Boing Boing » war on general purpose computers

Cory's Sense About Science lecture

Cory Doctorow — Mon, 20 May 2013 15:20:01 +0000

I gave the annual Sense About Science lecture last week in London, and The Guardian recorded and podcasted it (MP3). It's based on the Waffle Iron Connected to a Fax Machine talk I gave at Re:publica in Berlin the week before.

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

Cory Doctorow — Sat, 18 May 2013 15:15:46 +0000

I reviewed Ronald Diebert's new book Black Code in this weekend's edition of the Globe and Mail. Diebert runs the Citizen Lab at the University of Toronto and has been instrumental in several high-profile reports that outed government spying (like Chinese hackers who compromised the Dalai Lama's computer and turned it into a covert CCTV) and massive criminal hacks (like the Koobface extortion racket). His book is an amazing account of how cops, spies and crooks all treat the Internet as the same kind of thing: a tool for getting information out of people without their knowledge or consent, and how they end up in a kind of emergent conspiracy to erode the net's security to further their own ends. It's an absolutely brilliant and important book:

Ronald Deibert’s new book, Black Code, is a gripping and absolutely terrifying blow-by-blow account of the way that companies, governments, cops and crooks have entered into an accidental conspiracy to poison our collective digital water supply in ways small and large, treating the Internet as a way to make a quick and dirty buck or as a snoopy spy’s best friend. The book is so thoroughly disheartening for its first 14 chapters that I found myself growing impatient with it, worrying that it was a mere counsel of despair.
But the final chapter of Black Code is an incandescent call to arms demanding that states and their agents cease their depraved indifference to the unintended consequences of their online war games and join with civil society groups that work to make the networked society into a freer, better place than the world it has overwritten.
Deibert is the founder and director of The Citizen Lab, a unique institution at the University of Toronto’s Munk School of Global Affairs. It is one part X-Files hacker clubhouse, one part computer science lab and one part international relations observatory. The Citizen Lab’s researchers have scored a string of international coups: Uncovering GhostNet, the group of Chinese hackers taking over sensitive diplomatic computers around the world and eavesdropping on the private lives of governments; cracking Koobface, a group of Russian petty crooks who extorted millions from random people on the Internet, a few hundred dollars at a time; exposing another Chinese attack directed at the Tibetan government in exile and the Dalai Lama. Each of these exploits is beautifully recounted in Black Code and used to frame a larger, vivid narrative of a network that is global, vital and terribly fragile.
Yes, fragile. The value of the Internet to us as a species is incalculable, but there are plenty of parties for whom the Internet’s value increases when it is selectively broken.

How to make cyberspace safe for human habitation

Black Code: Inside the Battle for Cyberspace

Computer scientists to FBI: don't require all our devices to have backdoors for spies

Cory Doctorow — Fri, 17 May 2013 17:59:45 +0000

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.
Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.
Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints

Defense Distributed claims working 3D printed handgun

Cory Doctorow — Sun, 05 May 2013 13:09:31 +0000

Defense Distributed's Cody Wilson claims he has attained his stated goal of 3D printing a working handgun. There's no footage of it firing yet, nor details on how many rounds it fires before the plastic is worn out. And although this is a fascinating provocation, it is not (yet) a game-changer, especially in America where traditional guns (capable of firing thousands of rounds without melting down) are cheap and easy to get. You can even "3D print" a gun by asking different CNC shops to cut and overnight you all the parts to make up a working gun, breaking the job down into small pieces that are unlikely to arouse suspicion.

All sixteen pieces of the Liberator prototype were printed in ABS plastic with a Dimension SST printer from 3D printing company Stratasys, with the exception of a single nail that’s used as a firing pin. The gun is designed to fire standard handgun rounds, using interchangeable barrels for different calibers of ammunition.
Technically, Defense Distributed’s gun has one other non-printed component: the group added a six ounce chunk of steel into the body to make it detectable by metal detectors in order to comply with the Undetectable Firearms Act. In March, the group also obtained a federal firearms license, making it a legal gun manufacturer.

This Is The World's First Entirely 3D-Printed Gun (Photos) [Andy Greenberg/Forbes]

Video from my book tour: Cincinnati presentation

Cory Doctorow — Sat, 16 Feb 2013 17:00:33 +0000

Kevin Loughin came out to my Homeland tour-stop in Cincinnati on Valentine's Day and made a great video of the presentation and Q&A. He was kind enough to post it to YouTube -- thanks, Kevin!

Cory Doctorow talk on Homeland.

Congressman calls for ban on 3D printed guns

Cory Doctorow — Sun, 09 Dec 2012 19:37:03 +0000

Well, that was predictable: days after a 3D printed gun fired a few rounds, Rep Steve Israel has called for a ban on of Wiki Weapons. The congressman points out (correctly) that all-plastic 3D printed weapons would not be easy to spot using traditional methods, such as metal detectors.

However, what Rep Israel doesn't say is how he hopes to accomplish his goal. Firmware locks for 3D printers? A DMCA-like takedown regime for 3D shapefiles that can be used to generate plastic firearms (or parts of plastic firearms?). A mandate on 3D printer manufacturers to somehow magically make it impossible for their products to print out gun-parts?

Every one of those measures is a nonsense and worse: unworkable combinations of authoritarianism, censorship, and wishful thinking. Importantly, none of these would prevent people from manufacturing plastic guns. And all of these measures would grossly interfere with the lawful operation of 3D printers.

Rep. Steve Israel urges Congress to renew ‘Wiki Weapon’ ban

Microsoft patents spying on you with your TV's camera and fining you if there are too many people watching

Cory Doctorow — Fri, 09 Nov 2012 02:32:36 +0000

Kotaku's Luke Plunkett delves into a newly disclosed Microsoft patent that covers spying on people in their homes using cameras attached to their TVs, in order to levy fines against them for allowing too many people to watch movies at once:

Basically, when you buy or rent something like a movie, you’ll only be granted a “license” for a certain number of people to watch it. If Kinect detects more people in the room than you had a licence for, it can stop the movie, and even charge you extra. So if Microsoft has its way, you won’t just be renting movies any more. You’ll have to decide how many people are watching, and no doubt pay more. And if one extra person turns up to your movie night? So help you God, you are going to pay.

Of course, big companies patent all sorts of stupid ideas, many of which never get incorporated into products. But hey, now you know that researchers at Microsoft sit around spitballing ideas like, "Wouldn't it be awesome to spy on our customers in their homes so that we could fine them for having too many people over to watch movies? Wonder if anyone is Hollywood would give us preferential access to movies if we could promise them that they could do nose-counts of people in their own homes?"

This Kinect Patent Is Terrifying, Wants To Charge You For License Violation

Razer Naga gaming mouse requires always-on Internet connection, license agreement says they can use this to spy on you

Cory Doctorow — Wed, 07 Nov 2012 20:00:51 +0000

Channelx99, a poster on the overclock.net forums, says that the Razer Naga gaming mouse comes with special drivers that require your computer to be connected to the Internet at all times in order to play -- and this means that the mouse was useless when it was first plugged in, because Razer's servers were down.

Parsing the Razer license agreement, Channelx99 finds that Razer reserves the right to spy on all your activity and to sell or data-mine that data. Multiple emails to Razer from Channelx99 have not created any clarity on this, as the company only sends back generic customer-service messages that don't explain whether the purpose of the drivers is really to spy on and monetize users.

Other commenters on the forum note that Razer's always-on drivers cause all sorts of performance issues with the mouse, making it slow and unresponsive during gaming sessions, and they say that earlier Razer products have had built-in memory that was used to store user preferences for the programmable buttons and functions.

Apparently, the Razer Naga will still work as a normal mouse -- without any of its crucial, scriptable extra buttons and functions -- if you don't install the driver, but of course, that's not how gamers expect to use their fancy programmable mice. And according to the forums, all Razer products will require always-on Internet connections and round-the-clock user surveillance in order to work.

Razer forces you to create an account with them before you can use the software with the mouse. You cant configure the mouse in any way until you make an account with them and activate your computer and account through their server. If they decide to take down their activation server for any reason, you will never be able to use the software. If you live somewhere without access to internet, you will not be able to activate and use the software. If you work somewhere that has a network behind firewalls, chances are even though you can download the Synapse software, the firewall may also block you from activating and using the software as well.
If your connection drops out for any reason, the Synapse software will make a habbit of locking up on you while it transitions to offline mode. During that time your settings may revert or possibly not be saved.
Yes, you can use the mouse as plug and play with basic functionality if you choose not to make an account and activate your computer, but who pays $80 for a basic plug and play mouse? The reason people buy the Naga 2012 is the configurable buttons and to change the DPI, polling rate, set up macros and profiles along with everything else. Razer has no right to lock this away from customers who paid for these features. For the Naga 2012 mouse, there is no other offline drivers to revert to. Synapse 2.0 is your only option.
Razers Synapse 2.0 software is always online. If you have an internet connection active, Razer will be constantly using it constantly downloading updates and interrupting your full screen applications. Not only that, as I suspected, the Synapse 2.0 software is spying on you

Razer Synapse 2.0 software/mouse unusable if you dont have an internet connection or their... (Thanks, JimDiGritz!)

Kindle user claims Amazon deleted whole library without explanation

Cory Doctorow — Mon, 22 Oct 2012 13:08:43 +0000

According to Martin Bekkelund, a Norwegian Amazon customer identified only as Linn had her Kindle access revoked without warning or explanation. Her account was closed, and her Kindle was remotely wiped. Bekkelund has posted a string of emails that he says were sent to Linn by the company. They are a sort of Kafkaesque dumbshow of bureaucratic non-answering, culminating in the customer service version of "Die in a fire," to whit, "We wish you luck in locating a retailer better able to meet your needs and will not be able to offer any additional insight or action on these matters," a comment signed by "Michael Murphy, Executive Customer Relations, Amazon.co.uk."

Update: Simon Phipp sez, "Kindlegate update: Linn says her account was mysteriously re-activated after my article published."

Pity that there isn't any ground between "Go to hell" and "Sorry, we made a mistake," such as, perhaps, "Huh, before we take away all the books you've given us money for, I guess we'd better look into this, and here's what we think you did, can you help us understand it?"

As previously advised, your Amazon.co.uk account has been closed, as it has come to our attention that this account is related to a previously blocked account. While we are unable to provide detailed information on how we link related accounts, please know that we have reviewed your account on the basis of the information provided and regret to inform you that it will not be reopened.
Please understand that the closure of an account is a permanent action. Any subsequent accounts that are opened will be closed as well. Thank you for your understanding with our decision.
I appreciate this is not the outcome you hoped for and apologise for any disappointment this may cause.

Update:: Simon Phipps talked to Linn and got her story:

Linn lives in Norway, where Amazon does not operate (Amazon.no redirects to the Amazon Europe page). She bought a Kindle in the UK, liked it and read a number of books on it. She then gave that Kindle to her mother, and bought a used Kindle on a Danish classifieds site to which she transferred her account. She has been happily reading on it for some time, purchasing her books with a Norwegian address and credit card. She told me she'd read 30 or 40 books on it.
Sadly, the device developed a fault (actually a second time, it was also replaced in 2011 for the same reason) and started to display black lines on the screen (something I've heard from other friends as it happens). She called Amazon customer service, and they agreed to replace it if she returned it, although they insisted on shipping the replacement to a UK address rather to her in Norway.
Then the e-mails that her friend Martin re-posted arrived. Linn has had no explanation from Amazon about what they think she has done wrong. All the e-mails simply refer to "another account which has been previously closed for abuse of our policies", in a tone reminiscent of a patronising official saying "you know what you did wrong so I'm not going to tell you". The e-mails also look as if they are simply a cut-and-paste from some procedure manual, because others have received exactly the same text (with just as little warning, explanation or recourse).

Back in 2009, when Amazon settled the lawsuit over its remote deletion of Orwell's Nineteen Eighty-Four (you really can't make this stuff up), it promised that it would not perform any further deletions unless ordered to do so by a court. I repeatedly asked Amazon whether DRM-free ebooks, or files that users load onto their Kindles themselves, could be remotely deleted. I never received a response of any kind.

My guess is that Amazon has the capability to wipe any file from any Kindle, and likely also has the ability to read any file on any Kindle. I'd further speculate that the policy violation that Linn stands accused of is using a friend's UK address to buy Amazon UK English Kindle books from Norway. This is a symptom of Amazon's -- and every single other ebook retailer's -- hopelessness at managing "open territory" for ebooks.

"Open territory" is a publishing term describing places where no publisher holds exclusive retail rights. In English-language book-contracts, it's almost always the case that countries where English isn't the native or official language are "open territory," meaning that if a writer sells her English language rights in Canada and the US to Macmillan, and her UK/Australia/NZ/South African rights to Penguin, both Penguin and Macmillan are legally allowed to sell competing English print and electronic editions in Norway, Rwanda, India, China, and Russia.

However, the universal approach taken by ebook retailers to "open territory" is to pretend that it doesn't exist. If no publisher is registered as the exclusive provider of an edition in a given country, the ebook retailers just refuse to sell to people in those countries. I've spoken to e-rights people in the major publishing houses, and they hate this, because a) it just drives piracy; and b) it represents lost sales. But there's no shifting the etailers, apparently.

If my conjecture about Linn's offense is correct, then she has not violated copyright, nor has she done anything that would upset a publisher. She's merely violated the thousands of words of impossible fine-print that comes with your Kindle, Nook, Kobo, and iPad, as have all of us. This fine print will always have a clause that says you are a mere tenant farmer of your books, and not their owner, and your right to carry around your "purchases" (which are really conditional licenses, despite misleading buttons labelled with words like "Buy this with one click" -- I suppose "Conditionally license this with one click" is deemed too cumbersome for a button) can be revoked without notice or explanation (or, notably, refund) at any time.

It's likely that the EU's open market directives prohibit any kind of discrimination of sales based on national borders within the EU (though Norway isn't technically in the EU). However, the EUCD's strict prohibition on DRM circumvention (which Norway both voluntarily adopted and exceeded) means that purchasers of ebooks and ereaders can't take any steps to enforce their legal rights, nor can any business or nonprofit assist them in these matters.

I was a bookseller for many years. I have no idea whether everything that my customers did with their books was legal. It's likely that some of them photocopied their books and passed them around. Embarrassingly enough, I once sold a small stack of rather excellent novels to a guy who bought them with a counterfeit bill. Despite all this, I -- as a bookseller -- was never, ever expected to repossess those books. I was not expected to police my customers' use of those books. I did not have -- nor did I want -- the facility to know what else my customers shelved on their bookshelves next to the books I sold them.

Reading without surveillance, publishing without after-the-fact censorship, owning books without having to account for your ongoing use of them: these are rights that are older than copyright. They predate publishing. They are fundamentals that every bookseller, every publisher, every distributor, every reader, should desire. They are foundational to a free press and to a free society. If you sell an ebook reader is designed to allow Kafkaesque repossessions, you are a fool if you expect anything but Kafkaesque repossessions in their future. We've been fighting over book-bans since the time of Martin Luther and before. There is no excuse for being surprised when your attractive nuisance attracts nuisances.

It's true that the ability to revoke files over the air is a boon to people whose devices are stolen or lost. Much of that benefit can be realized by designing devices that encrypt their storage (to a user password) by default (though we know about the weaknesses of passwords, of course). It's also conceivable to have an over-the-air deletion system that requires a sign-in from the device owner/user at a Web-browser, and that isn't available to the manufacturer alone. Both of these are more cumbersome than simply reporting your device stolen and knowing that the next time it's connected to the Internet, it will delete itself.

But as we learned when Mat Honan's phone, laptop, and backups were remotely wiped by a hacker, having a manufacturer-controlled remote wipe facility means that your data is only as safe as the most careless front-line telephone-bank service rep at the manufacturer, which is to say, not very.

If it's a choice between paving the way for tyranny and risking the loss of your digital life at the press of a button by some deceived customer service rep, and having to remember a password, I think the password is the way to go. The former works better, but the latter fails better.

A note to anyone from Amazon PR contemplating sending me a comment regarding this: I expect that any comment from Amazon regarding this story will disclose whether and when Amazon can delete files (including files loaded by users) from Kindles, and whether DRM-free files can still be deleted. Also: as a policy, I do not quote anonymous spokespeople for firms unless they are telling me something that could cost them their jobs.

Update: Here's how Ashleigh from Kobo explained their Open Territory workings:

I was happy to see an article on the open territory issue - as it's not often discussed and I think it's an important issue for publishers today. But, as one of these e-Retailers you mention, I object to your statement below:
"This is a symptom of Amazon's -- and every single other ebook retailer's -- hopelessness at managing "open territory" for ebooks."
I can't speak for our competitors, but I can speak to how books are managed at Kobo. Our contracts state that we will faithfully represent the rights declaration for each title. We have to respect where we've been told any given books have the right to sell, and we treat these statements as gospel.
All the details about a book are communicated in our industry's xml standard, ONIX Each book's metadata contains an explicit statement on what territories we are allowed to sell in as a retailer of this title. As a global retailer, we encourage all publishers to be complete in these details and to provide us with maximum rights. In fact, I had hundreds of conversations about this a few weeks ago during the Frankfurt Book Fair. But, many publishers are very conservative about communicating rights in territories they are not actively engaged with. Also, many of the agency publishers insist on setting the prices themselves, and an unfortunate side effect to that is that the territories they haven't made the effort to price in the local currency remain unavailable.

However, it looks like my own publisher, Tor, are pretty good on this. She adds,

Looking at one title (For the Win) as an example, it looks like your publisher is doing a great job. ISO country codes below - but it looks like our friend in Norway who lost their account would have no problems buying your book on Kobo.
US CA AE AF AL AM AN AO AQ AR AS AT AW AX AZ BA BE BF BG BH BI BJ BO BR BT BV BY CD CF CG CH CI CK CL CN CO CR CU CV CX CZ DE DJ DK DO DZ EC EE EG EH ER ES ET FI FM FO FR GA GE GF GI GL GN GP GQ GR GS GT GU GW HK HM HN HR HT HU ID IL IO IR IS IT JO JP KG KH KM KP KR KZ LA LB LI LR LT LU LV LY MA MC MD ME MG MH MK ML MN MO MP MQ MR MT MV MX MY MZ NC NE NG NI NL NO NP NU NZ OM PA PE PF PH PL PM PR PS PT PW PY QA RE RO RS RU RW SA SD SE SG SI SJ SK SL SM SN SO SR ST SV SY TD TF TG TH TJ TL TM TN TR TW UA UM UY UZ VA VE VI VN WF YE YT ZA

This suggests that all the other ebook retailers who won't sell you my books (and, likely, other Tor titles) are doing so because they lack the technical chops to parse out the metadata supplied by Tor.

Outlawed by Amazon DRM

Outlawed by Amazon DRM (Google cache)

(Thanks to Eirik and all the others who sent this in)

(Image: DRM PNG 1 900, a Creative Commons Attribution Share-Alike (2.0) image from listentomyvoice's photostream)

Researcher claims feasibility of writing lethal wireless pacemaker viruses

Cory Doctorow — Thu, 18 Oct 2012 22:00:59 +0000

In a presentation at the BreakPoint security conference in Melbourne, IOActive researcher Barnaby Jack described an attack on pacemakers that could, he says, deliver lethal shocks to their owners. Jack claims that an unspecified pacemaker vendor's devices have a secret wireless back-door that can be activated by knowledgeable attackers from up to 30 feet away, and that this facility can be used to kill the victim right away, or to reprogram pacemakers to broadcast malicious firmware updates as their owners move around, which cause them to also spread the firmware, until they fail at a later time. Darren Pauli from Secure Business Intelligence quotes Jack as saying,

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack said.
He was developing a graphical adminstration platform dubbed “Electric Feel” which could scan for medical devices in range and with no more than a right-click, could enable shocking of the device, and reading and writing firmware and patient data.
“With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," he said.

Manufacturers of implanted devices have been resistant to calls to publish their sourcecode and to allow device owners to inspect and modify that code, citing security concerns should latent vulnerabilities be exposed, and put implantees at risk. But as Jack's presentation demonstrates, vulnerabilities can be discovered without publication -- and if they are discovered and not disclosed, they may never be patched (or may not be patched until coming to light in some kind of horrific attack). In other words, secrecy helps bad guys, but keeps good guys and innocent bystanders in the dark.

Hacked terminals capable of causing pacemaker deaths (Thanks, Jon!)

(Image: Atlas Pacemaker, a Creative Commons Attribution (2.0) image from travisgoodspeed's photostream)

Laptop rental companies reach cash-free, pointless settlement with toothless FTC for taking secret naked pictures of customers having sex, harvesting medical records and banking passwords and more

Cory Doctorow — Wed, 26 Sep 2012 02:10:08 +0000

The FTC has settled with seven rent-to-own companies and a software company called DesignerWare of North East Pennsylvania for their role in secretly installing spyware on rental laptops, which was used to take "pictures of children, individuals not fully clothed, and couples engaged in sexual activities."

Under the terms of the settlement, the companies are free to go on engaging in this behavior, but now they'll have to notify customers. They won't pay a fine. The FTC won't say if it's referred any of the companies for criminal prosecution. The rental companies used the spyware to harvest renters' bank passwords, private emails to doctors, medical records, and Social Security numbers, and they used it to pop up deceptive windows on customers' computers to trick them into entering personal information.

Wired's David Kravets has more:

The software, known as Detective Mode, didn’t just secretly turn on webcams. It “can log the keystrokes of the computer user, take screen shots of the computer user’s activities on the computer, and photograph anyone within view of the computer’s webcam. Detective Mode secretly gathers this information and transmits it to DesignerWare, who then transmits it to the rent-to-own store from which the computer was rented, unbeknownst to the individual using the computer,” according to the complaint.
Under the settlement, the companies can still use tracking software on their rental computers, so long as they advise renters, the FTC said. The companies include Aspen Way Enterprises Inc.; Watershed Development Corp.; Showplace Inc., doing business as Showplace Rent-to-Own; J.A.G. Rents LLC, doing business as ColorTyme; Red Zone Inc., doing business as ColorTyme; B. Stamper Enterprises Inc., doing business as Premier Rental Purchase; and C.A.L.M. Ventures Inc., doing business as Premier Rental Purchase.

Rent-to-Own Laptops Secretly Photographed Users Having Sex, FTC Says