FTC to shine light on spyware

Pressure is growing for new rules to curtail malicious programs known as spyware, once again raising a vexing problem for the Internet age: Can software risks be regulated into submission?

The issue will get a high-profile hearing next week, when the Federal Trade Commission (FTC) plans to convene a workshop on the dangers of spyware. In a common scenario, such programs might bombard victims with unwanted ads or, more rarely, allow hackers to snoop on Web surfing activities and steal confidential data such as passwords to online bank accounts.

Monday's FTC hearing, which will draw technology executives, lawmakers, and consumer groups from around the country, could be the first step toward federal action against spyware companies, following the path the FTC has previously taken on spam e-mail and other Internet privacy issues.

It also highlights rising national concern about this ill-defined category of computer pest. The pitch of consumer complaints about spyware and adware now rivals that of the outcry against spam several years ago, and is prompting response from legislators in Congress and in a growing number of states.

"So much stuff is being foisted on people that it's really slowing their computers down," said Roger Thompson, vice president of product development at Pestpatrol, which markets software that promises to clean spyware out of infected systems. "That's stepping out of bounds of what's fair and reasonable."

The quickening pace of legislative proposals has many in the technology industry worried that their ordinary software development could get caught in the cross fire, however. Many technology companies were deeply critical of the first anti-spyware law , passed recently in Utah, and they're looking to the FTC hearing in part to help guide future action.

"The first step is to get a common understanding of what kinds of activities we're really trying to get at here," said Mark Bohannon, general counsel for the Software and Information Industry Association, who will participate in the workshop. "That will allow us to see what we can do under existing law, and where we need to fill in."

The debates over spyware and adware have the potential to become as divisive as the ongoing battle over commercial e-mail. Outraged consumers who see their computers routinely captured by streams of pop-up windows and other hijackers, or discover their personal information being sent to outside companies, are ready to embrace draconian solutions.

But the efforts to control this unwanted software raise similar concerns to spam, in which some companies worried that newsletters and other commercial speech would be indiscriminately lumped together with ads for Viagra. Similarly, proposals to regulate pesky software programs could threaten technology companies' traditional development practices, industry figures warn.

"We are very concerned about legislative mandates that define what is spyware by the nature of its technology rather than focusing on the behavior and bad practices that we're trying to stop," said Robert Holleyman, president of the Business Software Alliance. "A lot of functionality that some people with the best intentions try to address also applies to the way some antivirus software is routinely updated, for example."

Many critics are sympathetic to this issue. The Center for Democracy and Technology, a public interest group that has taken the lead in highlighting fraudulent techniques among spyware and adware companies, is putting together a coalition of consumer groups, technology companies that will present a list of "worst-case scenarios" to the FTC.

Focusing on those types of cases, in which clear fraud or otherwise problematic behavior is evident, could be a good start for federal enforcement, CDT Associate Director Ari Schwartz said.

Nevertheless, legislators around the country are responding more quickly, largely because of rising complaints from consumers and other constituents.

The Utah law, the first in the nation to be approved by a state legislature, came largely in response to complaints from local company 1-800-Contacts, which discovered that advertising software WhenU was launching advertisements for rivals when Web surfers visited the Utah company's site. WhenU has now sued the state, saying the law is unconstitutional.

Three bills seeking to regulate spyware and adware have been introduced in California, and are moving through the legislative process there. Lawmakers in Iowa introduced their own proposal, but it did not pass before the end of the year's legislative session.

Several bills have been introduced in Congress. While technology companies are watching these closely, and for the most part say they would prefer to wait, they say national laws would be preferable to a patchwork of local legislation.

The FTC hearing, which will see a full day of debate on how exactly adware and spyware should be defined and on what governmental responses are appropriate, could help guide legislators and technology companies in developing both laws and software itself.

"Part of it will be about formulating a plan on how to deal with the problems," FTC staff attorney Beth Delaney said. "That's really how we view this, as a first step."

[Peterbkz]

FTC to shine light on spyware

Its high time that spyware is regulated. I have taken the time to install on my computer various spyware defences. The effect is that so many homepages don't open anymore. I don't care, because there is always a site that will give me the information I want. The others try mostly to set intrusive cookies, which are rejected. I have even written to a number of sites, telling them that they either stop cooperating mostly with advertisers, that send this kind of intrusive microprograms, or else I shall not be able to visit their pages anymore. I clearly tell them that I am interested in advertising, as this is one form of information to keep abreast with the developments in the technology field, but without the intrusion into the privacy sphere. Most have not replied, a clear indication that they prefer the intrusive advertisers over their customers. But time will tell, how long such sites will be able to act in such a way.

On top of all I have many friends and customers who are equally fedup with these practices and ask me to install the same defences on their computers. The stone keeps rolling.
Peter006

Good point!

I never thought spyware was more than pesky till I went to this friend of mine, who claimed that he was being charged tens of megs of info each month by his ISP even though he did not transmit a thing to the net...
I went through the tedious job of cleaning his machine.
Found some 20-25 different types of spyware. Furthermore, his 1GHz Athlon was running annoyingly slow. Somewhat the speed of a 450 Pentium II.
After cleaning the mess, he told me he felt as if he had a new computer.
Yes, spyware & addware definitely need regulations! And enforced rules too!
After all it is definitely stealing money from people's pockets, as most ISP's charge trafic.

[Fireweaver]

Who Cares?

Oh, thank goodness the government is rushing in to save the computer user again! Now we'll all be completely rid of spyware just like we are rid of spam.
Oh, we're not rid of spam? Maybe it's another feckless ploy of politicians that have no clue but want to look good during election time, then.

[JohnBeuerle]

I care, for one...

Someone said that legislation will not solve the problems of adware and spyware becuase many advertisers will not be affected. The laws of the United States do not pass across its borders and most of the crap we deal with on a day to day basis come from other points around our globe. But any help in curtailing the mass amounts of garbage I am forced to see whether I want to or not, and the time it takes to carefully maintain my computer against Hijacking and subversion is important, not only to me but to many employers who rely on people to actually have time TO GET work done. I welcome the day that they take some of these worthless purveyors of internet garbage out of business. Maybe, at that point the internet can get back to what it was intended for and NOT some huge infomercial for every product known to man!

[FLATFOOT]

SPYWARE

As long as politicians can be bought and the parasites of society are able to work off shore, no meaningfull legislation will ever be enacted.

[Steven N]

Being smart helps

It is fairly easy to remain spyware free. All you have to do is using the right tools and take care on what you install on your PC.

I am using Mozilla/Netscape 7.1 now for 2 years to go to the WWW, and every time I do a Spyware check I get zero of them... with basically no modifications to the default configuration of Mozilla. Popups are disabled, third party cookies are not allowed, and some restrictions on Java scripts are present. I don't remember how many of these settings were default, but quite a few of them are.

I am sure you can get IE to be as safe as Mozilla, but I wouldn't know where to start, and how long it would take me to get to the same level of security as the default settings of Mozilla.

The reason why IE has all these exploitable "features" and Mozilla hasn't is because of the tools are created for two different customers.
Mozilla is made for the one that is using it to get on the WWW, and get his or her information they want. So the customer is the user.
IE is also made for the customer, but in this case the customers are big corporations. And those corporations want their stuff to be handled by IE.
eg. HP is able to configure a complete PC by using IE, ISPs are able to configure your network connection using a web page, ... This has got nothing to do with a user that wants to surf the Internet, it is just those big corporations that want to cut back on support costs, that asks for all these "features" being present.
Sure, you can explain it as a benefit to customer, but is also comes with exploitable "features" that are not that beneficial.

[tbbrickzd]

Hear! Hear! for Mozilla!!!

Have my EUs on Netscape which helps keep us (thank the Creator) from spyware/virii problems. Nevertheless, I'm not an idiot, I do have Spybot S&D on all PCs and have run it periodically.

Since you like Netscape 7.1, do give Firefox 0.8 a go. <a class="jive-link-external" href="http://www.mozilla.org/products/firefox/" target="_newWindow">http://www.mozilla.org/products/firefox/</a> Have been running it for about four months now and is it *sweet*. The Adblock extension is the icing on the cake. You can use wildcards with the domains and it really speeds things up. I just hate it when I have to use a EU's browser without it.

[tbbrickzd]

FTC: Thx, but No Thx...

As if the FTC, or anyone in anybody's gov't can do anything about any form of computer malware.

I've much more faith in my firewall, antivirus sw, antispyware sw, and antispam sw to keep the idiots at bay, than the gov't.

[Almost Private]

Balancing Act

There is a solution, but it is not an easy one to figure out, implement, or enforce. We have to figure out how to balance commercial speech rights with individual privacy rights, plus a number of other factors. This is not as easy as it may appear, regardless of which side you support.

If you want to find out more about what is going on in this area instead of making conclusory, cynical comments about politicians, I have provided a variety of articles on Spyware/Adware (both general and more specific), privacy concerns (14th amendment), and current and past legislative actions and the problems/concerns/solutions proposed/imposed. Perhaps these articles will help promote a more objective approach from readers, not just their own subjective viewpoints, which gets us nowhere.

2004 State Legislation Relating to Internet Spyware or Adware, available at <a class="jive-link-external" href="http://www.ncsl.org/programs/lis/spyware04.htm" target="_newWindow">http://www.ncsl.org/programs/lis/spyware04.htm</a>

Will Adware and Spyware Prompt Congressional Action? (Or - Why does my computer's CD tray open for no apparent reason?), available at <a class="jive-link-external" href="http://www.winstead.com/articles/articles/ClientAlert_Adware_040504.pdf" target="_newWindow">http://www.winstead.com/articles/articles/ClientAlert_Adware_040504.pdf</a>

Safeguard Against Privacy Invasions Act, HR 2929 IH, available at <a class="jive-link-external" href="http://thomas.loc.gov/" target="_newWindow">http://thomas.loc.gov/</a>

(NOTE: In Word/Phrase box, search for "HR 2929 IH".)

File-Sharing: A Fair Share? Maybe Not, FTC Consumer Alert, Federal Trade Commission, available at <a class="jive-link-external" href="http://www.ftc.gov/bcp/conline/pubs/alerts/sharealrt.htm" target="_newWindow">http://www.ftc.gov/bcp/conline/pubs/alerts/sharealrt.htm</a>

Does Online Privacy 'Really' Matter? 'No' According to Consumers, byEric Goldman
from CircleID Privacy Matters, September 12, 2003, available at <a class="jive-link-external" href="http://www.circleid.com/print/250_0_1_0/" target="_newWindow">http://www.circleid.com/print/250_0_1_0/</a>

[Almost Private]

14th Amendment

To read more about privacy and the 14th amendment, a good place to begin is here:

<a class="jive-link-external" href="http://www.law.cornell.edu/topics/personal_autonomy.html" target="_newWindow">http://www.law.cornell.edu/topics/personal_autonomy.html</a>

[ascrodin]

destroy spyware and adware

whenU and gator must be destroyed!!!!!! no more spyware!!!! thank god for ad-aware and spybot. hopefully this new law will make the ads stop. computers everywhere will run so much faster.