House Passes Spyware Bills

← Back to Stories (view on slashdot.org)

Posted by samzenpus on Monday May 23, 2005 @09:49PM from the listen-to-the-law dept.

stinerman writes "Today the house passed two bills aimed at stopping spyware / adware and unauthorized use of computers. H.R. 29 makes it 'unlawful for any person who is not the owner or authorized user of a protected computer to engage in deceptive acts or practices'. H.R. 744 (I-SPY Act) prohibits accessing a protected system via code copied on to the system to, among other things, disseminate personal information. Both bills sailed through the house and are expected to be passed by the Senate."

22 of 226 comments (clear)

Min score:

Reason:

Sort:

The term 'spyware' has fuzzy definition by guyfromindia · 2005-05-23 21:55 · Score: 4, Insightful

http://www.eweek.com/article2/0,1759,1788844,00.as p According to this article, leading anti-spyware vendors are working with the nonprofit Center for Democracy and Technology to develop guidelines for defining spyware.
When the very definition of spyware is hanging in balance, I dont see how they can strictly enforce the law.
My 2c.
1. Re:The term 'spyware' has fuzzy definition by a_n_d_e_r_s · 2005-05-23 22:04 · Score: 2, Insightful
  
  A spyware maker's defense:
  
  "Thats not spyware! Since they have visited my website they are my customers and thus I therefore have their expressed permissions to install software on their computers to be able to send targeted promotions to them. "
  
  --
  Just saying it like it are.
What's the catch? by __aaclcg7560 · 2005-05-23 22:00 · Score: 3, Insightful

I wouldn't be surprised that if you allowed one piece of spyware to be installed, it would be automatically assumed that you want more spyware installed. It's like getting married to one person and finding out that all the in-laws are moving into your new place with you.
Re:Spyware with permission? by NickFortune · 2005-05-23 22:02 · Score: 4, Insightful

I suppose it's going to come down to what the courts deem as authorisation and deception. Disclaimer: IANAL, I have not yet RTFL.
I'd expect not for things like Gator, since that would be "authorised" access to your computer, with you authorising it. Spyware that comes bundled with other code could sneak past by havting the authorisation burined in the bundling software licence agreement.

On the bright side, it should make the covert installation of spy/malware from a web page illegal. Or maybe more illegal. Of course, those who argue that web page access entails an implicit social contract are likely to feel they have been granted all the authority they need.

I'd guess it needs to be tested in the courts before we can tell wether this is going to be a CAN-SPY bill or not.

--
Don't let THEM immanentize the Eschaton!
First Steps... by kf6auf · 2005-05-23 22:10 · Score: 3, Insightful

The problem with first steps (whether it be Congress's legislation or international treaties) is that because it's a first step and getting agreement it hard enough they can't accomplish very much and, yet, after the first step has been taken no one feels the need to take another step. My guess is that this legislation is too weak to accomplish anything and nothing will really be done until it becomes a big enough problem that the politicians can't say that they worked on it and are waiting for it to take effect or some BS like that.

Now if they had only made it part of the DMCA, then we would get some quality legal action going by the **AA and we might actually solve the problem.
Protected computers? by Lihtan · 2005-05-23 22:16 · Score: 2, Insightful

I have a feeling that the thousands of ignorant users that don't run a firewall or even bother with security updates aren't going to be considered "protected computers". *Sigh*

--
Divide by zero hurts my brain.
But... by CountBrass · 2005-05-23 22:20 · Score: 3, Insightful

Is this really something that government should be legislating at all?

It let's both ignorant users (whom I can forgive) but also Microsoft (whom I can't) off the hook. Rather than having to secure their systems/fix fundamental security flaws in their OS and applications they can just hide behind this new law: "It's not our fault we didn't do anything wrong, they broke the law!"

--
Bad analogies are like waxing a monkey with a rainbow.
1. Re:But... by Dr.Opveter · 2005-05-23 22:39 · Score: 1, Insightful
  
  The law in my country says people are not supposed to break into my house but that doesn't mean i don't lock the door..
  
  --
  Sample this!
2. Re:But... by smchris · 2005-05-23 22:57 · Score: 1, Insightful
  
  Sounds like you're still in that Reagan era mentality that anything government does is evil (Real ID) and everything business does is good (Spyware). Which Right in the Bill protects spyware? You think it is freedom of speech?
  
  Both Real ID and spyware are invasions of the target's liberty and security.
3. Re:But... by Winkhorst · 2005-05-23 23:55 · Score: 3, Insightful
  
  Under this theory of free speech, I have the right to stand over your bed at midnight and give you my opinion on current affairs. I also have a right to privacy, and that includes a bunch of hax0rs breaking into my computer and turning it into a zombie or some moron corporation trying to sell me exactly what I just bought from them. No, free speech does not include the right to be heard.
  
  --
  "Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
4. Re:But... by Anonymous Coward · 2005-05-24 00:18 · Score: 1, Insightful
  
  "Trust in Allah, but tie up your camel."
5. Re:But... by advocate_one · 2005-05-24 00:20 · Score: 2, Insightful
  
  almost right... Think of the thieves as the spyware makers, Microsoft as the builders of your house, and you as the occupant...
  
  Now my insurance policy requires me to have secure locks on the doors and windows from a list of approved types, the builders of my house actually installed good locks and latches which actually were on the list... now it's up to me to actually use the locks and latches... if I do and thieves still break in, then I'm covered by my insurance, if I failed to secure a door or window and they break in, then my insurers laugh in my face...
  
  My builders, however, are not actually responsible for fitting decent locks to the doors and windows, they could just fit some really cheap and nasty ones that just about do the job, but it makes good business sense for them to do so as it is a selling point...
  
  Microsoft currently, acording to the analogy, install the barest minimum in the way of locks, or else set stupid policies like users are admin by default and the default admin password is blank... It's up to me to make my system secure as ultimately, it's my data at risk... however, it would make good business sense for Microsoft to get their act together and start installing decent security and policies by default... just some clueless users are going to get all uppity about having to remember passwords and change to admin mode to install software...
  
  Now I'm a bit confused as to why Congress have stepped in and outlawed spyware, but then, they probably are performing the same function as the lawmakers who've outlawed thievery and set penalties for it...
  
  --
  Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Mod parent up! by Joseph_Daniel_Zukige · 2005-05-23 22:57 · Score: 2, Insightful

The less government tries to do for us, the more we do for ourselves, the more free (not as in beer) we are.
Re:what about m$ by Timesprout · 2005-05-23 23:00 · Score: 2, Insightful

MS dont collect personally identifable information. If this is a concern for you then you should be a lot more worried about google.

--
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Great except for one little detail by syntap · 2005-05-23 23:12 · Score: 2, Insightful

unlawful for any person who is not the owner or authorized user of a protected computer to engage in deceptive acts or practices

I guess this means my deceptive aliases on slashdot and every other potential spammer Web site can now land me in jail, assuming slashdot is a "protected system". I guess I'm an "authorized user" of /. but the definition of an "authorized user" will be interesting.
Re:Unintended consquences by mankey+wanker · 2005-05-23 23:37 · Score: 2, Insightful

I think you raise an interesting point. The hope is that legislation is written correctly the first time. In reality, and very much like code, laws require ongoing tweaking and maintenance. At least the heart of this law is in the right place. The implementation is probably all wrong and subject to being rewritten later on.
Re:Unenforceable and pointless by Secret+Agent+X23 · 2005-05-24 00:20 · Score: 2, Insightful

I'm pretty sure the word "protected," in this context, refers to computers that are covered by the legal protection defined in the bill. It has no technical significance at all.
Also prohibits sueing spyware users? by mnemotronic · 2005-05-24 00:45 · Score: 3, Insightful

Prohibits any person from bringing a civil action under State law premised upon the defendant's violating this Act.
If I read that correctly, I can't sue someone who installs spyware on my pc or tries to phish me. But I don't understand the "under State law" clause, so maybe I could still sue under federal law? Does this limit my recourse to breaking the guy's kneecaps?

--
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Why Bother? by sqlrob · 2005-05-24 00:52 · Score: 4, Insightful

There's already laws against unauthorized computer access, just enforce them.

Yet another unenforced law doesn't do any good.
File under stupid laws. by g0bshiTe · 2005-05-24 00:53 · Score: 2, Insightful

Ok this is yet another example of wasted tax dollars deliberating something that is obviously never going to be enforced.

"Wahoo, the Senate made it illegal for Spyware companies to install it on my system, wait a tick. If I install a trojan on someones system why is that a stiffer penalty than spyware? Both are installed without the users consent to track movements, wreak havok, both could be used for malicious purposes."

I can see this already, spyware will still be produced en masse, the people who deploy it will simply move somewhere not governed by US law. New law circumvented, tax money wasted, spyware still rampant.

--
I am Bennett Haselton! I am Bennett Haselton!
Re:Spyware with permission? by dkleinsc · 2005-05-24 01:29 · Score: 2, Insightful

IANAL, I have not yet RTFL.

Don't worry, neither has most of Congress. ;)

--
I am officially gone from /. Long live http://www.soylentnews.com/
What is really needed is more general privacy by jonwil · 2005-05-24 01:36 · Score: 4, Insightful

Ignoring the fact that the spyware makers could just go offshore and avoid this, what is really needed is a new bill giving americans more privacy for personal details across the board. (not just for spyware)

For example, if collects personal details they should be required to tell you that they have those details.
And allow you to change those details if they are wrong.
And if they give those details to another company (e.g. credit agency, firm that is going to use the details to send you marketing crap etc etc) they should be required to tell you about that too.

Spyware companies would be required to notify you in advance what personal details their software collects (if any) and what is done with those details.

The problem with this proposal is that it would cost the big corporations money to implement. But more to the point it would prevent the corps from hiding what is going on (for example, I occasionally get letters from American Express asking if I want an American Express card even though I have never had any dealings with American Express in my life which means that some other company I deal with such as my bank must have given American Express my postal address and stuff)

Really, the 5 biggest problems with spyware are:
1.Spyware takes various levels of personal details and sends it to some company (with you not knowing what those details are or what is being done with them)
2.Spyware installs without it being clear that it is installing
3.Spyware messes with system files and settings
4.Spyware takes up memory/system resources (and often internet bandwidth to download ads etc)
and 5.Spyware is almost always impossible to remove without tools like ad-aware, MS anti-spyware or Spybot.