customers ( http://goo.gl/BQAqa ). obviously the privacy issues are very different, but considering the hacking alone issue, it seems like the relevant facts are similar – both involve remotely activating a webcam and using it to surreptitiously observe and photograph them. If remotely controlling a webcam in this fashion constitutes hacking in one of these incidents it should be considered hacking in both.
Re: Compare to apple store
I partially agree that the cases are similar, but i think several points seperate them (at least to me): the Apple incident was being held at a public place, on public computers. The Apple store allowed people to install software onto their computers by potential customers, so i don’t think that should constitute hacking.
Re: Re: Compare to apple store
Just to be clear, I wouldn’t be any happier if I was in one of the photo’s taken on the Apple computers vs on a rental laptop, but I don’t think the Apple one is violating anyone’s rights.
Re: Re: Compare to apple store
I agree that the public/private location of the computer separates the two cases – those factors are what I was thinking of when I distinguished between hacking and privacy issues. I think (and I think we agree) that Aarons violated their customers’ privacy in a pretty egregious manner, while the apple store customers suffered no comparable violation.
My point is just that, regarding the hacking charge (where hacking is classified as an interception of communications), both situations are equally likely to be hacking.
Re: Compare to apple store
I would say though, it might depend on the rental agreement. The computers are still technically the rental companies, so it may not really be hacking in this case; plus, the camera software sorta has a “semi-legitimate” use in that they can be used to track down thieves. I know that there have been many cases (shown on Techdirt no less), where a stolen laptop used the webcam to track down and get an image of the thieve, resulting in the retrieval of the item.
I wonder if the judge would feel any different if it happened to him… maybe the laptop was in his teenage daughter’s bedroom? Would he actually say that it’s okay for a company to spy on his daughter while she’s changing clothes? Of course not. This should be an open and shut case, and the people responsible for the spying should probably be tried for child porn.
Re: Re:
we need a Godwin’s Law for child porn
Re: Re: Re:
Hoth’s Law of Child Pornography
If ever the words Legality and Privacy should enter the same sentence on the internet, let it be known that within 10 replies of said sentence, one(or more) replies shall attempt to reconcile whatever the topic to being for Child Pornography, or against its censorship.
They can attempt to do all they want with my camera, no possible hacking will ever allow them to see through a piece of duct tape.
Interception
I think the judge might actually be right about the electronic communication, just having read what’s above. The statute requires interception of an electronic communication. I don’t see where there would be an interception, even if there were an electronic communication. Say that the webcam’s capturing of the picture is an electronic communication. That seems unobjectionable, but where is there an interception? The store ordered the pictures to be taken and transmitted and I don’t see any point when the family had control over the information. If the family never directed the picture to be sent or had any control over it, then I don’t see how there could be an interception.
That being said, this case is disgusting and the store’s behavior is abhorrent. I hope that the family is also suing for the traditional privacy torts as well and this statute. Those would seem to give a better basis for recovery at first glance.
Re: Interception
Came here to say this. There’s no interception if the company is initiating and receiving the disgusting, amoral, privacy-invading electronic communication. Which, of course, is the amazing part of the law – attempts to intercept an illegal communication are, themselves, illegal, like how the DMCA’s ant-circumvention clause means that even if a company’s doing something that flies in the face of established law, your attempt to circumvent that makes you a criminal.
Didn’t the FBI just arrest a guy for installing webcam software on computers in a mac store for an art project?
Computer cameras
Given that malware exists that allows controllers to activate camera and/or microphone, I see any camera or microphone as a way to make any security problem even worse.
In other words, “Ooohh, my computer has a security boo-boo. No worries though, a band-aid will make it aaaallll better.” (Those little round Band-aids are best since the actual lens doesn’t get adhesive on it.)
Moon
Use webcam special effects software and overlay a pic of a very hairy moon, or ball sack. A gif would be even better.
Pervs...
at the rental companies can now watch underage minors in their underwear. And the judge seems to think this is not an issue.
Re: Underage minors?
As opposed to senior citizen minors?
Retesting...
Like elderly drivers, judges should be required to take frequent tests on new laws, technology and other issues they might be encountering during the course of a job.
If they fail – like an elderly person who should no longer be driving – they should be stripped of their seat and remanded into remedial education.
Judges who are illiterates in technology are as worthless at judging the issues as they are judging a case in a language they don’t understand.
Bust 'em with child porn?
Seriously, find someone over the age of consent in their state (16 in many states) but under the age of 18. Get them to have sex in front of the webcam when it’s on. What do you know, Aaron’s just got busted with kiddie porn.
Signed Agreement
When you rent something, you usually sign an agreement pertaining to the item being rented. If there is anything in the agreement about the webcam and their monitoring software then there is nothing that can be done. If there isn’t anything in the agreement then the rental company is breaking privacy laws. Even if you buy a laptop, the selling company could have something about webcam monitoring software in the OEM agreement. Make sure to read what you are agreeing to with your signature.
Re: Signed Agreement
“If there is anything in the agreement about the webcam and their monitoring software then there is nothing that can be done.”
Just because it is in the “agreement” does not mean it is legal nor does it preclude a civil suit, regardless of any mandatory arbitration clause.
Same as School case?
Deja vu?
http://www.huffingtonpost.com/2010/02/18/harriton-high-school-spie_n_467491.html
Like this case the judge should have stopped the use of the software. For any lawsuits over pictures taken from this ruling forward that show personal information, compromising pictures of minors (like them undressing in the school’s case), etc. should include the judge as a defendant.
seems pretty similar to this
http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District
which I thought was covered here but I didn’t find it with a quick search.
well
There’s a very simple answer to this..make sure the company in question is publicly slammed and slammed HARD….
We’ve all seen how public opinion can tip companies like news international into bankruptcy (oh wait thats next week teeheehee!) and a company like Aaron’s will lose MILLIONS as customers turn away….”hey thats the store with the guys that like to masturbate to pictures of their customers children…..I’m off to best buy”……etc
Aw crap, now thanks to this everyone’s kinect is gonna be taking video. BRB gonna put a towel over it.
Re: Re:
Why not broadcast it and make lots of money!
A massive boycott of Aaron’s is in order.
Awesome troll concept …
1) rent laptop from Aaron’s
2) begin filming your horror movie with laptop
3) ????
4) lolz
Aaron's blows ponies
I wouldn’t do business with these turds ever, and if they had ever pulled a stunt like that on me, they would learn the real meaning of the word remorse. That would, of course, be the last thing they ever learned.
They are setting prescedent (sic).....
All those ‘Kinect’ and related camera products that users are putting in their homes, letting the ‘game console’ monitor their activity….
Yep, those devices sending info back to the parent company are not ‘electronic communication’ and when the government starts requesting the footage so they can start ‘looking for those darn copyright thieves’ or ‘hunting terrorists (you know who you are… all you citizens with views that that don’t line directly up with the current government interpretation of the ‘law’).
Sure it’s a crackpot conspiracy theorist point of view, but don’t come crying to me when it actually happens.
Tape over camera… yeah, but, what about the microphone that’s also usually built in?
Not only was the judge right (legally), he was dropping
broad hints on how to go forward in a way that could work.
He cannot say so directly as he’s forbidden from helping.
Firstly, don’t rely on wiretap privacy law where peeping
tom privacy law is more appropriate. Even though a computer
was used through the internet this was more like peeking
through a window than tapping your phone. Somebody has
confused the two and may have said you can’t use the right
approach because the wrong one was rejected.
For your best example of such an approach look up that
recent case where a school was nailed for doing the exact
same thing to it’s students with loaned school laptops
computers. This case has a weaker defence than that one.
Secondly, get the proof. Just because they could spy on
you and you have indications the might have done it, you
still have to bring the judge something he can use, whether
it be proof obtained in the normal course of discovery or
proof that they obstructed discovery to keep evidence out
of your hands. With either you win and if they tried to
hide or destroy evidence instead of letting their lawyer
handle it they not only lose by default, they are in deep
trouble for that second procedural offence.
To do both, put together a class action for a peeping tom
kind of eavesdropping offence so that you can legally
search their offices for proof they spied on any member of
your class and don’t forget to look for signs that they
tried to hide anything at all from the lawyers on either
side. That maximizes your likelihood of success and gives
you the lawful opportunity to pool your resources so your
lawyer can dig more deeply than you can afford alone.
Once the offender sees you will win whether or not he
cooperates he’ll probably beg for a deal.
Funny Thought
So I wonder if this will affect the standard of FBI audio interception currently allowed by our US legal system. As many of you may know and doubtless some have not yet heard, the FBI last year won a case for using a persons “On Star” system to listen in on them without getting a wiretap. The judges ruling on limitations? Since the owner of the automobile had specifically not paid for the “On Star” service to be activated the FBI was legally required to pay the bill for the time period. So there you have it they don’t need a warrant to search or eavesdrop on you they only have to pay for the service if you haven’t already activated it. This is why do not purchase cars with these services and in the future when such services are impossible to avoid I will manually disable all such antennas when purchasing new cars. You have already been recorded by rental car companies if you have rented from a US airport in the last ten years for “security purposes” in case the rental agency needs to sue you for damages to their property. Several notices to avoid discussions of proprietary content have been sent via companies and divisions I have worked for concerning the information gathering performed in this manner by rival companies (China).