Slashdot Mirror
House To Enact Anti-Spyware Law
Stephen Samuel wrote to mention that the U.S. House of Representatives has readied the aptly acronymed Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) for law. MS-BS has an article claiming that the bill allows a loophole for the makers of proprietary software. The issue at hand concerns Section 5, paragraph b, subsection 2, under the heading of limitations. The law does not apply to: "(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon (A) initialization of the software; or (B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software." The law, then, would disallow Gator and their ilk but would not hamper Microsoft's Genuine Advantage Program. More complete commentary is available at TechReview and About.com.
What about all those who signed the Gator/Gain network EULA which prohibits the removal of said spyware/adware from PCs?
Sure, some of the "legitimate" US companies pushing this stuff will obey the new law, but it's not going to do a thing to stop people in other jurisdictions or criminals who just don't care what the law says.
Kind of like "Gun Control" I might add.
Ha, ha! Nobody ever says Italy.
Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
So wouldn't this be the SPY ACT Act?
Are these the same people who scream about having their PIN Numbers stolen at the ATM Machines?
Once again the US leads the way in contrived acronym terms.
Spyware will be "legal", just like the CAN-SPAM act...
Thank you for your stupid technology laws, American Congress!
I would like to see a bill that prohibits congress from awkwardly wording bill names to create acronyms.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
...does copy protection / product activation of purchased commercial applications have to do with spyware?
Submitter picked the wrong week to stop sniffing paint.
Two positive thoughs on this.
One - if written and applied correctly in the US, at least it is a legal tool against some of the spyware, making it more costly for them.
Two - if it's somewhat successful, it may make Congress look back at CAN-SPAM and fix it.
Okay I'm optimistic here.
Bonzie Buddy loves children!
"SPYACT kills cute furry pets" campaign.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
How people with a mean age over 50 are aware and able to assess the current state of malware/ spyware in America? That is what I love about our republic -- we elect these people to make law that protects us. Sadly, as happens so often, this appears to be another case where lack of information has lead to the drafting of a law that opens more loopholes than it closes.
Kudos to you US House/ Senate -- another bang up job.
Spyware is a technical problem. Congress and the public should have learned from the CAN SPAM act, more accurately called "You Can Spam" Act. Spam is at an all-time high.
People don't read click-thru licenses now, what makes anyone think they're going to read them in the future?
The antivirus companies, who already have the technology and infrastructure, need to extend their scanning of executables to include ANY software that collects data and phones home. Make a big list and update it with the AV updates. When anything is installed that hit the list, pop up a big "POTENTIAL SPYWARE - ARE YOU SURE?" box.
Yet another "vote for me, I feel your pain" law isn't going to do anyone any good.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I can't wait for the Congress to protect us from spyware as effectively as they've protected us from spam.
--
make install -not war
I can only hope that this piece of legislation is considerably less effective than the CANSPAM Act. Compliments of the CANSPAM Act, spam is worse. We don't need another cure like that. If the U.S. Congress is our only hope of rescue from spyware, just shoot us now rather than prolong the misery. After all, this crew is the same one that brought us the DMCA and we all know what a resounding success that has been!
Or not. Your mileage may vary.
You must be the change you wish to see in the world - Ghandi
Honestly, why is it that every time the commercial entity of Microsoft, which is not a non-profit organization, tries to prevent people from illegally using their work without compensation, they are evil? Don't you think a company has a right to make sure that people pay for their work? Microsoft has an army of programmers working for them to write software, and every time Microsoft tries to prevent people from stealing this work and making it useless, they are the bad guy. What kind of alternate universe do you guys live in?
Le français vous intéresse?
Securely Protect Yourself is the name of the game here. This law won't do anything to actually stop spyware, as it will probably only affect companies run out of the US. In case they haven't figured it out yet, the Internet is global. The best solution is to just protect yourself by learning basic computer skills such as don't install everything you see and use browsers that don't allow arbitrary code with full system access to be run on your computer.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Just like the can-spam act increased the amount of spam, this'll increase the amount of spyware.
I say we just track the f'ers down ourselves and put them out of their (our) misery.
-- Liberalism is a mental disorder.
This won't be hard to get around. Every user is by now thoroughly desensitised to seeing click-through EULAs for any software they install. So, after this law, paragraph 135.62.4.3.1 on the EULA for your latest Swimsuit Babes Screensaver package is "Oh yeah, and we're sticking Gator on your PC as well, ok?"
User, as ever, scrolls to bottom of 100 page document in 3 seconds flat, clicks agree, and off we go as before.
If 'technology' patents in the EU end up as silly as those in the US, we could probably stop spyware/adware by patenting
"A program that installs itself without the user's knowledge, possibly by coming bundled in another package, monitors the user's internet activity and then displays (un)targetted advertising"
Could probably stop spam too similarly.
Patent adverts and compulsary user-registration and we wouldn't need the adblock and bugmenot extensions.
Actually, there is no problem with this, and it is not genuine spyware tactics. Sorry if I start a flamewar here, but if you insist on using Windows, then you should be paying for it and they have every right to inspect your machine to see if you are. This is the aggreement you sign up to.
Also, I don't see how this affects programs loke Gator as g. parent suggests. They are playing by the same rules. If their software doesn't comply, they should be able to make changes without significantly altering it.
Anyway, it's not my problem I don'r use Windows. Good luck!!.
Anyway, spyware will probably find a way to evolve with this..
This, like Can Spam and others, will have no effect until it starts putting people in prison for some Mitnick-style hard time. It will be especially effective if it puts people who wear suits to work into prison. Until that happens, it is to laugh.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Will governments be excluded from using these methods too? I bet not.
So now MicroSoft will have a monopoly on spyware too! Oh Great. ;-)
Securely Protect Yourself Against Cyber Trespass Act eh?
How long do they spend coming up with acronyms like this?
I cant belive it. They are doing something for us...they must be making up for all the crap laws about they internet they are about to pass! = )
Good Karma, Bad Karma, doesnt matter to me... I'm still going to say whats on my mind!
I think I see the loop hole, it is the gates in the bill....one could call it a software gate, that runs the bill....
Not sure, but in previous bills that were being introduced, the term "Protected Computer" meant any system under the control of a financial institution. It had nothing to do with the general users of the public.
I'd take a long hard look at exactly what goes into this bill.
...how can you call yourself an American? /sarcasm
It seems like lawmakers like trendy acronyms (PATRIOT Act, CAN-SPAM, etc.) that disguise undesirable things behind a hard-to-challenge facade.
Didn't vote for the PATRIOT Act?
Still, I'd be much happier with names like "HR-98-101" or something similar.
The trouble seems to be:
1. That MS (or whoever) gets to search my private property without evidence -- or even probable cause -- even though there's no illegal software on my computer.
2. That if MS can do it, so can any fly-by-night company that is set up purely for the purpose of spying on me through my computer, once I install their software.
Exam 4/C again. Maybe I'll do better this time.
I propose we have congress pass a law making it illegal to pass off spyware without having a confirmation "Do you accept to install this activity monitoring software?". Granted this won't help with idiots who blindly click through everything during install, this would greatly make hidden spyware less hidden.
Hiding spyware in EULAs is distasteful and dishonest at best. This damned act still lets that pass.
[!] No, I can't see my comments. They are not worthy of +3 moderation.
Noone likes spyware.
They pass laws to outlaw it.
Laws make no difference.
Good job Congress. Nice to see you occasionally come up for air while you're fluffing the special interests.
I've started a cash-only side business cleaning up spyware/viruses/crapware from frends and family members PCs. Despite my repeated suggestions to stop using Kazaa and IE, and to switch to a Mac, they insist on keeping their Windows.
Fine with me. It means an extra $200 - $300 CASH every month for me.
I love spyware.
Section 2(a)(5) says:
(It is unlawful for any person, who is not the owner or authorized user of a protected computer, to engage in deceptive acts or practices that involve(s))...
So... since MS claims that it's necessary to run Windows in order to run Office components, and since WINE amply demonstrates that it's not...
then any MS claim that Windows is necessary in order to run Office (or to access documents created in Office components) violates this bill...!?!?!
mmm... yeah... You see, we're putting the cover sheets on all TPS reports now before they go out...
but that Genuine Advantage deal is sticking in my craw, and that's what I typed out, when thinking of Office...
mmm... yeah... You see, we're putting the cover sheets on all TPS reports now before they go out...
So don't install some fly-by-night company's software.
Le français vous intéresse?
And yet sometimes they truly fail... who ever thought it was a good idea to create the Comittee to RE-Elect the President aka CREEP?
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Of course it is. That's the point.
Thank you, Captain Obvious, for proving that there is no joke that can't fly over the head of the average idiot.
Did the Department of Redundancy Department come up with this?
END OF LINE
Why, it's those cut ups from the BSA.
step 1. create loophole for self to aggregate information from unsuspecting end lusers.
2. offer spyware removal tool to assist said end luser in hanging self.
They can protect their property. The objection is that I have an equal right to protect MY property from MS intrusion. However, I don't have the means to bribe Congress to give MY rights precedence over MS's. I wonder if Koreaman would applaud a law allowing Ford Corp to randomly break into garages because there have been thefts of Tauruses?
They're allowed to monitor whether you're legally running their software. They're not allowed to spy on you in any other way, regardless of whether it's Microsoft or "any fly-by-night company" doing it. Not only isn't the slope slipperly, there isn't even a slope here.
Don't blame me; I'm never given mod points.
I wonder how many man hours and tax dollars were spent in coming up with a nifty acronym. Money could have been saved by just calling it the Anti SpyWare Act
News Reporters Make Tasty Polar Bear Treats!
We're working on naming a bill which deals with the Nigerian 419 scam -- the Fraudulent and Unethical Computerized Kiting Organizations Filtering and Forwarding Act.
Also, the Detect and Identify Email According to Selected Spyware Heuristics On Local EMail Servers Act may be introduced at some point.
against bill names that form acronyms. Of course the penalty woulf be death, since it is a blatant attempt to destroy the democratic proccess.
-- 'The' Lord and Master Bitman On High, Master Of All
This a US law.
They'll need a clone of this bad law in every country.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Such as GAIN (producers of Gator).
If this is made illegal it _will_ make a dent. It will also significantly reduce the number of companies willing to advertise with a spyware vendor; if GAIN is made illegal no legitimate enterprise will buy ads on their network, which significantly reduces their potential profit.
It doesn't completely fix the problem, sure, but to say that it does nothing is simply not true.
soon to become:
with an inevitable transition to:
I really don't care what they call it, what's important is if they can enforce it! The CAN-SPAM act has had some results, but it is still a far cry from stopping the majority of spam. The question lies in whether this bill is going to be used to prosecute the people resposible for the spyware, or if it's just been made to make people think that the government is going to address the issue.
- "I reject your reality and substitute it with my own", Adam Savage
I hope the House and other responsible parties look carefully at the wording of their law: it should permit a discreet interaction, and restrict annoying discrete intrusions.
This could be as awesomely effective as CANSPAM was.
...what? it wasn't?
The "Insert Quote Here" line is almost as predictable as inserting an actual quote.
Much as I hate Genuine Advantage, it is good that things like that are explicitly allowed. Of course, there should be some sort of notification that this is happening (which, with Genuine Advantage, I believe there is). Apple has a similar feature when you make an Installer Package. When you run it, the user will see a dialog that says something like "This Installer needs to run a program to see if it can be installed, is that ok?". The program can either be a simple version check of the OS, or it can be something that checks for an older version of the software before updating, etc. I've used it in some projects to check for prequisites and libraries to prevent users from shooting themselves in the foot. If the exception were not in the law, I could easily imagine some company targeting some small FOSS project and claiming that something like that falls under spyware.
There is no sig, there is only Zuul.
I haven't read the entire act, so there may be some subtleties that I'm missing, but the section in question quite plainly states that a vendor could scan your system: "solely to determine whether the user of the computer is authorized to use such software". That would be solely, as in "for the sole purpose of". It doesn't say a word about "taking whatever actions deemed appropriate...". It means that software activation, for example, is permissible; as is checking if software is legit prior to downloading patches or upgrades.
The article's outpouring of paranoia about MS getting a "a quiet, post-election gift" from some legislator is a crock of tinfoil hat-wearing crap.
It needs a good recursive acronym, a la PHP, wine, or pine...
How about SPINELESS?
SPINELESS Prohibition Is Not Exactly Likely to Enhance System Security...
perl -e 'foreach(values %SIG){$_="IGNORE";}while(){}'
that Real is going to have to take RealPlayer off the market?
The flawed UTICA was the opposite. Like today's EULA, it requires me to consult a lawyer and do hours of review and analysis for a piece of software I may have picked out of the bargain bin at Walmart (if we had one in Chicago) for $20. That is absurd. The UTICA was the lawyer full employment act of 2001.
Other areas have this regulation such as credit cards. Did you ever wonder why all the companies were so nice as to provide a boilerplate section indicating their annual fee in easy to read text?
I believe books once tried this stunt with several pages of "license" at the front which generally forbid resale and lending from libraries. The Supreme Court struct this down creating the "first sale" doctrince, which is on life support today.
Therefore, for cheap software (less that $1000) I motion we standardize the EULA's that are permissible. Perferrably to one with a dozen checkboxes for the reasonable variation among verdor wishes. Does anyone care to draft it?
1.) Gator which is now Claria bought a mailbox in bulgaria so they are technically not a us company anymore even though they reside here. If they are not under US jursidiction the law then could not be applied to them if the software is distributed from an oversea's server.
2.) Gator will claim they are not really tracking your urls or keystrokes but are just checking to make sure you are not pirating their software. The clause in italics mentioned in this article can be used by the spammers and spywhere makers to pretend they are offering you a service and checking your membership.
Many spyware companies also use products like bandwith increaser which also include spyware. Since its a service the company who makes it is immune.
http://saveie6.com/
and enforce it with sypware (arent't they in a catch 22 here). Ban OCDs, cameras and everything and get draconian or use spyware to stop others using spyware. The latter is the only way and a dead end. Can we get a few gray cells to think about why it exists before getting rid of it.
No Greater Friend, No Greater Enemy! (Lucius Cornelius Sulla)
This makes me think congress should delegate writing some laws to the community.
Certainly the people who care enough to get involved in such a project could come up with a law that was better and more fair then anything they could write themselves.
And I hate to sound like a broken record but having a unique identification number (or set of nunbers) was also discredited when Intel tried putting one on thier CPUs.
Detect..Idenn...
DIE ASSHOLEMS. What's an Assholem? Is that like a Swedish jerk?
This thing is going to have so many loopholes in it, it will look like swiss cheese. Undoubtly, it will also remove various protections and other such things that are currently in place that do provide some relief from the onslaught. And in the end, you will almost certainly end up with even more of whatever it is that is being addressed with the bill.
good analogy.
even better they periodically check your car to make sure you haven't modified it.
so that would mean no more rice burners. HELL maybe that would be a good thing *calls up ford to tell them to patent car design*
"Anti-Spyware Law"? And how, exactly, is James Bond going to remotely access (and hack into) that looming Death Ray without the proper software? Won't someone please think of the spies!
SPYACT Act is okay, but not as good as GNU.
Congratulations on a completely in-applicable analogy.
What you fail to understand that in the case of Microsoft Windows, you don't HAVE any property. Suprising as it may sound, Micosoft Windows is not the same as a car. You have a lisence to use their product under the terms and conditions they specify. One of these terms is that they reserve the right to verify your instance of Windows is legit. If you don't like these terms, or if you don't agree to them for whatever reason, don't use the software. Nobody is forcing you. Use something else.
Similarly, if you signed an agreement with Ford granting them permission to enter your garage to verify the legality of your ownership of one of their products, you have no right to complain. Go buy a Toyota or something.
Or it'll just offshore all the development and deployment and leave sales operations here in the states. Great! More offshoring! Way to go Congress!
I am sure that the crackers will have an updated version of the latest Windows ISO image on the file sharing networks that removes the MS-Spyware and replaces it with their own Spyware within at least a month of the next Windows release.
Either that or use a software firewall to block access to whatever system program that uses MS-Spyware.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Wow! Not only is the slope slippery, but it seems to be crumbling away right before my eyes!
Basically, after the bill is signed into law, it becomes a public law and is printed as a "slip law" which can be cited in court. After every 2-year session of Congress, the slip laws are compiled in chronological order in the Statutes at Large. Every three sessions (six years), the at-large statutes are organized topically in the United States Code. The last US Code came out in 2000, so the next one is scheduled for 2006.
We just started the 109th session in January (2005 - 1789 = 216 years = 108 sessions prior to this one). That means that if you want to get print copies of laws passed in the 107th and 108th sessions (since 2000), you have to go to the Statutes at Large in your local law library. If you want laws passed by this Congress, you have to go to the slip laws. So far this session, there's only been one: Pub. L. 109-1, "To accelerate the income tax benefits for charitable cash contributions for the relief of victims of the Indian Ocean tsunami."
This post expresses my opinion, not that of my employer. And yes, IAAL.
one comment on: "Nobody is forcing you. Use something else." They actually are because they want to destroy any alternative OS in existence. If they would or able to for computing you would have no choice! So "something else" would be irrelavant either you agree to that Eula from Microsoft or not but this is my opinion in response to your statement.
So it would be in the law that not only are we consumers to be spyed on by virtually anybody, but our machines can be trashed by anybody as well. Who plays God and says that one business is legitimate and who is not? Gator may well gain legal 'respectablilty' in some future courtroom in front of a sufficiently bribed republican judge.
This is not all. In legal matters, we are talking about legalizing trashing the computers of citizens with no hearing or appeal. It would logically follow that any roadblock that the citizen would put in the way of his machine being trashed could become illegal. Firewalls, both hardware and software and especially hardware could and certainly would eventually be made illegal to possess or use under penalty of prison for even suspicion of possession. Internet connection of all computers could and probably would be enforced. In the end, even private ownership of computers could be at risk, all due to the rippling downstream effects of this 'simple' law. Remember the 'Terror' of the French Revolution was run by a committee with a simple name, the "Committee of Public Safety"!
The time spent on coming up with the title is probably more than the time spent on the body. I'm having a hard time finding a loophole in the name, yet I'm sure that many people will quickly find loopholes in the act itself.
SPY ACT act?
Please let me use my PIN number at the ATM machine.
You're wrong. They're clearly not forcing me because I AM using something else. As much as they might want to destroy everything else, they might be able to achieve this dream but enforcing it is very much illegal. Any rabid slashdolt will jump down your throat reminding you of how Microsoft have fell victim to this once before.
Any attempt to circumvent spying on your machine or prevent it will be deemed contrary to the Patriot Act as an attempt to break a security system! You no longer own your computer or control it. The whole thing will become a collection of hardware executed 'licenses' controlled by someone else. Close a port or use a NAT firewall, go to jail. And Gator or CWS have just as much say in what you have on your machine as microsoft or anyone with a business license and some nebuluous business 'plan'. They don't even have to have any reason to believe that you have any software on your system, least of all theirs. They do not even have to have software at all. Say they are looking for data, or a government looking for 'secrets' or 'dirty pictures'. If they can put software on your machine they can plant false evidence on it as well. They could literally dispatch the police to come through your door shooting your wife or husband before they bother to plant the false 'evidence'. This goes double if you are considered a 'pain' by ANYBODY in the local or wider business or government community.
This law won't do anything to actually stop spyware, as it will probably only affect companies run out of the US.
:)
So Congress will force these companies to outsource this coveted hi-tech work? The BASTARDS!
This is not my sig.
OK, folks, let's step back a bit and see if we can see the forest instead of just the trees.
Spyware is something relatively new. Recently, it has become epidemic. People are screaming for relief, from both the lawmakers and the software industry.
The industry has responded, somewhat grudgingly, with limited spyware removal products. None are outstanding.
The lawmakers, as usual, are clueless. Of the hundreds of lawmakers at the state and federal level, only a small percentage are technically savvy. And those that are technically savvy are usually junior, and do not have the political equity or clout to bring about real change yet.
But the lawmakers feel like they have to do something to stem the panic on the part of the people. What are they going to do?
Enter Microsoft. Besides being a number one marketing firm (for their own products, of course) they have one of the finest set of lawyers in the business. Now who better than a small team of Microsoft lawyers could assist the lawmakers with laws concerning this brave new world of spyware?
Of course, I would not put it past Microsoft to engineer small backdoors in the law to allow them to continue doing what they do best-- attempting to take over the entire planet.
Remember, these are the people that write bulletproof EULAs-- do you want them helping to make law now?
although I dislike MS more every day, I've got to say that they're not necessarily benefitting all that much from it. If I understand it properly, it'll prohibit MS from collecting any user information other than whether it's a legal copy or not. I'm sure that if it turned out MS was actually downloading information on what browser you use, or if you read slashdot instead of msn, you could take them to court and win. Because hopefully their EULA doesn't prohibit any specific website, and thus checking where you've been, or what software you have installed is illegal. So, I have to say that this is a decent compromise for both users and corporations fighting piracy. I don't say I encourage MS, I just say it's fair to them. Redhat does the same thing, if I recall. And they should have a right to do so, no matter how ugly their other practices are.
---- I am certain of only one thing : I know nothing else.
Just what we need. Oh wait, I'm having a Mtn. Dew inspired vision....
Department of Computer Related Anti Piracy
A.K.A. D-CRAP.
Ah, where'd that Dew go...
Yes, but what if I want to transfer my lisenced copy of Windows to a different machine, and MS, in its' sole discretion, doesn't think that I have the right to do this (which I most certainly do). Do they have the right to discriminate against me in how they (don't) support their product with security updates? Do they have the right to cripple my installation of their software because they don't think I have a proper lisence?
...because "hacker" sounds way sexier than "code drone."
Which confuses me, given your conclusion that this only protects financial institutions and the government.
When I log into Amazon.com's server--wherever it is (I guarantee you it's not in the state I live in, because I don't pay sales tax on the purchase), that isn't "interstate commerce"? So isn't my computer a "protected computer" (due to the use of "OR" at the end of 18 USC 1030(e)(2)(A)?) Or am I missing something?
I was under the impression (B) was present only to protect the law from violating Article 1, Section 8 "...To regulate commerce with foreign nations, and among the several states..." and Amendment 10 of the Constitution: "The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people."
Many laws and actions performed by the federal government (including many fair labor laws - see the definition of commerce in 17 USC 203(b)) are written in such a way to impact only those companies which have government contracts or do business in multiple states or across state lines. It's up to the states to regulate the small businesses that do not operate across state lines.
No, but if your car, TV, and woman all have GPS units that you can track implanted in them, the fact that I have your car on my property doesn't mean you're violating my rights if you track it there.
Don't blame me; I'm never given mod points.
How does this affect TiVo? My series one box uploads activity logs whenever it calls in for a listings update and subscription check. TiVo promises to use the data anonymously and in aggregate. Does this now become illegal?
Or google's never expiring tracking cookie. It aint there just for your "prefs."
Spyware and datamining need to be controlled, or at least made in a way which gives the user an obvious choice. Same with tivo. I didnt appreciate being put into their datamining program by default. These companies needs to change, and if legislation is the only way to do so, then go for it.
University of London? You silly Brit. Just because your legal system is based on ours doesn't mean that everything that is "valid contract law" over there holds here.
This post written under Gentoo-linux with an SCO IP license.
The House of Representatives doesn't enact laws. This has to pass committees in the House and Senate, full votes in the House and Senate, and then the President has to sign it before it's an enacted law.
No, the President often doesn't have to sign it. Any measure with at least 67 percent bipartisan support in both the House of Representatives and the Senate can in effect go straight over the President's head. People on Slashdot like to keep slamming President Clinton for not vetoing the DMCA and the Bono Act in 1998, without realizing that both houses of the 105th Congress passed both bills by voice vote, which takes 80 percent assent, clearly enough to override a veto should the issue have come back to them.
What's your MAC address, buddy?