Skip to content
Naked Security Naked Security

Snooped-on man free to sue spyware maker

A US court has said that a man can sue a spyware company whose software was used unlawfully by a jealous spouse to intercept his messages.

A US court has said that a man can sue a spyware company whose software was used unlawfully by a jealous spouse to intercept his messages.

In a 2-1 ruling released on Tuesday, the Sixth Circuit US Appeals Court overturned a lower court’s ruling in order to allow the Florida man, Javier Luis, to sue Awareness Technologies.

According to the ruling, Luis had developed an apparently platonic online friendship with an Ohio woman named Catherine Zang.

The two never met.

Nonetheless, her husband, Joseph Zang, became suspicious of what his wife was up to online, so he secretly installed a spyware tool known as WebWatcher on Catherine’s computer in order to eavesdrop.

Luis claims that WebWatcher and its manufacturer, Awareness Technologies, surreptitiously intercepted the emails, instant messages, and other communications that Luis and Catherine exchanged.

Awareness allegedly disclosed the communications to Joseph, who used them as leverage to divorce Catherine on favorable terms.

Upset at the snooping on what should have been private communications, Luis sued Joseph Zang, Awareness and several others.

At this point, all claims have been settled except for the charges against Awareness. Luis alleges that because its WebWatcher spyware served to secretly record his communications, Awareness violated the federal Wiretap Act, the Ohio Wiretap Act, and Ohio common law.

According to Awareness’s own advertising, WebWatcher creates and stores whatever’s sent to or from a targeted system: emails, IMs, browsing history, search history, activity on social media sites such as Facebook, or anything else typed, in real time.

Like other spyware, it presents itself as a tool to surveil people who it’s more or less legal to snoop on: children and employees who’ve been informed of the fact.

Like other spyware apps, WebWatcher brags about being undetectable. From its How-to guide:

WebWatcher is 100% invisible. It doesn’t run as a service, it doesn’t appear in the list of running processes and there are no visible files that can be seen. Not only does WebWatcher work invisibly, but it’s also friendly with all known firewall software and hardware allowing you to gather the information you need without raising any red flags.

It’s a weird thing to brag about being invisible, given that, again like its spying brethren, it advises users to inform their targets that they’re being watched.

From its disclaimer:

Awareness Technologies Terms of Use and End User Licensing Agreement require that you only install its software on computers that you own or have permission to monitor and that you inform all users of those computers that they are being monitored. To ensure proper use, we require the user to have both physical and password access. Failure to do so may result in breaking of Federal and State laws.

Yes. Well. Ahem.

About that “breaking of Federal and State laws”.

Awareness Technologies has that standard cover-your-backside disclaimer, which basically passes the buck to the end user when it comes to informing surveillance targets. But as I mentioned, it also has language about how the software is “invisible,” making it undetectable by its targets.

We don’t yet know whether US courts will see through that doublespeak, with this case or any future case.

At any rate, there’s one thing Awareness Technologies doesn’t have that would have dimmed its prospects considerably: marketing aimed at suspicious spouses.

Selling your spyware as a way to monitor your spouse or lover for infidelity is a proven way to get you in legal hot water, as we saw when the CEO of the StealthGenie mobile remote-access Trojan (RAT) spyware app was fined $500,000 a few years ago, for explicitly marketing the app to the “spousal cheat” market.

Awareness Technologies denied Luis’s claims that it had intercepted the communications. Rather, it argued, it merely stored them as data.

It claimed that the term “intercept” applied only to cases where a device captures a communication “either before [it] reaches the intended recipient or contemporaneous with the transmission not after it reaches the destination where it is placed in electronic storage.”

The court of appeals didn’t see it that way. It said in its decision that Luis “has indeed alleged enough facts to reasonably infer that Awareness intercepted his communications.”

The case has been booted back to the lower court for the lawsuit to continue.

7 Comments

Luis was after Joseph’s wife. He should be glad Joseph didn’t come after him in a jealous rage. He was fooling where he shouldn’t have been, and he’s offended that Joseph read his mail? Gimme a break!

Reply

Typical, “It’s no my fault”, just buying it and putting it in and using the results… Blame the manufacturer… He knew it was a crap thing to do, so now he’s passing the buck. Just because they make and sell it, you should know better. Many ways to tap communication lines, and you need them for fix bugs. I understand it was ‘advertised’ that way, a sucker or an idiot…

Reply

This wasn’t a matter of money, it is a matter of breaking the law, period. It also helped one party to get a more favorable ruling in their divorce suit against their spouse. again I would say illegal.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!