Slashdot Mirror


NYS Senator Suggests Criminalizing Spyware

putch writes "New York State Senator Michael Balboni has introduced legislation to make the dissemination of spyware a criminal act. You can read the full bill text here. Is this a good thing? It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user. It would seem to me (IANAL) that it would be quite unenforceable, but may send the right message to spyware outfits. Also interesting is that it requires any 'legitimate' spyware to disclose any bandwidth it may consume and requires the disclosure to be in bits per second." The bill is quite short and readable. (This might remind you of the recently introduced anti-spyware bill in the U.S. Senate.)

14 of 322 comments (clear)

  1. When is he up for re-election? by Liselle · · Score: 5, Insightful
    It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user.
    Doesn't sound like it will catch most of what we call Spyware. Pond-scum companies like Gator/Claria can always count on stupid people who click through EULAS. Barring that, they can always attach themselves to a legitimate program that needs the revenue, and may require the Spyware installed in order to function (blah blah, AdAware, but that's not the point).

    I'd be more interested in something that took a dig at the EULAS, in the grand tradition of protecting silly people from themselves. This bill looks like do-nothing election-year fluff. Were I a New Yorker, I'd tell this fellow to go back to the drawing board and try again.
    --
    Auto-reply to ACs: "Truly, you have a dizzying intellect."
    1. Re:When is he up for re-election? by LostCluster · · Score: 5, Insightful

      It's the definition of "explicit approval" that needs to be worked on...

      Gator's lastest tactic is to display a hyperlink in the ActiveX install box that the user has to click on in order to see the terms of service. If the user just clicks "Yes" without visiting that link, they've agreed to a long document worth of terms without having them transmitted.

      That shouldn't be possible. That shouldn't be considered an acceptance of the license.

    2. Re:When is he up for re-election? by maximilln · · Score: 5, Insightful

      I still don't understand why the software industry gets the EULA privelege while other idustries are at least somewhat accountable for producing a quality product. EULAs are getting to be so broad that they mirror the OSS example of,"If this software eats your hard drive we are not responsible." I accept it from OSS/GPL software because I'm not paying for it and it's not using information from my system to make a profitable database for someone else.

      In America, you pay for the privelege to be spied on, infiltrated, and abused? wtf?

      --
      +++ATHZ 99:5:80
    3. Re:When is he up for re-election? by maximilln · · Score: 5, Insightful

      Indeed. And, for some reason, the fact that a user has clicked the EULA negates all expectation of any sort of preexisting ethical or moral guidelines.

      I think this world has degenrated to a level of: Regardless of any legal documents you may think exist, you have no rights. Now, if you'll just sign here and agree to let us hamstring you, we might give you some of those rights that you think you have. If you don't sign the dotted line then you're free to take your chances at paying rent while working as a cashier at McDonald's.

      --
      +++ATHZ 99:5:80
  2. Criminalizing is a bad idea by Anonymous Coward · · Score: 5, Insightful

    Because the law will be overly vague, and the next thing you know, you'll be going to jail for writing software which has online updating.

  3. Explicit Approval? by williamstephens007 · · Score: 5, Insightful
    defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user

    Seems like the problem here is "explicit approval". I have personally witnessed people who just answer "YES" or "OK" to anything and everything that pops up on their screen - are they not giving explicit approval? They may be signing away their first born in a paragraph you have to scroll down to see, and they would never know.

    --
    William Stephens
    MCSE,MCDST,Well Respected VBScripting Guru
    williams007@yahoo.com,(212)275-4831
  4. It should be enforceable... by LordZardoz · · Score: 5, Insightful

    The test would be to see what sort of thing the user has to click to agree to use the spyware.

    If its a 30 page EULA, with a 'next' button, then it is not explicit approval.

    If its a large dialog box that says "Do you wish to provide Company X with personal information", and lists what info it will send, then that is explicit.

    If someone files a complaint under this law, and the spyware does not comply with the appropriate standards, then the company pays a fine (income for the state!), and possibly jail time.

    END COMMUNICATION

  5. The Congress is expert at by Anonymous Coward · · Score: 5, Insightful

    ... protecting stupid people from themselves.

    All of these legal measures, this one and the bill in Utah

    that someone else has mentioned are band-aids applied

    to the sucking chest wound of the fact that the

    average 'Net user wants all the freedom of going to

    any site in the world and downloading anything he/she wants

    and none of the responsibility of intelligently choosing

    said content based on a solid understanding of how information technology actually works.

    Call me elitist if you want to, but the scary thing to me about this idea

    is that it will give lazy idiots (the people who still call themselves Newbies after using a device for years)

    another disincentive to actually gain some knowledge of the tools they use and take for granted every day.

  6. Re:Digital Agreements... by Mycroft_VIII · · Score: 5, Insightful

    I think that it'd be useful for there to be a legal standard for how a EULA must be presented to a user to be binding.

    How about, not binding unless read, agreed to, and signed BEFORE you buy/download the software for a start.
    I think shrinkwrap liscenses are a load of bull and they should be just as struck down as they were when they were tried on other products some time ago.
    Also the requirement for 'plain language' was a good thing in the proposed bill, however a requirement of prominance and a reasonable effort to make shure it's actually read would be nice as well.
    Plus some of the vagueness needs to be taken care of. As it currently stands some spyware could get through and some non-spyware could be 'caught'. I believe someone else mention the update feature on software, though I'd rather not have more than a notice be automatic, or at least require auto-updating to be turned on. McAfee's updater is broken, it tries silently EVERY 5 MINUTES. And if you've configured windows to automatically connect it'll quite happily do so and if your paying by the minute..........

    Mycroft

    --
    https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
  7. Re:Digital Agreements... by Nerd+With+Nalgene · · Score: 5, Insightful

    The problem is not in the way a EULA is displayed.
    It is that people don't want to read them. I've seen some where the reader has to scroll all the way down through the license before it is even possible to click the 'I Accept' checkbox. This is a step in the right direction, but the fact is, it isn't enough to help most users. They will figure out what they have to do do get past the license agreement, and most will never even consider reading it.

    --


    "as if nothing were solid...and that would be the end of the world, not fire and brimstone, but goo."--Rand
  8. Re:Digital Agreements... by eclectro · · Score: 5, Insightful

    I think the biggest problem with EULA's is that they can be agreed to without being fully displayed to or read by the end user.

    Maybe the biggest problem with EULAS is the fact that they exist at all.

    The only thing an application should have is a copyright notice.

    EULAs are only used to try and take away a user's rights (illegaly) that go beyond copyright.

    Do you know of any store that will take back a piece of opened software and give a refund that you disagree with the EULA ??

    EULAs are immoral in the extreme. This has to be the first issue that a computer rights group should take up.

    And the statement printed on software boxes (like microsoft's) that state "You must agree to the end user license to the software" or other such statement is so much poo smelling malarky that it's not funny.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  9. Re:Computer Crime Double Standard by CAIMLAS · · Score: 5, Insightful

    A huge part of the problem is the omnipresence of those goddamn ActiveX objects.

    I use Mozilla. I don't miss the "content" that oh so many of these objects supposedly allow me to access. I don't even know it's missing, most of the time. Most people get so many of these that they just instinctively click "yes," because otherwise something "might not work right".

    And yet people are inundated by their scourge many times daily, "Do you trust this person?" Why should I, or anyone else, have to make a value judgement on the person (or company) who set up a web page just to view their content? I shouldn't.

    You can blame MS for this mis-feature, as it's nothing but a crude hack for the inherrently insecure design in ActiveX.

    --
    ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  10. Some Spyware by cluge · · Score: 5, Insightful

    Some things that probably meet the such a broad definition of spyware -

    Windows XP
    Windows Media Player
    Internet Explorer

    All of these programs transmit personal information without your consent (sometimes this depends on your patch level and the virus du jour as well). That being said, as soon as you turned the computer on, or opened the shrink wrap you accepted the EULA. Thus you explicitly accept that your personal information will be transmitted. The same types of wording are in the EULA's often accompany spyware that people install. In the end - it's probably a mute point. Personally I think it would be more important to look at EULA as a whole and how they are used to take away the rights of consumers, as well a shield companies that knowingly sell out defective software.

    cluge
    AngryPeopleRule

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
  11. Invest in educations not prosecution by dwave · · Score: 5, Insightful


    You can't really stop spyware with illegalizing it. It comes as a addition to a programm your average Windows-users want to install. So it's their fault if they also install features that they do not want. And what's the difinition of 'spyware' anyway? Is the Windows media player spyware because it transmits your UID to Microsoft? Is Windows XP spyware with all this activation stuff? First, there has to be a clear definition of this term and it's uses. Then there might be some kind of strict and standardized guarantee or approval that the original distributor of a proprietary software product doesn't use additional features of tracking users and uses. Then a company can be held reliable if they infringe with the rules of an standardized "spyware-free"-label.
    But alas, no law can stop users who have the habit of double-clicking everything clickable, be in their Outlook in-box, their desktop or on some local network share.
    There's only one way to stop it: education for users that happen to have a computer just by incident but don't understand a thing about it and are happy without having to read manuals or EULAs

    In Europe there was a huge problem with camouflaged dialers that establish a connection to some over-priced service-providers charging as much as $35 per call. Only after the media got interested in people who got an devastating phone bill, politicians got aware of this problem and illegalized certain numbers that dialers use. Lots of loopholes are still open, but just the media coverage and the discussion about illegalizing a certain telephony service sensitized the average Windows-user that dialers is something they don't want and double-clicking unknown objects can indeed have a real-life effect.