AGENCY:

Federal Trade Commission.

ACTION:

Proposed consent agreement.

SUMMARY:

The consent agreement in this matter settles alleged violations of federal law prohibiting unfair or deceptive acts or practices or unfair methods of competition. The attached Analysis to Aid Public Comment describes both the allegations in the draft complaint and the terms of the consent order—embodied in the consent agreement—that would settle these allegations.

DATES:

Comments must be received on or before March 21, 2007.

ADDRESSES:

Interested parties are invited to submit written comments. Comments should refer to “DirectRevenue LLC, et al., File No. 052 3131 to facilitate the organization of comments. A comment filed in paper form should include this reference both in the text and on the envelope, and should be mailed or delivered to the following address: Federal Trade Commission/Office of the Secretary, Room 135-H , 600 Pennsylvania Avenue, NW., Washington, DC 20580. Comments containing confidential material must be filed in paper form, must be clearly labeled “Confidential,” and must comply with Commission Rule 4.9(c). 16 CFR 4.9(c) (2005).^[1] The FTC is requesting that any comment filed in paper form be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. Comments that do not contain any nonpublic information may instead be filed in electronic form as part of or as an attachment to e-mail messages directed to the following e-mail box: consentagreement@ftc.gov.

The FTC Act and other laws the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. All timely and responsive public comments, whether filed in paper or electronic form, will be considered by the Commission, and will be available to the public on the FTC Web site, to the extent practicable, at http://www.ftc.gov. As a matter of discretion, the FTC makes every effort to remove home contact information for individuals from the public comments it receives before placing those comments on the FTC Web site. More information, including routine uses permitted by the Privacy Act, may be found in the FTC's privacy policy, at http://www.ftc.gov/​ftc/​privacy.htm.

FOR FURTHER INFORMATION CONTACT:

Mamie Kresses (202/326-2070) or Stacey Freguson (202/326-2361), Bureau of Consumer Protection, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

SUPPLEMENTARY INFORMATION:

Pursuant to section 6(f) of the Federal Trade Commission Act, 38 Stat. 721, 15 U.S.C. 46(f), and § 2.34 of the Commission Rules of Practice, 16 CFR 2.34, notice is hereby given that the above-captioned consent agreement containing a consent order to cease and desist, having been filed with and accepted, subject to final approval, by the Commission, has been placed on the public record for a period of thirty (30) days. The following Analysis to Aid Public Comment describes the terms of the consent agreement, and the allegations in the complaint. An electronic copy of the full text of the consent agreement package can be obtained from the FTC Home Page (for February 16, 2007), on the World Wide Web, at http://www.ftc.gov/​os/​2007/​02/​index.htm. A paper copy can be obtained from the FTC Public Reference Room, Room 130-H, 600 Pennsylvania Avenue, NW., Washington, DC 20580, either in person or by calling (202) 326-2222.

Public comments are invited, and may be filed with the Commission in either paper or electronic form. All comments should be filed as prescribed in the ADDRESSES section above, and must be received on or before the date specified in the DATES section.

Analysis of Agreement Containing Consent Order To Aid Public Comment

The Federal Trade Commission has accepted, subject to final approval, an Start Printed Page 8162agreement containing a consent order from proposed respondents DirectRevenue LLC, DirectRevenue Holdings LLC, Joshua Abram, Daniel Kaufman, Alan Murray, and Rodney Hook, individually and as officers of DirectRevenue LLC (together, “the respondents”). The proposed consent order has been placed on the public record for thirty (30) days for receipt of comments by interested persons. Comments received during this period will become part of the public record. After thirty (30) days, the Commission will again review the agreement and the comments received, and will decide whether it should withdraw from the agreement or make final the agreement's proposed order.

General Allegations

The respondents develop, market, and distribute via Internet downloads advertising software programs (“adware”)—including programs with the names Aurora, Ceres, A Better Internet, OfferOptomizer, Twaintec, and Best Offers—that monitor consumers' Internet use in order to display targeted pop-up ads. This matter concerns allegations that the respondents: (1) Directly, and through a network of numerous affiliates and sub-affiliates, installed their adware on consumers' computers without adequate notice or consent; (2) through affiliates and sub-affiliates, installed their adware on consumers' computers entirely without notice or authorization; and (3) made their adware difficult for consumers to identify, locate, and remove.

The Commission's complaint alleges that in numerous instances the respondents, either directly or through their affiliates and sub-affiliates, purported to offer content to the public, such as games, screen-savers, peer-to-peer file sharing software, and/or computer utility programs (“lureware”) and bundled the respondents’ adware with that content. The complaint further alleges that consumers often have been unaware that the respondents' adware would be installed on their computers because it was not adequately disclosed to them that downloading the lureware would result in installation of the respondents' adware. Often, no reference to the adware was made on Web sites offering the lureware or in the install windows. In other instances, information about the effects of the respondents' adware could only be ascertained, if at all, by clicking on one or more inconspicuous hyperlinks to reach multi-page user agreements containing such information. These inconspicuous hyperlinks were located in the corner of Web site homepages or in modal boxes provided by the computer's operating system.

The Commission's complaint also alleges that in numerous instances, the respondents, through affiliates and sub-affiliates, installed the respondents' adware on consumers' computers entirely without notice or authorization. The complaint cites as an example unauthorized installations conducted by the respondents' sub-affiliate, Seismic Entertainment Productions, Inc., via an executable file that exploited a vulnerability in Windows Media Player.

The Commission's complaint further alleges that the respondents made identifying, locating, and removing their adware extremely difficult for consumers. Among other practices, the respondents: failed to identify the name or source of the adware in pop-up ads to enable consumers to locate the adware on their computers; stored adware files in locations on consumers' hard drives that are rarely accessed by consumers, such as in the core systems software folders; failed to list the adware in the Windows Add/Remove utility (a customary location for user-initiated uninstall of software programs); where the adware was listed in the Windows Add/Remove utility, listed it under names resembling core systems software or applications; installed technology on consumers' computers to reinstall the adware when it had been uninstalled by consumers through the Windows Add/Remove utility or deleted by anti-spyware or anti-adware programs; and when a separate uninstall tool was provided, required consumers to follow a ten-step procedure including downloading additional software and deactivating firewalls, thereby exposing computers to security risks.

Deception Allegation

The Commission's complaint alleges that by offering content over the Internet such as browser upgrades, utilities, games, screensavers, peer-to-peer file sharing software and/or entertainment content, without disclosing adequately that this content was bundled with the respondents' adware, the respondents committed a deceptive practice. The bundling of the respondents' adware, which monitors consumers' Internet use and causes them to receive pop-up advertisements, would be material to consumers in their decision whether to download the other software programs and/or content.

Unfairness Allegations

The Commission's complaint also alleges that it was an unfair practice for the respondents to install on consumers' computers, entirely without their knowledge or authorization, adware that could not be reasonably identified, located, or removed by consumers. In addition, the complaint alleges that it was an unfair practice, in and of itself, for the respondents not to provide consumers with a reasonable means to identify, locate, and remove the respondents' adware from their computers. The complaint further alleges that these practices have caused or are likely to cause substantial consumer injury that is not reasonably avoidable by consumers themselves and not outweighed by benefits to consumers or competition.

The Proposed Consent Order

The proposed consent order contains provisions designed to prevent the respondents from engaging in similar acts and practices in the future and to halt continuing harm caused by the respondents' prior unlawful practices.

Part I of the proposed order prohibits the respondents from displaying any advertisement to, or otherwise communicating with, any consumer's computer on which the respondents' adware was installed prior to October 1, 2005 (“legacy program”). Part I permits the respondents, within thirty days of entry of the final order, to send a maximum of three notices to legacy program users informing them: that, pursuant to the FTC settlement, they will no longer receive any advertising or communication from the respondents; how they may affirmatively authorize the respondents to continue serving advertisements if consumers so choose; and how they may fully remove the respondents' adware from their computers. If consumers fail to respond to the notice, the adware will remain inactive.

Parts II and III prohibit the respondents from, or assisting others in, installing software onto any computer by exploiting security vulnerabilities or downloading or installing any software program or application without consumers' express consent. “Express consent” is defined in the proposed order to require clear and prominent disclosure of material terms prior to and separate from any end user license agreement, and to require consumer activation of the download or installation by clicking a button or a substantially similar action.

Part IV requires the respondents to establish, implement, and maintain a clearly disclosed, user-friendly mechanism through which consumers can report and the respondents can timely address complaints regarding the respondents' practices. Start Printed Page 8163

Part V requires the respondents to establish, implement, and maintain a comprehensive program that is reasonably designed to require affiliates to obtain express consent before installing the respondents' software onto consumers' computers. Part V also contains sub-parts mandating certain measures the respondents must take to monitor their distribution network.

Part VI requires the respondents to identify advertisements served via the respondents' adware in order for consumers to easily locate the source of the advertisement, easily access the respondents' complaint mechanism, and access directions on how to uninstall such adware.

Part VII requires the respondents to provide reasonable and effective means for consumers to uninstall the respondents' adware.

Part IX requires the respondents to pay $1.5 million to the Commission. This payment may be used in the Commission's sole discretion to provide appropriate relief, which may include, but is not limited to, the recision of contracts, payment of damages, and/or public notification respecting such unfair or deceptive acts or practices. If the Commission determines that such relief is wholly or partially impracticable, any or all such funds shall be paid to the United States Treasury.

Part X requires the respondents to cooperate with the Commission in this action or any subsequent investigations related to or associated with the transactions or the occurrences that are the subject of the Complaint.

The remaining order provisions govern record retention (Part VIII), order distribution (Part XI), ongoing reporting requirements (Parts XII and XIII), filing a compliance report (Part XIV). Part XV provides that the order will terminate after twenty (20) years under certain circumstances.

The purpose of this analysis is to facilitate public comment on the proposed order, and it is not intended to constitute an official interpretation of the agreement and proposed order or to modify in any way their terms.

Dissenting Statement of Commissioner Jon Leibowitz

In this consent agreement, Commission staff obtained strong injunctive relief that will put an end to practices that allowed DirectRevenue to foist unwanted software on untold millions of consumers. The injunctive provisions, like those in Zango, Inc., f/k/a 180 Solutions, Inc., will serve as a model to adware companies in future. But the $1.5 million in monetary relief that the Commission obtained as part of the consent agreement is a disappointment because it apparently leaves DirectRevenue's owners lining their pockets with more than $20 million from a business model based on deceit. Ben Elgin with Brian Grow, The Plot To Hijack Your Computer, Business Week Online, available at http://www.businessweek.com/​magazine/​content/​06_​29/​b3993001.htm?​chan=​search (July 17, 2006).

According to the Commission's complaint, DirectRevenue downloaded adware on consumers' computers—in many cases without notice and consent. In other instances, to entice consumers into downloading its nuisance adware that plagued consumers' computers with pop-ups, it even bundled the adware with software that was supposed to block pop-ups—the height of cynicism and disingenuousness. Moreover, the respondents went to great lengths to ensure that consumers could not uninstall this unwanted software, even employing ingenious (and malicious) technologies such as code that would reinstall it if the consumer attempted to remove it.

Even apart from the hundreds of thousands of hours people spent closing all of these pop-up ads, how many people lost important data because respondents' malware crashed their computer? How many people fruitlessly spent time trying to uninstall it? How many people junked perfectly good computers that were so burdened with unwanted adware that they were useless? One consumer captured the frustration and anger that consumers no doubt felt as they tried to deal with DirectRevenue's malware: “ ‘You people are EVIL personified,’ Kevin Horton wrote* * * ‘I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system.’ ” The Plot To Hijack Your Computer, supra. Given the number of unwitting DirectRevenue “customers”—according to the New York Attorney General's complaint there were more than 150 million software installs, which likely served up literally billions of pop-ups ^[2] —Mr. Horton's experience could not have been unusual. Some of the troubles came home to roost: the software made the computer of one of DirectRevenue's own employees crash four times in one day, and the company had to send someone to fix a computer belonging to one of the company's venture capital investors. Id.

I recognize that staff was able to negotiate comprehensive injunctive relief that will halt these illegal practices once and for all. The proposed order, among other things, requires DirectRevenue to co-brand advertisements it serves and provide an effective method to uninstall their software—steps that should allow consumers unhappy with the pop-ups to identify their source and remove the software that generates them. Other provisions ensure that consumers get to choose whether they want the software in the first place. I also recognize that, in litigating this matter, staff would have been presented with novel issues that could pose risks.

That said, I cannot support a consent agreement that requires the respondents—particularly Joshua Abram, Daniel Kaufman, Alan Murray, and Rodney Hook, the officers and owners of DirectRevenue—to pay a total of only $1.5 million. Venture capitalists poured more than $20 million into DirectRevenue,^[3] and between the companies' ad revenues and the venture capital money, millions of dollars flowed into the owners' pockets—$23 million, according to Business Week. See The Plot To Hijack Your Computer, supra. Settlement always involves compromise, and staff must weigh the advantages of a settlement with the risks and costs of litigation. But in cases like this, I would rather go to trial and risk losing than settle for a compromise that makes an FTC action just a cost of doing business.

Footnotes