Is Sears Spying On You?

Now that the holidays are over, how many businesses let their employees do a little holiday shopping online? Hopefully those that did allow it didn't find their employees shopped at Sears.

According to Computer Associates (CA), "Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of community participation."

Not only that, but CA also states that Sears is sending that information to a third-party domain, securestudies.com, run by comScore, even though Sears claims that they won't do such a thing. To make matters even worse, CA discovered that Sears presents two different privacy policies - one for people who already have their spyware intalled and another for people who don't.

CA outlined its discoveries in two blog posts, which reveals that the spyware installs itself without clear notice to user beforehand, redirects network traffic to a third-party without permission, and transmits sensitive data without permission.

Ben Edelman, assistant professor at Harvard Business School and well-known privacy advocate, also took a close look at what Sears is doing to its unsuspecting customers. According to Edelman, Sears is in direct violation of Federal Trade Commission (FTC) requirements for the installation of such tracking software on people's computers.

"The FTC requires that software makers and distributors provide clear, prominent, unavoidable notice of the key terms [in their privacy policies. Sears'] installation of [ComScore spyware] did nothing of the kind," wrote Edelman.

After being exposed by CA, Rob Harles, vice president of Sears Holdings Community (SHC), responded in defense. The text of response was posted in CA's Security Advisor Research Blog, where CA senior researcher Benjamin Googins proves Harles' claims are not entirely accurate.

"I am disappointed by [Harle's response]. He continues to state emphatically the Sears software is by invitation only, users are given prominent notice during install, and [that] generally my overall assessment of the Sears software is off base. I couldn't disagree more," Googins concluded.