Slashdot Mirror
Iowa Senate Proposes Making Spyware A Crime
Cooked Chicken writes "Iowa State Senator Keith Kreiman (D) is proposing Senate File 2200, an act making the distribution of Spyware without notice an aggravated misdemeanor, punishable by confinement for no more than two years and a fine of at least $500 but not more than $5,000. The proposed bill also provides victims and county attorneys with the ability to file a civil cause of action for relief from conduct constituting the crime of unauthorized collection and disclosure of personal information by computer."
It's illegal to personally use someone's machine without their consent. It doesn't take a huge jump of logic to see that launching a program to use their machine without their consent should be illegal as well.
"Eve of Destruction", it's not just for old hippies anymore...
In my humble opinion, those penalties are only remotely strict enough if they are assessed per instance installed. Otherwise, even the maximum fine of $5000 is a drop in the bucket for most adware/spyware perpetrators.
RHCE; are you certified? Karma: ambiguous.
This is a step in the right direction. We need this type of legislation ASAP. However, I should point out:
The problem is that much spyware explicitly tells the user what it is going to do: in the EULA. But how many users read the EULAs? How many people understand them? As a computer repairman for lots of moms, granny's, and kids, I can tell you that these people won't read the licenses even if I explain to them the importance.
Some interesting stuff
We privacy freaks now understand that "anonymous" usage information tied to "unidentifyable" facts like my sex, birthdate, and zip-code are sufficient to identify me when partnered with other databases.
To paraphrase, the bill defines spyware as programs that send "Identifying personal information" without user knowledge or consent. It has a list of obvious exceptions, what's left is spyware.
...
a. "Identifying personal information" means
the following:
(1) Name.
(2) Address, including the street name or name of city or town.
(5) Social security number.
(8) Any other information identifying an individual.
(I cut some stuff out, but you get the idea.)
Do we hate spyware because it sends out this kind of information, or do we hate it because it runs in the background, shows pop-ups, and makes the computer unstable?
I don't have a problem with the bill, but I don't think it target's the underlying problem of nearly self-installing crap-ware.
btw, my computer's always 100% spyware free, it's my parents' computer that's beyond redemption.
Sangloth
I'd appreciate any comment with a logical basis...it doesn't even have to agree with me.
I don't see why this is offtopic. It's a rather insightful observation.
The bill as linked to above provides an exception for "legitimate law enforcement purposes." One of the problems with current law enforcement in the US is that illegal searches and seizures usually result in nothing more than the evidence collected, if any, being disallowed in the court. It will now be possible to bring suit for the gratuitous and unauthorized collection of information, as it falls outside "legitimate law enforcement" even if the parties happen to work for a law enforcement agency. If you don't think this affects John Ashcroft, you haven't been paying attention.
What about all those airlines that participated in CAPPS II in violation of their privacy agreements ?
The suits filed won't really collect money, of course, but they will provide a good opportunity to put certain people in deposition where they can say embarassing things. I think it would be good if this law were enforced to the hilt against people like John Ashcroft.
It's illegal to use another person's equipment in a way that they don't approve of, why not another person's computer? Does it matter if your mechanic hands you a stack of papers that says, somewhere on page 25b, that your car will be used every tuesday by Stop and Shop? It's still flagrantly illegal. Windows update is understandable behavior for an operating system, whereas if Internet Explorer sent your surfing habits back to Microsoft it wouldn't be.
I'm all for technological solutions, but if I'm going to be legally banned from flamethrowing someone's servers I want some degree of protection in return. Malware is any software that performs activities significantly differently than those it presents to the user for the purpose of doing something the user probably wouldn't approve of. If someone releases a program to stop pop-up advertising, and it turns out to also replace every icon on the desktop with a link to an AOL signup page, I want justice.
The first thing that needs to be done is, of course, throwing out EULA's. EULA's are not a product of necessity for the internet age, but rather an old leech in new clothing. There are widely accepted practices for software usage and sales, and those should be considered the standard.
Everyone knows what "Spyware" is, the same way that everyone knows what "Sexual relations" means. Just because some lawyer may try to make it meaningless by envoking a draconian definition doesn't make it any less meaningful to the person on the street.
The ______ Agenda