Slashdot Mirror
Anti-Spyware Bill up for Vote in Congress
paul_friedman writes "According to Reuters - The U.S. House of Representatives will vote as soon as next week on a measure to crack down on deceptive "spyware" that hides in users' computers and secretly monitors their activities."
A lot of these programs do tell you that they are going to load Gator or some other piece of sh*tware. However, it is buried in the middle of the EULA which most people "pagedown" through rather than read 10 or 15 screens of fine type legalese. I do read them or at least scan them for the part about giving me even more
"free productivity"
software. This legislation like the spam legislation (CanSpam), will simply embolden those who have been hesitant. Now that they can legally load your system up with spyware as long as tell you somewhere, no matter how hard it would be to actually find it, they will do so. I just wonder what these politicians are smoking when they come up with these "solutions."-erick
http://www.busyweather.com/
I don't get any more free computers that "don't work?"
I would be prudent to put spyware in diebold's voting machines though.,.
"It's not like your minds are as open as the source you love..." - Me to the majority of Slashdot.
As if the people who write spyware care about the law and doing what's right
It's probably going to be as effective as the CANSPAM act.
How are they going to nail people in Russia and China?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'm guessing since a lot of this garbage originates overseas that we can use this as another poor excuse to go to war??? /duck
Does this count with their spyware?
What will the honest folk at claria (a.k.a. gator), "A Leader in On Line Behavioral Marketing", The do about this?
I'm certain it will be JUST as effective as CAN-SPAM.
"Straddling the sword of technology..."
More useless laws that can not be enforced.
Just like attempts to make P2P filesharing illegal, it will be virtually impossible to regulate or control.
www.effectiveelectrons.com "chips that work" Analog, RF, Mixed Signal
Nice, more unenforceable legislation. Go Congress!
Corporations contributing to congressional campaigns are exempt, of course.
Like Hank Hill says: "A squeaky wheel gets a greasin'". So contact your senator and let him know how how you feel.
...it's time to get the tree trimmers out, heat them up to temperatures that will cauterize, and then truncate something important to the spyware authors...
Of course, if the dominant web browser weren't vulnerable to installing trojan software on a user's computer in the first place this would be a moot point.
Do not look into laser with remaining eye.
Isn't this already illegal? Lately I'm afraid of legislation banning things that are already illegal. Take the DMCA, for instance; copyright violations were already punishable, but all of a sudden a whole slough of other things are, too.
I say, let's strengthen our ability to enforce laws we already have on fraud and invasion of privacy. It seems new laws, making more things illegal will simply become another "gotcha" for folks using legitimate software.
80% of what I do at work is cleaning spyware. I would be out of a job if it stopped existing.
I think this may legalize spyware...
:)
*sigh*
bad enough already...
in other news... FF is out there... it may prevent some...
atleast for now...
There is really nothing that can be done. It is called social engineering. The end user does let them into the computer, not by choice, just by staight ignorance. This is just another set of laws that will mean nothing.
It'd really be nice to see this issue talked about in the more mainstream press, so that it gets a negative following like spam has. Might not solve it, but at least people will know it exists.
"Shared pain is lessened; shared joy is increased. Thus we refute entropy" - Spider Robinson
So now it's going to be a crime to commit a crime?
~*~ ~*~ ~*~
yes, girls read /. too...
What really needs to be done: have the gov't put in place a formal pricipal that states THIS. Maybe then they'd actually accomplish something.
I'm making the cd as simple as I can and so easy my Mom could use it. Hopefully I can make some money teaching instead of all these formats.
If it pans out it should be on an ebay site near you soon ;-)
I'm not anti-social, I'm anti-idiot.
I think governments really have more important things to think about than spyware and spam - oh, I don't know... wars, the economy, health care, education, ways to spend the money they make off the tobacco industry for everything possible except for the health issues they are saying they nede the money to pay for...
If someone installs spyware it is their fault. Nothing is free on a Windows machine. Take some personal responsibility for jebus sake.
Here's a question. Why are all the spyware programs written for Windows rather than Mac or Linux. There are perfectly good freeware programs for the other OSs and they aren't laden with the crap?
http://www.knopper.net/knoppix/index-en.html
Boot it, love it.
Knowledge is power. Knowledge shared is power multiplied.
Government, as close minded as they come, looks like will lay another golden egg like CANSPAM act, which will legalize spyware in some way, shape or form.
Self governance is the best. I am loading up on any decent and trustable spyware acanner out there even though, I do not download much stuff from the cyberspace. If it is upto the government to protect my computer, I am sure they will do a much worse job than using a strainer as an umbrella while it's raining cats and dogs.
__________
The more I know people, the more I love animals
My all-time favorite home page. This one site keeps thousands of techs worldwide gainfully employed.
http://jayceecorder.blogspot.com
Maybe it's just me, but wouldn't it make more sense to create an agency (in the manner of the FCC or CRTC) with the mandate to regulate these types of activities? That one agency, given the ability to pass regulations as the FCC has, would be able to regulate things like SPAM, Spyware, and other interests (viruses perhaps?). They could impose fines for companies that write programs to do this kind of work, publish lists of software banned under the regulations, and so forth.
Just like the acts that created the CRTC and the FCC, it would be a simple matter for Congress to say 'there is a problem, you guys handle it', rather than having to learn the full issue every time something needs to be done.
--Dan
Being the honest, law abiding, trustworthy corps these spyware companies are. I'm sure they will comply! Expecially when the law in question will be virtually uninforcable. We can trust them! Really!
As many others have pointed out, this will probably be as effective as a law as CAN-SPAM was. What they really need to do is to make it illegal for companies to profit from the selling of the data that these spyware/adware programs collect.
If you'll excuse me, I have to go upstairs and uninstall SpybotSD and Ad-Aware from my Windows box!
This is just like when they made spam illegal. Oh, the joy I felt when I removed all the anti-spam measures from my server-- my heart was truly singing!
I can make shit that looks like food!
I have always wondered something... do some hopeless dumb dolts actually use spyware? I mean... some idiot might think weatherbug or bonzi buddy could be helpful. Some please respond...
I hope they make it work BC I've seen spyware KILL many computers. I blame IE and Neopets. The 2 EVILS of the internet.
~ Mooga
that guarantees X amount of money to be put into enforcement/education efforts against existing cybercrime?
We don't need any more laws. We need law enforcement of existing laws. The current anti-computer tampering laws are effective in most cases.
Wait....
If you want this agency to get off of the ground,
better get that acronym (best if it's a three
letter one) for it now!
That requires /. to change to damn theme for IT ... christ, I like my eyes ... why are you tring to blind me ...
Like so many things Govt's do isn't it "bolting the stable door"? Spyware is out there, asking for people to "agree" to have it is just asking for a whole flood of "legalised" versions to infest PC's worldwide. Biggest problem is *obviously* that like spam this stuff usually comes from outside the "controlled" zone eg China, Russia, Papua New Guinea etc. Harden your security or change to a more secure system or get a better firewall! Then again I run OS X so I don't have to deal with this day on day...
I think the government should require people to obtain an Internet license, to get access to the Internet. It could be not only preventional (eg, avoiding spyware, how to remove it), but educational (incorporating a bit of HTML, possibly). It'll probably destroy the essence of the Internet (eg, a kind of virtual library), but people will be more educated.
Just like can-spam. Because they make it too complicated. It is really a case of illegal electronic surveillance, just like an illegal wiretap. You shouldn't be allowed to do it without a court order. The last I heard that was already a felony.
As usual they would rather pass a new pile of crap than enforce whats already on the books.
Professional Politicians are not the solution, they ARE the problem.
the Assault Weapons ban? Feel-good indeed, and unenforced.
It's a PR stunt for the people who live in fear of what they do not understand.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
A slightly new EULA for windows.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
Here's the actual bills (not sure which two the article refers to):m p/~c108vFrH4s:: m p/~c108vFrH4s:: m p/~c108vFrH4s:: m p/~c108vFrH4s::
http://thomas.loc.gov/cgi-bin/query/D?c108:1:./te
http://thomas.loc.gov/cgi-bin/query/D?c108:2:./te
http://thomas.loc.gov/cgi-bin/query/D?c108:3:./te
http://thomas.loc.gov/cgi-bin/query/D?c108:4:./te
BTW, these bills have been around for years. Senator John Edwards introduced one in 2000.
Yet how many loopholes will be present to allow law inforcement to install keystroke loggers and port sniffers with any sort of warrent from a judge.
No doubt they'll justify any blatent breach of personal rights with a big 'fight terror' or 'freedom police' sticker and a grin.
I'll bet some spyware companies are already passing on data they collect in 'suspect' countries to higher powers. I mean, if there are spyware infected PCs in say... France, don't you think that greasy agents are taking advantage of that now. Expect exemptions, official or otherwise, for spyware companies that jump into bed with enforcers looking to get around the law.
May the Maths Be with you!
Fetch the comfy chair! For those of you who didn't figure it out that was a reference to the monty python's spanish inquisition sketch. Using a comfy chair as a torture device rarely yields many confessions, and is somehow linked to my 2 cents (or it was a desparate atempt to say something funny). Anyway it is understandable that something tied to the internet like spyware laws are hard to enforce, same thing with spam. OF course there is one thing that can keep these laws from seeming useless if they are hard to enforce and that is grossly inflated penalties. Even if only a small percentage of spyware jerks were caught I think a good 15 year sentence would be a decent deterent. Wouldn't stop everybody but it would be something. MAybe something worse would work better. I used to live in Sicily where laws are not well enforced. However most non-traffic laws are obeyed pretty well and the italian police, the Caribineiri are treated pretty well by the citizens. Why, because if you sh!t on the Caribinieri they will mess you up. Crumple you up like a paper bag and toss you in the corner. People some times argue with the Care Bears (nickname) but only softly and not when the care bears are being firm. So why not this, if you are responsible for spyware, your name, adress, and picture will be posted on a public registry, you are barred from using computers, your assets are siezed, and you have to do hard time. Works for me. Even if its hard to enforce sometimes all you need is an example
The article is actually rather devoid of information. If you want real data, you gotta go to the source: The Library of Congress.
For example, many articles in this thread have talked about them burying the the notice in the EULA. From the House bill:
The notice clearly distinguishes such notice from any other information visually presented contemporaneously on the protected computer.
They call that "clear and conspicuous notice in plain language", and it goes on from there.
As for enforcement: there's less spyware than spam. Spyware takes time to write, and it takes time to make it useful enough that dumb users install it. Claria is easily tracked down, and if they don't ask "This program will collect and transmit information about you. Do you accept?", they go to jail. Stupid users will click anyway, but "Against stupidity the gods themselves contend in vain" (Frederick Schiller).
The solution isn't perfect: some malware writers will just move offshore, for example. But I have reason to believe that this legislation will do at least some good.
From the article:
Spyware can sap computing power, crash machines and bury users under a blizzard of unwanted ads. It can ca pture passwords, credit-card numbers and other sensitive data.
And this law is going to stop it?
And further,
Violators could face millions of dollars in fines.
If you're using spyware to steal credit card info the only millions you're likely to have are those you stole.
I hate to use the slippery slope argument, but that's seems to be what's happening here. Whether it's a law against spam, hacking, or illegal file sharing, it would appear to have little or no effect.
There's no doubt that this bill is noble and good, and its authors have the best intentions, And if this bill makes it to the floor of the Senate, of course it will pass. But the legislation is basically futile. It's already illegal to write and distribute viruses but that hasn't done anything to stop them. Ultimately it's up to the end user to protect his own computer.
You preachers of doom are missing the point of this legislation. If you can prevent major websites (yes, and porn ones) from tieing up with companies that provide spyware, it may be good enough to protect the average user from installing that shit onto his computer just by browsing the news.
Starbucks, Harbuckle of Breath.
"The U.S. House of Representatives will vote as soon as next week on a measure to crack down on deceptive "spyware" that hides in users' computers and secretly monitors their activities."
This one is a slam dunk. I mean, what government offical wants their computer to secretly monitored??? ^_^
You need a FREE iPod Nano
The only law which will truly cut down on spyware would be one which bans Internet Explorer.
A lot of spyware isn't 'piggybacked', it's installed through IE browser exploits. A number of people run into the exploits when they mistype a URL or search for porn.
Attempting to pass legislation against companies which will just relocate to other countries is pointless.
If you get a good Linux distro and learn how to use it effectively (it really isn't that hard), you won't have to worry about spyware.
But, I guess stupid people will never learn.
Just because something is legal doesn't mean it is ethical.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
Sure, that's the most important thing for making spyware more of a "non issue" -- but legislating it isn't going to change much of anything.
At last check, SpyBot - Seek and Destroy was looking for well over 17,000 known spyware/ad-ware type programs that could be on your machine, and many of them get installed by downloader viruses.
Even if legislation really was 100% effective at stopping anyone from ever writing another new piece of spyware tomorrow (as if!) - the existing 17,000 plus things out there would be grandfathered in as still legal and wouldn't stop wreaking havock.
For instance...
Ability to opt-out (or must opt-in) to tracking/privacy related features.
Non-solicitation agreements.
Use of personal information. etc.
Also, force companies to have a brief overview of the EULA so consumers can actually determine what it is they are actually agreeing to without having a law degree.
A man can dream...
It is time to stop PASSING LAWS, and TIME TO START ENFORCING the EXISTING LAWS.
FOR the LOVE OF Allah!!!
I have always sort of wondered why adware and spyware have not been lumped into the same category as malicious viruses. It is easy to say that they're not malicious, in that they don't delete files or make damaging configuration changes to a computer. However, they do create a huge performance decrease.
From what I have seen the average Windows user who uses Internet Explorer seems to have between 100 and 600 spyware items (according to ad-aware) on their computer. I see this because I do computer repair in my area and almost all of the times a computer is brought to me for repair it is spyware that is causing the problem. There's usually nothing else wrong.
In light of that, I think congress would do better just to redefine the laws already in place which deal with computer viruses. How about classifying any piece of software which installs on a person's computer without prompting them, or which has a primary function other than the one stated, as a virus (I mean in legal terms, not technical).
I'd much rather see them just outlaw software that installs without the user's knowledge or permission. This would take care of the bozos like 180solutions, which recently bought one of my colleagues' system to it's knees and took us about 2 hours to clean up. Who cares why the software is even there? Just the fact that it's there without knowledge or permission of the owner. In any other context, this type of activity would be criminal trespass.
I researched spyware this past summer with a professor of mine at law school. The main flaw with all the proposed spyware legislation (there are around 10 pieces of it at the state and federal levels) is that it focuses on regulating "spyware" itself, rather than dealing directly with what bothers us about spyware. This is especially problematic because spyware is defined to cover a hopelessly broad array of software. As a result, two different legal issues have been handcuffed together. These two issues are information privacy and trespass.
Information privacy covers all the collection and use/abuse of personally identifiable information. This concern is not unique to spyware. It also exists in the use of bank records, medical information, etc. The EU has done a better job than us of consolidating information privacy concerns into a coherent body of law. In the US we have a legal patchwork that covers each use of personal information separately.
Trespass covers the installation, disclosure of functionality, and uninstallation of programs. There is a strong analogy here to real property, where you have some control over who comes onto your property, what they do there, and your right to expel them. One area that is in flux (and it is not unique to computer software) is that burying something in legalese in a license agreement may no longer be viewed as giving someone notice. This view is already being taken by some courts with regard to boilerplate contracts for products like cellphones.
In the end, this legislation is flawed because the legislators failed to identify the distinct issues of information privacy and trespass and address them separately. Identifying and separating issues is rule #1 when it comes to the understanding the law. I would imagine this mistake was made because this law involves technology, which probably makes legislators think they need to write completely new law. Sometimes this is the case, but often it is better to extend the laws we have developed over hundreds of years.
regardless of what the bill is for or against, shouldn't we hear about upcoming bills more than a week before they're heard? how are we to direct our "representatives" if we are ignorant of their activities?
Same problem as having Windows and IE/WMP imbedded, pass a bill forcing spyware to be in a separate bundle. User can install/uninstall it independantly of the real software. Then we will see who keeps the crap on their computer "for their own good".
Is there software within the OS's we use, that allthough aren't malicious or that are infact an integral part of the OS's; that could fit the description of spyware?
All Spyware when running must be visible on screen to show the user that it is running.
When it notivies that this program will popup adds and collect information it should say so. before installing before any other text with easy to read language and writting and under 30 words.
All Spyware must come with an Uninstall program that works and does no damage to the computer software.
All Spyware must be allowed to be easily turned off via interface that is part of the on screen section showing that it is running.
Spyware must not cause any damage to existing programs or OS.
Any attempt to collect Vital Information about user or their contacts. Name, Address, Telephone #, Credit Card, SS#, age, is illegal.
Any violation of spyware rules will be charged to the creator of the program, the firms/web sites that release it (Even by second hand), and the companies they are representing. The fine should be based on how many of the rules they break and how many systems they infect. There is a minimum fine of $100,000 for the offense. As well the victims of illegal spyware will be allowed to follow civil suits against all the above violators for any damages and lack of productivity, or time that may have happen..
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
http://shit.slashdot.org/article.pl?sid=04/09/22/2 21241
This will totally solve the problem! Just like:
The War on Drugs:
*Very* few people do drugs anymore!
The War on Terror:
Without a doubt there are fewer terrorist attacks now that Iraq was invaded and Afghanistan was bombed to hell!
Legislation against Spam:
Spam? What spam?
No sig.
Using exploits to install software is only illegal under federal law if it causes $5000 in damages. Probably the best solution would be to remove the minimum damages requirement if spam or spyware (which could be worded broadly) are involved.