Slashdot Mirror
Spyware Company Sues Utah Over Anti-Spyware Law
cgibby98 writes "An earlier Slashdot article talks about how web businesses oppose Utah's new spyware law. A story in Tuesday's Deseret Morning News says that WhenU.com filed suit Monday against the state, its governor, and attorney general, trying to keep the law from going into effect next month. The lawsuit claims the law violates WhenU's constitutionally-protected right to advertise."
So, lemme ask: Would you allow me to install some software on your phone line that would interject with advertisements from time to time? No. You pay for a specific service with your phone line and you don't want to have to be interrupted with ads when you are talking with family, friends or business partners. If this lawsuit is accepted, then one would not have any protection to prevent ads from appearing during your phone calls. As a resident of Utah, I am not usually happy with all of the legislation that occurs up on capitol hill here, but this is one bit of legislation that I fully support.
From the suit: "private enforcers, motivated by the act's draconian penalties and the promise of attorneys' fees, may still seek to sue WhenU for allegedly violating the act."
Well, yeah. That is just the point folks. I don't want spyware on my system. (one of the many reasons I use a Macintosh)
Thus, the act presents WhenU with the impossible choice of either foregoing constitutionally protected advertising and spending significant sums to comply with the act (thereby reducing the effectiveness of its business), without any guaranty that it will avoid liability in doing so, or else being subjected to millions of dollars of claims by private litigants."
No, actually. It is quite simple: Go out of business. Your business model is corrupt and unwanted by both consumers and legitimate businesses. We don't want you here and you can't force yourself on consumers that do not want you. That is the point of the law, the people have spoken and the legislators have listened and responded. And NO.....you don't have a constitutionally mandated right to invade my privacy. That is what it really comes down to.
Visit Jonesblog and say hello.
Which particular section of the US constitution are they referring to? I don't recall anything in there about the right to spam, the right to install spyware or the write to take over someone else's computer in pursuit of the almighty dollar -- but as a UK citizen I admit to not having read it as closely as a US citizen may have done.
Imagine if WhenU wins. I can just see the massive amounts of viral spam that will flood the internet. People will begin writing viruses for the sole purpose of spreading their advertisements. No longer will they just mislead and trick helpless users into installing their "applications," but also they'll be proactive and force people to install their "applications" by exploiting bugs in common e-mail clients and internet browsers.
The good side is that the problem is self healing. If they lose, no problem it's all good. If they win, spammers will take it too far and it will get repealed.
I can count to 1023 on my hands. Ask me about #132.
Maybe, if they didn't have their software installed unwantingly by hidden methods of attaching to other software and trick pop-ups, then they wouldn't have laws passed against them. Of course, at the same time, nobody in their right mind would install their crap. I mean seriously, who would be excited about some new freeware they found that redirects their surfing and increases their amount of popup ads. Even when they don't have a browser open.
Like it's that hard to throw in a window saying "Do you want to install this?"
No, that's actually the easy part. The hard part is getting the window to show up AFTER the spyware's already been installed, and rigging it so that clicking "no" destroys the ability to uninstall it.
God dammit, I'd better shut up before some jackhole actually implements this...
"Why Subscribe?" Good question...
I would assume that those fines are per conscious act of creating popups that don't comply - not per violation.
I also doubt it applies to all "pop up ads" - it is more likely to apply to e.g. adult ads on unrelated sites, especially those added to IE by spyware.
There is some question about how a web server is supposed to detect what state the recipient is in, though.
Do they actually provide any measurable service to the users who use their product?
They sell advertising. Advertising is legal. But in order to sell advertising, they have to own or otherwise pay for the right to use the medium that they use to advertise.
If you own a building with a billboard, you can sell that space.
If you provide some form of media (print, tv, movies, or internet), you can sell advertising.
This company and others like it, do not own your pc, they are not your ISP, and they are (probably?) not providing some form of service to you.
So what right do they have to advertise to you, or sell information from your PC, beyond the end user being stupid enough to agree to some liscence?
END COMMUNICATION
I bet what they're going to try and say is that the state is infringing upon their freedom of speech... which is a complete crock because there are many avenues under which they could get their message out without essentially hijacking a person's internet experience.
The constitution guarantees you the right to free of speech, but not the right to be heard.
We can't spam you using your system anymore, we might have to go develop a REAL business model.
Pay attention you. The people have spoken adn we don't want you.
49 states to go.
If you don't want spyware, why not refuse from agreeing to EULA's that involve it, and run scanning programs like ad-aware? If I don't like my neighbor looking through my window, it's my responsibility to take him to court - I shouldn't try and get a law passed that the police need to go around actively seeking people who peek through windows.
I ran ad-aware every couple days when I used windows.
Oh, my bad, you've actually got a point there! Actually, now that I think about it, the "spending significant sums to comply with the act (thereby reducing the effectiveness of its business)" probably has more to do with the fact that their business model is based on duping their "customers" and they'll have to reorganize the whole company around this law.
but $10000 seems incredibly steep.
Unless the penalty is harsh enough to do real damage to the offender, it will simply be chalked up as a cost of doing business and the purpose of the penalty will effectively be nullified.
In that light, I would argue that $10K might be a little on the low side.
It goes from God, to Jerry, to me.
This shit is getting out of control. I'm all for *free speech* if such a thing truly exists anymore, but christ when are these companies and the US government going to wake up? Everything going on now seems to be a fight for control more than a fight for rights... or perhaps it's the inherent nature of capitalist businesses to feel that it's their *right* to make money regardless of how, whom they affect or where they want to draw income.
Companies want to control what you download, they want to control what you buy or from whom, they want to control what you do with products after you've bought them. Everytime they feel they're being inhibited in some way the ones with enough money buy out the lawmakers to make the rules favor them... the ones with lesser amounts of money sue the lawmakers/government...
It's getting absolutely ridiculous. I'm not trolling and I don't give a rats ass about the economic, social or environmental benefits of being capitalist, nor do I give a shit about writing congress, senators or any others about what I'm displeased with. These lawsuits need to stop... and these companies that think it's their god given right to control everything we as the public see and touch has got to stop as well.
Yikes... I mean... what 'right' do they have to invide our privacy? To use bandwidth other people pay for to try to sell whatever junk they are peddling?
It reminds me of a sci-fi story I read a few years back, in which society was totaly taken over by capitalist forces... I can't recall much of the plot sadly, but I do recall one of the main characters beeing punished for owning a set of earplugs and therefore 'stealing' time form the companies by not listening to the non stop comercals on the radio.
It's free speech again, in a way. The company may have a right to say whatver they want, but I have a right not to listen... and I have the right to throw them out of my home, and my computer. And now an entire state in the US has, in a way, thrown them out of their home.
Whats next? A company claiming the right to paint ads in your livingroom?
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
I'm not familiar with WhenU's software, but I find this hard to believe. Can this statement be defined with the same style of deceit that seems to encompass adware companies? Anyone who knows of their spyware's habbit's please shed some light on this.
Well, many adware/spyware companies commonly make use of user ignorance to install software. They'll flash a popup bearing a blue screen and windows-like cryptic warning message saying "your system is not optimized" or "your system is vulnerable to spyware" or "your clock is not accurate." The unwitting user is tricked into thinking it's a legitimate windows error, and therefore uses their best judgement to deal with the situation. Usually they'll click the "OK" button just as they do with real windows messages. Then they are presented with some cryptic EULA (which 99% of people don't read anyway), and the next thing they know, they are bombarded with popups and their machine runs at less than 10% it's original speed.
I'd wager one of the politicians in Utah became infected with spyware, and the personal, first-hand experience with the obvious problems it presented led to this fine piece of legislation. Yes, it seems steep, but if it were anything less, it wouldn't send a strong enough message to the lamers that write this crap to deter them from doing it.
- Installation: It's bundled with several programs. Based on general experience, I'd say it's probably buried somewhere in the EULA, but I don't know the specifics of how it's installed.
- Advertising: Displays pop-up ads, monitors keywords and displays advertising based on what you see and type. Also hijacks referrer links.
- Privacy: Sends back the term which triggered the ad and the ID of the affiliate software which installed WhenU when it displays an ad. However, there aren't any cookies set or any GUIDs.
Basically, these people seem to be the same as most malware vendors: they say that they got your express permission to install the software, but rely on their affiliates or the EULA From Hell to actually notify you about what is going on. I doubt that either the "it's constitutionally protected" argument or the "the users gave consent" argument will fly any farther than what it takes for the judge to throw them out.Note: I'm not a lawyer; don't take this as legal advice.
That's it. I'm no longer part of Team Sanity.
yo.
I consider spyware and adware publishers to vandalists. I work at the help desk at my local ISP and I spend more time explaining to people what spyware is and why we can't fix their computers for them then anything else. Sure many times you have to click shady license agreements, but I myself have personally seen how easy it is to be bombarded with illegitimate software. I run spybot and Adaware often and use the immunization features and usually only browse with Firefox yet last week I still got "infected" with 5 different spyware apps simultaneously. They killed my Winsock stack. Luckily I know how to repair XP with my eyes closed but to 99% of the users out there this would send them running to a computer repair shop with their wallets open. Unfortunately, most users are ignorant that spyware even exists and blame their manufacture or worse, their ISP, for their computer slowing to a crawl. They don't understand that a microchip doesn't deteriorate with age, but the software running on it sure can. It's pretty sad when I have to tell a 90 year old woman trying to get her grandkids emails that she has to find someone else to fix her PC for her because she downloaded software to make her IE have pretty skins. Advertising is one thing if you agree to it as a means to keep consumer costs down, but when those ads corrupt a computer to useless that's not very cost effective. My company is thinking about charging to support spyware repairs but you don't want to even know how much that'll cost granny. For now I guess it's just sorry, but we can't support that. (We're not really mean about it, we often spend many hours in Regedit or MSConfig but there's only so much you can tell a novice over the phone plus time is money. We have real network issues to fix first.)
LOOP1: MOV CX,2 LOOP LOOP1
constitutionally-protected right to advertise.
is the new constitutional right that will replace that tired old 4th amendment right not to be subject to unreasonable search and seizure.
The price was right and the powers that be figured they ought to give the people a new amendment in place of the old one (if anyone counts the total number will be the same) that was getting nullified by recent legislation.
Wait.
My mistake.
You do get an additional constitutional amendment protecting you from gay people calling themselves legally married.
Just don't say the constitution is being eroded, no sir.
We're getting more constitutional protections, not less.
"Provided by the management for your protection."
First, we need to distinguish between "free" and "advertizing supported". Second, this isn't about website's own popups (which are bad enough), but about spyware-generated popups.
Google gets by without them. (In fact, every decent website gets by without them, since if you use pop-up ads, by definition you're not a decent web site.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Besides compared to what you would get sued for for sharing an MP3 or what the fine would be for DOSing the NY Times for 15 minutes, I consider that pretty reasonable.
My days of not taking you seriously are certainly coming to a middle...
"constitutionally protected right to advertise". Did I miss that one? Let's just hope some misguided lawmakers don't decide to combine that with the "right to bear arms". Or arm bears.
You know if WhenU claims a "right" to use my PC (that I paid for) for its advertising purposes, then I think I'm gonna claim a "right" to go pee on WhenU CEO's desk.
My PC is not a billboard, your desk is not a toilet. OK?
John.
No, it's _stupid_ for people to run sites that they cannot afford to. What happens to that $1-$2 CPM for popups when ad companies realise that nobody ever uses them, or everyone blocks them?
Advertising != Free Speech
Nike argued that in the Cali Supreme Court and lost. Then the US Supreme court said, ``Don't bug us about this''
Personally I am sick and tired of the corporate welfare program that exists in the US. If you don't have a viable business plan, you should and will fail....unless you are a huge multi-national company that owns a few senators.
There are already legal limits to aggressive advertising, that are not considered to impinge free speech. To name a few:
- Posting monster billboards in residential neighbourhoods, even with the landwner's permission. (Except during elections)
- Phoning or ringing doorbells or standing in front of my house with a megaphone bellowing sales pitches at ungodly hours.
- Junk faxes
- Indecent, misleading or libellous ads, including those which appear to be regular traffic signs. (Road closed - detour through mall)
- Posting on private property without the owner's explicit permission.
I think this sort of thing is covered by the last case. If I send a 10 page flyer to your house that gives me permission to make unlimited use of your personal property unless you read the fine print on page 7 and mail it back to me within 10 days with the "NO" box ticked, no court in the land will accept this as implied permission. And it ought to be the case for spam/spyware as well.
My rights don't need management.
Now this isn't a troll, because common sense tells me that spyware should not be allowed to operate the way it does today, but... From legal perspective, don't users agree to install spyware and accept its activities via those click-through EULAs that come with various "free" downloads?
The issue seems not to be spyware, but not adequately warning users of what is being installed on their systems. It would seem to make more sense to pass legislation that requires standard, plainly and prominently shown notification of what habits a program tracks and what sort of advertising it does, shown on its own page before installation. A blanket ban seems a bit extreme.
On another note, spyware seems to invade my system even though I am pretty saavy and do all I can to avoid it. It would appear some companies take advantage of IE exploits to stick these things on my system, but I can't say for sure.
ya' mean we ain't there yet?
spit on the sidewalk? - 90 days...
climb a rock? - 180 days...
joke about "explosive flip-flops" in the air-port? - guantanimo bay...
How about a constitutional ammendment instituting a "Sunset" clause -- something like giving legislation a maximum life span of 3 terms, after which it must either be re-proposed, and ratified, or taken off from the books.get rid of these silly laws about how one can (or can't) wear their facial hair, in church, &c., while we're at it.
Too bad it isnt a national thing, but according to Oregon's constitution, stripping is considered free speech.
=D
shouldnt spyware fall under the electronics laws that make it illegal for a hacker to take over or enter a computer with out permission. at least for those that dont show up in a EULA. those that do show up in the EULA, if you dont want the spy-ware, simple dont use the software.
If WhenU wins the court will make a statement which will limit what laws the government are allowed to make. They're near viral already. Have you ever tried to remove one of the bad ones using "Add/remove programs?" It simply re-installs itself as a different name. That's VERY borderline viral already. They also use misleading popups to install themselves. Some will install using the plugin-style remark, "You need to download and install this plug-in for internet explorer in order to view the current webpage."
If they win, they will do things like the following scenario with a particularly unskilled computer user, we'll call him "Cloobie":
1.) Cloobie searches the web for a program to synchronize his computer's clock to a standard source.
2.) Cloobie gets stuck in a recursive pop-up asking for authorization to install a piece of software, once he gives up, and agrees he sees a 500 page EULA stating that the software has to right to do basically whatever it wants and he agrees to allow it.
3.) Cloobie is happy, he has found what he wanted.
4.) Cloobie happens to be on a company-owned computer and the software writes itself to all open shares, doing techniques like renaming other executable files and taking their names. The program silently installs on anyone's computer who runs the executables, and then the executable simply passes on to the real app they wanted to run.
End result is a virus that could technically be construed as legal, even if on shakey ground.
I can count to 1023 on my hands. Ask me about #132.
free advertising!
At the very least, gives users the option to pay or see pop-ups. Salon gives users the option to subscribe or sit through an advertisement for a day pass. I find that fair and honest.
AMEN! So now when are Slashdotters going to stop defending copyright infringement as a constitutional rights issue?
"Ask not what your country can do for you." --John F. Kennedy
Besides the invasion of privacy, spyware steals CPU cycles, disk space, and the productive value of the PC. As a Sys Admin, I am constantly battling spyware with "Drive-by" installs. The loss of business productivity is astounding.
Could the spyware companies be shut down using anti-racketeer laws (assuming they are located in the US)?
This post may be understood as flamebait by those who do barely try to see things from my point of view, but I can brace myself up against that. The issue is, I do not really see where some peoples' complaints against major advertising companies lie, as it seems apparent to me that the softwares' privacy policy has always been available to the end-user. Out of curiosity, I visited WhenU's site to verify whether or not there was truely a case of non-consent on the behalf of the user, and of breach of the user's privacy. WhenU's privacy policy is freely available on their site, and for the lazy among you, these are basically the most important paragraphs:
So far, so "clean" -- WhenU.com informs the user of the information that is sent to WhenU.com, and also details which information is not used, and when the required information is sent. Although, my cynicism pushed me to download the SaveNow software just to check whether or not there were some strings attached with the software itself; on installation, I read the privacy statement which was completely identical.So, according to this privacy statement the user consents to installing the software and subsequently to have the said software make use of the user's bandwidth to send anonymous usage statistics to WhenU.com and download advertising banners corresponding to the profile built with the anonymous information. I hastedly repeated the small research for Claria software (formerly GATOR software) and the results are pretty much identical -- the user consents to installing the program and have it use bandwidth to send anonymous information to Internet servers. So the major desktop advertising comapnies are sadly pretty much right when the affirm that the user is consenting to their software using their computer to perform various tasks and activities. Now the question which is preponderant in my mind is: what am I doing wrong here? There must be a further reason for everyone complaining about a breach of privacy, further than the statements in the privacy policies then -- but if the information in the privacy policies is invalid, doesn't that make the activity of these companies illegal?
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
-----
They aren't charging for it, so by your rules, they couldn't be held liable for it
-----
Is their startup backed by a government business loan? How about publicly traded stocks or bonds which come from public 401k funds? How about money that comes from loan sharks who get that money from public banking institutions? In any of those cases the WhenU software is _not_ free because the consumer paid to start the company.
The large majority of open software comes from private individuals writing the software in their free time. Some of it comes from government research grants.
That's my favorite part. If you follow the money trail on a company like WhenU it goes to a number of business heads having dinner with politicians. If you follow the money trail on an organization like FSF it goes to a large pool of people who are using it to write useful and productive software that doesn't rely on being invasive, subversive, or try to fall back on technical EULAs to justify its existence.
+++ATHZ 99:5:80
So do you work directly for MicroSoft, or are you a contractor? I'm sure they'd love to take some responsibility if it cleared out 95% of their lesser endowed (money wise) competitors.
And the muscular cyborg German dudes dance with sexy French Canadians
Dude, wtf is up with software companies in UT? Are there any software companies in the state whose business model doesn't involve prosecuting|compromising|raping their customers?
Yes, my only tool is a hammer. And you're starting to look like a nail.
Point is, there are plenty of poorly written laws out there, put in place by good intended people to curb "bad" behavior, which have been turned on their heads, and end up doing just the opposite of what their authors thought they would do. Example is the current set of SPAM laws just passed by the Federal government which will actually server to increase the amount of SPAM on the Internet, mostly by legitimizing opt-out "commercial" emails, and taking away most people's ability to effectively hit back at the perp's.
Just because a law is written to stop people from doing bad things to us doesn't mean that it effectively stops that bad behavior, without having unexpected, and sometimes disastrous side-effects!
Your Servant, B. Baggins
The software protects users' privacy by uploading a database of content in small chunks to individual desktops, and then determining on the desktop whether to retrieve information from WhenU.com or third-party servers. To protect user privacy, the same database of content is sent to all desktops. Decisions regarding which ads to retrieve to an individual desktop are all processed on the user's desktop - and isolated from WhenU.com servers.
n rather than a privacy issue. Bill O'Reilly would be proud of that spin.
NOTE: It does NOT say the results of these decisions are not sent back to WhenU's servers. It merely states the "decisions regarding which ads to retrieve to an individual desktop are processed on the user's desktop". This reveals:
1. They are choosing to expend the user's processing/memory resources to make these decisions in lieu of their own network. That's more of a lets-waste-the-user's-resources-instead-of-our-ow
2. They are not explicitly saying they aren't collecting detailed info on the criteria used to make a decision; merely that the decision is being made locally. The words are twisted in such a way as to give the user the false impression that they are somehow protected when they are not.
3. They can at any time, elect to pull content from WhenU's servers instead of the localized database, which in effect sends the decision information to WhenU and worse, unnamed "third parties".
User privacy is also protected in the following manner:
1) Personally-identifiable information is NOT required in order to use the software and
All they say here is the info is "not required" - which is meaningless. It doesn't say they won't try to acquire personal information, which they obviously will.
WhenU.com does NOT know the identity of individual users of the software
1. This is a red herring. They can easily collect enough information to qualify the individual identity of the user, but they can claim that even with all this information, there is no guarantee [ever] of knowing whether the information is accurate, therefore they "do NOT know the identity".
The important thing to note here is, they are merely claiming they "do not know the identity"; they're not saying they "WILL not seek the identity", or "will not collect personally identifiable information". They will and they do, but if you ask them, they'll say, "Gosh, we really don't know if we could identify you based on the info we've collected..."
2) As the user surfs the Internet, URLS visited by the user (i.e. the user's "clickstream data") are NOT transmitted to WhenU.com or any third party server
This is a great example of the classic privacy policy snow-job. What they are leaving out is the three magic words which are implied: AT THIS TIME "URLs are not transmitted to WhenU.com". Because of the policy being subject to change at any time, this statement merely says right now they're not getting that info. It doesn't say they "will not ever" collect this information. Why not say that?
3) WhenU.com does NOT assemble personally-identifiable browsing profiles of users
4) WhenU.com does NOT assemble anonymous machine-identifiable browsing profiles of individual users
5) WhenU.com does NOT track which ads and offers are seen or clicked on by individual machines - analysis and tracking is done in the aggregate.
Again, more of the same. "Here's what we're doing RIGHT NOW" - it doesn't mean that tomorrow we won't be giving your personal info to every Herbalife distributor in North America, but right now we don't do that. Hooray! Yea, sign me up!
Can someone explain that to me?
OK, so spyware is in a mostly different category than viruses, but doesn't it seem odd that the companies with the greatest experience in scanning computers looking for software haven't moved into the market dominated by smaller companies/freeware?
I think it would be a HUGE seller to corporations who lose of a ton of productivity to this crap. I know I'd push it in a heartbeat if it was available, as would others.
So why does McAfee or Norton do this? I know it's not a conspiracy -- but it really feels like one.
Boy, I'm glad liabilty doesn't work that way in other fields. Imagine..."You are at least 10% liable for the fact that you were shot - if you hadn't been standing in the way of that bullet you never would have been hit", or "My client can not be held entirly liable in burning down the plantiffs building. If the plantiff had not built his home where my client chose to play with his zippo, this unfortunate incident could have been avoided".
"Prefiero morir de pie que vivir siempre arrodillado!"