It was a startling case – and one that has had huge and ongoing implications for tech start-ups across the world.
When software entrepreneur Hammad Akbar was charged with distributing spyware this time last year, it turned his life – and business enterprise – upside down.
Akbar, a Danish citizen who was educated in the UK, had created a suite of apps to monitor devices, targeted at parents, businesses and individuals – and was on the verge of a multi-million dollar deal with a PLC in Australia when he was arrested.
However, during a routine business trip to the U.S., he was prosecuted by the American authorities in relation to his sought-after StealthGenie app.
Akbar pleaded guilty to advertisement and sale of interception devices, and was fined $500,000 in the first-ever criminal conviction concerning a mobile device spyware app. He was also forced to scrap his lucrative business.
One year on, in an exclusive column for Information Age, Akbar details the legislation his own compliance checks missed, highlights the important lessons all tech start-ups can learn from his mistakes, and looks at the effect on the wider industry.
As a successful entrepreneur, I have always been interested in nurturing new and exciting ideas.
And since my early days as a developer, technology has been the area where I felt I could make a real difference, pushing the innovation envelope to create genuinely useful products with mass appeal.
When I set up my own business, I hoped the suite of StealthGenie apps we were creating would make a real difference to the industry landscape – but I had no idea of the bizarre and shocking way that this would eventually be played out.
The products offered easy ways to monitor and control use of data. They were ideal for use as, for example, parental controls, and quickly found their place in a variety of global markets.
In the days before my arrest, I was in the final stages of due diligence to sell parts of the company to a PLC based in Australia, in what would have been a multi-million dollar deal.
Of course, as an experienced developer and business owner, I had always known that this was an area of technology that had to be handled carefully. But like so many people, I had the ultimate faith in the specialists I employed to take care of compliance on my behalf.
The company had grown quickly but I had employed an external team to ensure the products we were selling were wholly legal and in line with all relevant regulation.
But as my experience demonstrates all too clearly, in an ever-changing information age, keeping a close eye on potentially problematic legal problems isn’t easy.
In my case, as the company and commercial interest in the products we were creating grew, we attracted the attention of the U.S. authorities.
When I arrived in America for a business meeting in September 2014, I was arrested by FBI agents and told my app breached security legislation.
In what became a test case, I was prosecuted for selling an app, which was classed as being ‘useful for the surreptitious interception of wire, oral or electronic communication’.
At the same time, Amazon, which was hosting the app on its AWS servers, was ordered to take down all information and related accounts and to remove all links to related domains. Domain owner Verisign was also told to block access to related domains and deny access to my team and myself.
After months of litigation, I pleaded guilty, was fined $500,000, and my entire business collapsed.
I left the U.S. shocked, bewildered and worried that my personal reputation and the enterprise I had worked so hard to build was in tatters. I wanted to know where I had gone wrong and to ensure others learned from my, at times, terrifying experience.
Despite having a legal compliance report for the full suite of apps, it seemed that this was not enough in the face of a government keen to make a prosecution.
Of course, I would always advise developers to enlist the help of a specialist firm, but I would warn that this might not offer the comprehensive protection you would expect. There is no one-size-fits-all solution, but companies must continuously carry out due diligence in the regions where they are selling their solutions.
It is also important to pay special attention to, and ensure you are not breaching, any laws in the regions where your servers are hosted and your payment processors are based.
One of the reasons U.S. authorities decided to prosecute me was because our servers were all hosted in Virginia.
We are operating in an ever-changing landscape so making sure you surround yourself with very smart people and linking with experienced mentors will always pay off, as will embracing change and obsessively immersing yourself learning new things.
I now work with many other young, UK tech start-ups, providing help and mentoring, particularly where growth is rapid as often success can bring its own problems.
High-speed growth is great but it can make it difficult for owners and investors to stay ahead of changes to the legal and regulatory landscape – this is vital, not an afterthought.
Working within a global marketplace presents new challenges too, with selling in different territories presenting owners with different or even conflicting sets of regulation.
The whole experience motivated me to start all over again and build a company much bigger. I will be building all of these lessons into my next enterprise.
I am now am concentrating on building TruConversion, an all-in-one analytics and feedback application for e-commerce owners.
It’s an exciting time and I am, of course, making sure we adhere to international security, data and privacy laws.