PITTSBURGH (CN) – One of the nation’s largest rental chains spies on customers by equipping rent-to-own computers with secret software that remotely snaps their photos, takes screen shots, tracks keystrokes, and snoops on private communications, a class action claims in Federal Court. Aaron’s, the lead defendant, has more than 1,500 outlets in the United States and Canada.
Crystal and Brian Byrd, of Casper, Wyo., sued Atlanta-based Aaron’s and affiliates, claiming Aaron’s “secretly installed a spying device” called “PC Rental Agent” on its rental computers, allowing Aaron’s “to surreptitiously monitor, intercept and collect plaintiffs’ electronic communications from anywhere in the world.”
Also sued are Aspen Way Enterprises dba Aaron’s Sales and Leasing, an Aaron’s franchisee; John Doe 1-100 Aaron’s franchisees; and Designerware LLC.
The Byrds say: “It has been the practice and policy of the Aaron’s defendants to conceal from their customers their ability to remotely access, intercept and monitor customers’ private, personal electronic communications, information, screen shots, keystrokes or images captured on webcams and to further disclose to consumers exactly the kinds of private information and images that can be and were routinely collected, transmitted and stored.
“The Aaron’s defendants’ sales, rental or lease agreements neither seeks permission from nor discloses to RTO [rent-to-own] customers the presence of PC Rental Agent or its ability to monitor and intercept communications and other data from Aaron’s RTO computers.”
The software, manufactured by defendant DesignerWare, a Pennsylvania company, was sold to Aaron’s “for the primary purpose of allowing the Aaron’s defendants to remotely track, access, monitor, monitor and/or transmit electronic communications on Aaron’s RTO computers,” the complaint states.
The Byrds say that PC Rental Agent “is, in fact, invisible or undetectable to customers and to other end users of Aaron’s RTO computers,” and “cannot be uninstalled or easily detected,” because it is “soldered into the computer’s motherboard and/or is part of the Intel Chipset. … It can only be deactivated using a ‘Wand’ that is not accessible to the ultimate user of the rented computer.”
The Byrds say that in December 2010, after had paid off their lease in-full for a rented Dell laptop, an Aaron’s store manager came to their home and “incorrectly claimed that the Byrds were in default on their lease agreement and demanded that the Byrd computer be returned to Aaron’s.”
“To further support his attempts to collect the Byrd computer, [manager/nonparty Christopher] Mendoza informed co-plaintiff Brian Byrd that he had obtained a photograph of Brian Byrd using the computer – and he showed him a photo of Brian Byrd which had been taken remotely using the PC Rental Agent,” the complaint states.
“When Brian Byrd demanded that Mendoza explain how Mendoza had obtained an unauthorized photograph, Mendoza responded that he was not supposed to disclose that Aaron’s had the photograph.”
Byrd says he ordered the manager off his property, then contacted law enforcement.
A police investigation revealed that PC Rental Agent was routinely being used by Aaron’s, and that only the company’s regional managers – not Mendoza or his immediate supervisor – had the ability to tinker with the software’s settings, the plaintiffs say.
“The law enforcement investigation determined that the communications and other data captured by the PC Rental Agent was transmitted from Aaron’s RTO computers to a central server operated by DesignerWare located in Pennsylvania where the data was then made available to the Aaron’s defendants throughout the country,” the Byrds say.
This surveillance was carried out through a method called “prompting.”
During the prompting process, a pop-up box appears on the screen, asking for a user’s name, address and telephone number,
When the information is submitted, the user is granted access to the computer, but not before “the PC Rental Agent causes the Webcam to take, transmit and store an unauthorized photograph and other data of the user entering the information,” the complaint states.
A police officer saw some of the process go down live, the Byrds say: “While law enforcement was conducting its investigation at the Casper [Aaron’s store … a law enforcement officer observed an unauthorized photograph of another Aaron’s customer, and was told that Aaron’s regularly received e-mails from DesignerWare with unauthorized photographs and other communications taken of customers,” according to the complaint.
The Byrds seek punitive damages for the class, for violations of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.
They are represented by Frederick Longer with Levin, Fishbein, Sedran & Berman in Philadelphia.
They believe the class exceeds 50,000 people or entities.
On its company website, Aaron’s says the publicly traded company has more than 1,500 stores in the U.S. and Canada.
In an undated message on its home page today, “Find out more about Aaron’s and computer privacy,” Aaron’s responded to “the recent allegations regarding customer privacy and Aarons … Aaron’s customers can be assured that we’re taking this allegation very seriously. We are conducting a thorough investigation and diligently reaching out to our customers to address any of their concerns.”