Close X

Attorney General Becerra Announces $3.5M Settlement with Lenovo for Preinstalling Software that Compromised Security of its Computers

Posted by Fay Arfa | Sep 06, 2017 | 0 Comments

SACRAMENTO — California Attorney General Xavier Becerra today announced a $3.5 million multi-state settlement with Lenovo to resolve allegations that it illegally preinstalled ad-injecting software that compromised the security of its computers. California will receive $389,204 — the largest share of any of the 32 states involved in the settlement — based, in large part, on its size and leadership role in the multi-state investigation. This marks the first time that California has held a hardware manufacturer accountable for software preinstalled on its products. The settlement was negotiated and finalized in coordination with the Federal Trade Commission.

“What Lenovo did is inexcusable,” said Attorney General Becerra. “Companies should make every effort to develop secure software and protect consumers' privacy. Today's announcement should serve as a warning to any company that believes it can put profits ahead of people — we will hold you accountable and we will ensure that justice prevails.”

From July 2014 to January 2015, Lenovo preinstalled a program called “Visual Discovery” on its computers. The states alleged that the program not only viewed online browsing activity so that it could inject product recommendations and advertising based on the websites a consumer visited, but also acted as a “man-in-the-middle,” causing both the browser and the website to believe that they had established a direct, encrypted connection. In reality, the program was breaking the secured connection without the user's knowledge so that, on certain websites such as email or bank websites, a consumer's sensitive personal information became vulnerable to unauthorized viewing or — even worse — use by others.

Lenovo sold 750,134 computers in the United States that had the program preinstalled. The states alleged that Lenovo did not make any disclosures about the program prior to purchase, and that many consumers inadvertently became active users because the opt-out link was easy to miss, and even if selected, did not fully disable the adware from running on the computer.

As part of the settlement, Lenovo is also required to adopt advanced measures to prevent future misconduct. Specifically, Lenovo is required to clearly and conspicuously disclose how pre-installed advertising software will operate on a consumer's device, obtain a consumer's affirmative consent before using such software on their device, and provide a reasonable and effective means for consumers to opt-out, disable or remove the software. Lenovo is also required to implement and maintain a software security compliance program and must obtain initial and biennial assessments for the next 20 years from a qualified, independent, third-party professional that certifies the program's effectiveness.

The settlement is embodied in a stipulated judgment submitted to the Los Angeles County Superior Court for approval. It is attached to the electronic version of this release at oag.ca.gov/news.

Attachment

Size

Stipulated Judgment.pdf

1.45 MB

Attorney General Becerra  / Tuesday, September 5, 2017

About the Author

Fay Arfa

Fay Arfa has the distinction of being Certified as a Specialist in two separate areas of law – Criminal Law as well as Appellate Law – by the California State Bar, Board of Specialization. The National Board of Trial Advocacy has also awarded her a board Certification in Criminal Trial Advocacy. ...

Comments

There are no comments for this post. Be the first and Add your Comment below.

Leave a Comment

Board Certifications



Contact Us Today

Fay Arfa is committed to answering your questions about Trials, Appeals, Habeas Corpus, State Crimes, Federal Crimes, and Sex Crimes law issues in California.

We offer a free telephone consultation and we'll gladly discuss your case with you at your convenience. Contact us today to schedule an appointment.