Slashdot Mirror
California Sets Fines for Spyware
aj50 writes "The BBC has the story that California is introducing new laws to help eradicate spyware. The bill bans the installation of software that can be used to take over another computer and allows customers to seek $1000 in damages if they've fallen victim to this kind of malicious software. Can this really help cut down spyware or will it just be another fatally flawed piece of legislation?"
Would they seek damages from the spyware manufacturers? Or from the OS designer who designed a less than secure OS?
Regardless of how you feel the question should be answered, will that be a choice?
libertarianswag.com
The RIAA should be fined millions for their infected WMA files.
The question is will the **AA adhere to this law, or will they find a convenient loophole/exception?
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Or "software provider" which would cover the spyware authors themselves. Surely Claria Corporation is a software provider.
Support the First Amendment. Read at -1
or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software proscribed under this chapter
I think they just made it explicitly legal for the MPAA, RIAA, or BSA to install spyware on your computer to counter copyright infringment. What a shame, a rotten egg in a perfectly good law.
Without a proper flamewar, Anonymous was undecided on what shell to run.
You can drive a truck through that loophole.
"Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service ... by a ... computer hardware or software provider, ... or detection or prevention of the unauthorized use or fradulent or other illegal activities in connection with a network, service, or computer software."
The part in bold essentially makes any spyware that is bundled by a software provider (Kazaa, GAIN, etc.) or hardware provider legal. This is actually a win for the spyware industry, as it moves them out of a gray legal area and makes them officially legal. The second bolded portion makes any spying done by the *AAs (or any other copyright holder) legal.
Definately not a good thing for the consumer.
I don't really know much about spyware as I don't use windows but my understanding is that much of the legit programs collect personal information for marketing purposes. These programs must call home to upload what they collect. Why hasn't anyone written spyware spoofing software that uploads lots of invalid or better yet, simply incorrect data.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Yes, but only if it is for "detection or prevention of the unauthorized use or fradulent or other illegal activities in connection with a network". Collecting statistics for advertising purposes doesn't count. They might try for dual use, but the law actually makes the second use illegal.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"For once this is a computer law that doesn't supplant technical solutions. Now, spyware that installs itself without you knowing it works only because a technical flaw in the computer and you can penalize it all you want but you won't be getting rid of the vulnerability.
For other things which piggy-back on other programs this seems to be the only feasible way. Since it technically gets installed by hand there's really no hole to plug.
As much as virii and spyware (malware in general) is a problem there should be a clear distinction between what can be penalized and what can't. Things that prey on the gullibility of users should definitely be outlawed like any other con artist's scam. Things that have technical solutions should really rely on technical solutions. Don't fall into the habit of thinking that a strong law will plug your security holes for you.
If squirrels are getting into your birdfeeders don't advocate municipal squirrel destruction, buy a birdfeeder with a squirrel guard. (If you want to shoot the squirrels anyway that's your own prerogative.)
Direct away from face when opening.
"allows customers to seek $1000 in damages "
:
:
...
:
:
- I just made 150 000$ collecting spyware data and you whant me to pay 1000$ , lol ! ( thats the typical spyware attitudes ).
The spammer have the same attitudes
- I just made 50 000$ sending spam and you whant me to pay 1000$ , lol ! ( thats the typical spammer attitudes ).
The oil industry as the same attitudes
- What I just killed the entire echo system of the region and you whant me to pay 500 million , lol I just made 5 billion
I whas raised this way : dont do to other what you would not like to be done to you and dont play with the rights of others they might decide to do the same to you. I am what you call a good citizen ( I have my bad side but it dont affect directly anyone else ).
Those people are criminal, they dont respect other and dont care for others rights. Those methods havent stopped them before.
What I sugest they do is this
First : Identify the spammer AND IS ACCOMPLICE.
Details : a spyware did not come to be installed on your computer by simple hazard.
1) A. You add to visit a site wich whas distributing it.
B. installed or have a software package wich whas including it without your knowledge.
2) You add to be using an OS wich allowed it to be easily installed.
3) A1. Your ISP did not block the spyware from using the service you pay them ( both way ( instal and info sent ) , and did not inform you of a possibility of a strange communication.
A2. The ISP hosting the site is aware they are sending people something.
B. Make sure the OS who let the spyware instal easily knows about it and give them one month for the OS to become impossible to install it , after one month they become accomplice.
C1. The OEM who provided you the software package or the software vendor is often informed of the fact the spyware is there.
C2 the OEM installed the spyware for convenience ( software add value without costing them a cent , they often also get the data).
This means that you have multiple solution of a criminal ( the spyware ) and there accomplice ( ISP , OEM , OS vendor , Software vendor , YOUR ISP )
Some people advocate the death penalty for spyware , spammer and there accomplice I disagree but offer the same in a bussine way
Remove there right to operate , cease all there asset , and close them down.
This way suddenly and magically the ISP start to do its job and monitor is offers , your ISP finnaly work for you and help you stay safe on the internet, the OEM offer you real solution and they all proactively go after the bad guys in fear of becoming there accomplice.
Personnaly I have a problem with corporation who have the same right as human , Its normally used to cover the acts of some smart criminal people in a legal way as to not be prosecuted or pay there taxes. ( not all of them , but reversing the process would clean the trial rooms for real crimes. ) I say make them the opposite , Guilty until proven innocent and if found guilty and they tried to argue double the penalty.
This way the corporate spyware dont reopen in the office space next to its previous office and dont start to do the same thing again. you use to make spyware cant have a business of any kind for ten years.
I am a REAL American from Canada , not a wanna-be from the country , self called "last remaining superpower" "of America
Unfortunately, I don't see how the ban on installation of software that can be used to take over another computer... can be enforced, without completely outlawing any software upgrade service. Maybe the law is better worded than the article, but from experience I have my doubts.
I'm an American. I love this country and the freedoms that we used to have.
$1000 would allow action to be taken against the perpetrators in small claims court where only a subpoena needs to be served and criminal intent doesn't need to be proven.
You need to certify the class, then go to court to fight the 'bad guys.'
If and when a small number of individuals win in small claims court it may set the groundwork for a precedent to be set
$1,000? That's small enough for a small claims court. Things are a bit easier in small claims court. Imagine the impact of a million small claims court cases vs one large class action lawsuit where the only one that wins are the attorneys.
Open Source Java DAO Generator
Plus he didn't even read the article. He wrote: "Spyware does not have to take control of a computer.
It can be as simple as sending back browsing habits so cookies can, even, be not so far away from some spyware"
But the law disallows such actions.Many other specific malicious actions are called out and criminalized.
Nothing in this section shall apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications ...
... the software provider is allowed to monitor your private machine and you connection. This does absolutely nothing to stop spyware-riddled software from being sold to unwitting consumers.
carrier, cable operator, computer hardware or software provider, or provider of information service
So
"Because Science" is one step from "Because old book". Try "Because of my experiment testing my falsifiable assertion".
i've heard about this law. i just wonder if what the RIAA is doing, http://it.slashdot.org/article.pl?sid=04/12/31/155 3231&tid=95&tid=97&tid=172&tid=17 will be criminalized (as it should be).
Is it 5:30 yet?
At the risk of being too vague (much like the article), I get the feeling this law will be used selectively in cases of "I know it when I see it."
There's a big difference between services that COULD be exploited (SSH, AD, VNC), data-miners or adbots (Claria, MyWebSearch) and the real nasties.
Think CoolWebSearch *spit!*, VX2/NicTech and SecondThought. Each of those is considered malicious software in addition to spyware/adware because they install via exploits and use backdoor access to generate revenue.
SecondThought can change your start page to kiddie porn. That is a major liability. CoolWebSearch is next to impossible to remove. VX2 compromises Winlogon: it's a rootkit. The methods by which these things work already fall under the existing definition of computer crime.
Now Adaware and Spybot can finally get paid if states would let Adaware and Spybot represent affected computer users. Something like 20% to Adaware or Spybot and 80% of the 1000$ to the affected user or the user's charity of choice may be good enough incentive to "make it stop".
I don't even have to read more than the few sentences posted here. Considering the whole purpose of the legislature these days of capitalist enlightenment is to ensure businesses can rifle through our wallets with impunity and our whole job is to consume, I am sure every commercial entity will find the loop holes since I am sure 'they ' and their lobbyists crafted this self-contradicting nightmare bill. Its 'feel good' legislation at its finest. Kind of like invading Iraq: it didn't solve anything, but it made the public feel good for a while. I'll bet no one is ever prosecuted under this--ever. Even the RIAA's putting spyware in WMA files on P2P hosts will be exempted I am sure.
If you want the government to babysit you while you use your computer it's the right direction, maybe. Personally I'd rather get the government out of regulating software.
which was a Good Thing for people who owned fax machines about a decade ago. Junk faxes were about to make faxes useless just as fax machines were becoming affordable and many small businesses were getting them, but they virtually disappeared from the face of the Earth when this became law. The only reason junk faxes still exist at all is not enough people are aware of the law.
This may not work as well for malware, as many of the creators are not only NOT in California, they're not even in the USA.
Tag lost or not installed.