The Federal Trade Commission’s just flexed its considerable muscles to stamp out the nefarious doings of some serious spyware baddies. But this time it’s not a malicious hacker targeting your credit cards: It’s Sears and Kmart.
The FTC’s approved a final consent order to force the Sears Holding Management Company to destroy the data it’s collected on users who were impacted by the spyware, and to kill the collection of any more data that’s still streaming in from consumer’s computers. The scope of that data is quite mind-boggling: It’s everything the users did on the Web. Yep, everything, including secure interactions, which would, as the FTC has noted, give Sears access to what Internet shopping you did, your bank details, and basic information concerning any Web-based emailing you did.
The worst bit is that the users concerned almost submitted this information willingly–in return for downloading some “My SHC Community” software from Sears that was openly for “research” purposes, and which came with some weasel persuasive text and a $10 bonus. In its terms and conditions the software did admit it would track your “online browsing” but the FTC determined, after investigating, that Sears didn’t properly admit to the clients how much information they would be collecting, and didn’t admit clearly that monitoring would take place (the relevant legalese was on page 10 of a 54 page document).
How on earth could a name more closely associated with affordable household goods end up doing this? We’ll charitably chalk it up to over-enthusiastic marketing plans…but that’s a bit of a stretch. Sears Holding Company was unashamedly chasing after money. The rich data it was collecting could be mined in any one of a thousand ways for Sear’s benefit. Start with optimizing advertising to its clients, in the hope they’ll spend more at its stores, to working out how best to tap into consumers other online spending habits, and how best to contact specific user types with offers and information. Of course you don’t need to collect every bit of data on online activity, as Sears did, to get that kind of user insight…so Sears was far overstepping the mark. Google certainly knows the value in this sort of user-profiling, and similar information may have helped in the sale of Mint to Intuit. But even Google, long earmarked by conspiracy theorists as a wolf in sheep’s clothing, doesn’t collect the depth of information Sears did.
Moral of the tale: Even if it would earn you $10, don’t consent to download anyone’s “market research” tool to your PC.