Slashdot Mirror
Australia Says No To Spyware
PrivateDonut writes "Australian parliament introduced a bill on Thursday that would 'make it illegal for anyone to install a program without informed approval and attract a fine of $10,000.' Is this doomed to fail as many other anti-spam/spyware bills have failed? Or has Australia finally hit the mark?"
I think, this proposal is a bit of a lame duck - much like other laws.
If I am under the danger having to face $10.000 for installing spyware on a PC in my own country - then I'll do it in another country. Do you really think there will be extradition for installing Spyware?
As long as I am willing NOT to visit the country where I hijacked some PCs, where's the problem? I can still do an awful lot of damage anyway...
I think, such laws will only become effective, once we will have international agreement on such laws to make them easily punishable across country borders. Internet criminals have the big advantage that they can BE in a non-extradition country even at the time they commit the crime in an entirely different country.
Is it correct that spyware works for its master? So at some stage it must try to communicate with its master to relay any information back right?
I believe if a lab (open, sponsored or even MS) can do the traceback and tie every spyware to its owner, then it'll be easier for those who want to take action to do whatever the law allows.
For example, if credit card numbers or PayPal logins are purposely fed to the spyware, and whoever uses that information will be linked directly to the spyware.
Rock that crushes, Paper & Scissors that don't matter.
Seems like most spyware has the same level of "informed approval" that store-bought commercial software does: An EULA that nobody reads.
It's a feel-good law.
The problem is that most spyware IS INSTALLED BY THE USER. Users are idiot!
If this were in the US, 'informed' would mean "Well, he was getting great offers..so in effect..we're practically putting money in his pocket!"
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Not just 'consent', but 'informed' as well.
Does this include automatic update features? If an update breaks something, is it malware?
"I assumed blithely that there were no elves out there in the darkness"
A lot of spyware (via the licence agreement) *do inform the user that they are about to be installed. Even those that install themselves via an ActiveX control do so... So this new law will help very little in this war against spyware.
On that note, look how much good the anti-virus laws have done in cutting them down (nothing). We need to find technical solutions to technical problems, not social solutions to technical problems.
Although I applaude the efforts of the ozzie goverment, I can't help but wonder how many hours it will take a lawyer to find the first loophole. Thus placing the advantage back in the malware authors hands.
Some free applications include spyware in their main installs, to provide ad revenue or whatever.
Kazaa used to be one of those, is that right?
Can this make any impact on those programs who refuse to install unless you also allow numerous pieces of malware to go with it?
Violator gets $10,000 fine.
Austrailia govt gets $5,000.
Bounty Hunter who finds the product gets $5,000.
All the spyware on the internet would be rooted out in less than a week if Australia could smack down fines to people across the world.
God spoke to me.
I think the idea of a worldwide anti-spyware alliance is more than a little silly. In fact, I shy away from any push for international policy beyond the protection of basic human rights.
The solution to spyware problems is either technological(although I have no idea how, using an non-Widnows OS isn't really "the answer") or social(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware).
...that to help them with the task of collecting evidence that you install this helpful program which automatically remembers login IDs/passwords and fills in online forms with just one click.
Fines, BAH.
An blacklist of people that develop or use mal/spyware. Something that ISP's can check before they give internet access or hosting services.
I can hear it now, "Oh sir. I'm sorry, but you have a high Internet abuse score. We are unable to aprove your e-mail account at this time."
Ignorance is amusing, stupidity is annoying.
Not all spyware is installed directly by the users, but I've seen it happen in many cases, and sometimes even PAY for it (eAnthology stuff and the like).
I've seen people who had a completely crashed PC every week, were told that spyware (lots of-) was the cause, were explained everything, but didn't mind if their daughter was going to reinstall spyware-infested kazaa on it again, and kept using IE anyways.
A lot of people don't care, and some even pay for the previlege of having more spyware on their PCs. Users ARE idiots! It's insightful - not funny!
At the end of the day we all know that local laws like this have no effect in a global place unless every country connected to the Internet agrees on such laws. Spyware software is a matter of education and choice. The best way to fight it is to educate people on software and the importance of knowing how it works so consumers can make choices based upon facts and information. Some operating systems allow spyware to be installed, others do not. People need to learn that they can choose operating systems that do not allow Spyware. And they also need to learn how to avoid the pitfalls in the operating systems that allow spyware to be installed easily by clicking on the wrong advertisement banner in the wrong browser if the wrong configuration is in use. Knowledge = power....
9/11: Never forget it was a false-flag operation
As long as people won't read disclaimers, they'll end up installing lots of spyware "legally". w00t for 250 pages disclaimers!
"...(teach people how to 1. Avoid spyware and 2. Avoid giving any kind of financial incentive to any company associated with spyware)"
...and so on. A strategy that involves educating everyone is doomed because not everyone is willing to be educated (sad but true).
That's on the list, right after we teach people the following:
1) MS Word is a word processor, not an operating system;
2) Nobody in Nigeria really wants to give them $millions;
3) Their bank hasn't really lost their details, and they don't need to go to a website to re-enter them;
4) Passwords shouldn't be something as blindingly obvious as the name of their cat/favourite band/significant other;
Blank until
Spyware, like viruses, are not solved by simply moving to a different platform. Once enough people migrate then malware writers will start to include that platform.
Will other platforms have a better security model then Windows? Sure.
Will other platforms still have security vulnerabilities? Yes.
Will malware writers do everything they can think of to get a user to install their software (so-called "social engineering")? You bet.
The user is the weak link in the chain, and I think user education is the only real way to solve that problem in the long run. IE/ActiveX have really brought the problem to the public consciousness and made it easier for malware to get installed & propagate much faster than ever before. But fixing Windows (or moving away from it) won't eliminate malware.
For example, if , under the proposed law,, action can be taken against the (American owned) banks which process the money for all spamware sales, then it would stop.
If the Australian government says to American Express: "If, after being informed that one of your clients is using your service to process payments for items promoted by spyware, you continue to make payments to that client, then the Austrailian branch of your company will be fined $10,ooo for each transaction" it would stop.
If the American government threatened to withdraw banking licences from banks that provided services to those who use spyware/spam to promote their goods and services, there would be no spam. They could do this using existing anti-corruption/money laundering legislation. But they don't.
Unfortunately, the US government has sold its soul to the devil.
Sent from my ASR33 using ASCII
OK, I relaise that very few people understand Australian Parliamentary procedure (including whoever posted this)
This is a Private Senator's Bill which means it is going no-where in our system.
Even more irrelevant is it's introduction by the Australian Democrats, a fringe party in the process of disapearing completely.
(proving that having progressive ideas about computers is no guarantor of electoral success)
Very, very rarely a Government will look at a Private Bill, say "hey that's a good idea" and then re-introduce it as a Government Bill (yes, about three years ago a PMB was passed into law but it was notable for being an exception).
That's the day for headline stories on Slashdot.
Even if the proposals in the Bill are workable (enough spyware is made by companies operating in Australia to have some enforceable merit) the Bill itself is not likely to become Law.
'There is a Light that never goes out.'
In addition to not using obvious passwords, there is a rampant problem on the side of websites: requiring the user to choose a question and answer in case of a lost password. Stuff like, "What city were you born in?" Such a question may foil a criminal on the other side of the world from his victim, but if a criminal is targeting locals, perhaps even acquaintances, friends, and family, then it's trivial. Personally, I just respond to the questions with a random string of characters that only leet hackers could guess.
People seem to assume that laws should only be enacted if they can "perfectly" prevent what is made illegal. People then seem to say a law that doesn't perfectly prevent the act that is made illegal is a waste of time.
Laws don't work that way.
Prevention of "illegal acts" is actually an intended side effect of the law. Murder, for example, is commonly prevented because of the consequences of the laws against murder, not purely because of the existance of the law itself. The significant punishment for murder hopefully makes people think twice about committing it. Of course, people sometimes still commit murder, irrespective of the law against it. Murder could be declared illegal, with no punishment attached. Law abiding people should therefore not commit it, however the significant punishment attached is what gives the law it's "teeth".
Laws primary goal is to create a significant level of discouragment to commit the illegal act. In most cases, that discouragement then has a resultant effect of preventing most cases occuring. Laws are actually a form of behaviour control.
Laws such as this one are an attempt to make spyware authors think twice about creating it. It certainly won't perfectly eliminate it. However, if there is a significant reduction in spyware, then the law can be considered to be effective.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf