Anti-Spyware Bill up for Vote in Congress

paul_friedman writes "According to Reuters - The U.S. House of Representatives will vote as soon as next week on a measure to crack down on deceptive "spyware" that hides in users' computers and secretly monitors their activities."

Won't this legalize Spyware?

[erick99]

The bill approved by Barton's committee would require software makers to notify people before loading new programs on their machines that can collect information about them. Violators could face millions of dollars in fines.

A lot of these programs do tell you that they are going to load Gator or some other piece of sh*tware. However, it is buried in the middle of the EULA which most people "pagedown" through rather than read 10 or 15 screens of fine type legalese. I do read them or at least scan them for the part about giving me even more

"free productivity"

software. This legislation like the spam legislation (CanSpam), will simply embolden those who have been hesitant. Now that they can legally load your system up with spyware as long as tell you somewhere, no matter how hard it would be to actually find it, they will do so. I just wonder what these politicians are smoking when they come up with these "solutions."

-erick

Re:Won't this legalize Spyware?

[Carnildo]

The anti-spyware bill is to spyware as the CAN-SPAM act is to spam.

In short, it's a bunch of feel-good legislation that legalizes a few shady practices, and add further laws against others. Nobody will bother to enforce it, and in a few years, it will have been forgotten.

Re:Won't this legalize Spyware?

[techno-vampire]

Getting rid of spyware will take time, and may not be possible. Just being able to nail the worst offenders, those that install without notice or any reasonable way to remove, is a start.

Re:Won't this legalize Spyware?

[gr8_phk]

"It appears that the house bill is very simple and just disallows installing without notice."

Installing software on someones computer without notice is already a crime - especially if the installed software sends data back to the party who installed it. People go to prison for that type of thing, but apparently it's different if a corporation hacks an individual instead of the other way around.

Re:Won't this legalize Spyware?

[Tony-A]

There are already laws about unauthorized use of computing facilities. Rather strong criminal laws.

To be effective, any new legislation should better define what constitutes authorization, specifically that any authorization burried deep down in anything expected to clicked through constitutes fraud.

from Windows is the 'biggest beta test in history' - Gartner "Victor Wheatman, Gartner security veep, told delegates at the IT Security Summit in London that the most secure organisations spend less than the average and that the lowest spending organisations are the most secure."
More legislation to help out a few favored scammers at the expense of the populace is not a good idea. CAN-SPAM? Spammers: Sure we CAN!

diebold..

[DraKKon]

I would be prudent to put spyware in diebold's voting machines though.,.

Oh whatever

[screwedcork]

As if the people who write spyware care about the law and doing what's right

Re:Oh whatever

[Shnizzzle]

But at least companies who are located in the United States and who profit from use of said software can be held legally responsible.

I know that we all feel a little joy when we hear that spammers have been arrested and the same can now happen to spyware authors.

Yeah,Sure

[rainman_bc]

It's probably going to be as effective as the CANSPAM act.

How are they going to nail people in Russia and China?

Re:Yeah,Sure

[Carnildo]

They're not even making a serious effort to use the CAN-SPAM act against spammers in the United States. Why worry about people in Russia?

politicians and technology do not mix

[loose+electron]

More useless laws that can not be enforced.

Just like attempts to make P2P filesharing illegal, it will be virtually impossible to regulate or control.

Sweet....

[bizpile]

Nice, more unenforceable legislation. Go Congress!

Screw fines...

[TWX]

...it's time to get the tree trimmers out, heat them up to temperatures that will cauterize, and then truncate something important to the spyware authors...

Of course, if the dominant web browser weren't vulnerable to installing trojan software on a user's computer in the first place this would be a moot point.

Re:Screw fines...

[TWX]

Thing is, though, Internet Explorer has sucked from the first release that was bundled with Windows NT 4.0, which was called v2.0. It has never been properly fixed. After the debacle of MS forcing IE on to computers with the OS I decided that I'd never use their browser again for my own computers, and I've stuck to that. I've watched countless exploits for the browser come out and wreak widespread havoc on Internet users, while I've been very safe using Netscape or Mozilla, depending on my fancy. My computers have never had spyware/trojans/hijacks or any of the like.

Microsoft's web browser is a piece of shit. It allows Internet-based stuff to invade down to a service level on the workstation. It allows massive quantities of unsolicited popups, a problem that the Mozilla team fixed at least two years ago. It has been documented to have "arbitrary code execution" security holes on a regular basis.

I haven't had these problems with the Mozilla/Netscape strain. My friends with Safari and Opera haven't had these problems. How hard is it to code a fucking layout interpreter and display program?

Isn't this already illegal?

[halivar]

Isn't this already illegal? Lately I'm afraid of legislation banning things that are already illegal. Take the DMCA, for instance; copyright violations were already punishable, but all of a sudden a whole slough of other things are, too.

I say, let's strengthen our ability to enforce laws we already have on fraud and invasion of privacy. It seems new laws, making more things illegal will simply become another "gotcha" for folks using legitimate software.

Nothing can be done

[economan]

There is really nothing that can be done. It is called social engineering. The end user does let them into the computer, not by choice, just by staight ignorance. This is just another set of laws that will mean nothing.

Re:Finally!

[savagedome]

Might not solve it, but at least people will know it exists.

And there probably lies the difference between 'average person' and 'average /.er'. What is spyware for you and I might not even be spyware for them. There are people who willing install Bonzi Buddy on their systems because its cute but I would not touch it with a ten feet pole.

And if these legislators were even half serious, their act should have included not the installation but the 'uninstallation' part. A lot of programs/utilities/helpers capture sensitive information (Google Toolbar anyone?) but the difference lies in getting the crap out of somebody's machine. Anybody who ever had to use HijackThis to figure out the fscking process eating up your machine knows what I am talking about.

Till then, just another stupid law and the life continues as always.

What the Gov't NEEDS to do

[TheUnFounded]

What really needs to be done: have the gov't put in place a formal pricipal that states THIS. Maybe then they'd actually accomplish something.

Re:NO!

[Pig+Hogger]

80% of what I do at work is cleaning spyware. I would be out of a job if it stopped existing.

Then, you are a part of the problem. Vested interests that benefit from the status quo.

Sorry but

[needacoolnickname]

I think governments really have more important things to think about than spyware and spam - oh, I don't know... wars, the economy, health care, education, ways to spend the money they make off the tobacco industry for everything possible except for the health issues they are saying they nede the money to pay for...

If someone installs spyware it is their fault. Nothing is free on a Windows machine. Take some personal responsibility for jebus sake.

Here's a question. Why are all the spyware programs written for Windows rather than Mac or Linux. There are perfectly good freeware programs for the other OSs and they aren't laden with the crap?

Re:Sorry but

[rainman_bc]

Why are all the spyware programs written for Windows rather than Mac or Linux.

Simple market share dude.

Businesses (shady or not) look at the cost/benefit analysis of writing this stuff. The benefit is higher when you write the stuff for windows than any other platform.

Re:Sorry but

[__int64]

"Why are all the spyware programs written for Windows rather than Mac or Linux."

B/c first these things work by volume, windows has a farlarger userbase to attack than any of the others. Second, there are alot more, less knowledgeable users on windows than on other platforms. So statistically its far easyer to doop them into installing your garbageware than users of other systems.

Re:Sorry but

Why are all the spyware programs written for Windows rather than Mac or Linux.

Because Windows has the dominant OS market share. If Mac or Linux was the dominant home user OS then there would be plenty of spyware programs written for those platforms. That should be obvious to anyone with even the slightest bit of common sense.

Re:Poor guys

[Obliterous]

Not a damned thing...

they do tell you that their stuff is being installed. it's in the EULA for whatever program you actually wanted to install, that it hitchiked in with...

Word to the wise: if there is more than one EULA, then there's probably spyware. if there's only one, read the bloody thing...

yes

[killua]

Being the honest, law abiding, trustworthy corps these spyware companies are. I'm sure they will comply! Expecially when the law in question will be virtually uninforcable. We can trust them! Really!

Not that good of a law...

[chrispyman]

As many others have pointed out, this will probably be as effective as a law as CAN-SPAM was. What they really need to do is to make it illegal for companies to profit from the selling of the data that these spyware/adware programs collect.

Re:Not that good of a law...

[pilgrim23]

When law is not the answer, yet law is passed to address it. the law, and all laws, looses respect.

Re:What I don't understand....

[TykeClone]

They don't care about controlling problems - they just want to look like they're doing something about an issue.

How about a bill...

[mabu]

that guarantees X amount of money to be put into enforcement/education efforts against existing cybercrime?

We don't need any more laws. We need law enforcement of existing laws. The current anti-computer tampering laws are effective in most cases.

Anti spyware legislation

[serenak]

Like so many things Govt's do isn't it "bolting the stable door"? Spyware is out there, asking for people to "agree" to have it is just asking for a whole flood of "legalised" versions to infest PC's worldwide. Biggest problem is *obviously* that like spam this stuff usually comes from outside the "controlled" zone eg China, Russia, Papua New Guinea etc. Harden your security or change to a more secure system or get a better firewall! Then again I run OS X so I don't have to deal with this day on day...

Mandatory computer education?

[Sarcastic+Assassin]

I think the government should require people to obtain an Internet license, to get access to the Internet. It could be not only preventional (eg, avoiding spyware, how to remove it), but educational (incorporating a bit of HTML, possibly). It'll probably destroy the essence of the Internet (eg, a kind of virtual library), but people will be more educated.

Re:Mandatory computer education?

[LincolnQ]

Argh, mod you down, please. That makes no sense, I'm sorry. Are you being serious?

An Internet License would hurt much of what makes the Internet the Internet (anonymity, free speech, etc.) And how would you enforce it? Would you have somebody watching over your Internet usage, and, if it seems erratic, "pull you over" and ask for your Internet License and Registration? I'm sure everyone here will love that idea.

They will blow it.

[BCW2]

Just like can-spam. Because they make it too complicated. It is really a case of illegal electronic surveillance, just like an illegal wiretap. You shouldn't be allowed to do it without a court order. The last I heard that was already a felony.

As usual they would rather pass a new pile of crap than enforce whats already on the books.

Oh, so it's just like..

[Gadgetfreak]

the Assault Weapons ban? Feel-good indeed, and unenforced.

It's a PR stunt for the people who live in fear of what they do not understand.

Immunity for Some?

[ObsessiveMathsFreak]

Yet how many loopholes will be present to allow law inforcement to install keystroke loggers and port sniffers with any sort of warrent from a judge.

No doubt they'll justify any blatent breach of personal rights with a big 'fight terror' or 'freedom police' sticker and a grin.

I'll bet some spyware companies are already passing on data they collect in 'suspect' countries to higher powers. I mean, if there are spyware infected PCs in say... France, don't you think that greasy agents are taking advantage of that now. Expect exemptions, official or otherwise, for spyware companies that jump into bed with enforcers looking to get around the law.

Remeber kids

[the+real+darkskye]

Just because something is legal doesn't mean it is ethical.

EULA legislation?

[Wino]

What I'd really love to see is some sort of regulation that tames the one-sided nature of EULAs themselves.

For instance...

Ability to opt-out (or must opt-in) to tracking/privacy related features.

Non-solicitation agreements.

Use of personal information. etc.

Also, force companies to have a brief overview of the EULA so consumers can actually determine what it is they are actually agreeing to without having a law degree.

A man can dream...

Modify existing laws

[Lesrahpem]

I have always sort of wondered why adware and spyware have not been lumped into the same category as malicious viruses. It is easy to say that they're not malicious, in that they don't delete files or make damaging configuration changes to a computer. However, they do create a huge performance decrease.

From what I have seen the average Windows user who uses Internet Explorer seems to have between 100 and 600 spyware items (according to ad-aware) on their computer. I see this because I do computer repair in my area and almost all of the times a computer is brought to me for repair it is spyware that is causing the problem. There's usually nothing else wrong.

In light of that, I think congress would do better just to redefine the laws already in place which deal with computer viruses. How about classifying any piece of software which installs on a person's computer without prompting them, or which has a primary function other than the one stated, as a virus (I mean in legal terms, not technical).

Re:Poor guys

[stephanruby]

Word to the wise: if there is more than one EULA, then there's probably spyware. if there's only one, read the bloody thing...

Assuming it's actually a product you're trying to download, and not just a random activex popup. It's usually easier to google whatever name of the product plus add the word "spyware" to it. Reading the EULA is too damn difficult these days.

It's the corollary of the Slashdot effect. Never read the primary source, someone else will already have done it for you.