They should have pulled the trigger

A reader says that the CDT should have filed the complaint about 180solutions with the FTC.

Yesterday I blogged about 180solutions' announcement of severing ties with IST (Integrated Search Technologies) and stopping Active X installations that are not from their own servers. I asked who was holding the gun and answered the question. The CDT (Center for Democracy & Technology) had threatened to file a complaint on 180solutions to the FTC.  I had an email from a reader saying the CDT should have "pulled the trigger" by going ahead with the complaint.  Here's the argument:

It's hard to endorse CDT's decision not to pursue 180 for the IST installs.  180 had the benefit of many (millions of?) IST installs for many months (years?).  IST's bad practices are widespread and well-known. Consumers take the time to notify CDT, and CDT goes to all the trouble of investigating and writing a complaint.  But then at the last minute CDT decides to excuse 180 once 180 agrees not to do it any more.

That's not right as a matter of law: 180 is still liable for the harm previously caused. Neither is it right as a matter of practical reality: The FTC has shown plenty of interest in pursuing past violations (see Walt Rines, as well as (PDF).  So the appropriate CDT action would have been to pursue consumers' complaints to the fullest extent of the law, which in this case means filing a complaint with the FTC.  I actually think CDT came up short when it counted the most by deciding at the last stage not to pursue 180, despite ample basis for filing the complaint.

I agree with the reader's comments.  180solutions has been talking about changes for nearly a year but the talk didn't stop the continued non-consensual installations, often via security exploits, as captured on video and in network logs by a number of spyware researchers as recently as October 5, just one week ago.  The CDT's decision not to file the complaint serves no justice to the thousands, maybe hundreds of thousands, of consumers whose computers were violated by 180solutions.  

A few days ago I stumbled upon an article about Fortune Small Business magazine's list of "Best Bosses".  The last name on the list is Keith Smith, CEO of 180solutions.  It says

Keith Smith (180solutions, Bellevue, Washington) At this online marketing firm, employees play dodgeball and volleyball.

Apparently all the dodgeball practice has served them well.  180solutions did, indeed, dodge the bullet about to be fired by the CDT.

I'd be most interested in readers' opinions.  Should the CDT have filed the complaint about 180solutions' business practices to the FTC?  Comments are open.  Paperghost at VitalSecurity has blogged his thoughts and the folks at Slashdot,  as usual, have lots to say.