October 12, 2004 10:07 AM PDT

From spam king to spymaster?

Related Stories

FTC to shine light on spyware

April 15, 2004

Lawmakers take aim at spyware

March 3, 2004

Your PC's enemy within

June 26, 2002

Ad nauseam

February 5, 2001
In what could prove to be one of the great second acts in Internet history, erstwhile king of spam Sanford Wallace takes center stage this week as Exhibit A in a federal crackdown on invasive online advertising software.

The Federal Trade Commission on Tuesday announced an aggressive new strategy in taking on alleged purveyors of "spyware," a vague term that describes software that may track unsuspecting Web surfers and bombard them with advertisements or even steal log-in information and passwords.

News.context

What's new:
The former king of spam, Sanford Wallace, has returned to the Internet spotlight, this time as the subject of a lawsuit charging him with installing spyware on unsuspecting users' computers.

Bottom line:
Wallace is the poster child for the Federal Trade Commission's aggressive new strategy to rid the Net of software that may track unsuspecting Web surfers and bombard them with advertisements or even steal log-in information and passwords.

More stories on this topic

In the first action of its kind, the agency last week filed a civil lawsuit against Wallace, charging the admitted former junk e-mailer with fraudulently installing advertising and other software on consumers' computers through his network of Web sites. The lawsuit was the centerpiece of Tuesday's FTC announcement.

"Spyware spoils the online experience for millions of computer users, and even worse could be an obstacle to the growth of e-commerce," said Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection. "This may be our first case (against spyware), but it won't be our last."

As in the early spam battles, the bombastic Wallace has become a lighting rod for efforts to clamp down on what many now consider to be among the most virulent Net pests. In an interview Tuesday, Wallace said his company had never created spyware, and that the pop-ups and downloads on his Web sites could be turned off by using the most up-to-date security patches for Web browsers.

"We don't think that we're involved in anything illegal," Wallace said. "There is nothing we're involved with that cannot be avoided by a consumer choosing to turn off downloads on their computers or by blocking pop-ups."

Tuesday's lawsuits--particularly in conjunction with federal anti-spyware legislation nearing passage--could help rein in business practices that have posed increasing risks for Net surfers during the past few years.

"Very much like with spam and the spam legislation last year, spyware can be fought through a combination of efforts: enforcement, legislation, technology and consumer education," said Dave Baker, an attorney at Internet service provider EarthLink, which has been an active participant in anti-spyware efforts. "No one thing cures the problem by itself."

The last year has proved to be a tipping point for an issue that has been building for several years. Reports of widespread adware and spyware infection have increased dramatically, in part as consumers have increasingly realized that their computer crashes and slowdowns were being caused by surreptitious advertising software.

EarthLink recently said its online spyware-spotting tool had been used 3 million times since January and had found an average of 26 spyware components on people's hard drives.

The result has been a surge of legislative efforts in Congress and state legislatures, as well as this week's lawsuits from the FTC.

Legal limits
Wallace--once dubbed "Spamford" by a Net community desperate to cut off the flow of unsolicited e-mail coming from his company's servers--has been operating new advertising ventures for several years. Regardless of the suit's outcome, the charges brought against Wallace's companies--Seismic Entertainment Productions and SmartBot--could help raise awareness of the issue.

In an interview with CNET News.com in 2001, he outlined his strategy of boosting traffic by forcing people to click through multiple pop-up windows in order to exit his PassItOn.com entertainment site. He said he would soon start collecting personal information from people who wanted to use his site without so many windows.

"We don't violate anybody's privacy; everything is disclosed," Wallace said in that interview. "We're giving something away for free in exchange for consumers' permission to use private information. It's no secret. Publishers Clearing House has been doing this type of thing for years."

The FTC cited that interview in its lawsuit, which was filed in New Hampshire federal court last week. Wallace said the current incarnation of his Web sites did not collect any personal information about consumers at all.

In the lawsuit, FTC and independent investigators outline a string of what they say were potentially abusive practices.

FTC investigator Sallie Schools said Web sites operated by Wallace changed the home page in her Internet Explorer browser. Programming code on one page popped open the CD drive in her computer and showed text saying "If your CD-ROM drives open...You desperately need to rid your system of spyware pop-ups immediately." The site then offered a product called Spy Deleter.

Other sites surreptitiously downloaded software from another company's site, which in turn led to the installation of numerous other spyware and advertising programs, the lawsuit charged. All of the actions took advantage of publicized security holes in Microsoft's Internet Explorer browser.

Anti-spyware activists say a successful case focusing on these practices--changing home pages without consent, installing software without consent and "compelling" the purchase of anti-spyware software--will help clamp down on some of the worst practices online.

"We're very positive about the way this is looking; it looks like they've built a good case," said Ari Schwartz, associate director of the Center for Democracy and Technology, which first brought Wallace's company to the attention of the FTC. "This fits into the kinds of cases where the FTC could get their feet wet on this issue."

Wallace said he would pursue the case and pull down the sites if a judge ruled against him.

"We want to confirm that our model is legal," Wallace said. "If the court finds that it's either illegal or deceptive or unfair, by the FTC's definition, we will cease operations voluntarily."

As the FTC moves ahead with its more aggressive strategy, Congress remains close to passing legislation that would boost fines for spyware purveyors and potentially impose criminal penalties.

The House of Representatives passed two separate bills last week aimed at the practice. Major technology companies, including Microsoft, Yahoo and Dell, have signed on to the idea after some trepidation, though some technology executives privately say they are still worried about provisions focusing on types of technology rather than on the behavior of potential "bad actors."

Some insiders say the pending bills are likely to be joined, providing both criminal penalties and higher civil fines, and passed when Congress returns to Capitol Hill after Election Day.

The issue has been a strong focus for several legislators, including House Commerce Committee Chairman Joe Barton, R-Texas.

"Spyware is to computers what an open window is to burglars," Barton said last week, following the passage of a bill authored by Rep. Mary Bono, R-Calif. "This will provide some real, sorely needed online protection for consumers."

7 comments

Join the conversation!
Add your comment
Don't like spyware? Here's a clue
Don't use IE. Duh.
Posted by unixrules (21 comments )
Reply Link Flag
And
And if you dont like viruses, daily reboots, manual defragmenting, system lock-ups or slow performance then dont use Windows.

But thats a little off topic.

Your right, the only thing IE has to offer that no other browser has is ActiveX. Ive never found a website other than Windows Update that uses it. As near as I can tell the only people who love ActiveX are malware writers. ActiveX security reminds me so much of swiss cheese.. strange.
Posted by Fray9 (547 comments )
Link Flag
And one for you...
Drive-by downloads aren't the ONLY way for spyware to get on your system, Sparky.

Duh.
Posted by TimeBomb (70 comments )
Link Flag
Spammer didn't break law? Not
720 ILCS 16/D3
Sec. 16D-3. Computer Tampering.

(a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him:

(1) Accesses or causes to be accessed a computer or any part thereof, or a program or data;

(2) Accesses or causes to be accessed a computer or any part thereof, or a program or data, and obtains data or services;

(3) Accesses or causes to be accessed a computer or any part thereof, or a program or data, and damages or destroys the computer or alters, deletes or removes a computer program or data;

(4) Inserts or attempts to insert a "program" into a computer or computer program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that computer, or any other computer subsequently accessing or being accessed by that computer, or that will or may alter, delete or remove a computer program or data from that computer, or any other computer program or data in a computer subsequently accessing or being accessed by that computer, or that will or may cause loss to the users of that computer or the users of a computer which accesses or which is accessed by such "program";

(5) Falsifies or forges electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers;

So, yes, he did break the law, and installing any program to a computer located in the State of Illinois without the owner's consent or knowledge is a Class 4 FELONY ont he 1st offence, and a Class 3 FELONY for any offense after the first.
Posted by Methuss (101 comments )
Reply Link Flag
If you have the tools...
Since Illinois already has the tools to prosecute spammers and spyware purveyors; why don't they use them?
Posted by Michael Grogan (308 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.