Michigan man learns the hard way that “catch a cheater” spyware apps aren’t legal

Spying doesn’t become legal just because “cheaters” are the targets.

In 2002, Bryan Fleming helped to create pcTattletale, software for monitoring phone and computer usage. Fleming’s tool would record everything done on the target device, and the videos would be uploaded to a server where they could be viewed by the pcTattletale subscriber.

This might sound creepy, but it can also be legal when used by a parent monitoring their child or an employee monitoring their workers. These are exactly the use cases that were once outlined on pcTattletale’s website, where the software was said to have “helped tens of thousands of parents stop their daughters from meeting up with pedophiles.” Businesses can “track productivity, theft, lost hours, and more.” Even “police departments use it for investigating.”

But this week, nearly 25 years after launching pcTattletale, Fleming pled guilty in federal court to having knowingly built and marketed software to spy on other adults without their consent. In other words, pcTattletale was often used to spy on romantic partners without their knowledge—and Fleming helped people do it.

It’s unclear when pcTattletale began marketing itself as a tool for catching cheaters, but Fleming’s original business partner left the company in 2011, and Fleming ran things himself from his home in a northern Detroit suburb.

In 2021, Vice reported that pcTattletale was leaking the sensitive data it collected. The story quoted marketing materials about using the tool to catch a “cheating spouse,” which required users to know their spouse’s “pass-code and have access to the phone for about 5 minutes. The best time to do this is when they are sleeping.” The company also provided instructions to hide icons that might reveal that pcTattletale was running on the victim’s phone.

A look through archived versions of the pcTattletale site on the Wayback Machine shows that by 2022, pcTattletale had added numerous “cheating” links to its footers and featured multiple blog posts on ways to “catch your boyfriend cheating.” These explicitly directed people to use the “unlock code to your boyfriend’s phone” to install “the pcTattletale spy app” in order to “watch everything he does on his phone.” One entry even noted that people being spied on in this way are unlikely to be happy about it, and users should “expect him to lash back at you over putting the spy app on his phone. It can really turn the tables.”

Around this same time, federal investigators in California had launched an investigation into “stalkerware,” and pcTattletale was among their targets. It also looked like a site where an arrest might not be too difficult, since Fleming operated out of the US and made no real attempts to hide his location. (Indeed, older versions of the pcTattletale website said explicitly that “Fleming Technologies” was based in Bruce Township, Michigan.) As a government investigator put it, “many of the other [stalkerware] websites under investigation involve targets who are believed to be overseas. For this reason, it is unrealistic to believe that the targets will soon be apprehended.”

But Fleming was easy enough to find, and investigators soon obtained copies of his email account. It contained plenty of support requests in this vein: “Also if there is a way to NOT let user know you are taking screen shot that would be helpful too. My husband knows when there is screen shot being taken as it beeps. He is now suspicious of something being on his phone.”