Slashdot Mirror
House To Enact Anti-Spyware Law
Stephen Samuel wrote to mention that the U.S. House of Representatives has readied the aptly acronymed Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) for law. MS-BS has an article claiming that the bill allows a loophole for the makers of proprietary software. The issue at hand concerns Section 5, paragraph b, subsection 2, under the heading of limitations. The law does not apply to: "(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon (A) initialization of the software; or (B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software." The law, then, would disallow Gator and their ilk but would not hamper Microsoft's Genuine Advantage Program. More complete commentary is available at TechReview and About.com.
What about all those who signed the Gator/Gain network EULA which prohibits the removal of said spyware/adware from PCs?
Sure, some of the "legitimate" US companies pushing this stuff will obey the new law, but it's not going to do a thing to stop people in other jurisdictions or criminals who just don't care what the law says.
Kind of like "Gun Control" I might add.
Ha, ha! Nobody ever says Italy.
Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
So wouldn't this be the SPY ACT Act?
Are these the same people who scream about having their PIN Numbers stolen at the ATM Machines?
Spyware will be "legal", just like the CAN-SPAM act...
Thank you for your stupid technology laws, American Congress!
I would like to see a bill that prohibits congress from awkwardly wording bill names to create acronyms.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Two positive thoughs on this.
One - if written and applied correctly in the US, at least it is a legal tool against some of the spyware, making it more costly for them.
Two - if it's somewhat successful, it may make Congress look back at CAN-SPAM and fix it.
Okay I'm optimistic here.
Bonzie Buddy loves children!
"SPYACT kills cute furry pets" campaign.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Spyware is a technical problem. Congress and the public should have learned from the CAN SPAM act, more accurately called "You Can Spam" Act. Spam is at an all-time high.
People don't read click-thru licenses now, what makes anyone think they're going to read them in the future?
The antivirus companies, who already have the technology and infrastructure, need to extend their scanning of executables to include ANY software that collects data and phones home. Make a big list and update it with the AV updates. When anything is installed that hit the list, pop up a big "POTENTIAL SPYWARE - ARE YOU SURE?" box.
Yet another "vote for me, I feel your pain" law isn't going to do anyone any good.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I can't wait for the Congress to protect us from spyware as effectively as they've protected us from spam.
--
make install -not war
I can only hope that this piece of legislation is considerably less effective than the CANSPAM Act. Compliments of the CANSPAM Act, spam is worse. We don't need another cure like that. If the U.S. Congress is our only hope of rescue from spyware, just shoot us now rather than prolong the misery. After all, this crew is the same one that brought us the DMCA and we all know what a resounding success that has been!
Or not. Your mileage may vary.
You must be the change you wish to see in the world - Ghandi
Securely Protect Yourself is the name of the game here. This law won't do anything to actually stop spyware, as it will probably only affect companies run out of the US. In case they haven't figured it out yet, the Internet is global. The best solution is to just protect yourself by learning basic computer skills such as don't install everything you see and use browsers that don't allow arbitrary code with full system access to be run on your computer.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This won't be hard to get around. Every user is by now thoroughly desensitised to seeing click-through EULAs for any software they install. So, after this law, paragraph 135.62.4.3.1 on the EULA for your latest Swimsuit Babes Screensaver package is "Oh yeah, and we're sticking Gator on your PC as well, ok?"
User, as ever, scrolls to bottom of 100 page document in 3 seconds flat, clicks agree, and off we go as before.
If 'technology' patents in the EU end up as silly as those in the US, we could probably stop spyware/adware by patenting
"A program that installs itself without the user's knowledge, possibly by coming bundled in another package, monitors the user's internet activity and then displays (un)targetted advertising"
Could probably stop spam too similarly.
Patent adverts and compulsary user-registration and we wouldn't need the adblock and bugmenot extensions.
Actually, there is no problem with this, and it is not genuine spyware tactics. Sorry if I start a flamewar here, but if you insist on using Windows, then you should be paying for it and they have every right to inspect your machine to see if you are. This is the aggreement you sign up to.
Also, I don't see how this affects programs loke Gator as g. parent suggests. They are playing by the same rules. If their software doesn't comply, they should be able to make changes without significantly altering it.
Anyway, it's not my problem I don'r use Windows. Good luck!!.
Anyway, spyware will probably find a way to evolve with this..
This, like Can Spam and others, will have no effect until it starts putting people in prison for some Mitnick-style hard time. It will be especially effective if it puts people who wear suits to work into prison. Until that happens, it is to laugh.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Not sure, but in previous bills that were being introduced, the term "Protected Computer" meant any system under the control of a financial institution. It had nothing to do with the general users of the public.
I'd take a long hard look at exactly what goes into this bill.
...how can you call yourself an American? /sarcasm
It seems like lawmakers like trendy acronyms (PATRIOT Act, CAN-SPAM, etc.) that disguise undesirable things behind a hard-to-challenge facade.
Didn't vote for the PATRIOT Act?
Still, I'd be much happier with names like "HR-98-101" or something similar.
The trouble seems to be:
1. That MS (or whoever) gets to search my private property without evidence -- or even probable cause -- even though there's no illegal software on my computer.
2. That if MS can do it, so can any fly-by-night company that is set up purely for the purpose of spying on me through my computer, once I install their software.
Exam 4/C again. Maybe I'll do better this time.
I propose we have congress pass a law making it illegal to pass off spyware without having a confirmation "Do you accept to install this activity monitoring software?". Granted this won't help with idiots who blindly click through everything during install, this would greatly make hidden spyware less hidden.
Hiding spyware in EULAs is distasteful and dishonest at best. This damned act still lets that pass.
[!] No, I can't see my comments. They are not worthy of +3 moderation.
I've started a cash-only side business cleaning up spyware/viruses/crapware from frends and family members PCs. Despite my repeated suggestions to stop using Kazaa and IE, and to switch to a Mac, they insist on keeping their Windows.
Fine with me. It means an extra $200 - $300 CASH every month for me.
I love spyware.
Section 2(a)(5) says:
(It is unlawful for any person, who is not the owner or authorized user of a protected computer, to engage in deceptive acts or practices that involve(s))...
So... since MS claims that it's necessary to run Windows in order to run Office components, and since WINE amply demonstrates that it's not...
then any MS claim that Windows is necessary in order to run Office (or to access documents created in Office components) violates this bill...!?!?!
mmm... yeah... You see, we're putting the cover sheets on all TPS reports now before they go out...
Did the Department of Redundancy Department come up with this?
END OF LINE
They can protect their property. The objection is that I have an equal right to protect MY property from MS intrusion. However, I don't have the means to bribe Congress to give MY rights precedence over MS's. I wonder if Koreaman would applaud a law allowing Ford Corp to randomly break into garages because there have been thefts of Tauruses?
We're working on naming a bill which deals with the Nigerian 419 scam -- the Fraudulent and Unethical Computerized Kiting Organizations Filtering and Forwarding Act.
Also, the Detect and Identify Email According to Selected Spyware Heuristics On Local EMail Servers Act may be introduced at some point.
Well, In Canada, before the 2000 election, the "so far right, we are out of touch" Reform Party renamed itself to look a little more progressive to the "Canadian Reform Alliance Party". I have to say, that acronym really worked for them.
I make a reasonable middle-class wage by going to work and not spamming blogs with scams.
against bill names that form acronyms. Of course the penalty woulf be death, since it is a blatant attempt to destroy the democratic proccess.
-- 'The' Lord and Master Bitman On High, Master Of All
soon to become:
with an inevitable transition to:
I really don't care what they call it, what's important is if they can enforce it! The CAN-SPAM act has had some results, but it is still a far cry from stopping the majority of spam. The question lies in whether this bill is going to be used to prosecute the people resposible for the spyware, or if it's just been made to make people think that the government is going to address the issue.
- "I reject your reality and substitute it with my own", Adam Savage
The flawed UTICA was the opposite. Like today's EULA, it requires me to consult a lawyer and do hours of review and analysis for a piece of software I may have picked out of the bargain bin at Walmart (if we had one in Chicago) for $20. That is absurd. The UTICA was the lawyer full employment act of 2001.
Other areas have this regulation such as credit cards. Did you ever wonder why all the companies were so nice as to provide a boilerplate section indicating their annual fee in easy to read text?
I believe books once tried this stunt with several pages of "license" at the front which generally forbid resale and lending from libraries. The Supreme Court struct this down creating the "first sale" doctrince, which is on life support today.
Therefore, for cheap software (less that $1000) I motion we standardize the EULA's that are permissible. Perferrably to one with a dozen checkboxes for the reasonable variation among verdor wishes. Does anyone care to draft it?
1.) Gator which is now Claria bought a mailbox in bulgaria so they are technically not a us company anymore even though they reside here. If they are not under US jursidiction the law then could not be applied to them if the software is distributed from an oversea's server.
2.) Gator will claim they are not really tracking your urls or keystrokes but are just checking to make sure you are not pirating their software. The clause in italics mentioned in this article can be used by the spammers and spywhere makers to pretend they are offering you a service and checking your membership.
Many spyware companies also use products like bandwith increaser which also include spyware. Since its a service the company who makes it is immune.
http://saveie6.com/
Basically, after the bill is signed into law, it becomes a public law and is printed as a "slip law" which can be cited in court. After every 2-year session of Congress, the slip laws are compiled in chronological order in the Statutes at Large. Every three sessions (six years), the at-large statutes are organized topically in the United States Code. The last US Code came out in 2000, so the next one is scheduled for 2006.
We just started the 109th session in January (2005 - 1789 = 216 years = 108 sessions prior to this one). That means that if you want to get print copies of laws passed in the 107th and 108th sessions (since 2000), you have to go to the Statutes at Large in your local law library. If you want laws passed by this Congress, you have to go to the slip laws. So far this session, there's only been one: Pub. L. 109-1, "To accelerate the income tax benefits for charitable cash contributions for the relief of victims of the Indian Ocean tsunami."
This post expresses my opinion, not that of my employer. And yes, IAAL.
SPY ACT act?
Please let me use my PIN number at the ATM machine.
OK, folks, let's step back a bit and see if we can see the forest instead of just the trees.
Spyware is something relatively new. Recently, it has become epidemic. People are screaming for relief, from both the lawmakers and the software industry.
The industry has responded, somewhat grudgingly, with limited spyware removal products. None are outstanding.
The lawmakers, as usual, are clueless. Of the hundreds of lawmakers at the state and federal level, only a small percentage are technically savvy. And those that are technically savvy are usually junior, and do not have the political equity or clout to bring about real change yet.
But the lawmakers feel like they have to do something to stem the panic on the part of the people. What are they going to do?
Enter Microsoft. Besides being a number one marketing firm (for their own products, of course) they have one of the finest set of lawyers in the business. Now who better than a small team of Microsoft lawyers could assist the lawmakers with laws concerning this brave new world of spyware?
Of course, I would not put it past Microsoft to engineer small backdoors in the law to allow them to continue doing what they do best-- attempting to take over the entire planet.
Remember, these are the people that write bulletproof EULAs-- do you want them helping to make law now?
Just what we need. Oh wait, I'm having a Mtn. Dew inspired vision....
Department of Computer Related Anti Piracy
A.K.A. D-CRAP.
Ah, where'd that Dew go...
Which confuses me, given your conclusion that this only protects financial institutions and the government.
When I log into Amazon.com's server--wherever it is (I guarantee you it's not in the state I live in, because I don't pay sales tax on the purchase), that isn't "interstate commerce"? So isn't my computer a "protected computer" (due to the use of "OR" at the end of 18 USC 1030(e)(2)(A)?) Or am I missing something?
I was under the impression (B) was present only to protect the law from violating Article 1, Section 8 "...To regulate commerce with foreign nations, and among the several states..." and Amendment 10 of the Constitution: "The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people."
Many laws and actions performed by the federal government (including many fair labor laws - see the definition of commerce in 17 USC 203(b)) are written in such a way to impact only those companies which have government contracts or do business in multiple states or across state lines. It's up to the states to regulate the small businesses that do not operate across state lines.
Or google's never expiring tracking cookie. It aint there just for your "prefs."
Spyware and datamining need to be controlled, or at least made in a way which gives the user an obvious choice. Same with tivo. I didnt appreciate being put into their datamining program by default. These companies needs to change, and if legislation is the only way to do so, then go for it.