Privacy Worries Arise Over Spyware in Kids' Software
Michael B. Stone was spending a quiet evening with his three young daughters last month. He watched as they huddled around the family computer, playing spelling games on Reader Rabbit, Mattel Interactive's popular educational software program.
After he tucked the girls into bed, the Seal Beach, Calif., attorney logged on to the Internet to do some work. Minutes into his session, an Internet security program--or firewall--alerted Stone that Reader Rabbit was attempting to secretly send data from his computer to Mattel Interactive. Inside the seemingly innocuous kids' software, he uncovered "spyware," a type of program that embeds itself in a PC's hard drive. It can then relay information to and fro over the user's Internet connection. Because the information being sent is heavily encrypted, Stone couldn't determine what exactly was being sent to Mattel.
Debbie Galdin, a Mattel Interactive spokeswoman, says there is nothing nefarious in the software. The program, called Brodcast, is placed on nearly 100 titles of the Learning Co.'s CD-ROMs for advertising and marketing purposes. "The program was originally designed to offer consumers additional product content and to communicate fixes," says Galdin. "That was the only intention." Users of the software program Arthur's Thinking Games, for instance, were given an option to download a free Arthur screen saver.
Hide and seek. Many free programs, including games, that are downloaded from the Internet and display advertising contain spyware. For example, the free, content-filtering program Surf Monkey--which prevents children from accessing inappropriate sites--also transmits data back to the company, including users' IP addresses, which can pinpoint their physical locations. Worried about a privacy row, SurfMonkey says it plans this week to stop sending personal data to its server.
While such transmissions may not bother some consumers, those worried about computer privacy--including Stone--say they are particularly concerned that a children's CD-ROM was used as a way to get information. "Theoretically, if someone plants spyware on your computer to surreptitiously communicate over the Internet, they could siphon off all kinds of data--including your E-mail, passwords, and credit card numbers," says Stone.
After his daughter loaded Arthur's Reading Games--another Mattel title--onto his laptop, Simson Garfinkel recently discovered the program buried in his Windows directory. The Cambridge, Mass., privacy and security expert said he was concerned that it was installed without his knowledge or consent. "The purpose of this program has never been made fully clear. And because of the military-grade encryption, we don't really know what it's doing," says Garfinkel.
Mattel's Galdin explains: "It communicates with our servers to let them know that a particular product has been installed." She adds that the program "does not collect personal information, nor does it identify a particular user."
Nevertheless, Mattel plans to place a program on its Web site (www .mattelinteractive.com) this week that will uninstall Brodcast from hard drives. The software was included on most of Mattel Interactive's products that were shipped last year and through April of this year. It was automatically installed on hard drives even if a consumer removed the check from the "use Brodcast" box while installing a program, says Galdin.
Meanwhile, computer users concerned about potential spyware transmissions can download the firewall that Stone used: ZoneAlarm 2.1, available free at www.zonealarm.com. Stone, though, went a step further. He disconnected his daughters' computer from the Internet.
This story appears in the July 3, 2000 print edition of U.S. News & World Report.