Slashdot Mirror

← Back to Stories (view on slashdot.org)

House Passes Another Spyware Bill

Posted by ryuzaki0 on from the federal-pound-me-in-the dept.

SkippyTPE writes "The AP reports that the US House of Representatives has unanimously passed a law criminalizing Spyware. This is the second such bill in two days (the first imposing civil penalties, whereas this bill imposes criminal penalties). Information on the bills (HR2929 and HR4661) can be found here and here respectively."

28 of 285 comments (clear)

  1. Maybe another Law isn't necessary by stecoop · · Score: 4, Insightful

    Let's think about these laws before we cheer - say to yourself will the world be a better place with yet another law. I applaud the efforts of the government protecting the people but marketing comes has to come from somewhere; like Nielsen rating system by which advertisers use to by spots on TV, somewhere there has to be a way to understand what works on the internet. The law bill clearly states that installing tracking devices on someone else computer will be punishable by imprisonment - you will no longer to be able to track logins via cookies or be running a risk from court interpretations of the law.

    As for the second part of the law, phishing:
    Zoe Lofgren D-Calif. - cited estimates that up to 90 percent of computers contain some forms of spyware. Lofgren said her daughter was recently victimized by electronic thieves in a phishing scam
    It is good thing that 10% of the market is either running an alternative browser and/or operating system preventing those infections. But being victimized via email I tend to say that email isn't secure therefore nothing in email can be trusted - thus let the buyer (user) beware. Over the long haul, Darwinism will balance things out and the law will be just a hoop and dance show for elections.

    1. Re:Maybe another Law isn't necessary by Trigun · · Score: 5, Interesting

      There is a difference in unnecessary laws, and establishing laws to prevent unethical business practices. Would you like to be egregiously harmed only to be told that, although it should be illegal, nobody has got around to writing a law against what has happened to you, so you might want to go cry somewhere else.

      Good Riddance Gator/Claria. The world will truly be a better place, even if our computer clocs are out of date by a couple minutes, or we don't know what the weather is like in Yemen.

    2. Re:Maybe another Law isn't necessary by dewke · · Score: 5, Insightful

      You do realize that to be a "Nielson" household you have to volunteer. It's one thing to volunteer to have your browsing habits monitored, and something else to have crap like gator shoved onto your pc because you don't know any better.

      --
      Oderint dum metuant
    3. Re:Maybe another Law isn't necessary by drinkypoo · · Score: 4, Informative

      I hope you were kidding. If not, let me tell you why your idea won't work.

      1. MAC addresses do not propagate beyond a local network segment. They are used only for Ethernet. Outside of a specific physical (or certain types of logical) ethernet network, you'll never see someone's MAC.
      2. MAC addresses can be changed. Almost all hardware allows this, including antiquated Sun equipment from the days when MACs were supposedly etched in stone. Well, they're actually etched into a PROM which can be rewritten.

      If you were kidding, I apologize. If you weren't kidding, now you know.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re: Maybe another Law isn't necessary by SamSeaborn · · Score: 4, Interesting
      If the law prevents others from installing stuff on my computer I didn't ask for and don't want then it sounds good to me.

      Many spywares I've seen are in Windows directories. This may be old hat, but can't Windows do a simple hash or cert check on a file going into c:/Windows or c:/Windows/System to see if it's an "official" or "authorized" file?

      A simple message like "Application X is trying to put a file called NOTEPAD.EXE in your Windows/system directory -- this is not a Microsoft file, do you want to allow this?" would suit me.

      Goodness knows Windows nags me about a million other things on a daily basis ("Updates ... get your updates!").

      Sam

    5. Re: Maybe another Law isn't necessary by SamSeaborn · · Score: 3, Interesting
      hey.. yeah! illegal to install stuff in windows/*!!

      Firstly, I'm of the mind that developers should (unless not possible) isolate their entire application to their own directory and only go into c:/Windows only when absolutely necessary. This makes things much cleaner (and is generally the Mac approach, by the way, that's why you can just drag and drop one icon to the applications folder to install something on a Mac).

      Secondly, obviously there are times when an application *has* to place files under c:/windows -- in fact, Microsoft implemented a certification program for drivers with XP so now you get warned suring installation if the driver isn't certified for XP. (The is a cash grab by MS, but in their defense they attribute most XP instability problems with bad driver code written by third parties so it's a reasonable undertaking.)

      In cases where an app needs to put a file in c:\windows I have no problem with "Call Of Duty wants to install a driver in c:\windows\system -- is that okay?" I'll just click 'yes'.

      But I want to be able to click 'no' when "App-you-didn't-even-mean-to-install wants to replace your NOTEPAD.EXE and WRITE.EXE with spyware -- is that okay?"

      Sam

    6. Re:Maybe another Law isn't necessary by grumpygrodyguy · · Score: 3, Interesting

      Good Riddance Gator/Claria. The world will truly be a better place

      Yes, but these kinds of laws set a very dangerous precedent for all of us. Putting people in jail for distributing spyware is very irresponsible. Fine them to death so they can't make payroll, whatever, but jail time?

      What if the next law throws you in jail for trading music? Or for selling software that conflicts with someone else's very dubious software patent?

      Time and again congress has demostrated that it is completely incompetant with regard to information technology. They are ill informed, have no expertise or training with technology, and seem only interested in extending the paradigm of centralized control into the internet. Which is exactly the opposite of what makes the internet great.

      The last thing I want to do is defend spyware vendors, but going from discussing a bill to imposing jail sentences in less than a week is scary. These people just seem to love sending people to jail. America has the highest number of citizens in jail per-capita of any country in the world. Applauding moronic laws like this is just giving them permission to raise that statistic even higher.

      --
      The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
    7. Re:Maybe another Law isn't necessary by brianosaurus · · Score: 4, Insightful

      Its unfortunate that there is another law, but its even more unfortunate that it got to the point of NEEDING another law.

      Its unlike the controversial DMCA and INDUCE Acts, which are pre-emptive strikes from a huge lobby, establishing laws before there is a problem. Spayware is a problem, amd its becoming more of a problem every day.

      Sure everyone knows its "wrong", but its not yet illegal so unethical types will exploit it. Of course we're now exposed to the unethical types who will exploit certain interpretations of the law, but hopefully the Justice Department can do something about them.

      Laws don't make things right or wrong, they just make things illegal. The behavior was wrong/right before the law eas enacted, but the community was, apparently, powerless to do anything.

      Perhaps Microsoft (for example, since approximately 100% of the spyware I know of is for Windows) could have come up with a technical solution to the problem, but they didn't so now its a law.

      --
      blog
  2. and so... by scaaven · · Score: 5, Funny
    And so marks the end of Real.

    evil empire...

    --
    I know I'm going to be modded up on this
  3. been there by GerbilSocks · · Score: 5, Insightful

    Spyware will just move offshore. More governmental bullshit.

  4. Loophole City by American+AC+in+Paris · · Score: 5, Insightful
    From the Yahoo! blurb:

    It would add penalties of up to five years in prison for people convicted of installing such programs without a computer user's permission.

    If this is really the case, this law isn't going to do a damn thing--all it means is that spyware developers will need to put a sufficiently dense bunch of legalease on page eight of the EULA. (It was noted somewhere--NPR, I think--that the typical EULA is measurably longer than the Constitution of the United States...)

    "From time to time, Awesomeness2004!!! Pro may gather usage statistics and other information and transmit this information to the ShadyCorp central server."

    "By clicking 'I Agree', you grant ShadyCorp permission to install Awesomeness2004!!! Pro. To take advantage of certain advanced features, Awesomeness 2004!!! Pro requires SnifferExeDllBuddy. SnifferExeDllBuddy may track and report usage statistics and other information."

    "ShadyCorps is concerned about your privacy. Your personal information will only be made available to ShadyCorp and approved ShadyCorp partners."

    Forget teeth--this law'll be lucky if it can manage to gum hungrily at the bastards' ankles. How about a law that renders post-POS EULAs null and void?

    --

    Obliteracy: Words with explosions

    1. Re:Loophole City by choprboy · · Score: 3, Informative

      It was noted somewhere--NPR, I think--that the typical EULA is measurably longer than the Constitution of the United States...

      It was on NPR, yesterday I believe (but I can't find the link at the moment). The company in question was Gator (AKA Claria), which has a EULA longer than the constitution.

      However, it should be noted (as stated in the interview) that nthis law is completely useless anyways do to the "EULA permission" exception. Two of the biggest proponents of the legislation are WhenU and 1800Solutions... two of the worst spyware/adware companies out there.

  5. Neilsen pays you cash money. by glrotate · · Score: 5, Insightful

    Spyware installs surreptitiously and degrades you performance.

    What spyware outfit do you work for?

  6. sorta OT by Lxy · · Score: 4, Interesting

    Is there a good HOWTO on cleaning up a Windoze box from spyware and keeping it clean? I use the following method:

    Install Ad-aware, update, clean, reboot, clean
    Install Spybot S&D, update, clean, reboot, clean
    Install Spywareblaster, update, enable protection

    This method has worked pretty well in the past. In the last couple days, I've gotten infected by some browser hijackers and no amount of cleaning and resetting things will delete the %$#@$$#%ers. Is there a better method?

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
    1. Re:sorta OT by NeoSkandranon · · Score: 3, Informative

      I use Spybot and Spysweeper, as Ad Aware typically only finds trackng cookies and such like as opposed to spyware (in my experience anyway)

      I also make sure to use Spybot's TeaTimer and ActiveX blocker.

      Installing Firefox is a good way to keep it clean ;-) If it's an option at all on the computers you work on, go for it. It also tends to render a LOT of browser hijackers totally irrelevant.

      As for cleaning the hijackers themselves, I'd reccomend googling for the process name if you know it, odds are you'll stumble on an info site with detailed removal instructions

      --
      If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
    2. Re:sorta OT by Celt · · Score: 3, Insightful

      Yes!
      Stop using IE = problem solved :)
      www.mozilla.org

      --

      --
      "WebTV: bringing the Internet into the shallow end of the gene pool since 1995" - Martin Bishop
    3. Re:sorta OT by Lord_Slepnir · · Score: 5, Funny
      the best way I found was:

      c:\>format c: /y

      or, if you want your system to boot up afterwards:

      c:\>format c: /y /s

      Works every time

  7. Double edged sword by rhsanborn · · Score: 4, Insightful

    Well, I really would like to see the death penalty brought in as punishment for spammers and distributors of viruses and spyware, but I also think that the expansion of law in this area has the potential for being over-broad and being abused. We need to take a long hard look at these solutions and decide whether we want to let the government try and take care of this, or let industry try to weed it out.

    The government can't enforce a large portion of the laws it already has enacted. So they sit there helping no one, all the while they are waiting to be used in ways they were never designed for. I'm just real uncomfortable with it.

    How about we educate users on good internet habits, and let the industry develop better ways to eliminate spyware.

  8. RTFS... by plover · · Score: 5, Informative
    The AP reports that the US House of Representatives has unanimously passed a law

    No, the AP correctly reported that the house passed a BILL. A BILL is not a LAW until it passes through the entire congress and the president signs it. (Remember the Schoolhouse Rock song, "I'm just a Bill"?)

    --
    John
  9. How come they never... by lukewarmfusion · · Score: 3, Funny

    "...has unanimously passed a law..."

    How come they never pass any laws posthumously?

  10. Does this mean???? by GReaToaK_2000 · · Score: 3, Interesting

    Does this mean that the software that the FBI uses to track email in an effort "to fight terrorism" falls under the "spyware" law?

    ~G

  11. Who will serve the criminal penalties by blankman · · Score: 5, Interesting

    If this becomes law, and a piece of spyware is found to be illegal, who exactly goes to jail? The programmers who wrote it? The stockholders of the company that paid the programmers to write it? The owners of the web site from which a user unwittingly downloaded and installed it? Suppose I determine that I got a piece of spyware from IP address X... is the ISP on the hook for criminal charges too?

    Give Congress credit for trying, but I don't see you can realistically make installing spyware a jailable offense.

  12. Laws to protect the gullible? by Jakhel · · Score: 4, Interesting

    Seriously, I'm all for anti spyware and anti scam measures, but is this really going to address the core issue? That is, people aren't educated enough to NOT fall for scams? And if they AREN'T educated enough to not fall for it in the first place, what good will the law do?

    A current example may be those "multi level marketing schemes" like Vector or Pre paid legal (they are really just pyramids in disguise). We've got laws against pyramid schemes, and yet these companies are still around (they call themselves multi level marketing in most cases, just to avoid the legal hassels). The people who actually get caught up in the schemes are those who are a) to stupid or b) to greedy to not realize what's going on; and by the time the person has found out that they have been duped, the perp (I've been watching law and order :D ) is long gone. Incidentally those people who would be fooled by spyware are more than likely those who wouldn't know how to deal with it in the first place (spybot, adaware, or cleaning the system registry manually).

    And then there's the question of how many people will actually actively pursue a lawsuit against spyware companies. I'm willing to bet that most people will say, "spyware is against the law, the companies can't do that and if they install it on my computer I'll write a nasty letter to them" instead of "spyware? time to sue". Almost like what's going on with spam..

  13. Does this mean... by farzadb82 · · Score: 3, Funny
    Internet Spyware (I-SPY) Prevention Act of 2004 - Amends the Federal criminal code to prohibit intentionally accessing a protected computer without authorization, or exceeding authorized access, by causing a computer program or code to be copied onto the protected computer, and intentionally using that program or code: (1) in furtherance of another Federal criminal offense; (2) to obtain or transmit personal information with intent to defraud or injure a person or cause damage to a protected computer; or (3) to impair the security protection of that computer.

    Does this mean that having a software application that automatically updates itself with a newer version that has bugs that compromise the security of the computer and all information within can now be considered a criminal offence for the software developer ?

  14. Is there a grandfather clause? by Weaselmancer · · Score: 3, Interesting

    Because if not, every worm writing script kiddie is probably crapping a load right now. The law goes into effect today. If your worm infects someone tomorrow, even if you wrote it years ago, you're hosed.

    I hope.

    --
    Weaselmancer
    rediculous.
  15. Re:Simple Answer by Da_Fridge · · Score: 3, Insightful

    The Problem is that, this law is really unenforcable. Atleast, not to the point where it is financially practical. The only way to stop it is either to build better programs, or not to go to sites where this stuff begins. I am a lucky one, I DONT (as in not 1 piece) get SPAM. I dont go to these sites and I stay clean. People always forget, the internet is just like the hooker from Thailand. They are both dirty and before you use them you need protection.

    --
    If I wanted water, I'd ask for DiHydrogen Oxide!
  16. doesnt matter by bani · · Score: 3, Interesting

    the spyware is still being created by or contracted for american citizens. doesnt matter if they operate their scams offshore. they're still under US jurisdiction.

  17. This is a pro-spyware bill by Animats · · Score: 3, Interesting
    This is a pro-spyware bill, just like the CAN-SPAM act is a pro-spam bill. As with the CAN-SPAM act, it preempts state law, invalidating Utah's strong anti-spyware law. As with the CAN-SPAM act, it prohibits private lawsuits. Only the FTC can enforce this act, and they're a weak agency under the current administration.

    This is the bill Philip Corwin, Kazaa's lobbyist, wanted.