The problem with Sears loading spyware onto consumer computers first became known when Benjamin Googins, a researcher at Computer Associates, wrote about the issue in December 2007. He noted that Sears did not give adequate explanations for the spyware and did not tell consumers how to decline it properly. He also noted that a large amount of private information, including information in secured sessions and all Internet traffic on the computer, was being monitored. Finally, he noted that the information was being sent to a market research company, not to Sears, without this being mentioned in the privacy policy.
Googins' report was then confirmed by Ben Edelman from the Harvard Business School. Edelman said that Sears had not given customers adequate notice for the loading of the spyware and the company's actions fell far short of FTC standards.According to Edelman, an email from Sears.com contains seven paragraphs plus a set of bullet points describing SHC. "But the paragraphs' topic sentences make no mention of any downloadable software, nor do the bullet points offer even a general description of what the software does," Edelman says. In fact, he says that the only mention of the software's purpose is in the fourth paragraph, where the spyware is written as being, "...research software [that] will confidentially track your online browsing." According to Edelman, the text regarding the spyware is "strikingly easy to miss."
In a second document, which consumers are taken to when they join the My SHC Community, Sears discusses the spyware and even says that it monitors all Internet behavior. However, this information is given on the tenth page of the document, a page that Edleman notes very few people will read to. Furthermore, it's in a document called "Privacy Statement and User License Agreement," which does not lead people to believe that they are reading a document involving spyware.
Finally, Edelman writes, consumers get a screen that offers an unnamed program, signed by a company that has not been mentioned previously during installation. Clicking yes activates the installation program, with no opportunity to quit the installation once yes has been selected.
READ MORE LEGAL NEWS
The spyware in question is ComScore, an application that tracks a customer's Web browsing activity and sends that information to a third party. According to both Googins and Edelman, Sears did not give customers adequate warning that their browsing information would be sent to this third party for analysis. In fact, Sears said that the software would "confidentially track" online browsing, so there is no reason for consumers to think that a third party would receive the data.Many customers are now concerned that their private information is being sent to a third party. Worse, they are not sure whether or not this program has been installed on their computer, so they are nervous about conducting any private transactions, such as banking, on their computers. Those who have the program installed are not sure how to get rid of it and are upset that they were not properly warned about the spyware and what it does.
Some consumers are now considering a class action lawsuit against Sears, alleging that the company violated their privacy with the installation of spyware on consumer computers.
