Slashdot Mirror
House Passes Spyware Bills
stinerman writes "Today the house passed two bills aimed at stopping spyware / adware and unauthorized use of computers. H.R. 29 makes it 'unlawful for any person who is not the owner or authorized user of a protected computer to engage in deceptive acts or practices'. H.R. 744 (I-SPY Act) prohibits accessing a protected system via code copied on to the system to, among other things, disseminate personal information. Both bills sailed through the house and are expected to be passed by the Senate."
" H.R. 29 makes it 'unlawful for any person who is not the owner or authorized user of a protected computer to engage in deceptive acts or practices' && H.R. 744 (I-SPY Act) prohibits accessing a protected system via code copied on to the system to, among other things, disseminate personal information."
,But if it falls under these classifcations (read the bill for more clarity) then its illegal(well will be when the bill passes)
I think that pretty much covers what is defined under the bill , These companys can try to rename it all they want
The only things certain in war are Propaganda and Death. You can never be sure which is which though
US Code Title 18 Section 1030e: (2) the term "protected computer" means a computer-- (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or (B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; This doesn't protect anybody but the government... Back to the drawing board I guess.
My mother is not an ignorant user. She is legally blind. I am sick and tired of cleaning this insidious shit off her computer every 2 week. Yes there is firewall, yes I run spy wear cleaners, yes I have anti-virus installed...
She can't see these things that pop up in small corners at times. Or can't be arsed to read them considering how long it would take her away from something thats already going to take her a while to get done.
MS on the other hand should be ashamed of itself. Crap ass browser letting this crap in. Not only that, THERE IS NO WAY TO DELETE these browser plugins, you can only disable them. WTF is that??
MS has been complicit in this mess. I hope this puts some pressure on them to close the holes. (And not offer a new OS as the patch)
Obviously you have never heard of hijackthis. It should not be used by someone who has no idea what they are doing, but it *does* remove BHO's quite nicely.
Along with Ad-Aware, it is quite effective.
---
Read my Journal
bork bork bork!
Takea specifically mentioned the 10th amendment. That is, the part of the Constitution that says that every business not specifically mentioned in the Constitution is up to the States or locals to figure out, and the Feds have no business sticking their schnoz in it. Trespassing isn't something you go to the Feds for, nor is simple theft, etc, etc.
Now my two bits: I see spyware as an act of trespass. My computer is my private property, as much as my house. My computer and my house are both extensions of my person: I've spent an irreplacable portion of my life laboring to acquire them, and investing in them. If you're in my house without my knowledge or permission, you're trespassing. Even if all you do is look around, or harmlessly rearrange the furniture, you're violating my property rights. Ditto for my computer. It doesn't matter how benevolent or malicious you are, if I haven't invited you in, you're trespassing.
The problem as I see it is this: We've got a lot of groups out there, from script kiddies to impersonal mega-corporations, who don't get the idea of respecting the private property rights of individuals. Only government has the power to keep them in check, and even the government doesn't respect our individual ownership rights (eminent domain abuse, drug war laws enabling confiscation without warrant, etc). The past few generations have been learning a whats-yours-is-mine attitude. That's the problem.
Good judgment comes from experience.
Experience comes from bad judgment.
First let me say IANAL. I've been around them my whole life but that doesn't mean I am one. I have been told by some that I think like them though.
I don't think this quite protects like people seem to think it does.
I interpret Section 2a2D of the SPY Act to say it's okay to change security settings without the knowledge of the protected parties as long as you don't seek to do damage. Imagine a defensive claim that a change to weaken security settings is to make the computer easier to use and less confusing. Prove they had a different motive. That could be tough. No question that changing a settings of allowing ActiveX controls to always run makes it easier for a website targeting ActiveX capable browsers to run whatever they want "for the purpose" of serving their users and it's "easier" for their "customers" to use the site because then they don't have to bother with or know about changing browser security settings.
Additionally, has any one read Title 18,1030? This bill references another which goes to Title 18. Title 18,1030 reads:
(e) As used in this section--
(1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
(2) the term "protected computer" means a computer--
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
That *might* protect you buying something on eBay but I read that to mean it doesn't protect you regarding, for example, online banking necessarily. Phishing seems to prohibited in the SPY Act but I think this needs more analysis. I think the Act protects companies like Microsoft and others (Symantec?) that are using DRM and the like. A number of companies (*cough* Real Networks *cough*) get caught not infrequently sending off more information than they claim that they do; they apologize and do it again. So say they "encrypt" it in pig Latin because they aren't supposed to any longer. Now because you've decrypted it (as any American Kindergardener can do), you've now violated God knows how many other acts.
I'm not trying to say the sky is falling. These Acts could be a good start. But anyone who thinks this is the cure is a fool. Don't forget CAN-SPAM legitimized spam while being (mis-?)represented as outlawing it.
So this bill applies to any computer in the United States which communicates with any computer not in the same state (reserving that power for the legislatures of the states). It even covers your computer, as long as your comments here can be broadly interpreted as "communicating". Yeah, I know -- it's a stretch.
It's not "vague" at all. The law amends Title 18 USC, Chapter 47, Section 1030. A "protected computer" refers to the effectivity of the law (your computer is "protected" by law) not by any particular user action.
A computer is "protected" if it is used for interstate or international commerce or communication. If you don't live in Michigan and you post on Slashdot, that's you.