Slashdot Mirror
Australia Says No To Spyware
PrivateDonut writes "Australian parliament introduced a bill on Thursday that would 'make it illegal for anyone to install a program without informed approval and attract a fine of $10,000.' Is this doomed to fail as many other anti-spam/spyware bills have failed? Or has Australia finally hit the mark?"
I think, this proposal is a bit of a lame duck - much like other laws.
If I am under the danger having to face $10.000 for installing spyware on a PC in my own country - then I'll do it in another country. Do you really think there will be extradition for installing Spyware?
As long as I am willing NOT to visit the country where I hijacked some PCs, where's the problem? I can still do an awful lot of damage anyway...
I think, such laws will only become effective, once we will have international agreement on such laws to make them easily punishable across country borders. Internet criminals have the big advantage that they can BE in a non-extradition country even at the time they commit the crime in an entirely different country.
Is it correct that spyware works for its master? So at some stage it must try to communicate with its master to relay any information back right?
I believe if a lab (open, sponsored or even MS) can do the traceback and tie every spyware to its owner, then it'll be easier for those who want to take action to do whatever the law allows.
For example, if credit card numbers or PayPal logins are purposely fed to the spyware, and whoever uses that information will be linked directly to the spyware.
Rock that crushes, Paper & Scissors that don't matter.
Seems like most spyware has the same level of "informed approval" that store-bought commercial software does: An EULA that nobody reads.
It's a feel-good law.
The problem is that most spyware IS INSTALLED BY THE USER. Users are idiot!
A lot of spyware (via the licence agreement) *do inform the user that they are about to be installed. Even those that install themselves via an ActiveX control do so... So this new law will help very little in this war against spyware.
On that note, look how much good the anti-virus laws have done in cutting them down (nothing). We need to find technical solutions to technical problems, not social solutions to technical problems.
Although I applaude the efforts of the ozzie goverment, I can't help but wonder how many hours it will take a lawyer to find the first loophole. Thus placing the advantage back in the malware authors hands.
I think the idea of a worldwide anti-spyware alliance is more than a little silly. In fact, I shy away from any push for international policy beyond the protection of basic human rights.
The solution to spyware problems is either technological(although I have no idea how, using an non-Widnows OS isn't really "the answer") or social(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware).
So if you plug an XBox into XBox Live, and it downloads a new version of dashboard without your consent, or even informing you it is doing it, can you get $10,000?
I gots ta ding a ding dang my dang a long ling long
If the summary is correct then it seems to me the law is focusing on the wrong problem. The problem with spyware is not so much the installing of software without permission, but rather with the sending of information without user intervention or at his implied permission according to the software's clear intended function.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Having the law on the books is one thing, applying it is another. Allowing that SpamHaus Ltd is convicted (in abstentia or other), and is outside the nation (that pesky extradition thing), one possible next step would be a national (international?) blacklist of SpamHaus's ISP. If local ISPs continue to allow access to SpamHaus, the law would then treat the next case as treating the Local ISP of aiding and abetting SpamHaus.
Yes, this would be shooting the messenger, but it would also put the screws to the ISP serving SpamHaus as other ISPs cut them off on a national level. The Common Carrier status of ISPs may not provide full protection when they've been told about known criminal acts using their service. This could be an end run to force ISPs to keep their house clean (enforcing all those user agreements) or be isolated. And if the ISP host nation doesn't care about SpamHaus operating there, then it could find itself in the dark as a consequence.
Yes, the Great Firewall of China is a good example of bad intent, but the theme is appropriate to fight back at spammers on their own ground. The application of an anti-spam/spyware law has to apply pressure on the source, either from inside (with national support), or from the outside (isolation due to host nation indifference).
Pacifist paratroopers yell, "Ghandi!" when they jump.
If writing spyware is illegal in the country you live in, then it doesn't matter where your victims live. Prosecutors just have to show that your software is designed to invade people's computers.
using an non-Widnows OS isn't really "the answer"
Why not? It's worked perfectly for me for years.
Ce n'est pas un vrai mouvement de robot!
Not all spyware is installed directly by the users, but I've seen it happen in many cases, and sometimes even PAY for it (eAnthology stuff and the like).
I've seen people who had a completely crashed PC every week, were told that spyware (lots of-) was the cause, were explained everything, but didn't mind if their daughter was going to reinstall spyware-infested kazaa on it again, and kept using IE anyways.
A lot of people don't care, and some even pay for the previlege of having more spyware on their PCs. Users ARE idiots! It's insightful - not funny!
As long as people won't read disclaimers, they'll end up installing lots of spyware "legally". w00t for 250 pages disclaimers!
using an non-Widnows OS isn't really "the answer"
Sure it is.
The problem lies in convincing the People Who Decide(tm) that there are real alternatives.
p
In Korea, long hair is for old people!
"...(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware)"
...and so on. A strategy that involves educating everyone is doomed because not everyone is willing to be educated (sad but true).
That's on the list, right after we teach people the following:
1) MS Word is a word processor, not an operating system;
2) Nobody in Nigeria really wants to give them $millions;
3) Their bank hasn't really lost their details, and they don't need to go to a website to re-enter them;
4) Passwords shouldn't be something as blindingly obvious as the name of their cat/favourite band/significant other;
Blank until
Spyware, like viruses, are not solved by simply moving to a different platform. Once enough people migrate then malware writers will start to include that platform.
Will other platforms have a better security model then Windows? Sure.
Will other platforms still have security vulnerabilities? Yes.
Will malware writers do everything they can think of to get a user to install their software (so-called "social engineering")? You bet.
The user is the weak link in the chain, and I think user education is the only real way to solve that problem in the long run. IE/ActiveX have really brought the problem to the public consciousness and made it easier for malware to get installed & propagate much faster than ever before. But fixing Windows (or moving away from it) won't eliminate malware.
Governments should be careful to make laws that can be enforced, otherwise the law looses respect, it becomes a joke.
This comment does not represent the views or opinions of the user.
Why so many people here seem to think that if you can't find a perfect, 100%, uncircumventable solution, well just thorw it all out and pretend like there's not a problem.
Most things in life don't have nice, neat little solutions that are all encompasing. Generally there are flaws, espically when you deal with laws which are a field of human interactions.
That does not, however mean you should just throw in the towel and let asshole run rampant. While a law like this won't stop spyware cold it can and will make an impact, if properly written. I mean if they made it illegal to make spyware that sneaks in without asking to install, and spyware that will not uninstall and/or reinstalls itself, I'd call that progress. Those are teh ones I ahve a real problem with.
Rather than taking a defeatist attitude about problems like spam and spyware, we should be looking for solutions. Even if the solution isn't a perfect one, it's better than no solution. The real way we'll cut back on this stuff isn't with a magic bullet peice of technology or legslation, it'll be through a combination of laws, technological improvements, and user education. IT won't solve the problem, but it can help a whole lot.
It puts yet another country off-limits for ad-scum, not only to operate from, but even to live there while operating an ad company in zimbabwe.
It's not a silver bullet and shouldn't be treated as such. It won't make adware vanish. But if more and more counties say "NOT ON OUR SOIL" to this (and same goes for anything from child porn, to snuff films, to terrorist camps), it make it harder for said scum to operate (especially when they live in those counties and are subject to being sued). Consider this - some of the people who live in those countries, do this and do not look to relocating will look away from such practice (same as they do from, say, theft), thus such legislation *will* decrease the scale of the problem.
They're correct by looking at it as any other form of crime, assuming that completely killing it is not within our means, but instead looking at mitigating it through legislation.
-
Unfortunately, the US government has sold its soul to the devil.
That's interesting, because the Australian government has sold its soul to the US.
They aren't talking about users but companies. They can't extradite a company and extradition is for criminal offenses. This is not the same as breaking copy right law. It is a civil offense.