Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Officials Wary of Spyware Measures

Posted by CowboyNeal on from the erring-on-caution's-side dept.

Nofsck Ingcloo writes "News.com is reporting thusly: 'Two Federal Trade Commission officials ignited a political firestorm on Thursday by criticizing proposed laws targeting spyware and suggesting that the measures might harm legitimate software products, too.' During an appearance before a House of Representatives panel, FTC Commissioner Mozelle Thompson said the measures were the wrong approach to spyware and adware. Basically he is advocating a 'don't throw the baby out with the bath water' approach."

34 of 242 comments (clear)

  1. Wonder how much... by Zondar · · Score: 5, Insightful

    he gets from these so-called "software companies" in contributions?

    1. Re:Wonder how much... by sohojim · · Score: 5, Funny

      Actually, FTC Commissioners are appointed, not elected, according to this page:

      http://www.ftc.gov/bios/commissioners.htm

      I don't think government employees can accept "contributions" from companies -- granted, that's just for "over the table" contributions.

      What's funny is that the Trade Commissioner listed after Mozelle on this page is named "Orson Swindle."

    2. Re:Wonder how much... by Zondar · · Score: 4, Informative

      "According to a search on Lexis/Nexis [lexisnexis.com] (paid search; subscription required) Claria Corporation donated $10,000 to Mozelle Thompson's campaign and WhenU.com donated $20,000."

      And why does this not suprise me?

    3. Re:Wonder how much... by Lumpy · · Score: 4, Insightful

      he gets from these so-called "software companies" in contributions?

      I dont think it is that, I am almost 100% sure it's just that these decision makers are incompetent in understanding what is actually being talked about.

      These are men and women that dont understand a computer one tiny bit to begin with let alone the concept of a software program installed that does things secretly behind the scenes that you are not told about.

      It's either someone in their staff is not accurately explaining to the leaders what the spyware really does, or this is a glaring example that the people being chosen to lead this country are in reality horribly underqualified to do the job they were selected to do.

      I am betting all my money of the latter.

      --
      Do not look at laser with remaining good eye.
    4. Re:Wonder how much... by thrillseeker · · Score: 5, Interesting
      I don't think government employees can accept "contributions" from companies -- granted, that's just for "over the table" contributions.

      What's funny is that the Trade Commissioner listed after Mozelle on this page is named "Orson Swindle."

      Orson Swindle spent six years being tortured by the North Vietnamese in a Hanoi prison. He came back from that without breaking and with his honor intact - I suspect he's a little beyond being bribed than the average whining slashdotter could even understand.

    5. Re:Wonder how much... by B'Trey · · Score: 4, Insightful

      We know that lawmakers are incompetent when it comes to understanding technology. We know that when they try to write legislation controlling technology, it's almost always a bad thing. (I say "almost" but right now, I can't think of a single counter example.) We are all aware of the purported intent of the DMCA. Whether or not you support that stated intent, we're all aware that it goes much further than that - that it threatens legitimate research into encryption, that it's used by large corporations to browbeat small companies and individuals into submission, and that it's simply a Bad Thing, regardless of the intent.

      So someone stands up and says "You know, Congress doesn't have much of a track record in writing technical legislation. The intent of anti-spyware legislation might be good, but I'm not sure that the actual legislation as written will accomplish the intent and it might actually have some far reaching implications that go well beyond the intent. Lets make sure that what we pass into law is the right way to do this." Why is it that that guy's a bad guy who's being accused of being a bribed shill for corporate interests?

      I don't like spam, I don't like spyware, I don't like trojans or worms or viruses. But I dislike Congress' meddling in these affairs even more - they almost always bungle the attempt and cause more harm than they do good; often they cause more harm than the problem they're trying to fix. Law isn't the solution to technical issues. Let's leave the clueless lawmakers out of it.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

    6. Re:Wonder how much... by kawika · · Score: 3, Informative

      What campaign? Since commissioners are appointed, why do they need to campaign? Or was this for some earlier run for office?

    7. Re:Wonder how much... by Anonymous Coward · · Score: 5, Insightful

      First the average whining slashdotter above was making a joke based on his name.

      Second honor in one scenario doesn't mean honor it all. I know nothing of Mr. Swindle so I assume he's an okay guy until he proves otherwise (which is unlikely since I'm unlikely to ever meet the man and he's unlikely to ever be in a high level scandle that makes CNN) but the thing that irritates me is the assumption that he's stand up because of an event 30+ years in the past. Yes he did good, yes he was honorable, yes it was important...no it was not the sole act by which he should always be judged from now on. I appreciate Mr. Swindle's service to this country and I thank him for his honor in a time of emense hardship and torment but that does not make him above questions or reproach should he be involved in something shady.

      Honor and honesty are life long pursuits and those that don't see that (i.e. cops who cover up for other cops, soldiers who hide war crimes because of justifications of brotherhood, preachers who betray financial trusts in the name of God, and in general any of the any means necessary causes out there, et. al.) are the enablers of corruption in our society.

      That said again I'm pretty sure the slashdotter was making a lame joke based on his name...get a life and see if someone can't remove that chip from your sholder.

  2. Chuck it by nycsubway · · Score: 5, Insightful

    Heave the "baby" out with the bathwater. Spyware is called spyware because of what it is. There's no mistaking a legitimate program that user chooses to install. In my opinion, if the user knows its being installed than its not spyware. If the user doesn't fully know whats being installed than it is spyware, and that type of software should be chucked out with the bathwater.

    --
    http://github.com/gbook/nidb
    1. Re:Chuck it by mi · · Score: 4, Insightful

      Will you mother know about the bug-reporting part of Mozilla, when she chooses the "complete install" -- on your insistence, she does not use IE?

      --
      In Soviet Washington the swamp drains you.
    2. Re:Chuck it by jafomatic · · Score: 5, Insightful

      If the user doesn't fully know whats being installed than it is spyware

      And how exactly do you propose to verify this beyond a doubt? Consider the old RealPlayer, which some of us were willing to install that first time, that required non-beginner knowledge to fully remove.

      You and I may know what we're installing, and we might also consider it pretty stupid-easy to go edit out the thing's entries from our windows registry, but that doesn't mean your below-average-or-average user will comprehend this. Those are exactly the people who are most affected by spyware.

      The rest of us already know how it got there and how to get rid of it.

      --
      ::jafomatic
    3. Re:Chuck it by platypussrex · · Score: 5, Insightful

      The article quotes the FTC guy as saying that if Spyware laws were implemented, then every time one did an install of something such as Office there would be hundreds of "helper" programs that would need permission, or warning, or whatever.

      I can see his point... if the user is asked for a blanket permission at the start of the install then it negates the purpose of asking permission for the spyware components but if each individual program asks permission, it would take all day.

      So what's the solution?

    4. Re:Chuck it by grahammm · · Score: 5, Informative

      Yes, but the bug reporting in Mozilla asks your permission before it sends any data. Also it allows you to preview what it is going to send

    5. Re:Chuck it by Mr+Guy · · Score: 5, Insightful

      No one seems to mind the checkboxes that already come when installing massive multicomponent programs such as Windows or Linux to begin with. You know the ones, they have tree hierarchies and let you select the features you want and not to select the features you don't.

      Solving the problem for MOST legitimate software is as simple as requiring any software by a third party to have it's own checkbox and explanation of what that software does. Require a set of privacy keywords that is legally enforcable in those explanations. For example, a legal description for Gator may contain three keywords words: ADVERTISEMENT POPUP PHONEHOME. They could define as many keywords as the public wants, performing a "spyware function" without notifying via the keyword would trigger heavy fines. Requiring a link to a privacy policy wouldn't be a bad idea, assuming that policy had any legal weight to it.

      --
      Never confuse volume with power.
    6. Re:Chuck it by WCMI92 · · Score: 4, Interesting

      Some sensible regulations:

      1. ALL seperate programs not fully integrated into the main program have to have a seperate EULA.

      2. Software must come with an uninstaller that completely removes ALL elements packaged with the program.

      3. "Phone Home" spyware must include in the EULA a list of exactly WHAT data it sends, and what protocals and ports it uses to do it.

      4. Spyware makers MUST have provisions to comply with COPPA, and not collect information on persons under 13 (the killer nuke regulation, one Gator can't possibly comply with, but one they could be prosecuted for RIGHT NOW)...

      --
      Corporatism != Free Market
    7. Re:Chuck it by B'Trey · · Score: 3, Insightful

      Defining "spy on the user." That's the problem. If you think it's easy, then post a response with a definition. Explicitly describe what's allowed and what isn't. I'm waiting to read it.

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  3. So why isn't the FTC prosecuting any yet? by Maestro4k · · Score: 4, Interesting
    From the article:
    • The FTC representatives countered by saying that while they were "outraged" by spyware, a careful approach was necessary. In addition, during an FTC workshop last week, a prosecutor noted that the Justice Department already had sufficient legal authority under existing computer crime laws to put the most noxious spyware makers in prison.
    If this is true then why aren't they? There are certainly several spyware products "noxious" enough to warrant a prosecution. Sounds like a bluff to me.

    While I understand the FTC needs to protect legitimate business interests along with consumer's interests, this is ridiculous. Yes there may be difficulty in wording the bill so that it doesn't hinder legit software, but that's something that can be resolved. Self-regulation sure as hell isn't going to work, the adware and spyware companies have shown little to no restraint in doing whatever they damn well please.

    Don't believe that last sentence? Just check out how they all claim you have to opt-in to their software, that it's never installed without your permission. Then check out the ad/spy-ware infected software installs and see if they warn you about them. I've yet to see a warning when one of the buggers shows up, and I do read the info during my software installs.

    And finally, just try to remove one without a 3rd-party utility, they're nearly impossible to remove. That alone makes them trespassers to me, since you can uninstall them but they're still partially there, cluttering up your hard drive and mucking with your OS.

  4. Basically he is advocating a 'don't throw the baby by eclectro · · Score: 4, Funny

    Basically he is advocating a 'don't throw the baby out with the bath water' approach."

    In this case the baby is green, has 10 eyes, keeps track of your every move, spits in your face with ads, and is guaranteed to wreck your house.

    So you do toss the baby out with the bathwater. Otherwise you have a monster on your hands.

    Some call him Gator

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  5. Self-regulation by Savage-Rabbit · · Score: 3, Insightful

    Voulentary Self-Regulation by industry=Popular Republican political strategy. Basically a neat way of pretending to do something while actually ignoring the problem.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow
  6. No baby by Hi_2k · · Score: 4, Insightful

    There's no baby in the bathwater of ActiveX installs. There never was. Who needs software installed directly from the web browser? Legitimate installer programs are easy to come by, and most people who are able to go out and search for the software in the first place are smart enough to get it downloaded and installed.
    There is a problem in preventing "Third party installations" from being included in the installers, as many games and legitimate tools have come to rely on DirectX, Quicktime, and Rad Game tools. But there is no necessity to include them as part of the installer itself. Meerly make a note in the installer that you need to install these utilities too and that they are included on the cd or in a setup directory.

    --
    When life gives you crap, Make Crapade.
    Sluggy Freelance.
    1. Re:No baby by dave420 · · Score: 3, Interesting
      Web plugins are the perfect example of legitimate web-borne installs. Flash player? Fine. Install.

      I actually like microsoft's approach in IE - it tells you the signer of the app (if any), and gives you info on who's giving you the software. It lets you know exactly who's trying to install what on your machine. True, 90% of the time it's crap, but 10% of the time it's something genuinely useful.

      Take DirectX out of the install package? Do you know how many calls to their CS that will cause? People are dumb - they don't read install notes (heck - on windows you don't have to). Also, an installer for a game should install the game on your machine, including everything it needs. It should be a two-clicks-and-youre-playing scenario, not a multiple-application approach to installing software. Windows users are used to minimal fuss when installing, and rooting around CDs for software you need to install is pointless (especially when most people will end up running the same apps in the same order, anyway).

      It's false security. Moving DirectX/etc out of the install package just causes people to run them from different locations. If they had spyware in them, they'd still be installed on most computers. All you've succeeded in doing is making the install procedure more complicated and time-consuming. The same amount of machines will be tainted, regardless.

  7. Re:Not all 'adware' is bad by kinema · · Score: 3, Funny
    "Personally, I love "adware" such as New.Net and don't understand what the big deal is about. New.Net is simply a new approach to domain registration and lookup, and a clever one at that. If New.Net is what we're talking about when we say "adware" - then sign me up for more!"
    This post has been brought to you by the fine folks at New.Net.
  8. As in real life by Alcoyotl · · Score: 5, Insightful

    We have regulations on what people can and cannot do with private property, why should an online computer be treated differently ? Oh yeah, they flash a so called licence agreement to the user just to be on the safe side of the law, that you dismiss by either clicking yes or no (read the very fine prints). That is unnacceptable. Any program installing on a computer should clearly show how to exit the installation process, and better, unsollicited installs should be banned altogether. I'm talking about thoses occuring when you just load a web page. You never asked to install anything, or never wanted to do so, yet something asks you install it, often in a deceptive manner.

    This shouldn't be too difficult to pass such a law, and legit businesses will adapt very well. As a matter of fact, legit businesses already have adapted : a clear warning or information page with a link to the install program. Plain and simple.

  9. Solution is still crap... by SmurfButcher+Bob · · Score: 4, Insightful

    *End Users* do not gain any authority by the fact that they can sit at a keyboard.

    Doesn't matter if it's a 12 year old kid at your keyboard in your house, and it doesn't matter if it's a secretary in a 500 person company. Neither of these people have the authority to consent to anything, especially binding agreements (and contracts, which is how the s/w industry would like their EULAs treated).

    All this crap does is legalize social engineering. Think about it.

    --

    help me i've cloned myself and can't remember which one I am

  10. Minimum by moxruby · · Score: 3, Insightful

    At the least, there should be a law requiring all installed programs to show up in the "Add/Remove Programs" dialog and actually remove themselves when told to do so...

  11. The point here. by Raven42rac · · Score: 4, Insightful

    The point is this: no legitimate software should install something that you don't want, period. Ads I can agree with, people gotta eat, but Spyware is showing complete disdain for your userbase and really insults them. That would be like a car dealer giving you a free car, equipping it with GPS, slowing down the engine, making it run like crap, installing a hidden camera, and then slashing the tires. Spyware companies are not very well known for following the law, so one would hope this does not provide loopholes and ends up legitimizing Spyware, as is happening with SPAM.

    --
    I hate sigs.
  12. Wired news article today by Zog+The+Undeniable · · Score: 4, Informative

    About a particularly nasty form of spyware.

    --
    When I am king, you will be first against the wall.
  13. Re:For all the people supporting outlawing spyware by Anonymous Coward · · Score: 3, Interesting

    "Nobody is forcing people to install this software; people agree to install it themselves."

    Bull!!!
    I've a twelve year old developmentally disabled child who surfs wesites such as Disney, Cartoon Network, Goosebumps, Warner Brothers etc.
    A recent cleaning with Adaware and Spybot Search and destroy revealed over 150 instances of spyware on his computer including one goofy search toolbar which prompted the most recent cleaning.
    Do you think he agreed to install this shit on his computer? Most of the time I can't get him to agree to take a bath. Quite frankly, I think these kid friendly sites need to clean up their act or face some consequences.
    They all have these nifty little games, wallpapers, movie trailers, along with, Gator, Claria, and tons of spyware children have to install to view or play the content.

  14. Tin foil from the other side by maximilln · · Score: 4, Interesting

    While the majority of the American public lacks the critical thinking ability to be able to consider the far reaching implications of their actions there are a few people, hopefully in positions with real capability of impact, who can see the problem for what it is. The average American doesn't realize the full power vested in a web browser that integrates tightly with the operating system. Most Americans don't realize what kind of trouble they're getting themselves into when they demand that their web browser be able to directly access their sound card, or their video card, or integrate seamlessly with apps on their system so that everything seems to be running inside the browser window as if the browser _were_ the operating system. These citizens clamor for functionality and then clamor for security. It is possible to have both but the price is in learning or in cost and both of these are unacceptable to the popular citizenry.

    People in general, and Americans in particular, are obsessed with the mantra of "do something". Perhpas it has been beaten into our culture from the WW-I and WW-II era old hardtimers who felt the indignance of being marched off to war and then watch their subsequent generations enjoy profit without the pain of shell-shock or watching best friends get riddled with bullets. Whatever the reason the American society seems to be unable to enter into a state of natural flux--ebb and flow. Instead American society is stuck in a full steam ahead approach to everything. Refinement means nothing and progress means everything. The definition of progress is addition and more addition. The component of progress that involves improvement has been swamped by the "do something" drive to add more.

    Adware and spyware have come about because the operating system and web browser which appeals to the popular citizenry has given them what they want. It has given them more and more and more as they asked. When the problems arose that, in a normal system, would have encouraged refinement and improvement, the users demanded more and more and more. This resulted in EULAs. EULAs made it possible for the software industry to concentrate on giving the users what they want: more. EULAs made it possible for software manufaturers to be free and clear of the necessary refinements and improvements which could have made adware and spyware obsolete before it ever started.

    The approach to this problem is not to pass more laws. That approach does nothing but feed the "do something" attitude which has brought us to the quagmire of today. The approach to this problem is to refine and improve what we have. We need not to add more laws but rather to remove the artificial laws which give umbrella protection to less than optimal designs.

    --
    +++ATHZ 99:5:80
  15. Spyware == Viruses by Stiletto · · Score: 3, Interesting


    Shouldn't spyware already be covered by laws against spreading viruses? Spyware is software installed on my machine without my knowing it, and this is exactly what happens when a virus spreads. What's the difference?

    When it's distributed by a business, it's called spyware, and when it's distributed by a 14-year-old, it's a virus. Is this asinine or what?

  16. Double Standards by Bob9113 · · Score: 3, Insightful

    Basically he is advocating a 'don't throw the baby out with the bath water' approach.

    It's hard not to become cynical about the state of US "democracy" when spyware and spam illicit a "don't throw the baby out with the bathwater" response, but the DMCA slides through congress on a greased fast track.

    --
    Stop-Prism.org: Opt Out of Surveillance
  17. Which is baby and which is bath water? by budgenator · · Score: 3, Interesting

    I had an oppertunity to drive one of our state representatives around for a weekend. And one of the things that I came to understand is how incredably difficult it is to write legislation, that does what it is supposed to, only does what it is supposed to, is applied by procesecutor's that are too zealous and too lax and is not ripped appart by judges that are too conservative, liberal or senile.

    It's kinda like writing a program that has to be bug-free on release, the spec's change constantly and the whole QA department is at a seminar the last week of production.

    Slow and careful can be good, it's not like there isn't good antispyware software out there for free. Personaly I use Spybot S&D it's free as in beer, no cost, exceptS donations. You can find them at www.safer-networking.org.

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  18. What legitimate software would be harmed? by Ra5pu7in · · Score: 3, Interesting

    The FTC is off their rocker. What legitimate software out there is unable or unwilling to comply with this legislation? Seems to me that simply notifying the customer of the exact actions of the software and making removal of the software a normal process would be sufficient. When I load software, and it includes components that may contact a website and send information, I want to be told this and EXACTLY what will be sent and choose yes or no to this specifically. A good example is WinAmp. After installation, I was asked to register and decide if I wanted usage information to be sent periodically. Self-correction has never worked with slimy businesses. The good businesses do change so that the distinction is clearer (no good business wants to be seen as slimy). However, the slime won't stop until it is made difficult to impossible for them to proceed.

    --
    I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
  19. Windows Messenger Service! by budgenator · · Score: 3, Insightful

    Windows Messenger Service! What in the hell was Microsoft thinking when they allowed routable IP's to connect to Windows Messenger Service by default.

    Seems like every time I thought I had it turned off, some damned windows update would turn it back on. Microsoft must have been paid off by spammers worried they couldn't use Email anymore, makes more sense than they're just that stupid.

    Finaly bought a linksys router (which runs on Linux) to make the messenager spam go away for good.

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds