Echometrix, a leading software company that sells child monitoring programs to parents, crossed the line when it tried to package portions of Internet chats between users it has secretly collected and sell them to third-party advertisers, the New York Attorney General said.
New York-based Echometrix began offering a program last year to marketers interested in learning what people were saying about their products and services online. The program, called Pulse, mined and analyzed recorded conversations stored through the company monitoring software, but it did not tell consumers it was sharing the data.
"Echometrix sells software that protects children by gathering information for parents about what their kids are doing online, but at the same time it was marketing its data to outside companies without its customers' knowledge," Attorney General Andrew Cuomo said in a statement.
Under a settlement reached with Cuomo's office, the company has agreed to stop sharing with third parties any private communications gathered under the guise of ensuring children's safety. Echometrix will also pay a $100,000 fine to the state of New York.
A spokesperson for the Attorney General's office said investigators became aware of the scheme just as the software maker was beginning to market it and before it had been widely used. Confirming that, Echometrix pointed out in a press release Pulse had generated revenues of less than $1,000 in a very limited distribution at the time it was halted in late 2009. It also said the program was designed to share only "anonymous, aggregated and truncated data -- which did not include personally identifiable data such as first and last names, e-mail addresses, or phone numbers."
But that's no excuse for compromising the privacy of users, critics say.
"This is an exceptional case where a company claiming they were providing child protection technologies used those technologies to invade their privacy instead," Parry Aftab, a lawyer specializing in Internet privacy and security law and founder of wiredsafety.org, said in a statement. "No company should sacrifice a child's privacy for their personal profit."
Another provider of online services recently caught for sharing users' personal information -- in that case, credit card details -- with third-party vendors was Intelius, the background checker. It reached a settlement with Washington's Attorney General for $1.3 million after it was found to have earned more than $50 million in commissions for forwarding consumers' financial information to an external marketer.
Software maker secretly sold children's chats to marketers, NY AG says