FTC Officials Wary of Spyware Measures

Nofsck Ingcloo writes "News.com is reporting thusly: 'Two Federal Trade Commission officials ignited a political firestorm on Thursday by criticizing proposed laws targeting spyware and suggesting that the measures might harm legitimate software products, too.' During an appearance before a House of Representatives panel, FTC Commissioner Mozelle Thompson said the measures were the wrong approach to spyware and adware. Basically he is advocating a 'don't throw the baby out with the bath water' approach."

Wonder how much...

[Zondar]

he gets from these so-called "software companies" in contributions?

Re:Wonder how much...

[Lumpy]

he gets from these so-called "software companies" in contributions?

I dont think it is that, I am almost 100% sure it's just that these decision makers are incompetent in understanding what is actually being talked about.

These are men and women that dont understand a computer one tiny bit to begin with let alone the concept of a software program installed that does things secretly behind the scenes that you are not told about.

It's either someone in their staff is not accurately explaining to the leaders what the spyware really does, or this is a glaring example that the people being chosen to lead this country are in reality horribly underqualified to do the job they were selected to do.

I am betting all my money of the latter.

Re:Wonder how much...

[B'Trey]

We know that lawmakers are incompetent when it comes to understanding technology. We know that when they try to write legislation controlling technology, it's almost always a bad thing. (I say "almost" but right now, I can't think of a single counter example.) We are all aware of the purported intent of the DMCA. Whether or not you support that stated intent, we're all aware that it goes much further than that - that it threatens legitimate research into encryption, that it's used by large corporations to browbeat small companies and individuals into submission, and that it's simply a Bad Thing, regardless of the intent.

So someone stands up and says "You know, Congress doesn't have much of a track record in writing technical legislation. The intent of anti-spyware legislation might be good, but I'm not sure that the actual legislation as written will accomplish the intent and it might actually have some far reaching implications that go well beyond the intent. Lets make sure that what we pass into law is the right way to do this." Why is it that that guy's a bad guy who's being accused of being a bribed shill for corporate interests?

I don't like spam, I don't like spyware, I don't like trojans or worms or viruses. But I dislike Congress' meddling in these affairs even more - they almost always bungle the attempt and cause more harm than they do good; often they cause more harm than the problem they're trying to fix. Law isn't the solution to technical issues. Let's leave the clueless lawmakers out of it.

Re:Wonder how much...

First the average whining slashdotter above was making a joke based on his name.

Second honor in one scenario doesn't mean honor it all. I know nothing of Mr. Swindle so I assume he's an okay guy until he proves otherwise (which is unlikely since I'm unlikely to ever meet the man and he's unlikely to ever be in a high level scandle that makes CNN) but the thing that irritates me is the assumption that he's stand up because of an event 30+ years in the past. Yes he did good, yes he was honorable, yes it was important...no it was not the sole act by which he should always be judged from now on. I appreciate Mr. Swindle's service to this country and I thank him for his honor in a time of emense hardship and torment but that does not make him above questions or reproach should he be involved in something shady.

Honor and honesty are life long pursuits and those that don't see that (i.e. cops who cover up for other cops, soldiers who hide war crimes because of justifications of brotherhood, preachers who betray financial trusts in the name of God, and in general any of the any means necessary causes out there, et. al.) are the enablers of corruption in our society.

That said again I'm pretty sure the slashdotter was making a lame joke based on his name...get a life and see if someone can't remove that chip from your sholder.

Chuck it

[nycsubway]

Heave the "baby" out with the bathwater. Spyware is called spyware because of what it is. There's no mistaking a legitimate program that user chooses to install. In my opinion, if the user knows its being installed than its not spyware. If the user doesn't fully know whats being installed than it is spyware, and that type of software should be chucked out with the bathwater.

Re:Chuck it

[mi]

Will you mother know about the bug-reporting part of Mozilla, when she chooses the "complete install" -- on your insistence, she does not use IE?

Re:Chuck it

[jafomatic]

If the user doesn't fully know whats being installed than it is spyware

And how exactly do you propose to verify this beyond a doubt? Consider the old RealPlayer, which some of us were willing to install that first time, that required non-beginner knowledge to fully remove.

You and I may know what we're installing, and we might also consider it pretty stupid-easy to go edit out the thing's entries from our windows registry, but that doesn't mean your below-average-or-average user will comprehend this. Those are exactly the people who are most affected by spyware.

The rest of us already know how it got there and how to get rid of it.

Re:Chuck it

[platypussrex]

The article quotes the FTC guy as saying that if Spyware laws were implemented, then every time one did an install of something such as Office there would be hundreds of "helper" programs that would need permission, or warning, or whatever.

I can see his point... if the user is asked for a blanket permission at the start of the install then it negates the purpose of asking permission for the spyware components but if each individual program asks permission, it would take all day.

So what's the solution?

Re:Chuck it

[Mr+Guy]

No one seems to mind the checkboxes that already come when installing massive multicomponent programs such as Windows or Linux to begin with. You know the ones, they have tree hierarchies and let you select the features you want and not to select the features you don't.

Solving the problem for MOST legitimate software is as simple as requiring any software by a third party to have it's own checkbox and explanation of what that software does. Require a set of privacy keywords that is legally enforcable in those explanations. For example, a legal description for Gator may contain three keywords words: ADVERTISEMENT POPUP PHONEHOME. They could define as many keywords as the public wants, performing a "spyware function" without notifying via the keyword would trigger heavy fines. Requiring a link to a privacy policy wouldn't be a bad idea, assuming that policy had any legal weight to it.

Re:Chuck it

[B'Trey]

Defining "spy on the user." That's the problem. If you think it's easy, then post a response with a definition. Explicitly describe what's allowed and what isn't. I'm waiting to read it.

Self-regulation

[Savage-Rabbit]

Voulentary Self-Regulation by industry=Popular Republican political strategy. Basically a neat way of pretending to do something while actually ignoring the problem.

No baby

[Hi_2k]

There's no baby in the bathwater of ActiveX installs. There never was. Who needs software installed directly from the web browser? Legitimate installer programs are easy to come by, and most people who are able to go out and search for the software in the first place are smart enough to get it downloaded and installed.
There is a problem in preventing "Third party installations" from being included in the installers, as many games and legitimate tools have come to rely on DirectX, Quicktime, and Rad Game tools. But there is no necessity to include them as part of the installer itself. Meerly make a note in the installer that you need to install these utilities too and that they are included on the cd or in a setup directory.

As in real life

[Alcoyotl]

We have regulations on what people can and cannot do with private property, why should an online computer be treated differently ? Oh yeah, they flash a so called licence agreement to the user just to be on the safe side of the law, that you dismiss by either clicking yes or no (read the very fine prints). That is unnacceptable. Any program installing on a computer should clearly show how to exit the installation process, and better, unsollicited installs should be banned altogether. I'm talking about thoses occuring when you just load a web page. You never asked to install anything, or never wanted to do so, yet something asks you install it, often in a deceptive manner.

This shouldn't be too difficult to pass such a law, and legit businesses will adapt very well. As a matter of fact, legit businesses already have adapted : a clear warning or information page with a link to the install program. Plain and simple.

Solution is still crap...

[SmurfButcher+Bob]

*End Users* do not gain any authority by the fact that they can sit at a keyboard.

Doesn't matter if it's a 12 year old kid at your keyboard in your house, and it doesn't matter if it's a secretary in a 500 person company. Neither of these people have the authority to consent to anything, especially binding agreements (and contracts, which is how the s/w industry would like their EULAs treated).

All this crap does is legalize social engineering. Think about it.

Minimum

[moxruby]

At the least, there should be a law requiring all installed programs to show up in the "Add/Remove Programs" dialog and actually remove themselves when told to do so...

The point here.

[Raven42rac]

The point is this: no legitimate software should install something that you don't want, period. Ads I can agree with, people gotta eat, but Spyware is showing complete disdain for your userbase and really insults them. That would be like a car dealer giving you a free car, equipping it with GPS, slowing down the engine, making it run like crap, installing a hidden camera, and then slashing the tires. Spyware companies are not very well known for following the law, so one would hope this does not provide loopholes and ends up legitimizing Spyware, as is happening with SPAM.

Double Standards

[Bob9113]

Basically he is advocating a 'don't throw the baby out with the bath water' approach.

It's hard not to become cynical about the state of US "democracy" when spyware and spam illicit a "don't throw the baby out with the bathwater" response, but the DMCA slides through congress on a greased fast track.

Windows Messenger Service!

[budgenator]

Windows Messenger Service! What in the hell was Microsoft thinking when they allowed routable IP's to connect to Windows Messenger Service by default.

Seems like every time I thought I had it turned off, some damned windows update would turn it back on. Microsoft must have been paid off by spammers worried they couldn't use Email anymore, makes more sense than they're just that stupid.

Finaly bought a linksys router (which runs on Linux) to make the messenager spam go away for good.