Slashdot Mirror
Australia Says No To Spyware
PrivateDonut writes "Australian parliament introduced a bill on Thursday that would 'make it illegal for anyone to install a program without informed approval and attract a fine of $10,000.' Is this doomed to fail as many other anti-spam/spyware bills have failed? Or has Australia finally hit the mark?"
I think, this proposal is a bit of a lame duck - much like other laws.
If I am under the danger having to face $10.000 for installing spyware on a PC in my own country - then I'll do it in another country. Do you really think there will be extradition for installing Spyware?
As long as I am willing NOT to visit the country where I hijacked some PCs, where's the problem? I can still do an awful lot of damage anyway...
I think, such laws will only become effective, once we will have international agreement on such laws to make them easily punishable across country borders. Internet criminals have the big advantage that they can BE in a non-extradition country even at the time they commit the crime in an entirely different country.
Is it correct that spyware works for its master? So at some stage it must try to communicate with its master to relay any information back right?
I believe if a lab (open, sponsored or even MS) can do the traceback and tie every spyware to its owner, then it'll be easier for those who want to take action to do whatever the law allows.
For example, if credit card numbers or PayPal logins are purposely fed to the spyware, and whoever uses that information will be linked directly to the spyware.
Rock that crushes, Paper & Scissors that don't matter.
Seems like most spyware has the same level of "informed approval" that store-bought commercial software does: An EULA that nobody reads.
It's a feel-good law.
The problem is that most spyware IS INSTALLED BY THE USER. Users are idiot!
If this were in the US, 'informed' would mean "Well, he was getting great offers..so in effect..we're practically putting money in his pocket!"
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Not just 'consent', but 'informed' as well.
Does this include automatic update features? If an update breaks something, is it malware?
"I assumed blithely that there were no elves out there in the darkness"
A lot of spyware (via the licence agreement) *do inform the user that they are about to be installed. Even those that install themselves via an ActiveX control do so... So this new law will help very little in this war against spyware.
On that note, look how much good the anti-virus laws have done in cutting them down (nothing). We need to find technical solutions to technical problems, not social solutions to technical problems.
Although I applaude the efforts of the ozzie goverment, I can't help but wonder how many hours it will take a lawyer to find the first loophole. Thus placing the advantage back in the malware authors hands.
Some free applications include spyware in their main installs, to provide ad revenue or whatever.
Kazaa used to be one of those, is that right?
Can this make any impact on those programs who refuse to install unless you also allow numerous pieces of malware to go with it?
Violator gets $10,000 fine.
Austrailia govt gets $5,000.
Bounty Hunter who finds the product gets $5,000.
All the spyware on the internet would be rooted out in less than a week if Australia could smack down fines to people across the world.
God spoke to me.
I think the idea of a worldwide anti-spyware alliance is more than a little silly. In fact, I shy away from any push for international policy beyond the protection of basic human rights.
The solution to spyware problems is either technological(although I have no idea how, using an non-Widnows OS isn't really "the answer") or social(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware).
computer criminals have been extradited.. and it is sometimes possible to follow revenue streams and such depending on the exact wording on the bill.
...that to help them with the task of collecting evidence that you install this helpful program which automatically remembers login IDs/passwords and fills in online forms with just one click.
So if you plug an XBox into XBox Live, and it downloads a new version of dashboard without your consent, or even informing you it is doing it, can you get $10,000?
I gots ta ding a ding dang my dang a long ling long
If the summary is correct then it seems to me the law is focusing on the wrong problem. The problem with spyware is not so much the installing of software without permission, but rather with the sending of information without user intervention or at his implied permission according to the software's clear intended function.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
Fines, BAH.
An blacklist of people that develop or use mal/spyware. Something that ISP's can check before they give internet access or hosting services.
I can hear it now, "Oh sir. I'm sorry, but you have a high Internet abuse score. We are unable to aprove your e-mail account at this time."
Ignorance is amusing, stupidity is annoying.
Having the law on the books is one thing, applying it is another. Allowing that SpamHaus Ltd is convicted (in abstentia or other), and is outside the nation (that pesky extradition thing), one possible next step would be a national (international?) blacklist of SpamHaus's ISP. If local ISPs continue to allow access to SpamHaus, the law would then treat the next case as treating the Local ISP of aiding and abetting SpamHaus.
Yes, this would be shooting the messenger, but it would also put the screws to the ISP serving SpamHaus as other ISPs cut them off on a national level. The Common Carrier status of ISPs may not provide full protection when they've been told about known criminal acts using their service. This could be an end run to force ISPs to keep their house clean (enforcing all those user agreements) or be isolated. And if the ISP host nation doesn't care about SpamHaus operating there, then it could find itself in the dark as a consequence.
Yes, the Great Firewall of China is a good example of bad intent, but the theme is appropriate to fight back at spammers on their own ground. The application of an anti-spam/spyware law has to apply pressure on the source, either from inside (with national support), or from the outside (isolation due to host nation indifference).
Pacifist paratroopers yell, "Ghandi!" when they jump.
If writing spyware is illegal in the country you live in, then it doesn't matter where your victims live. Prosecutors just have to show that your software is designed to invade people's computers.
using an non-Widnows OS isn't really "the answer"
Why not? It's worked perfectly for me for years.
Ce n'est pas un vrai mouvement de robot!
Not all spyware is installed directly by the users, but I've seen it happen in many cases, and sometimes even PAY for it (eAnthology stuff and the like).
I've seen people who had a completely crashed PC every week, were told that spyware (lots of-) was the cause, were explained everything, but didn't mind if their daughter was going to reinstall spyware-infested kazaa on it again, and kept using IE anyways.
A lot of people don't care, and some even pay for the previlege of having more spyware on their PCs. Users ARE idiots! It's insightful - not funny!
At the end of the day we all know that local laws like this have no effect in a global place unless every country connected to the Internet agrees on such laws. Spyware software is a matter of education and choice. The best way to fight it is to educate people on software and the importance of knowing how it works so consumers can make choices based upon facts and information. Some operating systems allow spyware to be installed, others do not. People need to learn that they can choose operating systems that do not allow Spyware. And they also need to learn how to avoid the pitfalls in the operating systems that allow spyware to be installed easily by clicking on the wrong advertisement banner in the wrong browser if the wrong configuration is in use. Knowledge = power....
9/11: Never forget it was a false-flag operation
As long as people won't read disclaimers, they'll end up installing lots of spyware "legally". w00t for 250 pages disclaimers!
In Canada, Private Member Bills are a joke. Is Australia different?
Having a decent application firewall is a solid preventative for spyware. Spyware can only be of value if it can report back the data it collects.
XP has an "incoming" application firewall - it would be of greater value if it had outgoing controls too.
This signature intentionally left blank
"Do you really think there will be extradition for installing Spyware?"
IIRC Australia has extradited an Australian citizin from a large warez group to the US for copyright after relasing Windows 95 or something.
"...(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware)"
...and so on. A strategy that involves educating everyone is doomed because not everyone is willing to be educated (sad but true).
That's on the list, right after we teach people the following:
1) MS Word is a word processor, not an operating system;
2) Nobody in Nigeria really wants to give them $millions;
3) Their bank hasn't really lost their details, and they don't need to go to a website to re-enter them;
4) Passwords shouldn't be something as blindingly obvious as the name of their cat/favourite band/significant other;
Blank until
"Do you really think there will be extradition for installing Spyware?"
If the number if installations pushes the fines into the multi-million dollar range, then quite probably.
Blank until
Spyware, like viruses, are not solved by simply moving to a different platform. Once enough people migrate then malware writers will start to include that platform.
Will other platforms have a better security model then Windows? Sure.
Will other platforms still have security vulnerabilities? Yes.
Will malware writers do everything they can think of to get a user to install their software (so-called "social engineering")? You bet.
The user is the weak link in the chain, and I think user education is the only real way to solve that problem in the long run. IE/ActiveX have really brought the problem to the public consciousness and made it easier for malware to get installed & propagate much faster than ever before. But fixing Windows (or moving away from it) won't eliminate malware.
Governments should be careful to make laws that can be enforced, otherwise the law looses respect, it becomes a joke.
This comment does not represent the views or opinions of the user.
For example, if , under the proposed law,, action can be taken against the (American owned) banks which process the money for all spamware sales, then it would stop.
If the Australian government says to American Express: "If, after being informed that one of your clients is using your service to process payments for items promoted by spyware, you continue to make payments to that client, then the Austrailian branch of your company will be fined $10,ooo for each transaction" it would stop.
If the American government threatened to withdraw banking licences from banks that provided services to those who use spyware/spam to promote their goods and services, there would be no spam. They could do this using existing anti-corruption/money laundering legislation. But they don't.
Unfortunately, the US government has sold its soul to the devil.
Sent from my ASR33 using ASCII
Ummm... you're right. But you're not reading between the lines.
The main "purpose" of these laws in Australia is to allow the executive arm of government to make treaties with other countries to deal with these problems.
In Australia, the government cannot domestically ratify a treaty unless
1. it passes a law through Parliament (which is uncertain because Bills can be rejected); or
2. the executive makes regulations to give effect to the treaty (which is immediate)
SO...
IF
there was no Spam Act 2003 or no Spyware Bill
THEN
Australia could not easily ratify international agreements
Furthermore, a lot of Asian countries copy Australian law. Therefore, it provides an example for them and they usually do the same.
OK, I relaise that very few people understand Australian Parliamentary procedure (including whoever posted this)
This is a Private Senator's Bill which means it is going no-where in our system.
Even more irrelevant is it's introduction by the Australian Democrats, a fringe party in the process of disapearing completely.
(proving that having progressive ideas about computers is no guarantor of electoral success)
Very, very rarely a Government will look at a Private Bill, say "hey that's a good idea" and then re-introduce it as a Government Bill (yes, about three years ago a PMB was passed into law but it was notable for being an exception).
That's the day for headline stories on Slashdot.
Even if the proposals in the Bill are workable (enough spyware is made by companies operating in Australia to have some enforceable merit) the Bill itself is not likely to become Law.
'There is a Light that never goes out.'
Why so many people here seem to think that if you can't find a perfect, 100%, uncircumventable solution, well just thorw it all out and pretend like there's not a problem.
Most things in life don't have nice, neat little solutions that are all encompasing. Generally there are flaws, espically when you deal with laws which are a field of human interactions.
That does not, however mean you should just throw in the towel and let asshole run rampant. While a law like this won't stop spyware cold it can and will make an impact, if properly written. I mean if they made it illegal to make spyware that sneaks in without asking to install, and spyware that will not uninstall and/or reinstalls itself, I'd call that progress. Those are teh ones I ahve a real problem with.
Rather than taking a defeatist attitude about problems like spam and spyware, we should be looking for solutions. Even if the solution isn't a perfect one, it's better than no solution. The real way we'll cut back on this stuff isn't with a magic bullet peice of technology or legslation, it'll be through a combination of laws, technological improvements, and user education. IT won't solve the problem, but it can help a whole lot.
In addition to not using obvious passwords, there is a rampant problem on the side of websites: requiring the user to choose a question and answer in case of a lost password. Stuff like, "What city were you born in?" Such a question may foil a criminal on the other side of the world from his victim, but if a criminal is targeting locals, perhaps even acquaintances, friends, and family, then it's trivial. Personally, I just respond to the questions with a random string of characters that only leet hackers could guess.
People seem to assume that laws should only be enacted if they can "perfectly" prevent what is made illegal. People then seem to say a law that doesn't perfectly prevent the act that is made illegal is a waste of time.
Laws don't work that way.
Prevention of "illegal acts" is actually an intended side effect of the law. Murder, for example, is commonly prevented because of the consequences of the laws against murder, not purely because of the existance of the law itself. The significant punishment for murder hopefully makes people think twice about committing it. Of course, people sometimes still commit murder, irrespective of the law against it. Murder could be declared illegal, with no punishment attached. Law abiding people should therefore not commit it, however the significant punishment attached is what gives the law it's "teeth".
Laws primary goal is to create a significant level of discouragment to commit the illegal act. In most cases, that discouragement then has a resultant effect of preventing most cases occuring. Laws are actually a form of behaviour control.
Laws such as this one are an attempt to make spyware authors think twice about creating it. It certainly won't perfectly eliminate it. However, if there is a significant reduction in spyware, then the law can be considered to be effective.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
It puts yet another country off-limits for ad-scum, not only to operate from, but even to live there while operating an ad company in zimbabwe.
It's not a silver bullet and shouldn't be treated as such. It won't make adware vanish. But if more and more counties say "NOT ON OUR SOIL" to this (and same goes for anything from child porn, to snuff films, to terrorist camps), it make it harder for said scum to operate (especially when they live in those counties and are subject to being sued). Consider this - some of the people who live in those countries, do this and do not look to relocating will look away from such practice (same as they do from, say, theft), thus such legislation *will* decrease the scale of the problem.
They're correct by looking at it as any other form of crime, assuming that completely killing it is not within our means, but instead looking at mitigating it through legislation.
-
Personally, I regard protecting individuals from unfair/unethical/violent treatment being one of the principal roles of government, which is why I support some laws that have been decried in the past as being a push to a "nanny state" (like occupational health and safety, minimum wage requirements, or reduced speed limits in school zones). Mostly its a matter of perspective, I find; but I'm hard pressed to think of a piece of legislation passed in the last ten years that fits the bill apart from the internet porn ban (a spectacularly successful law, just ask Abbey Winters...). Some might cite the more stringent gun laws, but since lethal shootings have gone down since the law was passed it could be argued that it had the desired (or at least the stated) effect.
.au, but if it can be used to show best practice and inspire similar legislation in other countries then it will do some good. And like any law, this won't stop someone determined to behave in an antisocial manner, but it will stop the 99% of people who only behave antisocially because its convenient. Not perfect (what is?), but definitely an improvement.
I'm in favour of this law, like any law that prohibits destructive antisocial behaviour. By itself I don't think it will make a scrap of difference, since (almost?) no spyware originates in
Blank until
Australia is not America - the Democrats are a minor party and fading fast, and all members of both houses of parliament are required to vote on party lines. They don't get a choice. In other words this Bill is probably going nowhere. The Democrats may continue to hold onto the title of "most important minor party" but they're rapidly losing even that honour to the Greens. Introducing bills like this is political posturing pure and simple - they're rarely taken up and can sit in the lists for years. The minor parties and independants, particularly the Dems, were once important as the two major parties rarely had a simple senate majority - the minors could use their votes as bargaining chips to get their own agendas some real attention. That's no longer an option - Little Johnny will have his senate majority from July 1 and can do whatever the hell he wants. Now would be a good time to move to New Zealand. That doesn't mean the Democrats, Greens and sundry others don't still have an important role to play in the senate. It just means that they're losing whatever power they once had.
Foreign Affairs explain Treaty-Making here.
Basically the Government can sign any treaty they like, but to have any effect in Australia it has to legislate those effects. (I think you might have been implying that)
Regulation (subordinate legislation) is useless because:
a) it can only be made under an existing Act giving power to a Minister to make Regulations in that matter
b) it can be disallowed in the Senate within 14 sitting days of the making of the Regulation
Basically if it's controversial then it's easier to legislate than it is to regulate.
'There is a Light that never goes out.'