WASHINGTON, Jan. 7 (UPI) -- Catalog giant Sears Holdings Corp. is under fire for installing what critics say is spyware on customers' computers when they join its online community.

Privacy advocates says the software program -- which tracks every Web site users visit and every search, purchase or other transaction they make, including e-mail they send, and sends details to an online market research company -- is spyware and is banned by federal trade regulations.

For its part, the company says it goes to "great lengths" to disclose the nature of the program users' have installed on their computers.

According to privacy specialist and Harvard Business School Assistant Professor Ben Edelman, Sears' "My SHC Community" program falls short of the standards required for disclosure of such software by the U.S. Federal Trade Commission.

"The FTC requires that, before any such tracking programs are installed, consumers give 'express consent,'" Edelman told United Press International, quoting from a recent commission settlement with two spyware vendors.

"That means they (Sears) have to 'clearly and prominently disclose' anything 'material' about the program. … That disclosure has to be 'unavoidable' and take place 'prior to … and separate from,' any final licensing agreement," he added.

"Sears clearly is falling short of those requirements," Edelman concluded, calling the failure "remarkable" and "very brazen."

Spyware researcher Benjamin Googins of Islandia, N.Y.-based CA Inc., who first blogged about the issue, pointed out that the software sends data about consumers' Internet activity not to Sears' own Web site, but to a site registered to ComScore Inc. (NASDAQ:SCOR), an online market research firm, which he said was a violation of the promise in the SHC Community's privacy policy that the information is transmitted to "our servers."

Googins said that the coding in the ComScore software package Sears was installing was "directly" and "genetically" related to coding used by other spyware programs CA had identified in the past.

"This software is all related and shows signs that it was created by the same group," he said.

No one from Sears could be reached Sunday for comment, but the vice president of "My SHC Community" responded last week to online critics, saying that only a small number of those who joined the community had their Internet activity tracked in the fashion Googins and Edelman described, and that the company "goes to great lengths to describe the tracking aspect for those members" subject to it.

"Any potential tracked member is given very clear explanations throughout the registration process concerning the purpose of the community, what "tracking" means, what software will be downloaded, (and) what will be done with the data," added Rob Harles in a statement e-mailed to Googins and posted on the latter's blog.

Harles says, "Becoming a tracked member of the My SHC Community is by invitation only. Invitations are generated randomly and kept to a minimum by design."

He said the community's privacy policy "clearly discloses that data may be shared with service providers. ComScore is simply a service provider to Sears Holdings."

Edelman responded that neither of the two instances in which potential users were informed about the tracking software met FTC standards.

"The only really clear notice is in the e-mail (that those expressing an interest receive from the community). … It lacks the required specificity … and it is not 'unavoidable,' as the FTC requires, because it appears midway through a paragraph, without a heading."

Edelman added that the more detailed disclosures in the community's privacy policy also failed to meet FTC requirements, because the commission specifically mandates that such disclosures take place "prior to ... and separate from" any such document. "The only disclosure on this page occurs within the license agreement -- exactly contrary to FTC instructions."

He said users could easily miss text "on page 10 of a lengthy license agreement."

No one from the FTC could be reached Sunday for comment, but Edelman, who tracks visitors to his blog, said computer users from Internet addresses registered to the commission had been reading his postings on Sears.