The action was taken in late October, barely three weeks after Echometrix began listing its Internet monitoring products for sale through the U.S. Army and Air Force Exchange Service' ( ) Exchange Online Mall. However, news of the suspension surfaced only this week after the Electronic Privacy Information Center (EPIC) obtained documents relating to the incident via a request it had filed with the Defense Department.
The documents show that the AAFES removed Echometrix's My Military Sentry Parental Controls product from its Web site because of concerns EPIC raised that customer information was being surreptitiously collected and sold to third-parties by Echometrix.
An AAFES spokeswoman confirmed the suspension today and said that it had resulted from the privacy concerns raised by EPIC.
"To the best of our knowledge, no military personnel signed up for the service during the approximately three weeks it was available," the spokeswoman said. She added that Exchange Online Mall personnel are monitoring the situation and "will make a decision on how to proceed after further review."
Syosset, N.Y.-based Echometrix sells a range of parental control software designed to monitor children's activity on the Internet and to alert parents when a child encounters questionable material. The My Military Sentry product that was pulled from the AAFES Web site is identical to a civilian version of the product called Sentry.
The company, in an e-mailed statement, firmly maintained that it does not collect any information that violates children's privacy laws.
In September, EPIC, a Washington-based privacy advocacy group, with the Federal Trade Commission (FTC). EPIC claimed that Echometrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing and online chats.
EPIC claimed that Echometrix used the information to deliver targeted advertising to children and for selling it to third-party marketers. In its complaint, EPIC pointed to a separate service offered by Echometrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is then sold as market research intelligence to marketing firms, the EPIC complaint said.
"Pulse boasts of offering unfiltered online conversations and of having access to the teenage market in real-time by capturing instant message conversations, chat room conversations, and blog posts," EPIC claimed.
The company's marketing promotes "illegal surveillance" of children, EPIC said in its FTC complaint. EPIC further stated that Echometrix' privacy policies were not clearly spelled out and offered no easy way for customers to opt out of such tracking.
In an e-mailed statement, Echometrx denied the allegations. "Echometrix does not collect personally identifiable information or expose the source of any digital content," the statement said. "The company has never and will never collect, distribute or sell personal information as defined by COPPA."
Kimberly Nguyen, a lawyer for EPIC, said the group's main concern is with the collection of personal data on children. "According to COPPA, companies can't collect personal data from children" without parental consent, which is precisely what Echometrix is doing, Nguyen claimed. "They are violating federal statutes," by their actions, in addition to FTC rules relating to the disclosure of privacy policies, Nguyen said.
The FTC has not responded to EPIC's complaint against Echometrix.