
FTC slaps Lenovo on the wrist for selling computers with secret adware - joering2
https://arstechnica.com/tech-policy/2017/09/ftc-slaps-lenovo-on-the-wrist-for-selling-computers-with-secret-adware/
======
rayiner
For people wondering why there was no hefty fine, it's probably because the
FTC had no authority to impose one. Except with regard to children, the FTC
isn't specifically empowered to protect "privacy rights." The FTC brought a
complaint against Lenovo under Section 5 of the FTC Act, which addresses
"unfair competition" and "unfair practices." Historically, that meant false
advertising or other abusive practices set forth in law ( _e.g._ unfair debt
collection practices). Under Section 5, civil penalties can only be imposed
where a company violates an FTC rule, and does so with knowledge that the
conduct violates the FTC rule (typically a Trade Regulation Rule ("TRR")). 15
U.S.C. 45(m)(1)(A).

There is no TRR addressing the kind of conduct Lenovo engaged in, nor any
statute prohibiting such conduct: [https://www.ftc.gov/reports/privacy-data-
security-update-201...](https://www.ftc.gov/reports/privacy-data-security-
update-2016#rules). While the FTC can declare particular practices unfair on a
case-by-case basis, without a rule, in that situation it can only issue a
cease-and-desist order. 15 U.S.C. 45(m)(1)(B).

~~~
tryingagainbro
Fine, why wasn't another agency involved too then?

~~~
thisisdave
Maybe the Department of Justice? I don't know if they go for that sort of
thing. The only other option I can think of off the top of my head is the FCC.

------
tryingagainbro
Headline should be: FT allows Lenovo to sell computers with secret hardware
again, should they choose to. No one went in jail (try intercepting someone's
Https connections) and no crippling fine.

Just an agreement that requires consent...you can drive trucks through the
loopholes. "Yes, I want to speed up my internet" is one and 90% would click
yes /install.

~~~
quuquuquu
It's really crazy, isn't it???

The company that makes/sells me a couch doesn't currently install a microphone
in the couch, so that they can analyze my conversations and sell my data to
advertisers.

Should they start trying? All of these tech companies are getting away with
it!

~~~
petepete
The company who sold me a TV sent out an update that embeds advertising in the
UI

Thanks Samsung.

~~~
devopsproject
Issue a chargeback and return it

~~~
quuquuquu
The chargeback situation in the credit card industry is really so amazing and
interesting.

I've charged back everything from erroneously issued parking tickets to
flights canceled due to weather.

Every time, the credit card company immediately gives me my money back,
settles with the merchant on my behalf, and I have always won.

The question is, who is giving the money to the banks that allows them to take
this kind of a loss? People who have credit card debt???

~~~
ars
The bank takes no loss. They take the money from the merchant.

Banks require merchants to keep a certain amount of money as a deposit with
them, specifically for this. The amount varies depending on the type of
business the merchant is in (and the size and reliability of the merchant -
for example Walmart is probably not required to keep any amount at all).

~~~
quuquuquu
It sounds like if you are a merchant and don't like chargebacks and deposits,
the best idea is to run a cash only business then, if you don't mind turning
away cc customers.

Strange world!

~~~
devopsproject
dont forget the transaction and other fees the merchant must pay :)

------
lol768
Agree with the other commenters here that requiring consent and asking for new
hardware to be audited isn't really anywhere near enough of a punishment.

I've read through the full settlement here:
[https://www.ftc.gov/system/files/documents/cases/1523134_len...](https://www.ftc.gov/system/files/documents/cases/1523134_lenovo_united_states_agreement_and_do.pdf)

As far as I can tell they've just been ordered to do things they should've
been doing already (security testing, asking for consent). Is anyone familiar
enough with the relevant US laws in play here to explain why there was no
harsher punishment or fine?

~~~
infogulch
Because the FTC has been almost completely declawed. Their powers to protect
consumers have been gutted and the whole agency has been reduced to enforcing
a few narrowly defined easily bypassed rules, with almost zero powers outside
of that.

------
sevensor
Personally, they've lost my business. I used and loved Thinkpads for many
years, but I no longer use them and now recommend against their purchase.
Lenovo has a huge trust gap to repair.

~~~
lorenzhs
While I agree that Superfish was a disaster, keep in mind that it did not
affect the ThinkPad line at all. From what I heard, the consumer and business
lines have strong separation inside Lenovo. I have lost all trust in their
consumer division, too. But it seems silly to me to discount ThinkPads based
on the malware bundled with Lenovo's consumer offerings.

~~~
CaptSpify
I would, however, recommend against using Thinkpads as they are simply no
longer a quality line. It's sad to see how far they've fallen as they were my
goto for many years.

------
raverbashing
Buying a windows laptop these days seems like putting your hand in an
Alligator Gar filled bog

(also see the other post about the Synaptics driver)

And restoring from the OEM copy is no guarantee it will be clear of all the
preinstalled crap

~~~
AlexeyBrin
Your best bet is to buy a laptop from Microsoft (no 3rd party software) or buy
an extra Windows license and do a fresh install.

~~~
myopinions
I'm not sure if that's safe either. I installed Windows 10 recently and the
install included apps like Facebook and Twitter. In fact a good portion of the
start menu was essentially mini-billboards.

~~~
AlexeyBrin
I know, it is sad that they do this even on the Pro version. (You can manually
uninstall the FB and Twitter apps.)

Still, the OS is cleaner than what you usually get with the default OEM
install.

------
retSava
This is in my opinion too weak of a signal to others. Such a deep invasion of
user expectations and privacy should not be so easy to get away with, first
time or not.

~~~
maxxxxx
Maybe that's the intended signal.

------
fortythirteen
With only a very small portion of the population able to both understand the
implications of this type of tracking and how to circumnavigate it, I often
wonder if there will eventually be a negative consequence akin to not
establishing credit through purposely getting in debt.

In 20 years, will you be blocked from opening certain accounts if the company
can't find sufficient mined data on you?

~~~
codedokode
Or maybe you won't be able to get a job or take a loan if you don't have
social network accounts: "are you hiding something?".

~~~
chii
"no, i just don't want your company to snoop into my personal life"

------
walterbell
Thinkpads with Windows sent (send?) daily usage data to Lenovo, unless you
disable the reporting app.

This was documented by Lenovo:
[https://news.ycombinator.com/item?id=13300357](https://news.ycombinator.com/item?id=13300357)

------
codedokode
This is the problem not only with Lenovo. Many mobile apps try to collect as
many information as possible (for example, GPS location or WiFi station ids)
and save to their servers. There should be a law explicitly forbidding secret
collection of information especially if it is not required for app
functioning.

I also remember similar case when chinese smartphone manufacturers
preinstalled adware on the devices. It was showing ads above browser window to
make it look as if it was a part of a webpage (and used Google ads by the
way).

~~~
chii
If you install an app which shouldn't require those permissions, but it asks
for then anyway, then I would be very wary, to the point of not installing.

The customer needs to punish those apps by voting with their feet.

------
dingo_bat
Microsoft should charge Lenovo $100 extra for installing windows. After all
Lenovo's shenanigans are ruining Microsoft's market.

~~~
emiliobumachar
Tangent: supposed Microsoft decided to do just that. Would the anti-monopoly
rulings from the 90's stop it?

------
yuhong
Consumer vs business computers is one of my favorite topics. Even with Lenovo,
Superfish is not the only example.

------
sogen
That's not enough! We demand MORE adware, more adware!

