Washington State Outlaws Spyware

An anonymous reader submits "Today, the Governor of Washington signs a a bill outlawing spyware (bill history) which imposes penalties of $100,000 per violation. Spyware is broadly defined. It includes everything from changing a browser's bookmarks or homepage settings, "Opening multiple, sequential, stand-alone advertisements in the owner or operator's internet browser", keystroke-logging, taking over control of the computer, modify its security settings, and even "Falsely representing that computer software has been disabled." But here is my favorite: "Prevent, through intentionally deceptive means, an owner or operator's reasonable efforts to block the installation or execution of, or to disable, computer software by causing the software that the owner or operator has properly removed or disabled automatically to reinstall or reactivate on the computer." Microsoft and Ebay both testified in support of the bill. On May 10th, a similar law banning Internet and email phishing was also passed."

If I'm not mistaken...

[NoMoreNicksLeft]

Washington state also outlawed killing sasquatch.

Re:If I'm not mistaken...

[geekoid]

and not a single one has been killed since.

Re:If I'm not mistaken...

[plover]

Oh, come on, the governor is going to sign ANYTHING Redmond wants signed. If Bill Gates wants Sasquatch dead, Sasquatch is gonna die. Make no mistake.

Re:If I'm not mistaken...

[zoobaby]

For those that do not follow Washington politics, the Governor's race was very close. A republican won the first count and the first machine re-count. The margin of victory in each was less than 100 votes. On the hand recount, the democratic person won by 142(?) votes. There are some issues about dead people voting, and people voting twice. While the results have been certified, the republican party has taken the case to court. As of today, there is a democratic governor, but how long she will be in power is unknown.

Re:If I'm not mistaken...

[Surt]

That's not true, I killed one last week. Just wasn't in washington state, so i'm off the hook as far as the law is concerned. Sure, some people will argue 'it was just a hairy guy backpacking in the redwood forests!', but I had my hunting license.

Re:If I'm not mistaken...

[tepp]

Actually, the Republican party is mostly claiming that felons were illegally voting. The problem is, many of the people the Republicans are claiming are felons - aren't. Most have juvy crimes, which should have been sealed at 18 which did not affect their voting rights. Others, never had their rights removed at all, or had their voting privilages reinstated.

Meanwhile, in the Democratic heartland of King County, 50 valid ballots were found to have never been counted, and are still in their envelopes. What a mess. I just hope my vote isn't one of those 50.

The whole mess has been playing out in the papers for months now, it's getting very old.

Re:If I'm not mistaken...

[tepp]

Redmond != Bill Gates.

Nintendo has a HQ in Redmond.

There's a lot of independant companies here in Redmond that have no association with MS in any way.

Google has a HQ in Kirkland, but you don't see people saying "whatever Kirkland wants, Kirkland gets...." or maybe that's just because Kirkland is a Grade A dump.

Depressing place.

Re:If I'm not mistaken...

[pizzaman100]

Your facts are basically accurate, but here are the actual numbers: First count - Rossi (R) wins by 261 votes. Second count - Rossi wins by 42 votes. Third count - Gregoire (D) wins by 129 votes.

Here is a Timeline for the events (with an obvious conservative slant).

Re:If I'm not mistaken...

[calyphus]

Oh, come on, the governor is going to sign ANYTHING Redmond wants signed.

Give her, and the people of Washington State, some credit. WA state was one of the first to enact anti-spam legislation in the late '90s (rendered useless by the Republicans in DC). You may want to just write off everything tech related from WA state as brought to you by Redmond, but I'd credit the greater tech awareness of the area in general. Not every tech-head in Seattle submits to the deathstar (e.g. http://www.omnigroup.com/

Re:If I'm not mistaken...

Actually, the Republican party is mostly claiming that felons were illegally voting. The problem is, many of the people the Republicans are claiming are felons - aren't.

The Reps are trying to show that the number of invalid ballots is higher than the margin of victory for Gregoire, i.e. that we don't really know who won the election. As long as there are at least 129 ballots shown to be invalid, they will have done that.

The most damning thing is that King County (an overwhelmingly Democratic county, and the county that includes Seattle) has many many more ballots counted than voters. It also turns out that King County had a machine that could print blank ballots, and did not keep a record of how many ballots were printed using that machine. Given that bags ballots were "found" about six or seven times in King County until Gregoire won, I'm pretty much convinced that there was fraud involved.

50 valid ballots were found to have never been counted, and are still in their envelopes.

Even worse, the rules were changed after the election to allow counting some absentee ballots in Democratic King County; yet the rules were not changed to allow the absentee military votes to be counted, even though it was King County's fault that those ballots were late (King County didn't mail out the ballots to overseas soldiers, and then only under threat of action from the federal government).

The whole thing is so screwed up, we need a second election to figure out who really won. Actually I'm pretty convinced that Rossi won it and only massive vote fraud swung the election to Gregoire, but it doesn't matter whether I'm convinced, it only matters what we can prove. The only way to get a conclusive election is to have another one. And I'd like to see federal election guys supervising King County during that second election.

You can recount the ballots over and over to get a very accurate count, but this is pointless given that there are so many questionable ballots mixed in.

Re:If I'm not mistaken...

Yup, the trial is opening in Wenatchee, WA (Chelan County). I live here and it makes the papers anytime something new happens. I'm pretty sure that your assumption that the republicans have not conceded is correct, considering the trial is set to begin fairly soon.

On a side note, there was some serious fraud on the western side of this state. We need some friggin UN election officials over there in king county! ;o)

Re:If I'm not mistaken...

[markana]

If this exact same situation (with all of the verified facts and events) had really happened in say, Ohio, Democrats all over the country would forget their hatred of guns and start an armed revolution.

But here, it's just a series of unexplainanble coincidences and unfortunate mistakes. Nothing to see here... move along...

Re:If I'm not mistaken...

[Mancat]

You'd take the Democrats to court too, if they stole the Governor's office from you.

Re:If I'm not mistaken...

[jpu8086]

You're wrong.

Only Nintendo of America is HQed in Redmond. Nintendo (parent corp) in HQed in Kyoto, Japan.

And, Google is not HQed in Kirkland. They're HQed in Mountain View.

But, Redmond does have a sizable number of companies around like Nintendo, Safeco, AT&T wireless (now Cingular), etc.

Re:If I'm not mistaken...

[vsprintf]

Washington state also outlawed killing sasquatch.

Wow. The first vegetable protected by law.

Re:If I'm not mistaken...

[Some_Llama]

"Google has a HQ in Kirkland, but you don't see people saying "whatever Kirkland wants, Kirkland gets...." or maybe that's just because Kirkland is a Grade A dump.'

Is that the same Kirkland that the Costco products get their name from?

I mean the shoes are cheap but now I know they come from a dump i'm gonna think twice.. not to mention the bread.. ewwww

Re:If I'm not mistaken...

[Class+Act+Dynamo]

You sure it wasn't a Navy pilot who ejected from his jet, parachuted into the forest, got branches caught in his helmet in a configuration resembling antlers, and shot by a hunter (you) with wall-eye vision.

Re:If I'm not mistaken...

[pete6677]

Too bad nobody could ever prove anything about voter irregularities in Florida or Ohio, despite all the allegations. I guess the hardcore Democrat supporters think that if they say it enough, it will become true in peoples' minds anyway.

Re:If I'm not mistaken...

[BlueJay465]

what irks me is that Christine Gregoire is moving so quickly on a series of mandates which I hear about so often on KVI or KTTH, when her even being there is so questionable. So my State now is set to impose penalties on spyware...Where will this revenue be going to? A 'General/Slush/Trust Fund' or to damages to the victims of spyware (in an attempt to buy her office with the appeal of $$ to us proles)

Re:If I'm not mistaken...

[Wile_E_Peyote]

Washington state also outlawed killing sasquatch.

Nothing in the RCW (Revised Code of Washington) about sasquatch or big foot.

Re:If I'm not mistaken...

[bladesjester]

"Not every tech-head in Seattle submits to the deathstar "

What does AT&T have to do with this?

Re:If I'm not mistaken...

[zerbot]

I voted for Gregoire in a "hold your nose and vote for the least evil" move. Gregoire stinks, but Rossi stinks even more.

I heard an ad for the "we need a revote" movement by the Republicans, but at the time I hadn't yet heard that a recount had put Gregoire in the lead, and until the "paid for by the Washington State Republican Party", I assumed it was from either the Democratic Party or supporters of Gregoire, and I thought it was stupid all around, regardless of which party was sponsoring it.

I don't understand how you can misplace ballots. Do they not have a dedicated place to store ballots, such that they need to cram them in places they can get forgotten?

Re:If I'm not mistaken...

[Enoch+Zembecowicz]

Killing sasquatch is currently illegal in Skamania County, Washington. At this time Bigfoot has no state wide protection. However, if the sasquatch actually exists and someone kills one you can expect a public outcry. /Grew up in Washington

Re:If I'm not mistaken...

[Durandal64]

If memory serves, at least one county in Ohio which implemented Diebold's voting machines contributed about 6,000 votes for Bush when there were only about 300 total people in the county. That's what I call an irregularity. However, the irregularities reported in Ohio did not amount to enough questionable votes to make a difference in the margin Bush won by.

Re:If I'm not mistaken...

[BlueJay465]

I do come from a Republican family (and not an AC for doing so), but also hold no allegiance with a party since I don't agree with all of their ideals. Stop drawing conclusions based on what I listen to, because even though Rush, Hannity, Savage, O'Reilley, etc. may be tooting their own horns the issues of the day I don't always agree with the host's smarmy logic. So I listen to conservative radio, big deal. Does that also equate me with being stupid? typical of Canadian thinking...

After all the errors rolled in the last election, I cried foul with millions of others in my state. I do not recognize Gregoire as the Governer until there is a revote since the margin was so narrow and hopelessly corrupted.

---
/Ooh ooh, logical fallacy! Yes, I remember this from ENG 101!

Re:If I'm not mistaken...

[jpu8086]

umm? what exactly is a HQ? doesn't HQ stands for head quarters?

if so, there can only be one.

Re:If I'm not mistaken...

[Grendl]

No, that would be a sa-squash

Re:If I'm not mistaken...

[-Harlequin-]

There's a lot of independant companies here in Redmond that have no association with MS in any way.

No, they're all associated with MS, in the sense that Redmond was a sleepy semi-rural town until MS made it a sufficent tech hub for these business to want to operate here. Without MS and it's influence on Redmond, the vast majority of companies in Redmond would be no different to what you see in sleepy semi-rural towns, and the population would lack the concentration of the tech people that makes it a viable location all these "no association" companies.

Right now, there are all sorts of tech, software, medical, etc companies, and then a whole 'nother layer of retail and service companies that are sustainable because of the higher-than-usual income brackets in the area.

All these unassociated companies are all from Microsoft's effect on Redmond.

Well, not all, but enough that I wouldn't sweat the Redmond=Billy.teh.G associations people have.

Re:If I'm not mistaken...

[damsa]

Also add that a lot of companies were started by former Microsoft millionaires, IE Valve, Wild Tangent Etc. Also, the University of Washington Law School Building, Computer Science Building, Mary Gates Hall, Mary Gates Drive, The Seattle Mariners, Seattle Seahawks, and various other hands Mr. Gates, Mr. Allen and former Microsofties has in the community, is of more concern to me. Seeing how the State bent over backwards for Boeing, I can see how they can do stuff for MS as well.

Re:If I'm not mistaken...

[j-cloth]

Um, didn't this exact same thing already allegedly happen in Ohio in the last federal election? Seems to me the response was a big "Oh well"

Re:If I'm not mistaken...

[Just+Some+Guy]

You shot my pa!

Re:If I'm not mistaken...

[Xerithane]

It's obvious that the election was corrupt... that's just the facts -- whom it was corrupt for, probably a little bit of both but I guess the Democrats were just more cunning... Whatever.

I'm in full agreeance with you regarding her wide spreading legislation. She just passed a $0.09/gallon gas tax (as well as other controversial budget changes) to help pay for mostly Seattle-area construction projects. I'm closely involved with many non-Seattle area folks, and that's just not fair to do to them. Why not cancel the idiotic monorail tax and defer that money into construction projects? Why not increase the Seattle area sales tax a half a percent? Why is the rest of Washington being forced to pay for Seattle area projects?

Then I think about the fact that the Seattle area has the highest concentration of Democrats, as the governer race rested on what happened in King County. I think it's doubly insulting to see a governor that wasn't clearly elected, win by a county that benefits the most from her placement, favor that county.

It's strikingly similar lazy susan deal from the .com era.

Don't even get me started on the bio-diesel subsidization for Washington farmers to grow Soy (which is best grown in the mid-west).

Re:If I'm not mistaken...

[LifesABeach]

If I were a Sasquatch, I'd wouldn't openly admit to using ANY linux distro.

Re:If I'm not mistaken...

[Brad1138]

Mod parent up for subtle Bloom County reference.

Re:If I'm not mistaken...

[AgentSmith]

Only more of a case for a legitimate third party.

We should start now.

I'll start. I declare a third party called the
Nationalists.

Our intention is to be a moderate party which will concentrate on being a proper representation of American citizens who feel disenfranchised from the two party system and are cynical of the political process in general.

Re:If I'm not mistaken...

[Retired+Replicant]

That sounds about right for the Democrats. Keep recounting until you get the outcome you want.

Not sure how I feel...

[bananahead]

OK, this is great. So how does one go about enforcing such a law? I have very mixed feelings about this one.

I love the idea that we are making something so irritating illegal in the strick legal sense of the word. Make no mistake, I hate Spyware.

At least I think I hate Spyware. I am not really sure, given the broad definition. Some Spyware is good, based solely on MY definition of 'good' and the mood I am in. So what if I have to give up something 'good' because the purveyors of that 'good' thing felt it might fit into the broad definition of Spyware and thusly discontinued it. I lose.

On the other hand, the creepy porn junk and the crud that wants my bank account so they can sell me into slavery in Korea definitely (again, in MY definition of...) fit the model of BAD Spyware and need to have its purveyors captured, subjected to Janet Jackson Videos and sent to prison for a long time. And thus begs the question:

How does this law get that done? Certainly these guys aren't going to stop their nonsense, they are making money doing it, so we will HAVE to enforce this law to get them to stop, and if they don't stop because there is no good way to enforce this law, then the BAD stuff continues and the GOOD stuff is thwarted.

I am just not sure about this one.

I suppose it gives teeth to companies like Microsoft and EBay to go after these guys and have them bundled away. That is good. But Who decides which ones Microsoft and EBay go after? And do I really want to create a system whereby Microsoft and EBay are the US Marshals and are enforcing laws the way they see fit, and going after those criminals that they decide to go after?

I'm just not sure about this one.

Re:Not sure how I feel...

[AKAImBatman]

OK, this is great. So how does one go about enforcing such a law?

It won't help from outright viruses, but it could result in massive punitive damages for semi-legitimate corporations. e.g. Gator would be effectively banned from doing business in the state of Washington, under the penalty of heafty fines and/or criminal charges. (Sorry, I didn't read the law in any detail. I didn't catch if it was considered a criminal action or not.)

As for finding someone to prosecute these companies, that may not be as hard as it seems. Lawyers love to make money by bringing forward any cases they can. In the absense of money, they love high-profile cases that make a name for themselves.

Re:Not sure how I feel...

[HTH+NE1]

Expect something like the following to be added to your license agreements:

By clicking "Accept" you assert that you are not a resident of the state of Washington nor in any way physically or otherwise in the state and that the computer upon which you are installing this software is not and will never be within the jurisdiction of the state of Washington.

And words to the effect that make them immune to Washington law if the user misrepresents his locale or otherwise violates the terms of the agreement.

Re:Not sure how I feel...

[winkydink]

Washington state also outlawed killing sasquatch.
.
.
.
OK, this is great. So how does one go about enforcing such a law? I have very mixed feelings about this one.

Maybe they send sasquatch over to kick the guy's ass?

Re:Not sure how I feel...

[Antisquark]

It doesn't necessarily STOP the software from running; it forces the software to play nice with the other children and submit to removal if the user wishes.

If you want various background processes tracking your purchases and webuse to supply you with "tailored results" then you should be welcome to them.

If you DON'T, however, you should be able to remove the damn things with a minimum of fuss. It's never been good marketing for a company, in my opinion. Would you, in your right mind, buy something from a man who'd replaced the wallpaper in your home with advertisements for his products? I don't think so.

Re:Not sure how I feel...

[quintiusc]

I see some more class action lawsuits coming because of this. This law doesn't mention any specific penalties other than to say that the party who committed the act is subject to penalties in other laws and can be sued. Class action lawsuits don't usually result in much money for anyone but the lawyers. It would be intersting to hear from someone more familiar with Washington penal codes to know what criminal penalties apply in this case.

Re:Not sure how I feel...

[Rhone]

I, too, wondered if certain types of benign software might be caught in the crossfire with this legislation. After reading through it, I'm not worried about that.

The bill is littered with words/phrases like "through intentionally deceptive means", "deceptively", "intentionally misrepresenting", "falsely representing", "without the authorization of an owner or an operator", etc.

In every section of the bill, it's rather clear that the target of the legislation is software that deceives the user and/or does things against the will of the user.

My biggest concern now isn't that benign software will be punished; rather, I suspect this bill will be useless because spyware companies will just embed "You give us permission to blah blah blah" clauses deep into those EULAs that no one really reads.

Re:Not sure how I feel...

[anthony_dipierro]

So what if I have to give up something 'good' because the purveyors of that 'good' thing felt it might fit into the broad definition of Spyware and thusly discontinued it. I lose.

This I think is avoided by this law. Pretty much all the restrictions require that the behavior be "intentionally deceptive". This is basically defined to mean that the program intentionally lies about what it's going to do or intentionally omits a description of what it's going to do in order to deceive.

On the other hand, the creepy porn junk and the crud that wants my bank account so they can sell me into slavery in Korea definitely (again, in MY definition of...) fit the model

At that extreme, it'll probably be covered, of course, selling someone into slavery is already illegal :). In my opinion this will probably be useful against software which is already illegal, and pretty much useless against any legitimate company, who will just add text into its EULA saying that you give it permission to do whatever it is it does.

Basically, I'd say the law is harmless, but useless.

Re:Not sure how I feel...

[anthony_dipierro]

My biggest concern now isn't that benign software will be punished; rather, I suspect this bill will be useless because spyware companies will just embed "You give us permission to blah blah blah" clauses deep into those EULAs that no one really reads.

That's why spyware is a problem which simply can't be solved through legislation. You either restrict the right of people to do whatever they want with their computer or you leave the door wide open for companies to do whatever they want by getting you to click "OK". Spyware will only be solved through a combination of technology and education. Technology to disallow installation of software which does certain "evil" things, and education to teach the end-user when it's OK to override the defaults and allow the "evil" thing anyway.

Re:Not sure how I feel...

[DigitalCrackPipe]

Regarding your definition of "good spyware": what you really mean is that you may be willing to allow information aggregation software to run on your computer in exchange for free services/software.

OK. That's different from spyware. Information aggregation is still legal. The bill is littered with phrases like through intentionally deceptive means. The deception is a key part of software getting itself classified as spyware. I would posit that spyware is *always* bad (possibly with the exception of by law enforcement).

A bill like this helps draw the line as to what is acceptable commercial behavior. It makes it more difficult for shady operations to stay above ground, and therefore attract legitimate customers.

Re:Not sure how I feel...

[pete6677]

Putting terms in an agreement is not the same as having them accepted into law, not even close. Many agreements and contracts contain illegal clauses that would never be upheld in court, which is one reason why so many lawsuits are settled out of court. Generally, you cannot use contracts or legal agreements to facilitate illegal activity, so inserting language like this would not make the spyware company suddenly compliant with the law. For example, employers must follow employment law and cannot simply make employees sign an agreement waiving all rights. Some rights can be waived if the law allows for it, but otherwise an agreement cannot contradict the law.

Re:Not sure how I feel...

[readin]

I would feel better if the state would pass http://blackbox.cs.fit.edu/blog/kaner/archives/000 124.htmlthis software customer bill of rights. I especially like #4 "User has right to see and approve all transfers of information from her computer. Before an application transmits any data from the user's computer, the user should have the ability to see what's being sent. If the message is encrypted, the user should be shown an unencrypted version. On seeing the message, the user should be able to refuse to send it. This may cause the application to cancel a transaction (such as a sale that depends on transmission of a valid credit card number), but transmission of data from the user's machine without the user's knowledge or in spite of the user's refusal should be prosecutable as computer tampering."

Re:Not sure how I feel...

[RealUlli]

My biggest concern now isn't that benign software will be punished; rather, I suspect this bill will be useless because spyware companies will just embed "You give us permission to blah blah blah" clauses deep into those EULAs that no one really reads.

What happens if the user changes his mind? (In true /. tradition I didn't read the article)

IMHO, when the user consents through some legalese buried deep within some EULA, the software can install, but I think EULA clauses that go against a law are illegal and not binding. When the user consents, the software can install, but when the user changes his mind, the software should uninstall without putting up a fight, no matter what some EULA says. (I wonder if the lawmakers had something like that in mind? ;-)

The uninstaller *might* uninstall the goodie that caused us to install the software along with the spyware (there might be a reason...), but not just the goodie, leaving the spyware in place.

Re:Not sure how I feel...

[SatanicPuppy]

IANAL but there are certain rights you can't sign away in a contract, regardless of how its written.

In some states, even if you signed a binding non-compete, you can still go work for a competing company because certain anti-union laws legally invalidate those sorts of agreements.

Beyond that, you can always argue that you did not read/understand the contract. I know it sounds stupid but it is perfectly legitimate. If you've ever bought a house, you know that you have to sign papers saying that you read papers, and papers saying that someone explained the papers to you, and THAT person has to sign a paper saying that he/she is competent to explain the paper to you, and that, to the best of his/her knowledge, you're smart enough to understand what was explained.

They do that so they have a better position in court when you sue them for foreclosing on your house, and even all those papers don't guarantee they'll win.

Re:Not sure how I feel...

[CaptRC]

Agree, this is great news and should be enforced. But similar to thieves, I really think these people like to remain anonymous.
Thanks,

RG

Re:Not sure how I feel...

[Bert64]

I like the phrase:
"Prevent, through intentionally deceptive means, an owner or operator's reasonable efforts to block the installation or execution of, or to disable, computer software by causing the software that the owner or operator has properly removed or disabled automatically to reinstall or reactivate on the computer."
Wouldn't microsoft fall foul of this? A number of their products reinstall themselves when you remove them, or re-enable themselves, or even invoke themselves after you have disabled them.. IE, Outlook Express and MSN Messenger are parasitic and very hard to get rid of, and even harder to make sure they stay gone.. And i'm sure theres other products about which the same things could be said.

Don't you hear it?

[Marko+DeBeeste]

All the malware sceeching to an ignoble stop in the Great Greeen Northwest.

Re:Don't you hear it?

[MightyMartian]

"Sea," cried Canute, "I command you to come no further! Do not dare touch my feet!"

Re:Don't you hear it?

[TedCheshireAcad]

how can they possibly enforce this law?

Re:Don't you hear it?

[Marko+DeBeeste]

My point exactly

Re:Don't you hear it?

[Marko+DeBeeste]

I really wish I had thought of that. I defer to your very notable literacy.

Re:Don't you hear it?

[AEton]

This just came up in another Slashdot thread, where I learned all about King Canute.

Apparently poor, lower-class people who think they're oppressed have heard the version where Canute was arrogant. By contrast, the enlightened people all know the story as it was originally told, where Canute wanted to prove to his fawning blockhead vassals that he was just this guy, you know?

Wish I could find the /. post about that.

Re:Don't you hear it?

[vsprintf]

Where are these kittens [mit.edu] from?

That is a great link. This one has got to be Bill the Cat^H^H^HKitten.

Re:Don't you hear it?

[mpathetiq]

Possibly by citizens reporting the crime, much like most other crimes?

Ah, it's good to live in Seattle

[WillAffleckUW]

land of the free, home of the not-spied-on.

Way way overdue outlawing spyware.

I see why you like that line

[Seiruu]

IE = Spyware

Now they get to use their new search function to search for the contents of Bill's bank account.

Re:I see why you like that line

[tehshen]

That is not a bad point, in general - if I write a program with a security vulnerability, and people use this vulnerability to install spyware on people's computers, do I share the blame with the spyware writers?

Re:I see why you like that line

[masklinn]

As much as you'd share the blame if you were being robbed after leaving an open window.

In some places, you'll be blamed harsher than the robber himself, in others the window matter won't, actually, matter.

Oh, and your income matters, too

Re:I see why you like that line

[mc+clown]

"Prevent, through intentionally deceptive means, an owner or operator's reasonable efforts to block the installation or execution of, or to disable, computer software by causing the software that the owner or operator has properly removed or disabled automatically to reinstall or reactivate on the computer."

But when you try to uninstall IE it keeps on reinstalling itself.....could this now be illegal

Re:I see why you like that line

[Tim+C]

Here in the UK, I think that legally-speaking you'd be in the clear. You could probably expect your insurance company to be really, really difficult regarding any claim you made, though.

Re:I see why you like that line

[Alien+Being]

"do I share the blame?"

Only if you did it intentionally and hid it from the user.

No, I'm not a lawyer. Wanna make something of it?

Re:I see why you like that line

[MBCook]

Good question, I think so.

But... MS is one of the largest employers in the state. Their employees are highly paid. Those employees spend money, buy expensive houses, etc. Microsoft builds buildings, buys land, and supports the arts and such. And lets not forget all the computers and software that they donate/discout for the state and it's schools.

Washington state will not piss off Microsoft. It is a fact. When those state AGs sued because they didn't like the settlement the DOJ did with Microsoft, was the Washington State AG among them? Why do you think that was?

MS is behind this law because if it works, it removes some (much?) of their responsibility (and also codifies in law that spyware is the programmer's fault, and doesn't specify it to be MS's fault). If the law said that, do you think it would have gotten a vote, let alone pass?

Things like this happen. At least it is a win for the consumer if it works, even if MS still isn't held accountable. All us geeks can do is answer questions from friends truthfully. "What's with/causes/why is there so much spyware?"... "Microsoft." Grass roots will work, we just need it to be organized. But then again we need to do that with lots of things (accepting buggy software, the release-then-patch mantra, overpriced software, etc.)

Re:I see why you like that line

[CaptRC]

I don't agree that you should be held accountable for writting poor code, riddled with vulnerabilities. If your app works, then so beit. Accountability falls square on the person with "malicous intent" and nobody else. I have been stricken and subsequently resolved a Browser Hijack recently. And yes, I've switched to FF over IE-6 as a result. But I would not consider Willie G's people at fault for wasting two hours of my life... For that I blame who ever it is that wrote the hijack and to a much lesser extent myself for leaving the doors un-locked. just my 2-cents. Thanks, RG

Re:I see why you like that line

[ne0nimda]

Bravo... I always love it when a cynic is actually backed by... the facts.
I'm curious, actually, about 2 points...
1. Does this law affect software created in washington (i.e. Microsoft) or law that is on computers in washington? Computer law is always fuzzy in the jurrisdiction that it applies to (i.e. internet gambling)
2. I haven't tried windows hacking in quite some time, but is it still impossible to delete certain executable files on windows? When I used windows, if you deleted IE, MSMessenger or WMP, they would respawn themselves - which violates this new law and would subject Microsoft to a $100,000 fine for each copy sold/manufactured in their jurrisdiction - however jurrisdiction was solved.

As far as Microsoft being the enforcer goes - this is even more asinine than my old high school requiring proficiency in their products to graduate... It is completely inacceptable for a software company to try to "enforce" software laws... especially one who has a past plagued with such questionable ethics.

Re:I see why you like that line

[MBCook]

There is only one real soltuion to this problem of local governments being at the mercy of large companies, but it won't happen.

I was thinking about it last night. You would have the FEDERAL government collect all the taxes and such, and then distribute it (based on population or something) back to the state governements to spend. That way the laws of the local governments wouldn't have to worry about what their policies, because their choices would have little effect on their income (there would still be some, but they wouldn't be able to be held hostage).

That would require a MAJOR overhaul of the system, and won't be happening any time soon. The only real solution is to not depend on one big company. The more, the better. Boeing is gone, I'm not sure who else is in Washington that is big (right now the only other company I can even think of is Reiner Beer, which probably doesn't count ;).

Leading the way again...

[spyder913]

We were also one of the first to make spam illegal. I don't really think it has helped all that much...

Re:Leading the way again...

[Blue-Footed+Boobie]

Y0u need V1 a gr a! Dr. Mumbabwi shows you great deals on re.fill pers.cript10n!

Re:Leading the way again...

[calyphus]

All state anti-spam laws were rendered inoperative by completely ineffectual federal legislation.

WA's anti-spam law was useful for the dedicated individuals that took the time to track spam to it's source and file a civil action with the state against them. If you could track them down and you had otherwise fulfilled your own obligations under the law, it was a simple matter to get a $500 judgement in your favor for each actionable missive. Collecting was another matter.

The only real chance for success would be if the spammer were also in Washington.

Like all anti-spam legislation it did require some compliance with legal authority on the part of the spammer. as if someone selling fake Chinese Cialis is worried about legal authority.

Re:Leading the way again...

[Antique+Geekmeister]

Spam, defined as "unsolicited bulk communications" is not illegal. That would require a change in the laws concerning email, something like the junk fax laws that have already withstood constitutional challenges.

What's illegal is email fraud, such as lying about where the email comes from. Since the ISP's have no responsibility to block spam from their own networks, and since there is no civil penalty that can be pursued directly by the spam victims, there is effectively no way to prosecute spam for anybody but John Ashcroft even if it is illegal under the CANSPAM laws, and he's a bit busy pursuing dirty pictures and ignoring criminal mistreatment of US prisoners.

Realplayer now illegal? hopefully

[Toby+The+Economist]

RP is a complete pig to remove.

Wonder if it's now illegal?

In fact, I'd like all third-party hidden-startup applications, which generally are unwanted and adopt this method since they know they'd be removed, to be illegal. I get VERY annoyed when other people feel fit to try to force their software into *MY* computer. How would they feel if I came into their front room and took over the remote control?

--
Toby

Agreed-hard to enforce

[Coopjust]

Hard law to enforce. If it was a national law, then it would have some effect. Hopefully it doesn't become "National weak law" takes over "Strong state law" like can spam

Re:Agreed-hard to enforce

[abelenky17]

I don't believe it will be terribly hard to enforce. Consider, some of the biggest offenders are based in Washington State.

Real is here, and their realsched.exe keeps coming back on my computer no matter how I uninstall it.

180 Solutions is in Washington State, and they've made software that sneakily installs itself through IE flaws. (that's been less of a problem since XP SP2, and since they started to see the light... but I'm not sure I'd consider them "clean" just yet).

America Online has offices in Seattle, and much of their software is "self-healing" (automatically re-installing).

And I'm not even touching on the most famous Washington software company of them all.

So, since the "criminals" are in Washington, the law is in Washington, and it won't be very long before someone is a "victim" in Washington, I think you have all the ingredients for a court case.

Outlook Express

[McGiraf]

Outlook express will re-copy its files next time explorer is started if you delete them.

at $100,000 per violation that is $100,000 * the number of windows instalations out there, I think microsoft is going broke!

Re:Outlook Express

[The+Bungi]

How about you uninstall it instead. The OE files are under the watchful umbrella of the Windows File Protection service which, while obnoxious at times, can also be very helpful for those clueless users who stupidly delete application directories and then cry foul when the affected app fails to load.

Unless you'd like to show me proof that it cannot be uninstalled cleanly... ? I'd be very interested in seeing that.

Next time think a bit before you post. It helps.

Re:Outlook Express

[SydShamino]

And how does one uninstall Outlook Express? There is not an option to do so in Add/Remove Programs. (There is one entry for an OE quick fix, but uninstalling that just restores the previous state.)

For some reason, I don't see the option to uninstall Internet Explorer either, but when I delete its .exe it is restored, too...

And how do I stop the File Protection Service? (And I don't mean with a hex editor.)

Re:Outlook Express

[serbanp]

Are you as dense as you sound? For a large class of machines (most?), you can't get rid of that crapware.

Sitting right now in front of my Win2000 Professional workstation, I just verified that the Outlook Express is unchecked in the Add/Remove Programs. Still, the Program Files holds an Outlook Express folder with all the content present; if I remove the folder, it shows up again.

It's probably possible to hack the registry to disable the rebuild behavior, but anyone with common sense would expect that when you uncheck (a.k.a. uninstall) the damn program, it's gone for good from his/her harddrive.

Re:Outlook Express

[The+Bungi]

Wait - are you saying I'm "dense" because of that? The first thing I do whenever I install Windows 2000 or XP is to remove OE. It goes away. Cleanly. Never see it again. I install Outlook 2003 and Agent and I never worry about it again.

Maybe the "default mail" application is still OE on your computer, I don't know. I've never had any problems removing it.

Re:Outlook Express

[swimmar132]

Control Panel -> Add Remove Programs -> Windows Components -> Uncheck Outlook Express.

Re:Outlook Express

[rincebrain]

You're an idiot.

The grandfather post explicitly said that that was already checked, and OE is still installed and annoying him.

Short of editing the list of files WFP restores, and disabling any whining Outlook does (yes, Outlook throws errors if you delete Express...), there is no viable way to do this.

As someone said above:
Think before you post. It helps.

Re:Outlook Express

[serbanp]

The Win2k in front of me is configured to use Outlook2k. The guys from across my cubicle have WinXP and Outlook 2003 and they still have an Outlook Express folder full of ... despite the fact that they too unchecked the Outlook Express in Add/Remove Programs.

Sorry for using stupid words (hmmm dense), I got carried away by your sig, that to me seems slant-ish.

Re:Outlook Express

[swimmar132]

You're more of an idiot.

That post was either referring to an Outlook Express service pack or OE-Quote Fix (http://email.about.com/b/a/075618.htm) in the Add/Remove programs box.

In any event, if you go to WINDOWS COMPONENTS in the Add/Remove programs box, you'll see an option to uncheck and thus, uninstall OE.

Re:Outlook Express

[SydShamino]

Dude, you are absolutely completely 100% wrong.

Read the page in the WINDOWS COMPONENTS dialog. It says:

"Add or removes access to Outlook Express from the start menu."

Removing the Start Menu shortcut is not removing the program. You are on Slashdot; shame on you for not knowing the difference.

I just "removed" it like you said. Then I clicked on your email address in the post I'm replying to. Guess what? OE launched to handle the email request? But how could it do that when it's been "uninstalled"??????????

Re:Outlook Express

[rincebrain]

Thank you, sir, for confirming my minority belief that there are intelligent Slashdot posters...albeit ones with minor stylistic flaws.

Re:Outlook Express

[SydShamino]

The "dude" and the extra question marks were purely for effect. I was trying to convey a sense of incredulity.

Phishing is already illegal

[77Punker]

Shouldn't phishing just fall under fraud?

Re:Phishing is already illegal

[Anne+Thwacks]

Shouldn't phishing just fall under fraud?

No. the penalties for fraud do not include cruel and unusual torture.

People outside the US?

[nizo]

which imposes penalties of $100,000 per violation.

Give half of that to bounty hunters who bring the culprit to justice and we could have a new series of reality shows. Who woulda thunk spyware could be entertaining?

Re:People outside the US?

[kesuki]

Ahh the names of rejected reality tv shows are popping into my head not all of them make sense.. 'Phishing for dollars' 'BAss Phishing' 'Gator patrol' 'Malware strippers' 'clippy-- wanted: dead or alive' "america's Least wanted" 'spy vs spyware' 'C.itizen's O.rganization to P.revent S.pyware' 'The price is wrong' we could even do cartoons! 'Pop UnderDog'

Class Action Lawsuit

[benspikey]

Consumers and the state attorney general would be able to seek damages up to $500 per violation, or actual damages if phishers try to get consumers' information. Victimized Internet service providers could get $5,000 or actual damages. Judges could award an ISP three times the amount of fines if they so choose. Alright who wants to sign up with me.. We get 1000 systems download bonzibuddy and weatherbug and make a fortune. or at least have fun trying.. :)

So does this mean...

that if I move to Washington, I'll be able to uninstall Internet Explorer?

Washington State charges MS Windows

[bosewicht]

News Flash, Washington State has just charged Windows for intentionally building a OS that allows Spyware to propagate, the FBI may need to step in as this allows the Spyware to spread across State Lines.

Re:Washington State charges MS Windows

[pg110404]

Didn't the FBI just claim IE was a security threat, specifically a spyware threat, and ban it from all their computers?

With this bill, microsoft should be fined.

where are the teeth?

[spamchang]

or dentures, at least, for this bill?

i want to see people paying up the wazoo for this: collection agencies pounding down doors, spyware companies going belly up, class action suits, the like. hell, if they put filesharing on the same penalty level as involuntary manslaughter (because you know those two are equally evil in the eyes of MPAA/RIAA/congress), why don't they send spyware companies to bankruptcy? /annoyed

Well

[Sv-Manowar]

Will this make any real major difference to the internet? most spyware companies are smart enough to have moved out of the US by now, and will probably be in safe havens for their activities.

It would be better developing ways to stop the actual spyware, rather than try to track down the people doing it. If the people were actually making serious money, and knew the government would be after them, they would be out of the country like a flash, and continue their business.

All that needs to be done

[doofusclam]

.. is to make companies accountable for the actions of their 'affiliates'. Many a spyware company uses this defence, and end up gaining customers from dodgy affiliates who they don't need to pay as the affiliate has broken the terms and conditions. Genius. Their business model is just like bill posting on roads and streets.

Mod this bill redundant?

[mr_Spook]

Okay, it might just be me, and I might just be an idiot here, but isn't spyware illegal already, since it's modifying the contents of my computer without my knowledge or authorization? To me, it seems that spyware makers should be prosecuted just like anyone else who writes malicious code (viruses, trojans, worms, and so on).

Any technically-literate lawyers have a comment on this?

Re:Mod this bill redundant?

[Spy+der+Mann]

Any technically-literate lawyers have a comment on this?

IANAL, but I think that a law which SPECIFICALLY prohibits some obscure behavior (that would lead to YEARS in courts in case of a suit) will certainly make the upholding of our privacy rights much faster and more effective.

Re:Mod this bill redundant?

[zappepcs]

I think that any bill or law like this has all the teeth that the law against anal intercourse does in Texas. Its only used to prosecute those that the government and/or its most ardent lobbyists want to prosecute, at which point legal action is rammed through (so to speak) in a way that makes it very difficult for anyone to defend themselves should they be the target of this type of law.

Any law that is practically unenforcable is only ever enacted in order to have it handy like a law against rats being in your garage, so its like a big baseball bat for when you think you see a rat in the corner of the garage.

To me, this signifies that the lawmakers of Washington state, and their lobbyists are guilty of one of two things:

Complete ignorance and ineptitude regarding the Internet and how it actually works
- or -
Collusion with certain parties in order to help those that they want to help and to hammer those they don't...

Seeing as Redmond is in Washington state (duh) I can only image that the reason for this is to further the plans of Microsoft.

just my thoughts...

So now there's a law

[RM6f9]

The next steps will be legal definitions of what constitutes spyware, and refinements of those definitions based on cases brought to trial.

How will they know who's doing spyware? Offer rewards to reports resulting in convictions.

Of course, the thing might be struck down as unconstitutional depending on the breadth of definitions it starts with and the zeal of the ever-loathed ACLU in promoting the letter of the First Amendment to the detriment of the spirit of it.

sigh.

Re:So now there's a law

[l2718]

"Of course, the thing might be struck down as unconstitutional depending on the breadth of definitions it starts with and the zeal of the ever-loathed ACLU in promoting the letter of the First Amendment to the detriment of the spirit of it."

Actually, there's a good argument why this may be unconstitutional: this is regulation of conduct that is happenning (at least in part) outside the State of Washington. There's a reason that wire-fraud laws are federal, and this shouldn't be any different -- I'd expect this law to only reach malware vendors with Washington presence.

Re:So now there's a law

[Nasarius]

ever-loathed ACLU in promoting the letter of the First Amendment to the detriment of the spirit of it

The ACLU does not determine what is legal; they merely present the cases that they think have merit. Blame the courts, particularly the Supreme Court, if you feel that they are misinterpreting the First Amendment.

That's just a bandaid on the problem.

[pg110404]

Some of the better places to go to get spyware are places in russia or developing countries, etc.

The advantage and disadvantage of the internet is that you can go access web sites from anywhere.

By making it tough for any group/organization to spread their malware from washington state, means they'll go elsewhere to host their stuff.

Suppose all the spyware people jump ship and go elsewhere, somebody WILL find a site that has it and will get the spyware.

It's like passing a law that makes it illegal to skid out of control and hitting a particular tree in the hopes of eliminating accidents.

Re:That's just a bandaid on the problem.

[Just+Some+Guy]

By making it tough for any group/organization to spread their malware from washington state, means they'll go elsewhere to host their stuff.

Sigh. Here we go again.

If you are a resident of Washington, then Washington's laws apply to you. Host in Seattle, Tampa, London, or Kiev if you want - you're still subject to the law. Now, spyware companies could relocate their entire business to a scum-friendly state, but that's a little more expensive than the fantasy scenario where just changing their ISP would make them safe.

AOL's AIM

[yrogerg]

Have you ever tried installing AIM from AOL? It install links everywhere regardless of if you tell it 'no' in the setup process. Maybe they'll finally change this.

Re:AOL's AIM

[dogmatixpsych]

What kind of question is that? This is /. People here don't install AIM on their computers - that's like saying "You know last night when I was hanging out with my girlfriend...." AIM - Slashdot, Girlfriend - Slashdot, these are just incompatible with each other. I'm mean, duh!

/Just joshin' ya.
/I can't stand all those AOL links and junk that get installed, which is why I don't use AIM.

Re:AOL's AIM

[Blakey+Rat]

What's interesting is that the MacOS X version installs really smooth without leaving crap all over. I wonder if that's because OS X users complain more than Windows users, or just because AOL's given up targetting ads to Mac users...

It also has nice features that no other IM clients have, like text-to-speech. (iChat can speak the name of the sender, but AIM can speak the name, message, or both. Very handy.)

Re:AOL's AIM

[mindstrm]

From what I've seen, mac users have higher standards. Unlike the bulk of windows users, mac users tend to know with confidence how their computers are supposed to behave.. and anything that messes with that doesn't have much chance of gaining a foothold in the market.

Re:AOL's AIM

[Geoffreyerffoeg]

/I can't stand all those AOL links and junk that get installed, which is why I don't use AIM.

I installed Jabber once. Nobody else did. That's why I'm still on AIM.

Network effects and proprietary protocols - it's why AIM and MSN and the like are still popular, and still semi-popular among people who should know better.

Re:AOL's AIM

[The+One+and+Only]

Have you ever tried installing AIM from AOL?

No.

Re:AOL's AIM

[Bequita]

"Network effects and proprietary protocols - it's why AIM and MSN and the like are still popular, and still semi-popular among people who should know better."

Use Trillian, if you're running Windows.

Re:AOL's AIM

[mindstrm]

Clueless they may be, they still know when something fucks up their mac.

Re:Realplayer now illegal? hopefully

[Chris+Burke]

How would they feel if I came into their front room and took over the remote control?

The same way a Mafia racketeer would feel if you threatened to burn their house down if they didn't pay for your "fire insurance".

They aren't children; they know people hate what they do. As long as the annoying thing is happening to you for the profit of them, then they don't care, whether "they" are the Mafia or Gator or whoever.

Federal Bill

[kjfitz]

A US Federal bill is also in congress, the The Spyblock Act. Reading the reactions to it there seems to be a realization that these acts are somewhat toothless. I assume they are being passed to show that lawmakers "care" and "are listening" but is doesn't seem like anyone has enough imagination to really address the problem yet.

Re:Realplayer now illegal? hopefully

[agm]

Is IE spyware? It is installed without permission and, even though it can be a vector for viruses, cannot be removed. It also tracks personal information (via cookies). How would this NOT be illegal under the new law?

Nit : Canute wasn't stupid

It was Canute's courtiers who were the idiots, not Canute himself. He did the whole commanding-the-sea thing precisely to demonstrate to them that he was not divine.

Re:Nit : Canute wasn't stupid

[MightyMartian]

Oh I know, but this whole notion of some state government ending the threat of spyware reminded me of the passage.

maybe the religous fundies should promote this law

[hurfy]

""Opening multiple, sequential, stand-alone advertisements in the owner or operator's internet browser"

hehe no free porn for Washington :)

We know what at least one state congresscritter is up to...

Sounds all warm and fuzzy but actually doing anything is doubtful...at least til califonia catches up.

I believe you cant make automated telesales calls here but several computers havent read THAT law either :(

Re:Realplayer now illegal? hopefully

[Mad+Merlin]

I thought Real had significantly lessened the evilness of Realplayer lately... more specifically with Realplayer 10. Then again, that's just what I heard, I have no desire to find out myself.

Re:Realplayer now illegal? hopefully

[Em+Adespoton]

Does this mean that all software that leaves information in the Windows Registry when it uninstalls (so it can check and see if it's been installed before the next time you install it) is now illegal? How about programs that update a DLL and then don't revert your system to the previous version when they uninstall? Is MS Office now illegal spyware (it also tracks you without telling you in hidden parts of its Word documents)?

About time!

[MURD3R3R]

This is one of the last final frontiers needing to be policed. Lets face it, the internet is like old Tombstone, lawless and full of crooks. I for one like to do business online, and have fun on it and I hate worrying if my credit card # or other important # will be stolen due to some spyware.

I support these new laws and apple itunes! :-P

Alexa

[HermanAB]

So, will MS finally stop shipping Alexa with IE?

Re:Remember when SPAM was outlawed?

[Rick+the+Red]

Remember, the CAN-SPAM act revoked all the state's anti-spam laws, including Washington's. I'm a Washington resident and my inbox has more spam than ever since CAN-SPAM passed. "CAN-SPAM" indeed, now they sure can, and with the government's blessing!

Huge Loophole, Crappy Bill

[Erris]

Of course M$ loves this one. Check out this wopping loophole:

These prohibitions do not apply to any monitoring of a subscriber's internet service by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service for network or computer security purposes.

So, when M$ looks at and deletes your files for supposed copyright violations, that's a "security" issue and they are OK. It does not matter that they have all of the other definitions of spyware and are much more invasive, they are a "software provider" doing it for "security".

The definition is so broad that it's hard to imagine who is not a "software provider" doing something for "security". Oh wait, now I know, anyone Microsoft does not like is not a "software provider".

A real spyware law would spank M$, HP and many other "software providers" for all the things this bill legitimately complains about and then allows.

Re:Huge Loophole, Crappy Bill

[calyphus]

Considering that M$ is ultimately culpable for enabling such malware, I look forward to the windoze users class action. In their own home state, no less. Whatever support M$ put behind this wasn't too well thought through.

Re:Huge Loophole, Crappy Bill

[swimmar132]

What part of These prohibitions do not apply to any monitoring of a subscriber's internet service... don't you understand?

That says nothing about allowing MS to delete files off your computer.

Too bad it'll never bite the **AA

[SocialEngineer]

Considering their actions (through contraction of Overpeer) to smuggle spyware in through windows media files..

Re:Realplayer now illegal? hopefully

[plover]

Try removing HP printer "drivers" some time, or "desktop helpers" that come with video cards, sound cards, TV tuner cards, MP3 players, Bluetooth dongles, printers, scanners, faxes, cameras or any other peripheral your PC may have seen on a TV commercial.

As far as I'm concerned, start arresting them all. I don't want their sh!tware on my box. I want their stuff to sit there nice and quiet up until the moment I want it to do something, and then I want it to do nothing extra. I don't want a pop-up "toolbox" to fix my printer; I don't want a noisy "Lookie what I printed for you, John, aren't you proud of my wonderous inkjets?!" dialog box. And when it's done I want it to get the hell out of my way. Completely. Don't ask me to update, don't leave a tool tray icon behind, don't leave a task running in task manager.

If all this requires sending a few developers to Federal Pound Me In The Ass Prison, all I can say is "don't drop the soap, guys."

more jobs lost

[kingjosh]

So now they'll have to outsource spyware writers to third world countries? AND move the company's there?

Real Player

[m00nun1t]

Like many others, I consider Real Player to essentially be spyware.

I think (correct me if I'm wrong) that Real are based in Washington State. So what's the impact here, for both current and future versions of Real Player? Would make an interesting test case.

Re:Real Player

[FrogofTime]

Real IS based in Seattle, near the waterfront.

Under the law, Real would have to prove that it's software is NOT Spyware, or otherwise it will face fines.

On a funny side note, the last time I saw the Real building, there where three traffic cones in front of the door, with the letters VLC written with black permenent ink.

Re:Real Player

[doxology]

Hah good luck with that..isn't one of Washington's Senators (Cantwell) affilliated with RealNetworks in some way? I'm sure as soon as that was tried she'd write some federal legislation that would pass through congress quite easily....

Re:Real Player

[oxygene2k2]

what's the issue with real10?

it has some annoying defaults inside realplayer (which you can change in the options) and doesn't affect anything else (except installing browser plugins, installing icons - ie. standard stuff)

realplayer these days is a different beast from realplayer in 2001

Which Governor Gets To Sign It?

[billstewart]

The bill is very explicit about the name of the Chief Clerk of the House of Reptilians who's in charge of the bill, but for the Governor's signature line, it only has the Gov's title and not his/her name :-)

Does this apply to quicktime?

[TimCrider]

Does this mean that I can move to Washington, and next time quicktime adds itself to my startup again I can pocket $100k?

Does it really?

[SanityInAnarchy]

When I try to uninstall IE, it doesn't actually uninstall. The uninstaller explicitly says that all it's doing is removing shortcuts.

I don't think that line bans software which simply doesn't install itself.

Anyway, what I don't like is that this is so broadly defined. Plus, Washington is MS's home state. Considering MS could probably buy Washington, I'm concerned that some MS-sponsored judge will decide that Firefox is spyware because it looks like Internet Explorer, which decieves people into thinking they've uninstalled it when they never even made an attempt.

Re:The Search For Credible Evidence Continues.

[c0d3h4x0r]

I imagine this won't put to rest the rumors of spyware in their recent players

That's because you're misunderstanding the "rumors" (which are not rumors, but facts, by the way). The problem is that Real's software (maybe not the very latest version, I haven't tried it, but for relatively recent versions this is certainly true) IS spyware in and of itself, because it (1) deceives users into installing stuff or signing up for stuff they didn't want or expect to be signed up for, (2) deeply integrates itself into the system in a variety of unwanted ways, and (3) makes itself almost impossible to cleanly and completely uninstall.

Re:Realplayer now illegal? hopefully

[crabpeople]

"I don't want a pop-up "toolbox" to fix my printer; I don't want a noisy "Lookie what I printed for you, John, aren't you proud of my wonderous inkjets?!" dialog box."

well you could not install those "features". Most driver cd/downloads have their drivers tucked in a directory some where. Especially true with driver updates you download from the manufacture's website. So yeah, you installed all that crap, you live with it. When i install an epson or an HP i just point add printer wizard at the driver dir. I have found very few peripherals to not have some kind of "manual install".

I would also add that the more expensive the hardware, the more likely it wont have badly coded drivers/software. This is why its better to buy quality peripherals rather than cheap "no name chinese company" stuff.

Re:Realplayer now illegal? hopefully

[Rorschach1]

...or any other peripheral your PC may have seen on a TV commercial

This is exactly why I don't let my PC watch TV.

Dead people voting

[Kozar_The_Malignant]

The graveyard precinct vote has been a factor in US politics since before Washington was a state. The real news is that the state government is no longer considered a Boeing subsidiary.

$100,000 is a bit excessive

[davidwr]

In the hypothetical case of spyware which does only minimal damage, does not spread, and is not part of any fraud or other already-illegal activity, $100,000 is very excessive.

To the extent that this constitutes a "fine," criminal or civil, it is subject to the US Constitution's prohibitions against unreasonable fines.

To the extent that it is a remedy payable to the harmed person, I'm not sure what kind of judicial oversight there is. Maybe I should ask my legislature to allow me to sue for "One Million, I mean One Billion Dollars" the next time someone double-parks me.

Now, there ARE cases where a single instance of spyware, with a single victimized computer, does warrant $100,000 in fines and even prison time - but not because it's spyware, but because it's an attempt to engage in fraud, e.g. steal bank passwords.

Re:$100,000 is a bit excessive

[humankind]

It's not excessive in my opinion. Small fines are what nullified the effectiveness of many previous anti-spam, anti-virus laws.

There has to be a substantive risk on the part of the perpetrator to dissuade him from producing the spyware, and there also needs to be suitable incentive to pursue legal action. Small fines aren't worth anything because you can't find a lawyer who would take the case.

Silently installing DRM enforcing programs?

[emarkp]

Hmm.. Recently I played Splinter Cell: Chaos Theory, which installed StarForce without my knowledge or consent--and which doesn't uninstall ever unless I download the uninstall tool.

Would this violate this law? I think it should. I wish I'd known about the StarForce installation--I wouldn't have bought the game.

You really anti-trust those judges, don't you?

[tepples]

I'm concerned that some MS-sponsored judge will decide that Firefox is spyware because it looks like Internet Explorer, which deceives people into thinking they've uninstalled it when they never even made an attempt.

Laughed out of court. As part of an antitrust settlement, Microsoft introduced and promoted Start > Set Program Access and Defaults, and if the user tries that, IE still shows up. Remember that an appeals court isn't nearly as easy to "sponsor" as a trial court.

What about Terms of Service?

[00+Agent+Kid]

This law seems to cover a lot of ground. However, does it affect programs that are installed, technically, by your consent. Most of the time I don't read through the Terms of Service of a program, but if said program says within their TOS that they can, without your prior consent, install crap on the computer, can anything be done about that?

Re:What about Terms of Service?

[Rocketship+Underpant]

I doubt such "terms of service" are valid if you're tricked into agreeing.

Re:What about Terms of Service?

[00+Agent+Kid]

That makes sense. Reminds me of that one letter Marge read: "By reading this letter out loud, you have waived any legal responsability on our part in perpetuity throughout the universe."

Re:Realplayer now illegal? hopefully

[mesach]

I am glad to see that I am not the only resource nazi in the world.

I hate having anything more than 4-6 things in my systray, and start geting annoyed when I see >40 processes running.

Copy Protected CD's

[complete+loony]

And the driver that copy protected CD's install without your permission to prevent the tracks from being ripped? I had to clean up one of these last week while I was ripping music for my father in law's new iPOD....

Goodbye Copy Protected CDs

[shogun]

Won't this ban some of those 'copy-protected' CDs that automaticaly install some kind of driver through auto-run?

Unimpressed with past WA tech laws

[StimpyPimp]

Like this one.

Sometimes politics and technology don't mix well, mostly because a majority of politicians are not tech-savy. That is why these laws are vauge and sometimes useless attempts.

Great and everything...

[Zach978]

I like it, but I don't like legislators getting used to writing bills dealing with the Internet...

They get their foot in the door and we might be in trouble...

Re:Great and everything...

[geekoid]

you mean like the legislators that open the internet for public use?

Re:Realplayer now illegal? hopefully

[anubi]

Yeh, it seems cool to ask Congress to police the play yard.

But in the end, the reason they can do this is US!

We bend over way too easy for business. We are so damned obedient - they say "Internet Explorer Required" and we do as they say. Or, "You must have JavaScript enabled". or flash or adobe or whatever. And we comply.

Not near enough of us simply took our business elsewhere.

Business gets their way because they have the guts to go somewhere else at the slightest whim - ever tried to get a job? You get passed by for the slightest thing out of place... yet business expects us to configure our machines with known avenues for malware propagation just to see their site. Geez, do you think they would wanna do business with me if I insisted they open the till to their cash register open while doing business, and let me do whatever I will under the darkness cover of the DMCA??? Or would they consider me a tremendous security risk to allow in their store?

Even my damm bank requires Java Script to use their site - so I have to do my business personally at the teller. I can't seem to get across to them that I consider them asking me to enable scripting programs on my machine is equivalent of me asking them to let me in their safe, and not even be allowed to see what I do in there.

I have tried till I am blue in the face to fight business on this issue, but there is not enough of me to make a difference... for now I am just a whiner.

When one is seeking a job with business, one usually has sense to take a bath and dress up for the interview, don't come in complaining the office is the wrong color, and you won't work until they install whatever brand air conditioner you specify. The buyer needs to insist on the same respect. If one business is not flexible enough to use web standards. find another that does. If business insists from the get-go that you bend over, what kind of tone have they just set for any future dealings with them?

When we as a whole insist with our purchasing power that business conform to standard communication protocols, protocols we both understand, we will see an end to this sneakyware that is foisted upon us by businesses that insist we load other crap in just to see their site.

Its a big job to turn business around. They are big and used to getting their way. Even government gets in on the act as people are required by law to interact with them. One case in point is some forms the California DMV put in Adobe .pdf format. They used some peculiar new encoding scheme so I can't print the forms. Why in all blue blazes could they have not used the simple way already provided in all browsers to print things?

I can't tell you how many times I have walked away from a business deal when the salesman tries to close the deal and hands me a stack of fine print and smiles, saying "just sign here". If he needs that much fine print, there's something wrong somewhere. I would not ask him to agree to such a thing. Why is he asking me to?

Re:Difficult to enforce

[wheelbarrow]

You've hit on the precise problem. Laws that are difficult to enforce are only enforced intermittently. It's not much of a stretch to get 'intermittent' enforcement to be 'arbitrary' enforcement, all you need is a tyrant.

In a world where enforcement is rare, there will be a lot of violators. In that world the tyrants can begin to pick and choose who to enforce the law against.

Re:its really simple..

[calyphus]

Yet another unenforceable EULA loophole. Exemptions responsiblity for criminal behavior in a civil contract cannot exempt a criminal from responsibility.

Exercise in futility

[Argon+Sloth]

Well it probably seemed like a good idea at the time. But I have the feeling this will be difficult to enforce, with the exception of cases involving untrusting spouses. It's like outlawing rain. Or declaring war on Algebra. It looks good on paper, but seems entirely unfeasible.

Re:The Search For Credible Evidence Continues.

[Arker]

MSIE qualifies on 2 and 3 at the very least as well. Somehow though, I doubt the new law will be used against it's sponsor MS.

Now if it's used even handedly like that, then I'll get excited. Till then, I'm guessing it's just a public relations bluff.

Enforcement?

[Chris+Burke]

Off topic, but tangentially related: Austin, TX recently passed a city-wide smoking ban. On the news a couple nights later, the anchorwoman said: "With Austin's voter-approved smoking ban coming into effect soon, people are asking how it will be enforced."

Oh, I'm so glad they thought to ask about that tiny, niggling issue of enforcement after voting for it.

And you're right, enforcement is going to be a big issue here. How many spywhores are operating in Washington? How many are operating in the U.S.? When enforcement gets difficult, then enforcement gets selective. The question always is: who is going to do the selecting? That becomes the deciding factor in what the impact of the law will actually be. If it is Microsoft, woe be unto us.

Mod Parent Up

[Rocketship+Underpant]

The parent makes a very good point. A lot of sleazy Digital Restrictions Management software uses spyware and malware tactics to control your computer. After all, it can't work without restricting your use of your own system to some degree.

Can Washingtonians now sue record labels that use malware to prevent CD copying? That would be a terrific step towards ending such nonsense.

Re:Realplayer now illegal? hopefully

[Artifakt]

I tuck all mine onto a nice comfy couch and let them watch "Brave Little Toaster" every 6 months or so.

http://www.imdb.com/title/tt0092695/

Your tax dollars at work?

[t_allardyce]

Yes... because there certainly aren't any computing laws that already cover un-authorised access of someone's machine. Seriously, the people responsible for any intrusive advertising or related annoyances are the people who actually buy the products. These people need to be executed by special executive order from the president himself - no messing about with terrorists, just shoot the people who buy penis pumps and subscriptions to xxx-teens-for-you.com and the world will be a better place.

Re:Realplayer now illegal? hopefully

[Sloppy]

I don't want their sh!tware on my box.

Then how did it get on there?

Section 5 pretty much invalidates the whole bill

[billstewart]

• 1 - Definitions
• 2 - Intentionally deceptive evil things banned,
• 3 - Illegal to transmit software that takes control of computer or changes security-critical settings,
• 4 - Illegal to deceptively induce owner/operator to install software for security/privacy/viewing, or to execute software that installs software.
• 5 - Covers the ass of ISPs, carriers, hardware and software vendors, service providers, etc. installing, monitoring, managing, or upgrading things or detecting illegal use of networks, services, or software.
• 6 - Penalties
• 7,8,9,10 - Legal technicalities and boilerplate.

Section 5 is directly intended to protect people like anti-virus companies updating their products, Microsoft doing operating system updates, Digital-Rights-Management software companies running licensing spyware, ISPs doing security stuff, etc. Real Networks appears to be pretty thoroughly protected here. But just about anybody selling software is protected, even if it's ueber-blatant spyware, as long as they don't falsely claim that they're the *only* way to view some kind of material when they're not. And the bill makes the classic passive-voice mistake of referring to "authorized" updates and "authorized" remote system management without saying *who's* authorizing it to do *what* to whom. So my software company, Evil-Ware Incorporated, authorizes anybody to install our product on their computers and use it to update their browsers, and we'll be monitoring your machine to make sure you're not using it in ways that violate the 347 pages of fine-print licensing terms that you agreed to when you clicked the "Yes!" button, including Page 157 where you agree that you've read the whole thing and understand it.

It's probably impossible to write a good anti-spyware bill. Not only are legislators and their staffs not skilled enough to recognize the subtleties, but they're under pressure from major manufacturers not to interfere with various software or content licensing products, which are essentially legitimate spyware. Furthermore, it's extremely difficult to draw subtle legal distinctions between edge cases (with a $100K penalty for the loser) when the legislators aren't smart enough to apply the equivalent of the "I know it when I see it" obscenity test. Think about the differences between an email message or web page containing

• a 1x1 transparent GIF HTML tag (obviously a web bug) sent by someone evil,
• same web bug sent by the listbot for a mailing list you intentionally subscribe to,
• an HTML IMG URL that also displays an ad for the usual canned-spiced-meat products,
• an HTML IMG URL that displays the logo of some advertiser or author but isn't tracked and doesn't have the recipient's address or other identifier,
• the same IMG with a URL that does have a query identifying the addressee,
• the same IMG with a URL that is tracked but doesn't identify the addressee,
• the same IMG with a URL that doesn't directly identify the addressess but could be indirectly used to do so if somebody queried the web server logs and correlated them with other databases,
• any of the above, where the image says "Click Here for More Info"
• any of the above, where the image says "Click Here To Be Removed",
• animated singing-dancing humorous video image from some streaming-video provider that tracks recipients by IP/cookies/etc. that you requested
• same video that your Mom forwarded because she thought it was funny when one of her AOL buddies sent it to her,
• same video, sent by spammer who gets paid by the number of people who watch it
• etc. etc. etc. - You can think of dozens more subtly different cases, but you're reading Slashdot, so you're almost certainly more technical than 99% of your legislators and 95% of their staff people.

Re:Realplayer now illegal? hopefully

[ionpro]

4-6 things in your systray? 40 processes? That would be a very bad day indeed for me. My main box typically has 3 icons -- gaim, Google Desktop Search, and my nVidia driver icon -- along with a hidden volume icon. As for processes, right now I have firefox, gaim, and Azeurus open, plus Steam and my nForce2 audio control panel, and I have 30 processes running.

Disable your unneccessary services in XP. It'll make your life much better, I promise.

HEY!

> Sure, some people will argue 'it was just a hairy guy backpacking in the redwood forests!', but I had my hunting license.

You bastard, you killed RMS!

Re:HEY!

[bladesjester]

Can I send the GP presents for doing us all a favor? Now we can finally stop hearing the free vs "Free" discussions!

How about an industry-wide prosecution orgy?

[quag7]

Like many here, I think this law will do a whole lot of nothing.

But as for the comments about Windows and its security holes, and how we should blame Microsoft, I don't agree with this either.

I don't think criminals who break into your house shouldn't be blamed because lockmakers, doormakers, or windowmakers (no relation) should have made their wares of sturdier materials.

People use Windows out of momentum and because they feel they have no choice. Microsoft would clean up its act if consumers forced them to by using other products. A variety of circumstances have largely prevented this from happening.

Mac users have felt that their experience has been better for many years, and have often wondered why anyone would choose a PC over a Mac - especially now with OS X which, they say, rocks harder than a llama with a chaingun and free calzones.

I have seen people complain about the smallest changes on their systems, including point upgrades to browsers or MSOE upgrades.

People aren't down with change, especially on things they think of as complicated devices. Those of us who read Slashdot are, I am sure, far more flexible and adventurous in this regard, but I don't think we in anyway represent consumers as a whole.

Microsoft could probably commit genocide, and people would still use Windows. They could declare themselves as a nuclear power in Redmond, and people still would use their products. Not because they are the best (a minority use them for this reason, but not, I think, most people), but because it is what they are used to, and have become used to and really don't want to learn something new, along with its attendant frustrations, hassles, and time commitment.

People use Windows because they would rather eat glass than have to re-learn a new interface or OS, because, for many, computers are a sad fact of life, as opposed to a fulfilling hobby or something they would choose to spend time using.

That being said, spyware authors are degenerates, and deserve, basically, what they get.

But here's an idea.

Corporations do not ordinarily prosecute virus writers, phishers, spyware authors, and people who crack their systems for a variety of reasons. One is the cost, and two is the embarassment of being compromised.

What if all of the major corporations and banks secretly decided to do a collectively lodge a wave of lawsuits all over the world. Coordinate with governments abroad and just do a year of scorched earth prosecutions of these folks, and promise to follow up with regular "waves" of prosecution, but not say when. In the intervening time, companies would be free to prosecute or not prosecute (or sue) who they like, but they would agree at regular intervals to time their lawsuits to make a massive public statement that they and their customers are sick of putting up with this crap.

This would probably go further as a deterrent since clearly laws and civil suits as they are undertaken now, have not had much effect.

Countries can bring economic pressure to bear on other countries which, mainly through lack of resources I imagine, do not prioritize investigating and prosecuting computer crimes.

Imagine if you rattled the cages of these degenerates in a way that produced not only actual prosecutions, but revenue to follow up with more waves at unannounced rituals? That might have a deterrent effect.

Of course, the question of whether you like the idea of governments exercising their power this way, is certainly valid.

I do not like government. I wish we did not need it at all. I am not so convinced however that since we have it, that the government should do nothing whatsoever when it comes to these kinds of crimes. These crimes have considerable consequences for many, not the least of which is the erosion of confidence in the internet in general as a valid medium of economic, intellectual, and cultural exchange.

Try as I might, I cannot think of a reason why vandals

bill may be unconstitutional

[arbitraryaardvark]

Since the software has no way of knowing what state it's being installed in, this is like if your town council tried to regulate, or ban, the internet.
Earlier this week the Supreme Court held that regulations interfering with out of state wine sales violated the constitution's dormant commerce clause. There have been half a dozen cases, e.g. ALA v Pataki, that say states can't regulate online smut, on commerce grounds.
A person charged under this bill could sue the county/city where he was charged, for violating his civil rights to commerce.
So the bill may just be a bluff.
Has anybody who is literate as to both spyware and legislation evaluated this to see if it hits the target? Does it ban spyware, and just spyware, or are there legitimate apps that would into trouble with this?

Re:bill may be unconstitutional

[digitalunity]

Since the software has no way of knowing what state it's being installed in, this is like if your town council tried to regulate, or ban, the internet.

Not true. It is possible for software to determine it's own locality if it is connected to the internet, which is how most spyware gets installed in the first place. Although it is not 100% accurate, it is close enough that they could say they made every effort.

A person charged under this bill could sue the county/city where he was charged, for violating his civil rights to commerce. So the bill may just be a bluff.

I don't know where you got that but that is just plain wrong. The bill does not contain any language excluding or preferring any State's software over another. This bill does not care where the software came from, but it does apply to computers in this state. In general, you cannot sue one locality for the laws in another locality, you must sue the locality you are claiming has done you harm. It is called 'jurisdiction'. For them to even come close, they would have to sue the state of Washington itself and claim the burden this places on their business is greater than the burden it places on a company in this state. BTW, that is highly unlikely to happen.

And, to your last question: Yes, there is some broad language in it that might cause problems for shady companies selling legitimate software with adverse/unintended side effects. I think overall, this new law really comes closer to anything I expected to come out my home state.

Re:bill may be unconstitutional

[arbitraryaardvark]

Since the software has no way of knowing what state it's being installed in, this is like if your town council tried to regulate, or ban, the internet.
Not true. It is possible for software to determine it's own locality if it is connected to the internet, which is how most spyware gets installed in the first place. Although it is not 100% accurate, it is close enough that they could say they made every effort.
So you are saying it would be easy for software companies to rewrite the software so it does a check to see if the machine is in washington before installing?
If that is true, and it may or may not be, it would limit the burden on interstate commerce somewhat.

A person charged under this bill could sue the county/city where he was charged, for violating his civil rights to commerce. So the bill may just be a bluff.
I don't know where you got that but that is just plain wrong. The bill does not contain any language excluding or preferring any State's software over another. This bill does not care where the software came from, but it does apply to computers in this state. In general, you cannot sue one locality for the laws in another locality, you must sue the locality you are claiming has done you harm. It is called 'jurisdiction'.

You are talking about something I didn't say. Perhaps I wasn't clear.

For them to even come close, they would have to sue the state of Washington itself and claim the burden this places on their business is greater than the burden it places on a company in this state. BTW, that is highly unlikely to happen.

Well, you can't sue Washington state in federal court, because of the 11th amendment, and Washington isn't a "person" who can be sued under 42 usc 1983, the civil rights act i was referring to, but a town or county would be. Let's call it Redmondville, and the software realityplayer.
Realityplayer comes out of a company in New Hampster, and is mainly directed at people in Old Jersey, since it is a utility for tracking Old Jersey high school lacrosse games, but there could be some users in Redmondville.
The company now either has to rewrite the software to screen out Washington users, or to comply with the statute.
Meanwhile, Redmondvile has passed an ordinance saying you can't post pictures of puppies on the internet, unless they are over 18 and have proof of consent on file at city hall.
Both the statute and the ordinance unduly burden commerce in New Hampster and Old Jersey, and a person threatened with prosecution could file suit for damages to their right to commerce.
ALA v Pataki, Cyberspace v. Engler, ACLU v Johnson, and so forth, establish that states and cities don't have jurisdiction to regulate the internet. There are probably some cases going the other way.

valuable legal principle - accountability

[heretic108]

From this Bill it seems that an important legal principle is being established - when code written by Alice runs on Bob's computer, then Alice has the same accountability for her (code's) actions that she would have if she were physically allowed into Bob's home or office.

If Alice was an interior decorator who, on gaining access to a client's home, did stuff like:

• Changed all the speed-dial numbers on the telephone
• Installed listening/recording devices in all the rooms
• Modified the TV/video so it overlays ads of her choice over the top of programs (in addition to the regular ads screened by the station)
• Duplicated door keys and alarm codes and sold these to others
• etc

then Alice would be doing hard time at Club Fed or Her Majesty's.

So why should it be any different with software?

When someone runs your software on their computer, they have admitted you into their sovereign private space, and you have a responsibility to behave in a manner respecting this. Well done, Washington. I note also that the Australian Democrats party has introduced similar legislation, which God-willing will also pass.

I wonder if I can sue M$ now.

[unixpro]

I have a Win2K system that I've installed a SW firewall on. Since I don't do any off-line browsing, I took disabled running mobsync.exe at startup. I would like to disable it all the time. Every time the computer restarts, my firewall pops up and tells me that Windoze is trying to stick mobsync.exe back in the autorun list.

Think I can get 100K from M$ for that? They're re-enabling SW that I intentionally disabled.

Re:Realplayer now illegal? hopefully

[ortholattice]

The problem is you don't know what's really needed. I needed to scan some photos using my gf's scanner temporarily with my laptop and spent an hour trying to get the minimal install. Finally I gave up and installed the whole bloated CD full of garbage because only its crappy "Photostudio" would recognize its TWAIN. What's worse is that there were a bunch new programs added. Heck, I don't even recognize half the stuff in my Add or Remove Programs any more.

Obvious fraud

[zogger]

Obvious vote rigging fraud by both the Ds and Rs there. Just like in so many other instances. So the courts should order the only ethically valid option, throw out both the d and r candidates and hand the election to whomever came in *third*.

Re:Realplayer now illegal? hopefully

[vsprintf]

Does this mean that all software that leaves information in the Windows Registry when it uninstalls (so it can check and see if it's been installed before the next time you install it) is now illegal? How about programs that update a DLL and then don't revert your system to the previous version when they uninstall? Is MS Office now illegal spyware (it also tracks you without telling you in hidden parts of its Word documents)?

So ordered. So ordered. So ordered. Take 'em outside and hang 'em. Hang 'em high.

The Hon. Judge Roy Bean

Phishing as Fraud vs. Attempted Fraud

[billstewart]

When the phisher sends you email saying "Get a Great Credit Card / Mortgate Today - Send me all your information!" it's not fraud unless you actually give them your info and they use it to rip off you (or some bank, etc.) It is spam, and you'd like it to go away. And it's easier to prove that somebody broke a phishing law than to get your money back.

"This is EBay/PayPal/SomeRealBank/eGold/etc. - Give me all your info", that's lightweight no-money-stolen fraud, unless you give them your info and they use it, in which case it's bigger fraud. The smaller fraud isn't typically worth the effort of the police to track down. EBay/SomeRealBank/EGold could go after them for trademark infringement or something, but you've probably noticed that eBay/PayPal and most banks haven't even bothered to use SPF on their domain names to make it easy for your mail server to discard mail, so that tells you how much *they* care. (SPF's not perfect, but it's a start.) If they steal small amounts of money from you, depending on your state's thresholds, it's still petty enough that the police are not likely to bother with it, and they'll probably find that it's interstate commerce, so it's the Feds' problem to deal with it, and it's almost certainly too small for them to bother with either.

Adding Phishing as a separate crime raises the potential penalties enough that the state police might find it worthwhile to go after a phisher just for sending out the email, if there's a $100K fine or a $100/message fine times a million messages or whatever. In reality, of course, it's almost certainly an interstate crime or an international crime, but at least Washington State gets to spank Washington-based phishers even if they can't extradict someone from Florida or Russia, and they're more likely to be able to extradict them if there's a felony with a $100m potential fine than if there's a misdemeanor with 30 days in jail.

And like it or not, police do prioritize crime-fighting effort based on dead bodies and violence, big amounts of money, political-correctness crimes like drugs, or things that bring revenue to their departments (like traffic tickets). That's not all bad - unless the legislature tells them something is a real priority by attaching lots of money to it, they're going to ignore that spam you're receiving and spend their time worrying about any recent murders and rapes, responding to complaints about street-fights and maybe domestic violence, give out $200 tickets to people with burned-out taillights, and *maybe* deal with stolen cars and laptops, though the probability of success of those two is low enough it doesn't get much effort unless they're busting a suspected fence anyway. If you lost $1000 to a phisher, and you're a grandmother, they'll feel sorry for you, and if you're a yuppie they'll laugh at you after you leave the room. If you're a *bank*, and 500 of your customers have lost $1000, then that's enough that they'll be interested, and anti-phishing laws make it easier to get evidence to catch the successful phishers and stomp on some of the riff-raff along the way.

Re:How will they enforce these laws?

[penix1]

"All one really has to do is purchase a server in another state (or if it becomes national another country) and they are free to do as they wish. Pesonally, I am very much in support of this law and spam laws, but whenever I read about them I just roll my eyes b.c there is no possible way that the internet can be fully policed."

Most of the things this makes "illegal" are already federal offenses. Phishing for example breaks about a dozen federal laws. Bank fraud, trademark violation, wire fraud, etc... Has that stopped the phishers? Last time I checked, I still get them.

As pointed out in other threads, MS itself is guilty according to this law. Programs like their media player, Instant Messenger, even their web browser violates this law. It will be funny to see how they handle that case.

The only thing this law allows (besides political PR) is for a citizen of Washington State to ride on the tailcoat of anyone the feds bust.

B.

Whiners

[Wile_E_Peyote]

Nothing but whiners.

Don't like it?
Don't think its tough enough?
Think it's too tough?
Not enforcable?

Get involved in politics and change something. Jeezuz, we get like 40%-50% of the US voting. Everyone has a gripe, but nobody wants to do anything about it. The US should have mandatory voting, like the Australians. Then at least we would know what the country actually wants.

I'm so upset...
Better go play half-life...
Sorry for the rant...

enforcement by the public

[Infonaut]

"With Austin's voter-approved smoking ban coming into effect soon, people are asking how it will be enforced."

I'm not sure that you can really compare smoking bans to spyware bans, because smoking takes place in public, and social sanction is much easier to apply. Here in Northern California, if you were to attempt to light up a cigarette in a restaurant, you'd get enough nasty stares and comments that you'd likely get the hint and snub out the cigarette. Failing that, the proprietor would get involved.

Spyware is created by the same people who create spam and engage in phishing ploys. They hide out of public view, because they know that if their identities were known, it would be very difficult for them to have any sort of regular social life. That's why spammers protest so strenuously when their personal information is widely distributed by vigilantes.

I'd like to see more solutions that take advantage of social sanctioning, by shining really bright lights on the people who are behind this sort of repugnant behavior. I agree with your assessment that if Microsoft (or some other powerful entity) gets to decide who gets punished, we could be in for problems of another sort.

Re:enforcement by the public

[Chris+Burke]

You're right, enforcing a smoking ban isn't as thorny an issue as enforcing this law will be. Mostly the line from the news just amused me.

Did not know it was available.

[KarmaBlackballed]

I did not realize the CIA was making software. Did they advertise it? I would like to buy some before my state outlaws it too.

Good

[certel]

I'm glad they've outlawed spam. Maybe some other governers will follow. My spam fighting governer is bigger than your spam fighting governer!

Re:How will they enforce these laws?

[i.r.id10t]

Gee, sorta a lot like the gun control laws that were being passed daily from the mid 80s on...

Re:Realplayer now illegal? hopefully

[vsprintf]

Most driver cd/downloads have their drivers tucked in a directory some where. Especially true with driver updates you download from the manufacture's website. So yeah, you installed all that crap, you live with it. When i install an epson or an HP i just point add printer wizard at the driver dir. I have found very few peripherals to not have some kind of "manual install".

And just why should "drivers" install the annoyware in the first place? You attach a new peripheral in Windows, and it asks you for a driver, which the manufacturer has conveniently supplied. You insert the disc, click yes, and it's all over. Nobody asks you for permission to install all the crapware. On one hand, we have the Windows users saying Linux is too hard to install/update and Windows just works, while on the other hand saying Windows users have to be more savvy than Linux users to avoid the hidden junk. Geez, pick a story and stick with it.

That does it.

[Zillatron]

I will now change my registration information information for the things that won't operate without registration to:

• DOB: 1901-01-01
• Gender: F
• Income: Under $X,XXX
• Children: 0.3
• e-mail: not@today.con
• Address: 123 Main, Anywheresville, WA 99999

I'm just not worth your time to try marketing to me. Even on legit registration they get my area code followed by 555-1212. I'm listed. Look me up.

fragile wording = fragile protection

[NetSettler]

The summary of this bill here at Slashdot seems to suggest it outlaws keystroke logging, but in fact it's a bit more specific and talks about transmitting, etc. Still, one thing that disturbs me is fragile wording like:

(a) Through the use of a keystroke-logging function that records all keystrokes made by an owner or operator and transfers that information from the computer to another person;

It looks to me like if you just skip recording characters every now and then, you're safe on that point. Or if you transferred the data first to another computer and then maybe a person or program or corporation or someone's dog picked up the data instead of having it transferred to them.

It probably needs at least some wording like "substantially all" instead of "all", and "entity" instead of "person".

I doubt this is the only problem with the legislation, it was just the first thing I saw when I spot-checked that one sentence.

Re:Realplayer now illegal? hopefully

[plover]

-5, wrong. But thank you for playing Slashdot.

HP has been the poster child for how to install crap the wrong way in Windows.

Set the wayback machine for the late 1990s. I bought a fast, expensive HP inkjet. When I got my brand new printer home and tried to "install" it, the "installer" wanted me to run their stuff. Having had prior experience with HP crapware, I said "no thanks, I'll install it myself." So I clicked up the add hardware lizard, and said "I'll for search myself, and I have a disk, thank you." When I selected the correct HP driver, only a dialog box appeared, informing me "ERROR: You must run SETUP.EXE from this disk in order to install the printer driver."

Yes, I'm sure I could have un-cabbed whatever real driver files there were, made dozens of appropriately arcane registry entries by hand, and had a mostly unstable printer driver at the end of a very long day. Instead, I opted to run their SETUP.EXE.

I failed to recognize my real mistake was in not bringing the piece of sh!t printer back to the store on the spot.

So, I lived with the pop-up printer boxes that interfered with Print Managers inherent ability to deal with an out-of-paper situation all by itself. I learned to cancel the toolbox, load the paper, don't cancel the print job, and basically twirl myself around. (That's what it's all about.)

Well, fast forward to two years ago. Stupid me, I plunked down more money for a portable HP photo printer. Ye gods, I'm still plucking crap out of the registry today for that stupid decision. So, I vowed to never purchase HP again.

Having had generally good experiences with IBM printers at work, about a year ago I switched to a Lexmark all-in-one.

Yes, the quicker of you have already begun typing "you dumb *&^%$" into the reply box.

This pop-up nuisance makes my HP experience seem almost divine. By default it's got to use a digitized voice to talk to me about every print job (better have the speakers turned down for those 2:00 AM print tasks.) It clutters up the toolbars, and the task manager. Right now, I can count at least four running tasks that exist so I can do what, ask it for a piece of black and white paper? What heinous fiend sold Lexmark (and by extension me) this crapware? And what prison can I not visit him in?

Re:Realplayer now illegal? hopefully

[quarkscat]

WTF!

I'm still trying to figure out how to completely remove IE, other than re-formating the disk and installing an alternative OS.

MS Anti-Spyware

[kg4gyt]

Does this mean that Microsoft will get some sort of bounty when they seek out new pieces of Spyware to install on their own machines when developing their Anti-Spyware software? They are based in Washington...makes you wonder. ( Shows why they testfied for the bill. huh? )

Re:MS Anti-Spyware

[Fropper]

Yeah Maria Cantwell, who was formally a very big part of Real, CEO, owner something.. is now one of the state's senators.

Re:MSN Messenger

[TFGeditor]

There is a way to fix that http://www.theregister.co.uk/2002/04/02/windows_me ssenger_trojan_update/

This Is A Fair Law

[iSearch]

This law seems fair in that it protects consumers from applications that seek to steal their personal information, alter their system settings, change their home pages, etc..etc...

What do you want? A law that says advertising and commerce is illegal unless you are google?

If you don't want advertisements then pay for your software or use open source and compile it yourself.

What constitutes spyware?

[craXORjack]

I wonder if an OS containing an NSA backdoor would count?

Re:The Search For Credible Evidence Continues.

[cHiphead]

Actually its just a matter of someone putting the cash to their lawyer once this becomes law to hit MS, et al, hard.

this law does not apply to spyware, amusingly....

[hansreiser]

If a program just scans for itself, and for computer security purposes securely ensures that it has not been tampered with, then according to this section the law does not apply to it....

Sec. 5 Section 3 or 4 of this act does not apply to any monitoring of, or interaction with, a subscriber's internet or other network connection or service, or a computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service for network or computer security purposes, diagnostics, technical support, maintenance, repair, authorized updates of software or system firmware, authorized remote system management, or detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software, including scanning for and removing software under this chapter.

note the words about "computer security purposes", and "software provider"

This is absolutely mindless

[TractorBarry]

This is moronic !

So we have a flawed operating system that doesn't give the user (when in Administrator mode) the required tools to remove software from their o/s. It also makes it trivially easy for malicious third parties to install software on the o/s.

And the answer is to pass legislation to try to prevent said operating system being exploited ?

This is completely Mindless. It's like letting a colony of wasps build a nest in your bedroom then treating each individual sting without ever looking at the nest.

Mindless I say... What they should have done is pass a law telling MS to fix their fucking rotten o/s. That MIGHT have done some good.

STARFORCE

Refuse to buy any software that uses this malware-like protection. Unfortunately, that means the onus is on you to research each game you buy to find out what uses what.

Uninstallers

[WNight]

I've never understood why apps are relied on to uninstall themselves. Seems like a silly move considering that even legitimate apps crap out - can't rely on a broken product to remove itself cleanly. The OS needs to handle this. Make a system snapshot before and after, diff the two. Reverse that to uninstall.

Personally, I think we should use something like tarfs (Mount a tarball as a filesystem overlay) and every application should think it's installed on a completely fresh computer, by itself. When you want to remove the app you simply remove the overlay - it and all of its changes just vanish.

Gets harder when you implement a binary registry and make it so easy for apps to go crazy writing anything to anywhere.

Re:Realplayer now illegal? hopefully

[fbjon]

Where can I find a comprehensive dictionary for the services in 2k/XP? Some of the names (and decriptions) are so generic, they could just as well be interfacing code for nuclear silos.

Re:Realplayer now illegal? hopefully

[fbjon]

Try nLite.

No relief for oe, ie and wmp?

[sl4shd0rk]

"Computer software" means a sequence of instructions written in any programming language that is executed on a computer. "Computer software" does not include computer software that is a web page, or are data components of web pages that are not executable independently of the web page.

----

Seems to me they are classing the "spyware" or "Computer Software" independantly of anything you can catch online - with outlook, ie or media player. wtf?

Outlawing spyware

[RicardoStaudt]

Hm... Did they ever considered outlawing badly designed operational systems that allow spywares to operate?

What about Federal Government's Own Spyware?

[j0ebaker]

I'd heard years ago that the Federal Government (US) had it's own spy program. The big todo back then is that Norton Antivirus agreed to not detect it as a virus.

CAN-SPAN enabled spam

[phorm]

How much of that spam actually conforms to the rules of CAN-SPAM though?

Re:CAN-SPAN enabled spam

[Rick+the+Red]

None of it, but that doesn't matter. Under CAN-SPAM, as a regular citizen I'm not allowed to do anything to stop this spam. Only my ISP can complain about it; the US Government simply does not care if your or I are flooded with spam, they only care if Microsoft or Comcast or AOL are hurt by it.

Oddly enough, they're not. For them, spam is a cost of doing business. As email volume rises, add more servers. Who cares if the reason for that volume is spam? Volume is volume. As costs rise, you raise prices -- retaining your profit margin, of course. Say it costs you $25/month to provide Internet connectivity and you charge $50, then if spam raises your costs to $30/month you get to raise your rates to $60. Thanks to spam, your profit just went from $25/month/customer to $30/month/customer. With a racket like this, the ISPs are going to complain about spam? Hell, I'll bet they finance it. Is it any coincidence that the number one enabler of spam -- Microsoft's endless security flaws -- is provided by a company that aims to be the #1 ISP? I think not. (not that I'm claiming they're this clever; I'm claiming they take advantage of anything, including their own mistakes) MSFT is only now giving lip service to spam because they're getting angry customer feedback (and when I say "customer" I of course mean Dell and HP, not you or me). Billg claims Longhorn will eliminate spam and spywear and trojans and zombie spambots and all the rest. Just like he claimed XP made the BSoD a thing of the past.

Re:Realplayer now illegal? hopefully

[william.gunn]

Try http://annoyances.org/ or http://www.pacs-portal.co.uk/startup_index.htm. I was going to send you to Blackviper.com, but his site appears to be down.

Re:Realplayer now illegal? hopefully

[Jtheletter]

RP is a complete pig to remove.

If like me you find from time to time you still need to view .rm files but don't want RP secretly reinstalling its memory hoard of crap I suggest using WinPatrol. It runs in the background and monitors changes to your startup scripts and registry, plus it lets you view and edit all those entries in a nice GUI. Any time something attempts to make a change WinPatrol stops the offending program and pops up a window with an explanation, files involved, and options to allow or deny the activity. Damn useful for keeping all sorts of malware at bay in case any slips through. What's really disturbing is seeing how sneaky and how often RP attempts to get itself installed - it will retry setting the install script up to 5 times in 3 minute intervals after the player is closed. Anyway, it's been a great tool for protecting my PC, just thought I'd share.

Re:Realplayer now illegal? hopefully

[fbjon]

Fantastic, just what I need. Blackviper.com is well and alive in the Webarchive.

Now all they need to do . . .

[npsimons]

. . . is outlaw spitting in your friend's mouth. Then it will never happen again! Oh, wait, I forgot: some people are stupid enough to agree to let you spit in their mouth; same thing goes with spyware (and it's about as distasteful).

Well, I suppose we can't blame them for trying. But there are already too many laws, including ones that would take care of spyware handily if only they were enforced.

Re:The Search For Credible Evidence Continues.

[c0d3h4x0r]

See this page and be sure to read it in its entirety. It answers all your questions. Especially read point #6 regarding the deceiving of users.