April 28, 2004 4:54 PM PDT
Washington wakes up to spyware, adware
The measures, one sponsored by a California Republican and the other by a Washington Democrat, take different approaches toward software that lurks on a computer and serves pop-up ads or transmits personal information. But both make the same point: Official Washington is becoming officially fed up with the proliferation of spyware and adware. The new attention paid to malicious software follows last fall's unprecedented focus on unsolicited commercial e-mail.
"It may be this year's spam, if you will," Rep. Jay Inslee, D-Wash., said in an interview. "We're recognizing that we have privacy rights at stake that could be abused and you have this increasing infestation of pop-up ads. That's a great impediment to people's use of this technology." Computer makers and security firms say that spyware and adware problems have increased nearly tenfold in the last year.
Inslee's bill would punish malicious spyware authors with criminal penalties, grant state attorneys general the power to bring civil cases, and regulate the use of spyware technology by federal police like the FBI. In 2001, news leaked out that the FBI was reportedly developing spyware technologies to remotely install surveillance programs on suspects' computers.
Both Inslee's bill and the one being readied by Rep. Mary Bono, R-Calif., would preempt state laws. That would void Utah's recent anti-spyware law and address the concerns of software industry lobbyists, who worry that companies would have to abide by a patchwork of ambiguous and poorly drafted state regulations.
Thursday morning's hearing before the House Energy and Commerce subcommittee on consumer protection will come just a week after the Federal Trade Commission convened a full-day workshop on spyware and adware. Neither term has any well-accepted definition, but adware tends to refer to pop-up ad networks like those run by WhenU and Claria (formerly Gator).
Bono's bill is a complete rewrite of an earlier version she introduced in July. It would hand the FTC broad enforcement power to create regulations requiring companies to permit the uninstallation of spyware and adware. The measure also bans spyware and adware that does not obtain explicit consent from an end user and that does not offer a warning before installation.
"When she originally introduced the bill, she was really interested in hearing responses from industry folks and how we could improve the bill and ensure that...it would be effective," a Bono spokeswoman said. The spokeswoman said Bono's office rewrote the bill with that feedback in mind.
Spyware and adware, like software in general, is notoriously difficult to regulate, and laws targeting it often have unintended consequences. Bono's new bill, for instance, defines spyware as "any software" that "transmits" personal information --a category that would include any e-mail client (because it transmits a From: address) and many Unix utilities.
Inslee promised that his approach would avoid some of those pitfalls. "The biggest difference is the approach of how we would define a resolution of this issue," he said. "After really looking at the technologies involved, we think the best approach is to deal with behaviors and transmissions of information rather than trying to identify types of software. We think that would be a superior approach. If you address it by looking at types of software, you could end up banning beneficial uses."
6 commentsJoin the conversation! Add your comment