NYS Senator Suggests Criminalizing Spyware

putch writes "New York State Senator Michael Balboni has introduced legislation to make the dissemination of spyware a criminal act. You can read the full bill text here. Is this a good thing? It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user. It would seem to me (IANAL) that it would be quite unenforceable, but may send the right message to spyware outfits. Also interesting is that it requires any 'legitimate' spyware to disclose any bandwidth it may consume and requires the disclosure to be in bits per second." The bill is quite short and readable. (This might remind you of the recently introduced anti-spyware bill in the U.S. Senate.)

Use Utah law as inspiration for a better Fed. law?

[Eric+Smith]

We just need the Federal equivalent of Utah's recently enacted spyware law. Although we should try to make sure our congresscritters don't pass a weaker one that overrides better protections at the state level.

LWN ran a story about the Utah anti-spyware law last month. A number of parties objected, but don't appear to have any legitimate grounds for complaint. The law doesn't ban spyware outright, but requires that spyware explain to the user what it will do, and obtain the user's consent before doing it. Only naughty people/companies should have a problem with that.

The LWN story links to an excellent analysis of the law by Benjamin Edelman.

END THE SPYWARE

[k4rm4_p0l7c3]

I run a network with about 300 Windows PCs on it and our staff has had such a hard time with removing this crap. I applaud this movement because i never thought i'd see something surpass the annoying presence of viruses on Windows. Spyware is now our number one threat of individual system stability, and generates so many support calls it's not even funny. while we're on the subject- anyone run a network and successfully automate spybot s&d ? we run it by hand, and never have had time to dig and see if it could be runnable via cmd arguments so we could streamline this whole deal with the logon scripts.. such as auto-immunization. i looked at all the docs, and it doesn't say anything about that kind of stuff. any help would be appreciated

Agreed

[mfh]

> Doesn't sound like it will catch most of what we call Spyware.

I'd have to agree. Spyware is any software that installs, either with or without permission, to monitor the user and relay information to third parties, for the purposes of selling merchandise or services. Spyware runs in the background, and is difficult to uninstall, or breaks other programs when uninstalled.

Trolling for dollars

[Safety+Cap]

I run a network ~ [blah blah] ~. Spyware is now our number one threat of individual system stability ~ [blah blah].

Here's a hint: block every one of your gateway's ports, unless specifically requested, documented, and justified for a business function. Same goes for email attachments. Then block (at your proxy) all the known spyware sites (and stuff that contains "ad" in the DNS name).

You might also, I don't know, image the person's drive; when they screw up the machine, restore the image instead of trying to "clean" it. That way you only spend a few minutes dealing with that, and they get the reinforcing pain of losing all their personalized settings. After doing that a few times, they'll figure out that downloading CRAP is bad.

Re:Digital Agreements...

[maximilln]

Legally you're probably right. Once you sign the bottom line on a contract you're bound to it unless you can afford at least twice as many lawyers as the person holding the paper.

It's a shame, however. Consider employment. Because I'm a skilled intellectual employee the companies that I work for ask me to sign away all rights of ownership to anything that I do while I'm under their employment, _AND_ to keep them notified for up to three years of where I am and what I'm doing if I leave, _AND_ to agree never to use anything that I learned or discovered while employed with them to benefit any future employers. Strictly speaking, according to the terms of employee agreements, everything that I've done since 1999 is in breach of contract because everything that I do now was built on skills that I learned then. The only thing that saves me is that I'm not a big enough fish and haven't come up with any multi-billion dollar saleable ideas which would attract the attention of their legal vultures.

The US Constitution, specifically the parts about patenting of ideas and inventors retaining the rights to their invention, was written at a time when an individual wasn't dependent upon some communist corporate entity in order to breathe, eat, and have shelter and clothing. The spirit of those sections is being violated on a massive basis by every company in the US through employee agreements.

EULAs are similar. EULAs were written at a time when a few rich idiots lost their harddrives because they wanted to be cool and defrag their hard drive, didn't want to wait for it to finish, and clicked "cancel". Any half-savvy computer user knows that you don't take the disk out of the drive when the red light is on. I guess people thought that the basic premise of read/write integrity is negated by the invention of the "fixed disk".

All rants about incompetent users aside, though, the EULAs have grown to be in direct violation of basic codes of ethics with respect to product quality.

HUH?

[Dimensio]

Why would Sen. John McCain (R, Arizona) be able to block a bill in the New York State Senate?!

Re:Use Utah law as inspiration for a better Fed. l

[RetroGeek]

And also make it part of the law that the "I agree" checkbox be OFF be default.

That alone should protect most people.