The Federal Trade Commission (FTC) announced on September 5, 2017, that it has settled with Lenovo regarding allegations that Lenovo “harmed customers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.”
According to the FTC’s complaint against Lenovo, it pre-loaded “man in the middle” software, VisualDiscovery that “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.” According to the FTC, without consumers’ consent, the VisualDiscovery software allowed it to access consumers’ sensitive information without their consent or knowledge as the consumer was browsing the Internet, including login credentials, Social Security numbers, medical information financial information and personal information.
The FTC further alleged that because of the security vulnerabilities, “consumers’ browsers could not warn users when they visited potentially spoofed or malicious websites with invalid digital certificates…and enabled potential attackers to intercept consumers’ electronic communications with any website.”
Lenovo has agreed to not misrepresent any features of pre-loaded software on its laptops, must obtain consumer consent before pre-installing this type of software, and implement a comprehensive data security program for 20 years.
The Consent Agreement between the FTC and Lenovo will be published shortly and comments to it are open until October 5, 2017.