House Passes Another Spyware Bill

SkippyTPE writes "The AP reports that the US House of Representatives has unanimously passed a law criminalizing Spyware. This is the second such bill in two days (the first imposing civil penalties, whereas this bill imposes criminal penalties). Information on the bills (HR2929 and HR4661) can be found here and here respectively."

Maybe another Law isn't necessary

[stecoop]

Let's think about these laws before we cheer - say to yourself will the world be a better place with yet another law. I applaud the efforts of the government protecting the people but marketing comes has to come from somewhere; like Nielsen rating system by which advertisers use to by spots on TV, somewhere there has to be a way to understand what works on the internet. The law bill clearly states that installing tracking devices on someone else computer will be punishable by imprisonment - you will no longer to be able to track logins via cookies or be running a risk from court interpretations of the law.

As for the second part of the law, phishing:
Zoe Lofgren D-Calif. - cited estimates that up to 90 percent of computers contain some forms of spyware. Lofgren said her daughter was recently victimized by electronic thieves in a phishing scam
It is good thing that 10% of the market is either running an alternative browser and/or operating system preventing those infections. But being victimized via email I tend to say that email isn't secure therefore nothing in email can be trusted - thus let the buyer (user) beware. Over the long haul, Darwinism will balance things out and the law will be just a hoop and dance show for elections.

Re:Maybe another Law isn't necessary

[Trigun]

There is a difference in unnecessary laws, and establishing laws to prevent unethical business practices. Would you like to be egregiously harmed only to be told that, although it should be illegal, nobody has got around to writing a law against what has happened to you, so you might want to go cry somewhere else.

Good Riddance Gator/Claria. The world will truly be a better place, even if our computer clocs are out of date by a couple minutes, or we don't know what the weather is like in Yemen.

Re:Maybe another Law isn't necessary

[dewke]

You do realize that to be a "Nielson" household you have to volunteer. It's one thing to volunteer to have your browsing habits monitored, and something else to have crap like gator shoved onto your pc because you don't know any better.

Re:Maybe another Law isn't necessary

[drinkypoo]

I hope you were kidding. If not, let me tell you why your idea won't work.

1. MAC addresses do not propagate beyond a local network segment. They are used only for Ethernet. Outside of a specific physical (or certain types of logical) ethernet network, you'll never see someone's MAC.
2. MAC addresses can be changed. Almost all hardware allows this, including antiquated Sun equipment from the days when MACs were supposedly etched in stone. Well, they're actually etched into a PROM which can be rewritten.

If you were kidding, I apologize. If you weren't kidding, now you know.

Re: Maybe another Law isn't necessary

[SamSeaborn]

If the law prevents others from installing stuff on my computer I didn't ask for and don't want then it sounds good to me.

Many spywares I've seen are in Windows directories. This may be old hat, but can't Windows do a simple hash or cert check on a file going into c:/Windows or c:/Windows/System to see if it's an "official" or "authorized" file?

A simple message like "Application X is trying to put a file called NOTEPAD.EXE in your Windows/system directory -- this is not a Microsoft file, do you want to allow this?" would suit me.

Goodness knows Windows nags me about a million other things on a daily basis ("Updates ... get your updates!").

Sam

Re:Maybe another Law isn't necessary

[brianosaurus]

Its unfortunate that there is another law, but its even more unfortunate that it got to the point of NEEDING another law.

Its unlike the controversial DMCA and INDUCE Acts, which are pre-emptive strikes from a huge lobby, establishing laws before there is a problem. Spayware is a problem, amd its becoming more of a problem every day.

Sure everyone knows its "wrong", but its not yet illegal so unethical types will exploit it. Of course we're now exposed to the unethical types who will exploit certain interpretations of the law, but hopefully the Justice Department can do something about them.

Laws don't make things right or wrong, they just make things illegal. The behavior was wrong/right before the law eas enacted, but the community was, apparently, powerless to do anything.

Perhaps Microsoft (for example, since approximately 100% of the spyware I know of is for Windows) could have come up with a technical solution to the problem, but they didn't so now its a law.

and so...

[scaaven]

And so marks the end of Real.

evil empire...

been there

[GerbilSocks]

Spyware will just move offshore. More governmental bullshit.

Loophole City

[American+AC+in+Paris]

From the Yahoo! blurb:

It would add penalties of up to five years in prison for people convicted of installing such programs without a computer user's permission.

If this is really the case, this law isn't going to do a damn thing--all it means is that spyware developers will need to put a sufficiently dense bunch of legalease on page eight of the EULA. (It was noted somewhere--NPR, I think--that the typical EULA is measurably longer than the Constitution of the United States...)

"From time to time, Awesomeness2004!!! Pro may gather usage statistics and other information and transmit this information to the ShadyCorp central server."

"By clicking 'I Agree', you grant ShadyCorp permission to install Awesomeness2004!!! Pro. To take advantage of certain advanced features, Awesomeness 2004!!! Pro requires SnifferExeDllBuddy. SnifferExeDllBuddy may track and report usage statistics and other information."

"ShadyCorps is concerned about your privacy. Your personal information will only be made available to ShadyCorp and approved ShadyCorp partners."

Forget teeth--this law'll be lucky if it can manage to gum hungrily at the bastards' ankles. How about a law that renders post-POS EULAs null and void?

Neilsen pays you cash money.

[glrotate]

Spyware installs surreptitiously and degrades you performance.

What spyware outfit do you work for?

sorta OT

[Lxy]

Is there a good HOWTO on cleaning up a Windoze box from spyware and keeping it clean? I use the following method:

Install Ad-aware, update, clean, reboot, clean
Install Spybot S&D, update, clean, reboot, clean
Install Spywareblaster, update, enable protection

This method has worked pretty well in the past. In the last couple days, I've gotten infected by some browser hijackers and no amount of cleaning and resetting things will delete the %$#@$$#%ers. Is there a better method?

Re:sorta OT

[Lord_Slepnir]

the best way I found was:

c:\>format c: /y

or, if you want your system to boot up afterwards:

c:\>format c: /y /s

Works every time

Double edged sword

[rhsanborn]

Well, I really would like to see the death penalty brought in as punishment for spammers and distributors of viruses and spyware, but I also think that the expansion of law in this area has the potential for being over-broad and being abused. We need to take a long hard look at these solutions and decide whether we want to let the government try and take care of this, or let industry try to weed it out.

The government can't enforce a large portion of the laws it already has enacted. So they sit there helping no one, all the while they are waiting to be used in ways they were never designed for. I'm just real uncomfortable with it.

How about we educate users on good internet habits, and let the industry develop better ways to eliminate spyware.

RTFS...

[plover]

The AP reports that the US House of Representatives has unanimously passed a law

No, the AP correctly reported that the house passed a BILL. A BILL is not a LAW until it passes through the entire congress and the president signs it. (Remember the Schoolhouse Rock song, "I'm just a Bill"?)

Who will serve the criminal penalties

[blankman]

If this becomes law, and a piece of spyware is found to be illegal, who exactly goes to jail? The programmers who wrote it? The stockholders of the company that paid the programmers to write it? The owners of the web site from which a user unwittingly downloaded and installed it? Suppose I determine that I got a piece of spyware from IP address X... is the ISP on the hook for criminal charges too?

Give Congress credit for trying, but I don't see you can realistically make installing spyware a jailable offense.

Laws to protect the gullible?

[Jakhel]

Seriously, I'm all for anti spyware and anti scam measures, but is this really going to address the core issue? That is, people aren't educated enough to NOT fall for scams? And if they AREN'T educated enough to not fall for it in the first place, what good will the law do?

A current example may be those "multi level marketing schemes" like Vector or Pre paid legal (they are really just pyramids in disguise). We've got laws against pyramid schemes, and yet these companies are still around (they call themselves multi level marketing in most cases, just to avoid the legal hassels). The people who actually get caught up in the schemes are those who are a) to stupid or b) to greedy to not realize what's going on; and by the time the person has found out that they have been duped, the perp (I've been watching law and order :D ) is long gone. Incidentally those people who would be fooled by spyware are more than likely those who wouldn't know how to deal with it in the first place (spybot, adaware, or cleaning the system registry manually).

And then there's the question of how many people will actually actively pursue a lawsuit against spyware companies. I'm willing to bet that most people will say, "spyware is against the law, the companies can't do that and if they install it on my computer I'll write a nasty letter to them" instead of "spyware? time to sue". Almost like what's going on with spam..