Slashdot Mirror

← Back to Stories (view on slashdot.org)

NYS Senator Suggests Criminalizing Spyware

Posted by timothy on from the truth-in-labeling dept.

putch writes "New York State Senator Michael Balboni has introduced legislation to make the dissemination of spyware a criminal act. You can read the full bill text here. Is this a good thing? It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user. It would seem to me (IANAL) that it would be quite unenforceable, but may send the right message to spyware outfits. Also interesting is that it requires any 'legitimate' spyware to disclose any bandwidth it may consume and requires the disclosure to be in bits per second." The bill is quite short and readable. (This might remind you of the recently introduced anti-spyware bill in the U.S. Senate.)

20 of 322 comments (clear)

  1. When is he up for re-election? by Liselle · · Score: 5, Insightful
    It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user.
    Doesn't sound like it will catch most of what we call Spyware. Pond-scum companies like Gator/Claria can always count on stupid people who click through EULAS. Barring that, they can always attach themselves to a legitimate program that needs the revenue, and may require the Spyware installed in order to function (blah blah, AdAware, but that's not the point).

    I'd be more interested in something that took a dig at the EULAS, in the grand tradition of protecting silly people from themselves. This bill looks like do-nothing election-year fluff. Were I a New Yorker, I'd tell this fellow to go back to the drawing board and try again.
    --
    Auto-reply to ACs: "Truly, you have a dizzying intellect."
    1. Re:When is he up for re-election? by LostCluster · · Score: 5, Insightful

      It's the definition of "explicit approval" that needs to be worked on...

      Gator's lastest tactic is to display a hyperlink in the ActiveX install box that the user has to click on in order to see the terms of service. If the user just clicks "Yes" without visiting that link, they've agreed to a long document worth of terms without having them transmitted.

      That shouldn't be possible. That shouldn't be considered an acceptance of the license.

    2. Re:When is he up for re-election? by maximilln · · Score: 5, Insightful

      I still don't understand why the software industry gets the EULA privelege while other idustries are at least somewhat accountable for producing a quality product. EULAs are getting to be so broad that they mirror the OSS example of,"If this software eats your hard drive we are not responsible." I accept it from OSS/GPL software because I'm not paying for it and it's not using information from my system to make a profitable database for someone else.

      In America, you pay for the privelege to be spied on, infiltrated, and abused? wtf?

      --
      +++ATHZ 99:5:80
    3. Re:When is he up for re-election? by maximilln · · Score: 5, Insightful

      Indeed. And, for some reason, the fact that a user has clicked the EULA negates all expectation of any sort of preexisting ethical or moral guidelines.

      I think this world has degenrated to a level of: Regardless of any legal documents you may think exist, you have no rights. Now, if you'll just sign here and agree to let us hamstring you, we might give you some of those rights that you think you have. If you don't sign the dotted line then you're free to take your chances at paying rent while working as a cashier at McDonald's.

      --
      +++ATHZ 99:5:80
  2. Criminalizing is a bad idea by Anonymous Coward · · Score: 5, Insightful

    Because the law will be overly vague, and the next thing you know, you'll be going to jail for writing software which has online updating.

    1. Re:Criminalizing is a bad idea by maximilln · · Score: 5, Funny

      There were many of us who were enraged by the introduction of cookies to the WWW environment. Venerable web browsers such as lynx will, even today, still ask you explicitly if you want to store each and every cookie while more user-friendly web browsers have cookie access controls which do little more than hide the cookies from the user.

      Those of us who warned of the slippery slope of cookies were ridiculed and ostricized by starry-eyed users who were lured by promises of ease of use, functionality, and customized foot rubs.

      I guess they got what they deserve--spyware, malware, adware, and spam--now they want us to do something to stop it.

      --
      +++ATHZ 99:5:80
  3. Use Utah law as inspiration for a better Fed. law? by Eric+Smith · · Score: 5, Informative
    We just need the Federal equivalent of Utah's recently enacted spyware law. Although we should try to make sure our congresscritters don't pass a weaker one that overrides better protections at the state level.

    LWN ran a story about the Utah anti-spyware law last month. A number of parties objected, but don't appear to have any legitimate grounds for complaint. The law doesn't ban spyware outright, but requires that spyware explain to the user what it will do, and obtain the user's consent before doing it. Only naughty people/companies should have a problem with that.

    The LWN story links to an excellent analysis of the law by Benjamin Edelman.

  4. Explicit Approval? by williamstephens007 · · Score: 5, Insightful
    defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user

    Seems like the problem here is "explicit approval". I have personally witnessed people who just answer "YES" or "OK" to anything and everything that pops up on their screen - are they not giving explicit approval? They may be signing away their first born in a paragraph you have to scroll down to see, and they would never know.

    --
    William Stephens
    MCSE,MCDST,Well Respected VBScripting Guru
    williams007@yahoo.com,(212)275-4831
  5. Yes, this WILL end spyware by AtariAmarok · · Score: 5, Funny

    This effort from Congress will work very well. After all, they have a good track record. The day Bush signed the "Can Spam Act", the spam shut off; haven't seen any since.

    --
    Don't blame Durga. I voted for Centauri.
  6. Computer Crime Double Standard by Featureless · · Score: 5, Interesting

    What if I sneak into a Big Company's computers without their knowledge, using a hacking tool masquerading as a harmless program, or perhaps piggy-backing on a "legitimate" application, and then hide there, secretly reporting traffic and even keystrokes back to a central server? Let alone if I do it sloppily, slowing them down, crashing them, popping up distracting windows all the time?

    I think I'd go to prison, don't you?

    Why, I think there are some laws against doing that.

    Now, switch Big Company with some anonymous little guy. And we debate about whether or not it should even be specifically against the law... Hah.

    --

    Want to Know How to Cheat the GPL? Read On!
    1. Re:Computer Crime Double Standard by CAIMLAS · · Score: 5, Insightful

      A huge part of the problem is the omnipresence of those goddamn ActiveX objects.

      I use Mozilla. I don't miss the "content" that oh so many of these objects supposedly allow me to access. I don't even know it's missing, most of the time. Most people get so many of these that they just instinctively click "yes," because otherwise something "might not work right".

      And yet people are inundated by their scourge many times daily, "Do you trust this person?" Why should I, or anyone else, have to make a value judgement on the person (or company) who set up a web page just to view their content? I shouldn't.

      You can blame MS for this mis-feature, as it's nothing but a crude hack for the inherrently insecure design in ActiveX.

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  7. It should be enforceable... by LordZardoz · · Score: 5, Insightful

    The test would be to see what sort of thing the user has to click to agree to use the spyware.

    If its a 30 page EULA, with a 'next' button, then it is not explicit approval.

    If its a large dialog box that says "Do you wish to provide Company X with personal information", and lists what info it will send, then that is explicit.

    If someone files a complaint under this law, and the spyware does not comply with the appropriate standards, then the company pays a fine (income for the state!), and possibly jail time.

    END COMMUNICATION

  8. The Congress is expert at by Anonymous Coward · · Score: 5, Insightful

    ... protecting stupid people from themselves.

    All of these legal measures, this one and the bill in Utah

    that someone else has mentioned are band-aids applied

    to the sucking chest wound of the fact that the

    average 'Net user wants all the freedom of going to

    any site in the world and downloading anything he/she wants

    and none of the responsibility of intelligently choosing

    said content based on a solid understanding of how information technology actually works.

    Call me elitist if you want to, but the scary thing to me about this idea

    is that it will give lazy idiots (the people who still call themselves Newbies after using a device for years)

    another disincentive to actually gain some knowledge of the tools they use and take for granted every day.

  9. Re:Digital Agreements... by Mycroft_VIII · · Score: 5, Insightful

    I think that it'd be useful for there to be a legal standard for how a EULA must be presented to a user to be binding.

    How about, not binding unless read, agreed to, and signed BEFORE you buy/download the software for a start.
    I think shrinkwrap liscenses are a load of bull and they should be just as struck down as they were when they were tried on other products some time ago.
    Also the requirement for 'plain language' was a good thing in the proposed bill, however a requirement of prominance and a reasonable effort to make shure it's actually read would be nice as well.
    Plus some of the vagueness needs to be taken care of. As it currently stands some spyware could get through and some non-spyware could be 'caught'. I believe someone else mention the update feature on software, though I'd rather not have more than a notice be automatic, or at least require auto-updating to be turned on. McAfee's updater is broken, it tries silently EVERY 5 MINUTES. And if you've configured windows to automatically connect it'll quite happily do so and if your paying by the minute..........

    Mycroft

    --
    https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
  10. Re:Digital Agreements... by Nerd+With+Nalgene · · Score: 5, Insightful

    The problem is not in the way a EULA is displayed.
    It is that people don't want to read them. I've seen some where the reader has to scroll all the way down through the license before it is even possible to click the 'I Accept' checkbox. This is a step in the right direction, but the fact is, it isn't enough to help most users. They will figure out what they have to do do get past the license agreement, and most will never even consider reading it.

    --


    "as if nothing were solid...and that would be the end of the world, not fire and brimstone, but goo."--Rand
  11. Agreed by mfh · · Score: 5, Informative

    > Doesn't sound like it will catch most of what we call Spyware.

    I'd have to agree. Spyware is any software that installs, either with or without permission, to monitor the user and relay information to third parties, for the purposes of selling merchandise or services. Spyware runs in the background, and is difficult to uninstall, or breaks other programs when uninstalled.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  12. Trolling for dollars by Safety+Cap · · Score: 5, Informative
    I run a network ~ [blah blah] ~. Spyware is now our number one threat of individual system stability ~ [blah blah].
    Here's a hint: block every one of your gateway's ports, unless specifically requested, documented, and justified for a business function. Same goes for email attachments. Then block (at your proxy) all the known spyware sites (and stuff that contains "ad" in the DNS name).

    You might also, I don't know, image the person's drive; when they screw up the machine, restore the image instead of trying to "clean" it. That way you only spend a few minutes dealing with that, and they get the reinforcing pain of losing all their personalized settings. After doing that a few times, they'll figure out that downloading CRAP is bad.

    --
    Yeah, right.
  13. Re:Digital Agreements... by eclectro · · Score: 5, Insightful

    I think the biggest problem with EULA's is that they can be agreed to without being fully displayed to or read by the end user.

    Maybe the biggest problem with EULAS is the fact that they exist at all.

    The only thing an application should have is a copyright notice.

    EULAs are only used to try and take away a user's rights (illegaly) that go beyond copyright.

    Do you know of any store that will take back a piece of opened software and give a refund that you disagree with the EULA ??

    EULAs are immoral in the extreme. This has to be the first issue that a computer rights group should take up.

    And the statement printed on software boxes (like microsoft's) that state "You must agree to the end user license to the software" or other such statement is so much poo smelling malarky that it's not funny.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  14. Some Spyware by cluge · · Score: 5, Insightful

    Some things that probably meet the such a broad definition of spyware -

    Windows XP
    Windows Media Player
    Internet Explorer

    All of these programs transmit personal information without your consent (sometimes this depends on your patch level and the virus du jour as well). That being said, as soon as you turned the computer on, or opened the shrink wrap you accepted the EULA. Thus you explicitly accept that your personal information will be transmitted. The same types of wording are in the EULA's often accompany spyware that people install. In the end - it's probably a mute point. Personally I think it would be more important to look at EULA as a whole and how they are used to take away the rights of consumers, as well a shield companies that knowingly sell out defective software.

    cluge
    AngryPeopleRule

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
  15. Invest in educations not prosecution by dwave · · Score: 5, Insightful


    You can't really stop spyware with illegalizing it. It comes as a addition to a programm your average Windows-users want to install. So it's their fault if they also install features that they do not want. And what's the difinition of 'spyware' anyway? Is the Windows media player spyware because it transmits your UID to Microsoft? Is Windows XP spyware with all this activation stuff? First, there has to be a clear definition of this term and it's uses. Then there might be some kind of strict and standardized guarantee or approval that the original distributor of a proprietary software product doesn't use additional features of tracking users and uses. Then a company can be held reliable if they infringe with the rules of an standardized "spyware-free"-label.
    But alas, no law can stop users who have the habit of double-clicking everything clickable, be in their Outlook in-box, their desktop or on some local network share.
    There's only one way to stop it: education for users that happen to have a computer just by incident but don't understand a thing about it and are happy without having to read manuals or EULAs

    In Europe there was a huge problem with camouflaged dialers that establish a connection to some over-priced service-providers charging as much as $35 per call. Only after the media got interested in people who got an devastating phone bill, politicians got aware of this problem and illegalized certain numbers that dialers use. Lots of loopholes are still open, but just the media coverage and the discussion about illegalizing a certain telephony service sensitized the average Windows-user that dialers is something they don't want and double-clicking unknown objects can indeed have a real-life effect.