DOD nixes vendor of online monitoring software over privacy concerns
EchoMetrix suspended from selling products via military's shopping portal
Computerworld - EchoMetrix Inc., a vendor of parental control software that is already under fire for alleged violations of an online children's privacy law, has been suspended from selling its products on a U.S. Department of Defense shopping portal because of privacy concerns.
The action was taken in late October, barely three weeks after EchoMetrix began listing its Internet monitoring products for sale through the U.S. Army and Air Force Exchange Service's (AAFES) Exchange Online Mall. However, news of the suspension surfaced only this week after the Electronic Privacy Information Center (EPIC) obtained documents relating to the incident via a Freedom of Information Act request it had filed with the Defense Department.
The documents show that the AAFES removed EchoMetrix's My Military Sentry Parental Controls product from its Web site because of concerns EPIC raised that customer information was being surreptitiously collected and sold to third parties by EchoMetrix.
An AAFES spokeswoman confirmed the suspension today and said that it had resulted from the privacy concerns raised by EPIC.
"To the best of our knowledge, no military personnel signed up for the service during the approximately three weeks it was available," the spokeswoman said. She added that Exchange Online Mall personnel are monitoring the situation and "will make a decision on how to proceed after further review."
Syosset, N.Y.-based EchoMetrix sells a range of parental control software designed to monitor children's activity on the Internet and to alert parents when a child encounters questionable material. The My Military Sentry product that was pulled from the AAFES Web site is identical to a civilian version of the product called Sentry.
The company, in an e-mailed statement, firmly maintained that it does not collect any information that violates children's privacy laws.
In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.
"Pulse boasts of offering unfiltered online conversations and of having access to the teenage market in real-time by capturing instant message conversations, chat room conversations, and blog posts," EPIC claimed.
EchoMetrix's marketing promotes "illegal surveillance" of children, EPIC said in its FTC complaint. EPIC further stated that EchoMetrix's privacy policies were not clearly spelled out and offered no easy way for customers to opt out of such tracking.
In an e-mailed statement, EchoMetrix denied the allegations. "EchoMetrix does not collect personally identifiable information or expose the source of any digital content," the statement said. "The company has never and will never collect, distribute or sell personal information as defined by COPPA."
Kimberly Nguyen, a lawyer for EPIC, said the group's main concern is with the collection of personal data on children. "According to COPPA, companies can't collect personal data from children" without parental consent, which is precisely what EchoMetrix is doing, Nguyen claimed. "They are violating federal statutes" by their actions, as well as violating FTC rules governing the disclosure of privacy policies, Nguyen said.
The FTC has not responded to EPIC's complaint against EchoMetrix.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts