March 4, 2004 4:34 PM PST

States join spyware battle

Related Stories

AIM add-on sparks privacy concerns

March 3, 2004

Spyware cures may cause more harm than good

February 4, 2004

A secret war

February 24, 2003
The drive to control "spyware" and other software that hijacks personal computers without owners' permission is spreading to state legislatures, turning up pressure on PC pests.

Late on Wednesday, Utah apparently became the first state to pass a law regulating spyware and other advertising software, although the bill has yet to be signed by the governor. Lawmakers in Iowa and California also have introduced their own spyware control proposals in the past several weeks.

But while potentially welcome news for consumers, the legislative trend is raising worried eyebrows among some Internet businesses, which are concerned that state laws may unintentionally hamper some means of doing legitimate business on the Net.

"Our concerns are (about) regulating a technology rather than regulating the use of a technology," said Emily Hackett, executive director of the Internet Alliance, a trade organization that includes America Online, eBay and Microsoft and which opposed early drafts of the Utah legislation. "What's called spyware is not innately a bad thing. What's called a pop-up is not innately a bad thing."

The burgeoning state interest is a sign that spyware concerns are following much the same path taken by spam--from growing consumer irritation to a focus of public policy.

"Spyware" and "adware" are rarely clearly defined, but typically denote software that tracks computer users' actions online or uses a computer's resources to pop up advertisements or other messages. Many of these programs are bundled quietly with other pieces of software and are sometimes difficult or impossible to find and uninstall.

Federal lawmakers and regulators already are looking at the issue, with the latest congressional bill introduced last week aimed at blocking suspicious software from taking over computers. The Federal Trade Commission is planning a meeting on the issue next month.

The Utah bill, the most sweeping of the pieces of proposed legislation, arose from a problem reported by a local contact lens direct marketer, which discovered that some of its customers were seeing pop-up ads when visiting the company's Web site. Those ads were the result of advertising software on the customers' computers rather than the contact lens Web site, and the company contacted its local legislature.

The result, after some negotiation and input from Net companies, is a bill that bars companies from installing software that reports its users' online actions, sends any personal data to other companies, or pops up advertisements without permission. It contains some loopholes: Advertisements served by ordinary HTML or JavaScript are exempted, as are the ordinary "cookies" often used to help personalize Web pages.

The bill also bars "context based" tools from triggering unrelated advertisements based on visiting Web sites on a certain topic, as happened to the contact lens company.

Hackett said she had not seen the final draft of the legislation and that her group could not yet comment.

The Iowa bill focuses more specifically on software that collects user information such as name or e-mail address and transmits it without the person's consent. Two separate California bills have been introduced, one looking specifically at spyware that transmits user information, and the other focusing more broadly on advertising software that uses computer resources without the permission of the PC's owner.

Privacy groups have begun focusing on the problems raised by spyware and adware but have been skeptical of this type of legislative response.

"To us, it makes sense to have a general (federal) privacy bill," said Ari Schwartz, associate director of the Center for Democracy and Technology, a privacy group that has taken a lead in spotlighting spyware dangers. "We've said all along that would help the Internet at large."

1 comment

Join the conversation!
Add your comment
One unique, unified federal anti-spyware bill is needed
I am definitely concerned about the rapid growth of so-called "spyware" and "adware" that is bundled with legitimate software, which is often distributed for free. More importantly, the inherent lack of adequate disclosure is of even greater concern, as is the often cumbersome or non-existent uninstallation procedures.

On the same hand, I feel that disparate and conflicting anti-spyware bills being proposed by state legislatures will cause more harm than good. It will create a less competitive marketplace, as there are some legitimate uses (i.e., tracking the popularity of a specific game which WildTangent, Inc. uses). As well, it will certainly make an unfair regulatory environment.

What I feel is needed is one, unified federal anti-spyware law that applies to all companies -- from coast to coast to coast. It should prohibit the types of software that install browser "toolbars" that create lots and lots of pop-up ads without a user's permission. Moreover, it should prohibit adware that pops up advertising on a competitor's Web site or adds contextually-targeted advertising to a Web site that doesn't want it. Congresswoman Mary Bono's proposed legislation appears to be one such bill that shows promise and I quite like.

Doug Mehus
British Columbia, Canada
Posted by dmehus (30 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.