DirectRevenue LLC, DirectRevenue Holdings LLC, Joshua Abram, Daniel Kaufman, Alan Murray, and Rodney Hook; Analysis of Proposed Consent Order To Aid Public Comment, 8161-8163 [E7-3058]

Agencies

• FEDERAL TRADE COMMISSION

[Federal Register Volume 72, Number 36 (Friday, February 23, 2007)]
[Notices]
[Pages 8161-8163]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-3058]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

[File No. 052 3131]


DirectRevenue LLC, DirectRevenue Holdings LLC, Joshua Abram, 
Daniel Kaufman, Alan Murray, and Rodney Hook; Analysis of Proposed 
Consent Order To Aid Public Comment

AGENCY: Federal Trade Commission.

ACTION: Proposed consent agreement.

-----------------------------------------------------------------------

SUMMARY: The consent agreement in this matter settles alleged 
violations of federal law prohibiting unfair or deceptive acts or 
practices or unfair methods of competition. The attached Analysis to 
Aid Public Comment describes both the allegations in the draft 
complaint and the terms of the consent order--embodied in the consent 
agreement--that would settle these allegations.

DATES: Comments must be received on or before March 21, 2007.

ADDRESSES: Interested parties are invited to submit written comments. 
Comments should refer to ``DirectRevenue LLC, et al., File No. 052 3131 
to facilitate the organization of comments. A comment filed in paper 
form should include this reference both in the text and on the 
envelope, and should be mailed or delivered to the following address: 
Federal Trade Commission/Office of the Secretary, Room 135-H , 600 
Pennsylvania Avenue, NW., Washington, DC 20580. Comments containing 
confidential material must be filed in paper form, must be clearly 
labeled ``Confidential,'' and must comply with Commission Rule 4.9(c). 
16 CFR 4.9(c) (2005).\1\ The FTC is requesting that any comment filed 
in paper form be sent by courier or overnight service, if possible, 
because U.S. postal mail in the Washington area and at the Commission 
is subject to delay due to heightened security precautions. Comments 
that do not contain any nonpublic information may instead be filed in 
electronic form as part of or as an attachment to e-mail messages 
directed to the following e-mail box: consentagreement@ftc.gov.
---------------------------------------------------------------------------

    \1\ The comment must be accompanied by an explicit request for 
confidential treatment, including the factual and legal basis for 
the request, and must identify the specific portions of the comment 
to be withheld from the public record. The request will be granted 
or denied by the Commission's General Counsel, consistent with 
applicable law and the public interest. See Commission Rule 4.9(c), 
16 CFR 4.9(c).
---------------------------------------------------------------------------

    The FTC Act and other laws the Commission administers permit the 
collection of public comments to consider and use in this proceeding as 
appropriate. All timely and responsive public comments, whether filed 
in paper or electronic form, will be considered by the Commission, and 
will be available to the public on the FTC Web site, to the extent 
practicable, at https://www.ftc.gov. As a matter of discretion, the FTC 
makes every effort to remove home contact information for individuals 
from the public comments it receives before placing those comments on 
the FTC Web site. More information, including routine uses permitted by 
the Privacy Act, may be found in the FTC's privacy policy, at https://
www.ftc.gov/ftc/privacy.htm.

FOR FURTHER INFORMATION CONTACT: Mamie Kresses (202/326-2070) or Stacey 
Freguson (202/326-2361), Bureau of Consumer Protection, 600 
Pennsylvania Avenue, NW., Washington, DC 20580.

SUPPLEMENTARY INFORMATION: Pursuant to section 6(f) of the Federal 
Trade Commission Act, 38 Stat. 721, 15 U.S.C. 46(f), and Sec.  2.34 of 
the Commission Rules of Practice, 16 CFR 2.34, notice is hereby given 
that the above-captioned consent agreement containing a consent order 
to cease and desist, having been filed with and accepted, subject to 
final approval, by the Commission, has been placed on the public record 
for a period of thirty (30) days. The following Analysis to Aid Public 
Comment describes the terms of the consent agreement, and the 
allegations in the complaint. An electronic copy of the full text of 
the consent agreement package can be obtained from the FTC Home Page 
(for February 16, 2007), on the World Wide Web, at https://www.ftc.gov/
os/2007/02/index.htm. A paper copy can be obtained from the FTC Public 
Reference Room, Room 130-H, 600 Pennsylvania Avenue, NW., Washington, 
DC 20580, either in person or by calling (202) 326-2222.
    Public comments are invited, and may be filed with the Commission 
in either paper or electronic form. All comments should be filed as 
prescribed in the ADDRESSES section above, and must be received on or 
before the date specified in the DATES section.

Analysis of Agreement Containing Consent Order To Aid Public Comment

    The Federal Trade Commission has accepted, subject to final 
approval, an

[[Page 8162]]

agreement containing a consent order from proposed respondents 
DirectRevenue LLC, DirectRevenue Holdings LLC, Joshua Abram, Daniel 
Kaufman, Alan Murray, and Rodney Hook, individually and as officers of 
DirectRevenue LLC (together, ``the respondents''). The proposed consent 
order has been placed on the public record for thirty (30) days for 
receipt of comments by interested persons. Comments received during 
this period will become part of the public record. After thirty (30) 
days, the Commission will again review the agreement and the comments 
received, and will decide whether it should withdraw from the agreement 
or make final the agreement's proposed order.

General Allegations

    The respondents develop, market, and distribute via Internet 
downloads advertising software programs (``adware'')--including 
programs with the names Aurora, Ceres, A Better Internet, 
OfferOptomizer, Twaintec, and Best Offers--that monitor consumers' 
Internet use in order to display targeted pop-up ads. This matter 
concerns allegations that the respondents: (1) Directly, and through a 
network of numerous affiliates and sub-affiliates, installed their 
adware on consumers' computers without adequate notice or consent; (2) 
through affiliates and sub-affiliates, installed their adware on 
consumers' computers entirely without notice or authorization; and (3) 
made their adware difficult for consumers to identify, locate, and 
remove.
    The Commission's complaint alleges that in numerous instances the 
respondents, either directly or through their affiliates and sub-
affiliates, purported to offer content to the public, such as games, 
screen-savers, peer-to-peer file sharing software, and/or computer 
utility programs (``lureware'') and bundled the respondents' adware 
with that content. The complaint further alleges that consumers often 
have been unaware that the respondents' adware would be installed on 
their computers because it was not adequately disclosed to them that 
downloading the lureware would result in installation of the 
respondents' adware. Often, no reference to the adware was made on Web 
sites offering the lureware or in the install windows. In other 
instances, information about the effects of the respondents' adware 
could only be ascertained, if at all, by clicking on one or more 
inconspicuous hyperlinks to reach multi-page user agreements containing 
such information. These inconspicuous hyperlinks were located in the 
corner of Web site homepages or in modal boxes provided by the 
computer's operating system.
    The Commission's complaint also alleges that in numerous instances, 
the respondents, through affiliates and sub-affiliates, installed the 
respondents' adware on consumers' computers entirely without notice or 
authorization. The complaint cites as an example unauthorized 
installations conducted by the respondents' sub-affiliate, Seismic 
Entertainment Productions, Inc., via an executable file that exploited 
a vulnerability in Windows Media Player.
    The Commission's complaint further alleges that the respondents 
made identifying, locating, and removing their adware extremely 
difficult for consumers. Among other practices, the respondents: failed 
to identify the name or source of the adware in pop-up ads to enable 
consumers to locate the adware on their computers; stored adware files 
in locations on consumers' hard drives that are rarely accessed by 
consumers, such as in the core systems software folders; failed to list 
the adware in the Windows Add/Remove utility (a customary location for 
user-initiated uninstall of software programs); where the adware was 
listed in the Windows Add/Remove utility, listed it under names 
resembling core systems software or applications; installed technology 
on consumers' computers to reinstall the adware when it had been 
uninstalled by consumers through the Windows Add/Remove utility or 
deleted by anti-spyware or anti-adware programs; and when a separate 
uninstall tool was provided, required consumers to follow a ten-step 
procedure including downloading additional software and deactivating 
firewalls, thereby exposing computers to security risks.

Deception Allegation

    The Commission's complaint alleges that by offering content over 
the Internet such as browser upgrades, utilities, games, screensavers, 
peer-to-peer file sharing software and/or entertainment content, 
without disclosing adequately that this content was bundled with the 
respondents' adware, the respondents committed a deceptive practice. 
The bundling of the respondents' adware, which monitors consumers' 
Internet use and causes them to receive pop-up advertisements, would be 
material to consumers in their decision whether to download the other 
software programs and/or content.

Unfairness Allegations

    The Commission's complaint also alleges that it was an unfair 
practice for the respondents to install on consumers' computers, 
entirely without their knowledge or authorization, adware that could 
not be reasonably identified, located, or removed by consumers. In 
addition, the complaint alleges that it was an unfair practice, in and 
of itself, for the respondents not to provide consumers with a 
reasonable means to identify, locate, and remove the respondents' 
adware from their computers. The complaint further alleges that these 
practices have caused or are likely to cause substantial consumer 
injury that is not reasonably avoidable by consumers themselves and not 
outweighed by benefits to consumers or competition.

The Proposed Consent Order

    The proposed consent order contains provisions designed to prevent 
the respondents from engaging in similar acts and practices in the 
future and to halt continuing harm caused by the respondents' prior 
unlawful practices.
    Part I of the proposed order prohibits the respondents from 
displaying any advertisement to, or otherwise communicating with, any 
consumer's computer on which the respondents' adware was installed 
prior to October 1, 2005 (``legacy program''). Part I permits the 
respondents, within thirty days of entry of the final order, to send a 
maximum of three notices to legacy program users informing them: that, 
pursuant to the FTC settlement, they will no longer receive any 
advertising or communication from the respondents; how they may 
affirmatively authorize the respondents to continue serving 
advertisements if consumers so choose; and how they may fully remove 
the respondents' adware from their computers. If consumers fail to 
respond to the notice, the adware will remain inactive.
    Parts II and III prohibit the respondents from, or assisting others 
in, installing software onto any computer by exploiting security 
vulnerabilities or downloading or installing any software program or 
application without consumers' express consent. ``Express consent'' is 
defined in the proposed order to require clear and prominent disclosure 
of material terms prior to and separate from any end user license 
agreement, and to require consumer activation of the download or 
installation by clicking a button or a substantially similar action.
    Part IV requires the respondents to establish, implement, and 
maintain a clearly disclosed, user-friendly mechanism through which 
consumers can report and the respondents can timely address complaints 
regarding the respondents' practices.

[[Page 8163]]

    Part V requires the respondents to establish, implement, and 
maintain a comprehensive program that is reasonably designed to require 
affiliates to obtain express consent before installing the respondents' 
software onto consumers' computers. Part V also contains sub-parts 
mandating certain measures the respondents must take to monitor their 
distribution network.
    Part VI requires the respondents to identify advertisements served 
via the respondents' adware in order for consumers to easily locate the 
source of the advertisement, easily access the respondents' complaint 
mechanism, and access directions on how to uninstall such adware.
    Part VII requires the respondents to provide reasonable and 
effective means for consumers to uninstall the respondents' adware.
    Part IX requires the respondents to pay $1.5 million to the 
Commission. This payment may be used in the Commission's sole 
discretion to provide appropriate relief, which may include, but is not 
limited to, the recision of contracts, payment of damages, and/or 
public notification respecting such unfair or deceptive acts or 
practices. If the Commission determines that such relief is wholly or 
partially impracticable, any or all such funds shall be paid to the 
United States Treasury.
    Part X requires the respondents to cooperate with the Commission in 
this action or any subsequent investigations related to or associated 
with the transactions or the occurrences that are the subject of the 
Complaint.
    The remaining order provisions govern record retention (Part VIII), 
order distribution (Part XI), ongoing reporting requirements (Parts XII 
and XIII), filing a compliance report (Part XIV). Part XV provides that 
the order will terminate after twenty (20) years under certain 
circumstances.
    The purpose of this analysis is to facilitate public comment on the 
proposed order, and it is not intended to constitute an official 
interpretation of the agreement and proposed order or to modify in any 
way their terms.

    By direction of the Commission, Commissioner Leibowitz 
dissenting.
Donald S. Clark,
Secretary.

Dissenting Statement of Commissioner Jon Leibowitz

    In this consent agreement, Commission staff obtained strong 
injunctive relief that will put an end to practices that allowed 
DirectRevenue to foist unwanted software on untold millions of 
consumers. The injunctive provisions, like those in Zango, Inc., f/k/a 
180 Solutions, Inc., will serve as a model to adware companies in 
future. But the $1.5 million in monetary relief that the Commission 
obtained as part of the consent agreement is a disappointment because 
it apparently leaves DirectRevenue's owners lining their pockets with 
more than $20 million from a business model based on deceit. Ben Elgin 
with Brian Grow, The Plot To Hijack Your Computer, Business Week 
Online, available at https://www.businessweek.com/magazine/content/06_
29/b3993001.htm?chan=search (July 17, 2006).
    According to the Commission's complaint, DirectRevenue downloaded 
adware on consumers' computers--in many cases without notice and 
consent. In other instances, to entice consumers into downloading its 
nuisance adware that plagued consumers' computers with pop-ups, it even 
bundled the adware with software that was supposed to block pop-ups--
the height of cynicism and disingenuousness. Moreover, the respondents 
went to great lengths to ensure that consumers could not uninstall this 
unwanted software, even employing ingenious (and malicious) 
technologies such as code that would reinstall it if the consumer 
attempted to remove it.
    Even apart from the hundreds of thousands of hours people spent 
closing all of these pop-up ads, how many people lost important data 
because respondents' malware crashed their computer? How many people 
fruitlessly spent time trying to uninstall it? How many people junked 
perfectly good computers that were so burdened with unwanted adware 
that they were useless? One consumer captured the frustration and anger 
that consumers no doubt felt as they tried to deal with DirectRevenue's 
malware: `` `You people are EVIL personified,' Kevin Horton wrote* * * 
`I would like the four hours of my life back I have wasted trying to 
get your stupid uninvited software off my now crippled system.' '' The 
Plot To Hijack Your Computer, supra. Given the number of unwitting 
DirectRevenue ``customers''--according to the New York Attorney 
General's complaint there were more than 150 million software installs, 
which likely served up literally billions of pop-ups \2\--Mr. Horton's 
experience could not have been unusual. Some of the troubles came home 
to roost: the software made the computer of one of DirectRevenue's own 
employees crash four times in one day, and the company had to send 
someone to fix a computer belonging to one of the company's venture 
capital investors. Id.
---------------------------------------------------------------------------

    \2\ On a separate note, I want to commend the New York Attorney 
General's office for its recent ground-breaking settlements--which 
included monetary relief--with Priceline, Travelocity, and Cingular 
Wireless in the context of its litigation against DirectRevenue. 
Among other things, the settlements require the companies to do due 
diligence before advertising via adware, and periodically follow up 
to see how their online ads are being delivered. These settlements 
are important because advertising dollars fuel the demand side of 
the nuisance adware problem by giving companies like DirectRevenue 
and their affiliates and sub-affiliates the incentive to expand 
their installed base, with or without consumers' consent.
---------------------------------------------------------------------------

    I recognize that staff was able to negotiate comprehensive 
injunctive relief that will halt these illegal practices once and for 
all. The proposed order, among other things, requires DirectRevenue to 
co-brand advertisements it serves and provide an effective method to 
uninstall their software--steps that should allow consumers unhappy 
with the pop-ups to identify their source and remove the software that 
generates them. Other provisions ensure that consumers get to choose 
whether they want the software in the first place. I also recognize 
that, in litigating this matter, staff would have been presented with 
novel issues that could pose risks.
    That said, I cannot support a consent agreement that requires the 
respondents--particularly Joshua Abram, Daniel Kaufman, Alan Murray, 
and Rodney Hook, the officers and owners of DirectRevenue--to pay a 
total of only $1.5 million. Venture capitalists poured more than $20 
million into DirectRevenue,\3\ and between the companies' ad revenues 
and the venture capital money, millions of dollars flowed into the 
owners' pockets--$23 million, according to Business Week. See The Plot 
To Hijack Your Computer, supra. Settlement always involves compromise, 
and staff must weigh the advantages of a settlement with the risks and 
costs of litigation. But in cases like this, I would rather go to trial 
and risk losing than settle for a compromise that makes an FTC action 
just a cost of doing business.

    \3\ See, e.g., Brad Stone, Invasion of the PC Snatchers, 
Newsweek (Dec. 13, 2006), available at https://www.msnbc.msn.com/id/
6653413/site/newsweek/.
---------------------------------------------------------------------------

 [FR Doc. E7-3058 Filed 2-22-07; 8:45 am]
BILLING CODE 6750-01-P