The founder of a spyware company who was banned from the surveillance industry following an earlier data breach is now seeking to undo the ban, according to the Federal Trade Commission.
In a notice on Friday, the federal watchdog said Scott Zuckerman sought to rescind or modify the 2021 ban imposed by the FTC on his company Support King and its subsidiaries.
The ban included a provision requiring Zuckerman to maintain certain cybersecurity practices and undergo frequent audits for any of his businesses, after his spyware subsidiary SpyFone in 2018 spilled thousands of people’s private phone data, including photos, messages, and location data, to the public web.
The FTC’s then-five commissioners unanimously voted to ban Zuckerman and Support King from offering, selling, or promoting any phone monitoring app, preventing him from operating in the surveillance industry.
Zuckerman now claims the order imposed an “unnecessary burden” because the financial costs needed to comply with the order made it more difficult for him to expand his other businesses.
The review of Zuckerman’s petition is expected to be closely watched by privacy advocates and critics of the surveillance industry, and could signal one of the first major cybersecurity tests for the Republican-controlled federal agency. If the agency moves to modify the order or vacate it entirely, it would pave the way for a surveillance vendor with a history of data breaches to legally operate again unimpeded.
Despite the ban taking effect in 2021, Zuckerman was caught involved in another spyware operation less than a year later.
In 2022, TechCrunch received a cache of breached data from the servers of a phone spyware app called SpyTrac, which revealed it was being run by a group of freelance developers with direct ties to Support King, likely to skirt the FTC’s ban. The breached data also contained records from SpyFone, despite the FTC’s order requiring the company to delete the data it illegally obtained from victims’ phones. SpyTrac went offline soon after we contacted Zuckerman for comment.
Zuckerman’s petition is already facing criticism from the security community.
“I think this petition should be opposed loudly and vigorously. Mr. Zuckerman has repeatedly shown himself to be a bad actor, flouting the FTC by continuing to run his stalkerware company even after the ban was issued,” Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, told TechCrunch.
... continue reading