Slashdot Mirror
California Sets Fines for Spyware
aj50 writes "The BBC has the story that California is introducing new laws to help eradicate spyware. The bill bans the installation of software that can be used to take over another computer and allows customers to seek $1000 in damages if they've fallen victim to this kind of malicious software. Can this really help cut down spyware or will it just be another fatally flawed piece of legislation?"
What is "malicious software?" What about VNC? I mean in a way that will "take over" your computer, are they liable?
Among other things, this bans unauthorized installation of keyloggers, spam sending/relaying software, zombies, and disabling your anti-virus or anti-spyware software.
However, and this is a big however, they grant a blanket exception to your ISP or network admins. "Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, repair, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter."
You could probably drive a truck through a loophole like that.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Spyware is considered by computer experts to be one of the biggest nuisance and security threats facing PC users in the coming year.
Unfortunatly the average computer user doesnt know this
The fine is too weenie. They need to do for consumers what they do for the likes of the RIAA and MPAA - give consumers something with which they can beat spyware vendors into submission.
But that won't happen because they don't really give a shit about "consumers" as long as they continue to consume. When we consume we fulfill our political function.
If you define spyware as they say in the article as "the installation of software that takes control of another computer." then it sounds broken already to me
Spyware does not have to take control of a computer.
It can be as simple as sending back browsing habits so cookies can, even, be not so far away from some spyware then,
Or it can just send credit card details or other browsing habits or snoop in places it shouldnt. All without "taking control" of another computer.
The devil is in the details. I would like to see what kind of software it really is defining as spyware.
Great Macintosh Support
What's stopping me of 'getting infected' with some adware / spyware / malware and claim the money? Is there some legal procedures to go throught? How are they gonna prove that I didn't install them?
Eureka Science News - automatically updated
The state's Consumer Protection Against Spyware Act bans the installation of software that takes control of another computer.
I'm really concerned about this type of language. The effectiveness of this really comes down to "How do you define 'takes control'?" Snooping where you go in the Internet is not "taking control". I don't even know that pop-up advertisements can really be called "taking control" since I have ultimate control over the power button as well as the network plug in the back of the computer. Even if there is spyware installed, I have control over installing another browser or installing spyware removal software. VNC, PC Anywhere, and other such tools are meant to truly "take control" of a system, but they're obviously not spyware. I'm also concerned about spyware being used at the threat. I would think that viruses and spambots would me the obvious targets, but do they "take control" or do they just "steal CPU cycles"?
The article didn't go into great detail on this particular matter. How can one really define "taking control" if something ever goes to court on this? Or is it possible that this was just a bad choice of words on BBC's part?
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
Now that I think about it, there are several very difficult problems with such legislation. AMong the hardest to define, however, would be what constitutes "taking over".
Let's face it, we all know some idiot users out there who do things that are just dumb (like clicking on that "Yes" button for GATOR's new and improved super-duper piece of $#!+). With that installation comes a whole host of things but the user did knowingly and willingly click on that "yes".
Now normally I'd say that this doesn't constitute an excuse. If I am caught speeding, I can't plead to the cop -- "Sorry I didn't know 200mph was speeding!" Computers are, however, rather mysterious beasts to most and thus legislation can be harder to define.
This cracks me up. If I steal a car, and the brakes don't work, so I get to sue the guy who made the car ?. Crime or no crime, you are D/L'ing a file "illegally", and you want to complain when it messes up your computer ?
Save a Life. Donate Blood. Please.
RIAA/MPAA contractors using spyware.
EvilCON - Made Famous by
When you allow a story about some bill on Slashdot, cite the bill, or provide a link. Stories like this are useless.
A more appropriate analogy would be if a person purposely cut the brakes on their car knowing that it would get stolen, with the intent to hurt the person stealing the car. In this case yes, the person who cut the brakes is responsible for their actions.
The RIAA are offering the infected WMA files, so no copyright law hs been broken. Now you may have had the intention of downloading copyrighted material illegally when you searched for the file, but intent does not mean a law has been broken. Even tho you may be under the impression the file is illegal, the copyright owner has given it to you, so its veyr much legal.
This shows that engineers have failed to do their jobs and the governance of software has fallen into the hands of politicians. This is not good.
I mean really now, I hate MS as much as anyone but you can set off a bomb with a Timex watch. Do you sue Timex for making an unsecure watch, or the people who rigged it to the explosives?
The revolution will NOT be televised.
As its advertised as to what it is,and it takes the users express intervention to install it..
If theywere to honestly go after something like that, which has the users permission... then even microsoft would be toast.. ever hear of SMS, or even AD? It's all about 'remote control'...
Nah, VNC and related software is safe.. Now if people USE it improperly.. They could be fined, but they would have committed other crimes in the process anyway...
---- Booth was a patriot ----
It may be a useless bill, but at least they are trying. I think it is a step in the right direction.
roamingfeet
Fatally flawed.
However, most state legislatures have a few members on a clean up committee, usually called something like a "Legislative Review Committee," to recommend changes to existing law.
I strongly recommend you find out who they are for CA and encourage Slashdotters to lobby them.
If you read the whole sentence though, all those entities can only monitor your computer for the purposes described, such as repair or authorized updates.
The scary thing about that is pointed out in the post just below yours: one of the purposes for which basically any program is allowed to monitor you is "prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software." Say hello to a wave of RIAA-sponsored MP3-eating worms that are protected by law... wonderful.