DOD nixes vendor of online monitoring software over privacy concerns
EchoMetrix suspended from selling products via military's shopping portal
Computerworld - EchoMetrix Inc., a vendor of parental control software that is already under fire for alleged violations of an online children's privacy law, has been suspended from selling its products on a U.S. Department of Defense shopping portal because of privacy concerns.
The action was taken in late October, barely three weeks after EchoMetrix began listing its Internet monitoring products for sale through the U.S. Army and Air Force Exchange Service's (AAFES) Exchange Online Mall. However, news of the suspension surfaced only this week after the Electronic Privacy Information Center (EPIC) obtained documents relating to the incident via a Freedom of Information Act request it had filed with the Defense Department.
The documents show that the AAFES removed EchoMetrix's My Military Sentry Parental Controls product from its Web site because of concerns EPIC raised that customer information was being surreptitiously collected and sold to third parties by EchoMetrix.
An AAFES spokeswoman confirmed the suspension today and said that it had resulted from the privacy concerns raised by EPIC.
"To the best of our knowledge, no military personnel signed up for the service during the approximately three weeks it was available," the spokeswoman said. She added that Exchange Online Mall personnel are monitoring the situation and "will make a decision on how to proceed after further review."
Syosset, N.Y.-based EchoMetrix sells a range of parental control software designed to monitor children's activity on the Internet and to alert parents when a child encounters questionable material. The My Military Sentry product that was pulled from the AAFES Web site is identical to a civilian version of the product called Sentry.
The company, in an e-mailed statement, firmly maintained that it does not collect any information that violates children's privacy laws.
In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.
"Pulse boasts of offering unfiltered online conversations and of having access to the teenage market in real-time by capturing instant message conversations, chat room conversations, and blog posts," EPIC claimed.
EchoMetrix's marketing promotes "illegal surveillance" of children, EPIC said in its FTC complaint. EPIC further stated that EchoMetrix's privacy policies were not clearly spelled out and offered no easy way for customers to opt out of such tracking.
In an e-mailed statement, EchoMetrix denied the allegations. "EchoMetrix does not collect personally identifiable information or expose the source of any digital content," the statement said. "The company has never and will never collect, distribute or sell personal information as defined by COPPA."
Kimberly Nguyen, a lawyer for EPIC, said the group's main concern is with the collection of personal data on children. "According to COPPA, companies can't collect personal data from children" without parental consent, which is precisely what EchoMetrix is doing, Nguyen claimed. "They are violating federal statutes" by their actions, as well as violating FTC rules governing the disclosure of privacy policies, Nguyen said.
The FTC has not responded to EPIC's complaint against EchoMetrix.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts