Citation[]
In the Matter of Lenovo (United States) Inc., FTC Matter/File Number: 152 3134 (Jan. 2, 2018)'
Complaint[]
In its complaint, the FTC charged that beginning in August 2014 Lenovo began selling consumer laptops in the United States that came with a preinstalled advertising software program called VisualDiscovery that interfered with how a user's browser interacted with websites and created serious security vulnerabilities.
According to the complaint, VisualDiscovery software delivered pop-up ads from the company’s retail partners whenever a user’s cursor hovered over a similar looking product on a website. To deliver its ads, VisualDiscovery acted as a “man-in-the-middle” between consumers’ browsers and the websites they visited, even sensitive encrypted websites. Without the consumer’s knowledge or consent, the FTC alleged that this “man-in- the-middle” technique allowed VisualDiscovery to access all of a consumer’s sensitive personal information transmitted over the Internet, including login credentials, Social Security numbers, medical information, and financial and payment information. The FTC alleged, among other things, that Lenovo’s failure to disclose that VisualDiscovery acted as a man-in-the-middle between consumers and all the websites with which they communicated, including sensitive encrypted websites, and collected and transmitted consumer Internet browsing data to Superfish, was both an unfair and deceptive practice.
Settlement Agreement[]
As part of the settlement with the FTC, Lenovo is prohibited from misrepresenting any features of software preloaded on laptops that will inject advertising into consumers' Internet browsing sessions or transmit sensitive consumer information to third parties. If the company preinstalls this type of software, the order requires the company to get consumers' affirmative consent before the software runs on their laptops. In addition, the company is required for 20 years to implement a comprehensive software security program for most consumer software preloaded on its laptops. The security program will also be subject to third-party audits.