The Federal Trade Commission has reported that the proprietor of a spyware company, who was previously prohibited from participating in the surveillance industry due to a data violation, is currently attempting to reverse the prohibition.
The federal watchdog, in a notice issued on Friday, stated that Scott Zuckerman sought to rescind or modify the 2021 prohibition imposed by the FTC on his company, Support King, and its subsidiaries.

In 2018, Zuckerman’s spyware subsidiary SpyFone exposed thousands of individuals’ private phone data, including photos, messages, and location data, to the public web.
As a result, the ban mandated that Zuckerman adhere to specific cybersecurity protocols and conduct regular audits of his businesses.

The FTC’s five commissioners at the time unanimously voted to prohibit Zuckerman and Support King from offering, selling, or promoting any phone-monitoring app, thereby preventing him from operating in the surveillance industry.

Zuckerman now contends that the order inflicted a “unnecessary burden” due to the financial expenses required to comply with it, which impeded his ability to expand his other businesses.

The assessment of Zuckerman’s petition is anticipated to be closely monitored by privacy advocates and critics of the surveillance industry, and it could serve as one of the first significant cybersecurity tests for the Republican-controlled federal agency.
The agency’s decision to modify or revoke the order would provide a legal pathway for a surveillance vendor with a history of data breaches to resume operations without restriction.

Zuckerman was apprehended in another espionage operation less than a year after the prohibition was implemented in 2021.

A cache of compromised data from the servers of a phone surveillance app called SpyTrac was received by TechCrunch in 2022.

This data revealed that the app was being operated by a group of freelance developers with direct connections to Support King, likely in an effort to circumvent the FTC’s prohibition.

The data intrusion also included records from SpyFone, despite the FTC’s order mandating that the company erase the data it unlawfully obtained from victims’ phones.
After we reached out to Zuckerman for comment, SpyTrac was promptly taken offline. The security community has already expressed its disapproval of Zuckerman’s petition.

“I believe that this petition should be vigorously and loudly opposed.” Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, informed TechCrunch that Mr. Zuckerman has consistently demonstrated his poor behavior by continuing to operate his stalkerware company despite the FTC’s prohibition.

“There is no doubt that the ban and the ongoing reporting requirements are personally burdensome for him, but I would contend that this is the point,” Galperin stated. “I am confident that Mr. Zuckerman would establish another stalkerware company as soon as he believed he could get away with it.”

The FTC has not established a date or determined the manner in which it will vote on Zuckerman’s petition. The FTC’s spokesperson declined to provide a response when contacted by TechCrunch. The Federal Trade Commission is legally mandated to solicit feedback on petitions that seek to reverse its orders.

The public has until August 19 to provide feedback on Zuckerman’s petition.

Andrew Ferguson, who was appointed by Trump to lead the Federal Trade Commission, is joined by two other Republicans, Melissa Holyoak and Mark Meador.
After the Trump administration attempted to terminate her, Democratic commissioner Rebecca Kelly Slaughter was reinstated to the FTC last week. The fifth commissioner position is currently vacant.

Zuckerman directly addressed Ferguson and the commission’s “current enforcement philosophy” in his petition. According to Zuckerman, this philosophy is dedicated to “ensuring that regulations have a positive impact on the public and consumers.”

Galperin, on the other hand, emphasized the necessity of upholding the reporting requirements for Zuckerman’s future endeavors that are “in any way connected to the internet,” as he has consistently demonstrated his inability to protect highly sensitive user data.