Slashdot Mirror
California Sets Fines for Spyware
aj50 writes "The BBC has the story that California is introducing new laws to help eradicate spyware. The bill bans the installation of software that can be used to take over another computer and allows customers to seek $1000 in damages if they've fallen victim to this kind of malicious software. Can this really help cut down spyware or will it just be another fatally flawed piece of legislation?"
"The bill bans the installation of software that can be used to take over another computer..."
Goodbye, SSH. I'll miss you.
What is "malicious software?" What about VNC? I mean in a way that will "take over" your computer, are they liable?
Goodbye, Windows.
All those anti-spyware software complain about those 'id cookies'. I wonder if I can get a $1000 dollar for each of those.
I could trust the governm....
Never mind.
Among other things, this bans unauthorized installation of keyloggers, spam sending/relaying software, zombies, and disabling your anti-virus or anti-spyware software.
However, and this is a big however, they grant a blanket exception to your ISP or network admins. "Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter."
You could probably drive a truck through a loophole like that.
How am I supposed to fit a pithy, relevant quote into 120 characters?
"The legislation, which was approved by Governor Arnold Schwarzenegger, is designed to safeguard people from hackers and help protect their personal information."
"One form of spyware called adware has the ability to collect information on a computer user's web-surfing.
It can result in people being bombarded with pop-up ads that are hard to close."
Lesse. Arnold Schwarzenegger. Check. Hackers as evil villians. Check. Mixing javascript pop-up ads and Malware. Check.
"Can this really help cut down spyware or will it just be another fatally flawed piece of legislation?"
I dunno, what do you think?
Spyware is considered by computer experts to be one of the biggest nuisance and security threats facing PC users in the coming year.
Unfortunatly the average computer user doesnt know this
The fine is too weenie. They need to do for consumers what they do for the likes of the RIAA and MPAA - give consumers something with which they can beat spyware vendors into submission.
But that won't happen because they don't really give a shit about "consumers" as long as they continue to consume. When we consume we fulfill our political function.
If you define spyware as they say in the article as "the installation of software that takes control of another computer." then it sounds broken already to me
Spyware does not have to take control of a computer.
It can be as simple as sending back browsing habits so cookies can, even, be not so far away from some spyware then,
Or it can just send credit card details or other browsing habits or snoop in places it shouldnt. All without "taking control" of another computer.
The devil is in the details. I would like to see what kind of software it really is defining as spyware.
Great Macintosh Support
Also allow Kalifornians to sue the script kiddies that infest their machines with bots? If so, it might make those malcontents think twice about passing their trojans along.. Nah, it won't.
A witty saying proves nothing. Voltaire (1694-1778)
Would they seek damages from the spyware manufacturers? Or from the OS designer who designed a less than secure OS?
Regardless of how you feel the question should be answered, will that be a choice?
libertarianswag.com
And let's get this out of the way:
The law, if it affects any spyware company, will only affect those who are incorporated and/or exist in the USA.
stuff
The RIAA should be fined millions for their infected WMA files.
It'll be interesting to read the exact wording on this bill since the article isn't real specific. I mean, Antivirus software is software that runs on a PC and spies on what someone is doing, although the AV software is there to help instead of hinder. Granted, the user installs it, but it receives updates via the internet .....
.........
Hope Arnold thought about that
The question is will the **AA adhere to this law, or will they find a convenient loophole/exception?
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
What's stopping me of 'getting infected' with some adware / spyware / malware and claim the money? Is there some legal procedures to go throught? How are they gonna prove that I didn't install them?
Eureka Science News - automatically updated
The state's Consumer Protection Against Spyware Act bans the installation of software that takes control of another computer.
I'm really concerned about this type of language. The effectiveness of this really comes down to "How do you define 'takes control'?" Snooping where you go in the Internet is not "taking control". I don't even know that pop-up advertisements can really be called "taking control" since I have ultimate control over the power button as well as the network plug in the back of the computer. Even if there is spyware installed, I have control over installing another browser or installing spyware removal software. VNC, PC Anywhere, and other such tools are meant to truly "take control" of a system, but they're obviously not spyware. I'm also concerned about spyware being used at the threat. I would think that viruses and spambots would me the obvious targets, but do they "take control" or do they just "steal CPU cycles"?
The article didn't go into great detail on this particular matter. How can one really define "taking control" if something ever goes to court on this? Or is it possible that this was just a bad choice of words on BBC's part?
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Now that I think about it, there are several very difficult problems with such legislation. AMong the hardest to define, however, would be what constitutes "taking over".
Let's face it, we all know some idiot users out there who do things that are just dumb (like clicking on that "Yes" button for GATOR's new and improved super-duper piece of $#!+). With that installation comes a whole host of things but the user did knowingly and willingly click on that "yes".
Now normally I'd say that this doesn't constitute an excuse. If I am caught speeding, I can't plead to the cop -- "Sorry I didn't know 200mph was speeding!" Computers are, however, rather mysterious beasts to most and thus legislation can be harder to define.
...when did spyware take control of you're computer? Yes some malware makes pop ups but so do websites (Well for IE anyway).
Maybe this might be usefull when it covers software that has a detrimental effect on the system without the owner/operators request.
"I may be full of crap about this game, and I may be wrong, and that's fine." -Jack Thompson
RIAA/MPAA contractors using spyware.
EvilCON - Made Famous by
Even assuming the wording isn't full of holes, doesn't this only affect the (relatively few) companies who legitimately and openly use spyware? The real problem is those who use it illegally, without authorisation or concern for the rights of the user and - more importantly - from another country!! I mean, I know the US has a reputation for believing itself to be the centre of the world, but this is a bit short-sighted, even for Arnie!
And as regards the BBC; don't shoot the messenger.
Meta will eat itself
When you allow a story about some bill on Slashdot, cite the bill, or provide a link. Stories like this are useless.
One person can't fight back for a $1,000 since it would cost more than that...
Recent Prop. In Cali has limited the rights of private laywers to act on the public behalf which also makes it hard for a single laywer to fight for a group of people.
The only way to really fight this type of spyware, ASSUMING there is someone with some deep pockets would be a class action, which is difficult to put together. You need to certify the class, then go to court to fight the 'bad guys.'
http://www.hawknest.com/
So does this mean they'll be fining the RIAA & MPAA, or is that acceptable spyware?
SecondPageMedia - Wha
(d) Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications
carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for
network or computer security purposes, diagnostics, technical support, repair, authorized updates of software or system firmware,
authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in
connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter.
I skimmed through the bill text found here, and it seems fairly well worded. However, it doesn't solve the actual problem. An "authorized user" can still be suckered pretty much as before.
Kjella
Live today, because you never know what tomorrow brings
Yaay! I'm gonna be rich, finally!
http://slashdot.su/
Just one more to add to the list.
Next up - they'll threaten people with $500 fines for detonating a nuclear device inside city limi.... oh, wait....
In other news, Arnie has decided that cancer is a bad thing, and has begun moves to make it illegal. Any malignant tissue found within the state will be subject to $5,000 fine and up to 10 years imprisonment...
I don't really know much about spyware as I don't use windows but my understanding is that much of the legit programs collect personal information for marketing purposes. These programs must call home to upload what they collect. Why hasn't anyone written spyware spoofing software that uploads lots of invalid or better yet, simply incorrect data.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
WTF?? Just $ 1000? They harm your computer and waste almost hours of your time and all you can claim is 1k?
Wait before you make comments about the bill making legitimates software illegal. The bill makes installing such software illegal, not producing it. You can still develop ssh and you can still install it on your own computer. You just shouldn't install it on other people's computers without their consent. That seem fair. (Until, of course, someone finds a loophole to exploit it.)
1. Setup insecure windows box.
2. Intentionally get infected with spyware.
3. Profit!
Man, the one chance to say "RTFB!" and you blew it. Good going.
"authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter"
This looks custom made for grievous EULAs for junk like Microsoft's Windows XP and Windows Media Player. Even the nasty Overpeer effort might be overlooked with an attitude like that. So the thing that is fundamentally wrong, doing things to other people's computers without asking them, is explicitly allowed if you are "authorized".
Another section defines "authorized user" and expressly prohibits EULAs as a vehicle:
22947.1.(b) "Authorized user," with respect to a computer, means a person who owns or is authorized by the owner or lessee to use the computer. An "authorized user" does not include a person or entity that has obtained authorization to use the computer solely through the use of an end user license agreement."
The contradiction is clear, how it will play out is not. If I click through Microsoft's Windows updater, have I signed onto having my computer monitored for copyright infringing works? What are security purposes? Microsoft's EULAs clearly grant them power to do these things and exercising those powers is a violation. We will see if some companies are allowed to violate this law while others are punished.
Friends don't help friends install M$ junk.
1. Get a copy of Spybot
2. Run it on all your PC's. Statistically each PC will have on average 28 pieces of spyware on it.
3. DO NOT FIX THE PROBLEMS!!! They are now evidence!
4. Carefully research each piece of spyware found by Spybot to see if you can sue the makers for $1000 each.
5. If you find anything, call your lawyer.
6. Profit!
Typical legal shenanigans, helping out their buddies in the corporate world and screwing over the citizen...
How am I supposed to fit a pithy, relevant quote into 120 characters?
Those programs are not malicious, and there is an even clearer provision made for adminisrative uses. Every program takes over a processor for something in the most strict sense. Even a cookie takes some cycles away from the processor to be loaded or to search for information or send it. OBviously windows and solitaire take over your computer, and obviously pcanywhere type programs allow another computer to control yours, but unless the takover is malicious, without administrative purpose by a business (or ISP for some reason) it isn't a take-over under this law.
Though the intent is a noble one, the law is basically a lawyer's approach to what should be a technological solution. I understand that spyware, et el, is a problem but the Internet is global, this is just "feel good" politics for California. What now? Is every state expected to have its own law? Every country? What a waste of time. Like the can-spam act, this will have little or no affect and more likely it will be used by some powerful business interest to prosecute some kid who's just having fun playing around with stuff.
For once this is a computer law that doesn't supplant technical solutions. Now, spyware that installs itself without you knowing it works only because a technical flaw in the computer and you can penalize it all you want but you won't be getting rid of the vulnerability.
For other things which piggy-back on other programs this seems to be the only feasible way. Since it technically gets installed by hand there's really no hole to plug.
As much as virii and spyware (malware in general) is a problem there should be a clear distinction between what can be penalized and what can't. Things that prey on the gullibility of users should definitely be outlawed like any other con artist's scam. Things that have technical solutions should really rely on technical solutions. Don't fall into the habit of thinking that a strong law will plug your security holes for you.
If squirrels are getting into your birdfeeders don't advocate municipal squirrel destruction, buy a birdfeeder with a squirrel guard. (If you want to shoot the squirrels anyway that's your own prerogative.)
Direct away from face when opening.
Ah. See, that to me is not "taking control". But - damn! - those four conditions pretty much smack all of the points of adware, spyware, etc!
I still see this as a problem, though. Even if the company is a U.S. company who is found guilty of this, if they're not based in California does California have the right to extradite? Well, now wait a minute! That then involves interstate network traffic which puts it under FEDERAL control, and the jackasses in Washington would never make a law similar to this because they have no clue and because it seems to be a well-written law! So, what course of action does California have if the company is not in California?
I'm not even going to touch the notion of the company being out of the U.S., because we all know that nothing would happen in that case.
So, it still brings to mind the question of how effective is this law really going to be?
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
This shows that engineers have failed to do their jobs and the governance of software has fallen into the hands of politicians. This is not good.
"allows customers to seek $1000 in damages "
:
:
...
:
:
- I just made 150 000$ collecting spyware data and you whant me to pay 1000$ , lol ! ( thats the typical spyware attitudes ).
The spammer have the same attitudes
- I just made 50 000$ sending spam and you whant me to pay 1000$ , lol ! ( thats the typical spammer attitudes ).
The oil industry as the same attitudes
- What I just killed the entire echo system of the region and you whant me to pay 500 million , lol I just made 5 billion
I whas raised this way : dont do to other what you would not like to be done to you and dont play with the rights of others they might decide to do the same to you. I am what you call a good citizen ( I have my bad side but it dont affect directly anyone else ).
Those people are criminal, they dont respect other and dont care for others rights. Those methods havent stopped them before.
What I sugest they do is this
First : Identify the spammer AND IS ACCOMPLICE.
Details : a spyware did not come to be installed on your computer by simple hazard.
1) A. You add to visit a site wich whas distributing it.
B. installed or have a software package wich whas including it without your knowledge.
2) You add to be using an OS wich allowed it to be easily installed.
3) A1. Your ISP did not block the spyware from using the service you pay them ( both way ( instal and info sent ) , and did not inform you of a possibility of a strange communication.
A2. The ISP hosting the site is aware they are sending people something.
B. Make sure the OS who let the spyware instal easily knows about it and give them one month for the OS to become impossible to install it , after one month they become accomplice.
C1. The OEM who provided you the software package or the software vendor is often informed of the fact the spyware is there.
C2 the OEM installed the spyware for convenience ( software add value without costing them a cent , they often also get the data).
This means that you have multiple solution of a criminal ( the spyware ) and there accomplice ( ISP , OEM , OS vendor , Software vendor , YOUR ISP )
Some people advocate the death penalty for spyware , spammer and there accomplice I disagree but offer the same in a bussine way
Remove there right to operate , cease all there asset , and close them down.
This way suddenly and magically the ISP start to do its job and monitor is offers , your ISP finnaly work for you and help you stay safe on the internet, the OEM offer you real solution and they all proactively go after the bad guys in fear of becoming there accomplice.
Personnaly I have a problem with corporation who have the same right as human , Its normally used to cover the acts of some smart criminal people in a legal way as to not be prosecuted or pay there taxes. ( not all of them , but reversing the process would clean the trial rooms for real crimes. ) I say make them the opposite , Guilty until proven innocent and if found guilty and they tried to argue double the penalty.
This way the corporate spyware dont reopen in the office space next to its previous office and dont start to do the same thing again. you use to make spyware cant have a business of any kind for ten years.
I am a REAL American from Canada , not a wanna-be from the country , self called "last remaining superpower" "of America
Unfortunately, I don't see how the ban on installation of software that can be used to take over another computer... can be enforced, without completely outlawing any software upgrade service. Maybe the law is better worded than the article, but from experience I have my doubts.
I'm an American. I love this country and the freedoms that we used to have.
YOU ARE DENSE.
Yesterday i read about MPAA and RIAA were sending some media files into p2p networks, wouldn't this law aply to them too? i mean they are sending media files infected with some kind of spy/adware..
I mean really now, I hate MS as much as anyone but you can set off a bomb with a Timex watch. Do you sue Timex for making an unsecure watch, or the people who rigged it to the explosives?
The revolution will NOT be televised.
real world code (laws) have little effect on executable code. what does have effect: better user control of their computer. Let the user decide what gets installed and what doesn't.
That's why I love FOSS. Better control. That's why windows and IE have issues - little user control. The soloution to a lot of the mess out there is to give users better control of their system. It's firefox vs IE that best illustrates the concept. Firefox will be a runaway success in 2005.
Giving the user better control also ultimately requires a security archetecture -- NOT DRM -- that does not exist in Windows. You need to be able to control what rights a piece of software has -- and that has always been one of *nix's strong suits.
-- $G
Why does everybody here just complain that this line doesn't fix that, this line does doesn't fix this. Why doesn't some one here try to actually write the law how it should be written and take it to their State Legislators?
Since when does any law coming from California make sence?
Must be a new year's day prank.
---- Booth was a patriot ----
(d) Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet [...] connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for [...]
Hm, does the whole thing still make sense? (Doesn't the highlighted exception defeat the whole purpose of the bill?)
If it's so secret, then how come I've never heard of it?
As its advertised as to what it is,and it takes the users express intervention to install it..
If theywere to honestly go after something like that, which has the users permission... then even microsoft would be toast.. ever hear of SMS, or even AD? It's all about 'remote control'...
Nah, VNC and related software is safe.. Now if people USE it improperly.. They could be fined, but they would have committed other crimes in the process anyway...
---- Booth was a patriot ----
... Yet.
I can see their new laws now: "Do not install spyware, or Arnold will personally come and terminate you!"
"Adware provider Claria supports the California legislation, according to D. Reed Freeman, chief privacy officer, because the confusion between spyware and adware has eroded consumer confidence and stifled the adware industry."
From the marketing scum themselves: clickz.com
They're trying to convince us that adware is ok, but spyware isn't. How much do y'all want to bet that we see more "adware" companies popping up now?
I wonder how much this will affect the MPAA/RIAA (a few pages back) ;)
bad analogy.
to make the bomb with the watch, you have to do some modifications to the watch - you can't just hot glue it a stick of dynamite and hope for the best.
However - Windows, without modifications is guaranteed to end up with a spyware/malware/adware infection.
This is more akin to: If you your identity stolen, who do you go after - the Government or the guy that is running around ruining your credit?
That's right - you sue the Spyware maker - for they're the ones with malicious intent. (Well, MS isn't so innocent either I guess)
It may be a useless bill, but at least they are trying. I think it is a step in the right direction.
roamingfeet
Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications ...
... the software provider is allowed to monitor your private machine and you connection. This does absolutely nothing to stop spyware-riddled software from being sold to unwitting consumers.
carrier, cable operator, computer hardware or software provider, or provider of information service
So
"Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
"detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter" Hrrrmmmmm.....Sounds like we still can't keep the RIAA out of our computers. Loop holes, loop holes, loop holes.
I came, I saw, She conquered.
i've heard about this law. i just wonder if what the RIAA is doing, http://it.slashdot.org/article.pl?sid=04/12/31/155 3231&tid=95&tid=97&tid=172&tid=17 will be criminalized (as it should be).
Is it 5:30 yet?
The fine is too weenie. They need to do for consumers what they do for the likes of the RIAA and MPAA - give consumers something with which they can beat spyware vendors into submission.
Are you kidding me? Take a brand new computer, and go out there and install all kinds of software which has this junk in it which, naturally, is illegal as of today. Find all instances of said software which violates this law. Contact your lawyer on Monday and start collecting in small claims court. $1000 for each spyware software? Man... I wish I lived in California! I'd be rich!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Now, if this only had something to include adware the fine folks in Cali could take a small chunk out of the RIAA/MPAA and Overpeer.http://it.slashdot.org/article.pl?sid=04/ 12/31/1553231&tid=95&tid=97&tid=172&tid=17
That would be comedy.
While it may be theoretically possible to write a law which would eliminate spyware, you will probably never see it. Just like the anti-spam laws did not stop spam. But the anti-spam laws have reduced spam by quite a bit (and I was very skeptical that they would.) I think it's reasonable to expect a small incremental decrease in spyware for every anti-spyware law that goes onto the books. If we keep passing flawed laws, eventually it will be reduced to a nuisance problem. That's looking like the best we can probably expect in the real world.
Does it make Overpeer or the RIAA into criminals with their trojan software? I sure hope so!
...And Service Pack 3 for Windows XP was released the day after... I wonder why. =)
Fatally flawed.
However, most state legislatures have a few members on a clean up committee, usually called something like a "Legislative Review Committee," to recommend changes to existing law.
I strongly recommend you find out who they are for CA and encourage Slashdotters to lobby them.
Uninstall information must be provided at the point of installation. This can be on the packaging of boxed software, or there must be a pointer to an uninstall file, giving its name and location, at the point of install. The uninstall information must be retained on the computer after the installation process.
No software whatever may install itself without an installation dialog giving the owner of the computer the option not to carry out the install. This dialog must require a second confirmation of installation. The dialog must specify the implications of not installing, i.e. an ISP might decline to provide service if a particular monitoring program is not installed. The dialog must not use any kind of threat or emotive language but must be strictly factual. Dialogs must consist of clear and legible text and buttons which spell out clearly their function. Check boxes, radio buttons or click through text are not permitted.
Any program which communicates with other resources over a network must declare exactly what network resources it uses, and with what resources it will connect. This declaration can be on packaging, or as part of a file which is clearly labeled and can be read before or during the installation process.
I think all reputable software meets or exceeds this standard nowadays, so let us make it mandatory and make it a criminal offense to create, publish or supply software which does not comply. Although this will not stop the creators of adware, spyware and malware, it would provide a consistent offense with which to charge them.
Panurge has posted for the last time. Thanks for the positive moderations.
Well lets consider that it did only allow authorized people to install adware, then what gives people authorization? In the case of the RIAA and MPAA, I'm assuming they wouldn't... but what if someone installed software that had it but didn't mention it on their site or anywhere? Would this bill protect them because you agreed to install their product even if you didn't know about the entire product? If this bill works for only California what would happen if the person targetting you was in another country? How would they get the money? It seems this bill brings up a lot of questions that I haven't seen answered yet.
I wonder if there's a service business in this. Most consumers on their own (hell, even knowledgable people) would have no idea what spyware they had, who made it, and where the company was behind it, let alone have the time/energy to go through the process to get $1000.
But a business organization could amass that kind of knowledge and provide that as a service. You bring in your infected PC, they ID spyware, produce evidence, and you sign over 90% of your bennies to them. They then collect bulk judgements against the spyware people, since they have the resources/organization/information to do so, and then you collect your 10%.
Admittedly it's not much money, but to have an infested machine professionally cleaned, it's not too bad to get a check in the mail for $100 instead of paying for it, especially for Jane Consumer.
how about a law that bans software from bein installed without the user agreeing to a EULA, and also doesnt keep perstering the user to accept a certain license.
Continue hope and waste your energy and time on expecting someone outside of yourselves to solve your problems...
Just make all possible effort by yourself to protect yourself and spread information on how to do it, and the weak shall die out.
At the risk of being too vague (much like the article), I get the feeling this law will be used selectively in cases of "I know it when I see it."
There's a big difference between services that COULD be exploited (SSH, AD, VNC), data-miners or adbots (Claria, MyWebSearch) and the real nasties.
Think CoolWebSearch *spit!*, VX2/NicTech and SecondThought. Each of those is considered malicious software in addition to spyware/adware because they install via exploits and use backdoor access to generate revenue.
SecondThought can change your start page to kiddie porn. That is a major liability. CoolWebSearch is next to impossible to remove. VX2 compromises Winlogon: it's a rootkit. The methods by which these things work already fall under the existing definition of computer crime.
Given the absolute corrupt nature of the American and especially the California legislative process, it must be assumed that any bill (the USA term for proposed law) goes through a strict corporate analysis and review and anything even remotely critical or of possible concern to the benefit of the corporate structure will be removed or neutralized by admendment.
If you can accept this idea then you can realize that it is now impossible to get any progressive or consumer friendly bills passed into law or signed uber-menschen killer robot corporate-controlled governor of California.
Forget about using the legislative branch to get laws passed to protect your interests. In the new, corporate-controlled America, it's just not going to happen.
Consumer protection will only come now from concerned and active private groups. And more often than not, these groups and their activities that go against any corporate interests will be declared illegal by corporate-controlled legislatures and the people involved will be labeled 'terrorists' by the corporate-controlled media.
Just get used to it because it is the way that it is going to be. Here's a simple rule-of-thumb for cutting through the Fox News BS about who is and who isn't a terrorist: people who do things that result in the murder of other random innocent people are real terrorists. People that just make work for corporate lawyers through meaningless symbolic protests are not.
Just remember the old Soviet expression: "Pravda nyet Isvestia, Isvestia nyet Pravda" (Truth is not News, News is not Truth)[ - a pun on the two top Soviet newspapers of the cold war era].
Now Adaware and Spybot can finally get paid if states would let Adaware and Spybot represent affected computer users. Something like 20% to Adaware or Spybot and 80% of the 1000$ to the affected user or the user's charity of choice may be good enough incentive to "make it stop".
As has been explained by the posts above, any bill outlawing spyware suffers from at least one of two fundamental flaws:
I think we'd be much better off leaving the government out of this one. I should have the right to install anything I want on my computer, and software companies should have the right to produce anything they want to meet that demand. Caveat emptor, the most you should be entitled to is a refund if you're not happy with the product. And if the price was free, well, then you can get nothing back.
Does this legislation apply to software in Set-top boxes and/or cable-modems that reports what is watched or surfed? Is there legislation that does apply to software that monitors what is watched or surfed by users of set-top boxes and/or cable modems? Such information is collectable without the explicit knowledge of most digital set-top boxes and cable-modem users, and it is easily traceable to the user's account (i.e., the name and address, etc.) of the watcher/surfer.
Software dosn't care about laws when exploiting vulns to gain access to another computer.
In other news...
The Federal Government has signed into law the CAN-SPYWARE act, which effectively over-rules all existing anti-spyware laws.
The new act requires that all claims against spyware companies be filed by the manufacturer of the operating systems affected. The new law also requires all installed software to include a valid company name and contact information to be considered non-spyware.
Our legislators have are touting this law as proof of their commitment to protect us against spyware.
If you downloaded spyware inadvertently, how would you actually go about collecting the $1000? Whom would you even collect it from?
I don't even have to read more than the few sentences posted here. Considering the whole purpose of the legislature these days of capitalist enlightenment is to ensure businesses can rifle through our wallets with impunity and our whole job is to consume, I am sure every commercial entity will find the loop holes since I am sure 'they ' and their lobbyists crafted this self-contradicting nightmare bill. Its 'feel good' legislation at its finest. Kind of like invading Iraq: it didn't solve anything, but it made the public feel good for a while. I'll bet no one is ever prosecuted under this--ever. Even the RIAA's putting spyware in WMA files on P2P hosts will be exempted I am sure.
This isn't a law designed to protect consumers. They are going to use it only a few times to beat up on a few companys, to try to intimidate the majority of others, for a brief political gain. Then it'll just fade away.
This bill is not necessarily a right or good advancement since, if enacted, opponents to the spirit of this type of legislation could then point to the existence of this (ineffective) version to abate discussions on any new versions with teeth, with the legislative result of allowing abuse to continue under the guise of protecting citizens.
There are 1.1... kinds of people.
I think you've hit on something. Unlike other industries, there are no legally mandated quality standards for software; rather amazing, considering the way computers have infiltrated almost every aspect of modern life.
Also, we have legislators who have no fundamental understanding of computers. To use the tired car analogy, early laws surrounding automobiles were ridiculous (like "person with bell must walk 50 yards in front of vehicle as a warning") because of ignorance, we are seeing the same kind of thing now with computers. It will be at least 20 years before we have legislatures that are even close to conversant with the technologies, so we can expect a lot of dumb laws between now and then.
PS Pantagruel says "hi"
If you want the government to babysit you while you use your computer it's the right direction, maybe. Personally I'd rather get the government out of regulating software.
still so far after years...
The programs are so sophisticated they change frequently and become impossible to eradicate.
With the right programs, they won't come around.
Also, there goes IE. So many ways to be taken over by spyware from IE depending on the user.
What's next, thousand-dollar fines for viewing /.?
I think Russia and China are out of CA's juristiction
One good thing that came out of all the recent spyware is the emergence of firefox as a viable alternative to IE.
Similarly, if the holes in Windows continue to get exploited, maybe people will consider moving to better OSes.
Rather than forcing things using the iron hand of law, we should let the free market have its way.
In the end, the invisible hand is the most gentle and effective hand of all.
All your favorite sites in one place!
Just remember the old Soviet expression: "Pravda nyet Isvestia, Isvestia nyet Pravda"
;-)
s/nyet/nye/g
While I don't consider myself fluent in Russian, even I was made uncomfortable by this one. It's a lot like if you were to say in English "Truth is no News, News is no Truth". A lot of native speakers would at first be puzzled at what you're trying to say. But if you had a strong enough accent, they'd probably figure it out.
(We have a cockatiel that my wife named Milo, "po-chemu on takaya milaya ptitsa." And she also claims to not speak Russian.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
which was a Good Thing for people who owned fax machines about a decade ago. Junk faxes were about to make faxes useless just as fax machines were becoming affordable and many small businesses were getting them, but they virtually disappeared from the face of the Earth when this became law. The only reason junk faxes still exist at all is not enough people are aware of the law.
This may not work as well for malware, as many of the creators are not only NOT in California, they're not even in the USA.
Tag lost or not installed.
It only works as long as the spyware comes with an email address.
If you read the whole sentence though, all those entities can only monitor your computer for the purposes described, such as repair or authorized updates.
The scary thing about that is pointed out in the post just below yours: one of the purposes for which basically any program is allowed to monitor you is "prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software." Say hello to a wave of RIAA-sponsored MP3-eating worms that are protected by law... wonderful.
Even when companies & websites do openly disclose that they will install spyware (not their choice of wording of course) the average user doesn't read EULAs or privacy statements and probably wouldn't understand or care if they did read it.
Essentially it will/would require users to accept some form of personal responsibility in reading and evaluating such statements and since most of them can't even be convinced to click on Help to help themselves or learn something it's a lost cause.
The proposed $1K fine is a mere drop in the proverbial bucket and is not a sufficient penalty to deter a company from engaging in such practices.
And finally, I don't believe a case of this type could be successfully litigated, particularly since the preservation of evidence would certainly not be the goal of any end user who found themselves infected with such software. This would leave them pretty much without any proof and the entire thing would devolve into an embarassing display of ignorance and hubris.
Thus spake the SysGoddess
What's a B?
The RIAA ad campaign has put out another announcement:
When your not consuming
You're supporting COMMUNISM.
Like its predecessor, it had a devilish looking man and a hammer and sickle.
What is interesting is that 1, 2, and 3 are already illegal by federal law, and are aimed toward viruses, worms, and scams rather than spyware.
However, #4 is truly the interesting one. This is the supposed spyware one, but doesn't apply to any known spyware. This looks more like its against pagejacking, which doesn't require any software installed at all; simple JavaScript will suffice. At its best, it could be used against some really obnoxious adware, but not spyware.
I don't see anything here that has the slightest thing to do with spyware.
The
First Tracking, RIAA has been trying to track people down for years. It took some major legal work to get the name to go with the I.P. addresses Second Even if they manage to track the offender, you might have legal jurisdictional problems. The "I love you" virus was made by a kid in the Philippines which has no law against it. It is legally impossible to prosecute the kid.
Are there any slashdotters willing to join my class action suit? We'll sue becuase Microsoft Admits XP Media Player Spies on Users.
Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's (emphisis mine) Internet ... prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software
The way I read it is your ISP can monitor you for illegal activity, but a third party like the RIAA can't; of course if your file shareing with a P2P app, your announce your activity to the world in general, by using a program you installed with informed consent and your therefore fair game if it narcs you out and they are just listening.
Apocalypse Cancelled, Sorry, No Ticket Refunds