Slashdot Mirror
FTC Threatens Spyware Distributors With Prison
Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees. His solution: imprisonment. "Federal Trade Commissioner William Kovacic said most wrongdoers in the spyware arena 'can only be described as vicious organized criminals. Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn,' so it's important for the FTC to collaborate on its cases with criminal law enforcement authorities, Kovacic said."
So what about the developers that put spyware in Windows XP and I'm assuming Vista also contains spyware. Will they go to prison? Will Microsoft be forced to strip the spyware out of it's operating system?
Free software, free thought, free society.
"kick someones ass on the first day and you'll be ok"
If you mod me down, I will become more powerful than you can imagine....
So how do you throw a corporation in prison again?
All I can say is that it is about damn time. I worked for a summer as a tech support agent and spyware caused us more headaches than anything else; and it results in stress, time lost and possibly even monetary loss for individuals with infected computers. The fact that spyware and malware writers can usually avoid punishment (particularly considering that many spyware and malware applications are used to steal people's identities) is simply ridiculous. Good on the senator, and I hope that spyware and malware writers get what is coming to them.
Anyone who has ever been asked by people to clean up their machine (everyone?) knows that some spyware is absolutely horrid. While most randomly picked up spyware isn't more than a few clicks away from being (almost) gone, some of it is just so bad Windows needs to be formatted and clean installed. The kind of people that think weatherbug and things of that nature are neat. I don't believe many would disagree... Any company can pull money out of their ass to pay a fine, but prison? :)
Spyware provides me with some extra cash on the side. So I don't really mind it so much. People callin me up every so often sayin their computer is running slow and they get all these ads that they don't want. Fix it up, and make some money.
Doctors do Massage in Longview WA now, who knew?
This is a really good idea. Spyware makers are the worst in terms of computer crime.
I remember, not too long ago, when pricks around the world wrote dialers for people with dial-up connections. Dialers, once installed, would route someone's call to their ISP through some insanely far-away place (usually pimples in the pacific) with insanely high long-distance costs. The people who wrote the software would then split the profits made from the long-distance call with the corrupt operator of the far-away places' phone company. The effect was to leave people out-of-pocket by a huge amount (hundreds or thousands of dollars). If the target got the long-distance charge removed by the local phone company, the local phone company would have to eat the charges.
The point of the above is to underline the character of crimes committed: it's pure theft. Modern spyware either seals people's browsing habits or personal information, so it's a little less direct, but it's still a theft.
I think spyware writers are more foul than virus writers: while virus writers do what they do for the technical thrill and bother a lot of people in the process, spyware writers do it just to get money.
Their motives are base, their methods are underhanded, and they should go to jail.
The English word fart is one of the oldest words in the English vocabulary.
Why only threathen? Why not send them directly to prison without passing Go and colleting 200...
One step closer to the death penalty!
Maybe we can eventually even pass an amendment granting an exception to that whole 'cruel and usual' limitation.
So right, I hate spyware, adware, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the malicious code? And will there be a difference of punishment between individuals and corporations who make spyware? If a corp makes it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the corp, not necessarily prison. There cannot be a very fair system of deciding this since its a very grey area with no clear black and white lines. What some people think of as invasion of privacy could be regarded as a useful convenience by another. The best protection you could have is your common sense.
"Never try to tell everything you know. It may take too short a time."
There is someone responsible, there is always someone responsible, unless you live in denial of course!
It's a pretty big stretch to call it spyware considering that it does absolutely nothing unless you turn it on.
How does it sound now when i substitute rape...
So right, I hate rapists, molesters, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the rape? And will there be a difference of punishment between individuals and gangs who rape? If a gang does it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the gang, not necessarily prison. There cannot be a very fair system of deciding this since its a very grey area with no clear black and white lines. What some people think of as invasion of privacy could be regarded as a useful convenience by another. The best protection you could have is your common sense.
Conjugal (like conjugated)
How is that spyware? It sends anonymous statistics on what packages you have installed throught apt, and you have to choose to enable it.
It does exactly what it claims it does, and you really have to go out of your way to enable it (add/remove software>preferences>statistics>enable popularity contest )
Right under the checkbox there's a clear explanation of what it does:
Compare that to Windows update, which 'inspects your system' every time you update, and you have no way to know what exactly it's inspecting, and what it's sending back to MS.
You're probably trolling, and I'm probably wasting my time, but someone modded you up, so I guess at least one person believed you.
That doesn't make it spyware. I assume most distros (desktop-oriented ones, anyway) also install things like Firefox by default, which - suprise! - sends information on my system to websites when I visit them. But that doesn't make Firefox spyware, simply because it only does so when I tell it to; the situation would be quite different, however, if it did so on its own in the background.
Without knowing anything about popcon really, I think it's safe to say that as long as it has to be EXPLICITELY enabled and/or started by the user, it's not spyware.
butter the donkey
Does it do things without the users consent? If it doesn't (and it obviously doesn't since it is disabled) then it is not spyware. The Last.fm music tracking is similar to spyware in function, but users install it willingly and it is therefore not spyware.
By definition, spyware is one that sends 'personally identifiable information' to a target server without the user's explicit consent. It is reliably established that Windows Genuine Advantage and so-called Critical Updates from Microsoft can be classified thus...
Also data from 'crashed programs' etc.
So why is the parent modded troll?
If you keep throwing chairs, one day you'll break windows....
/cough Sony /cough
But if they add porn,online libel and hate speech,and "leverage" their power over the internet its not going to be any good.
Like bills with bonus paragraphs.And you can stop most spyware.
By your logic, you are spyware. Since you know about popularity-contest, you obviously use Debian or Ubuntu. IMFORMATION LEAK! YOU ARE SPYING ON YOURSELF.
Wait. Does that argument make me sound like a complete and utter idiot? Now you know how you sound.
My other car is first.
that the internet is SERIOUS BUSINESS.
Do this! And make it international! :-D
Because our stupendously moronic german gouverment wants to use systems like this to spy on our home computers - in the war against terrrrrrorism, of course. Then we could finally dump these idiots into jail
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
"It sends anonymous statistics on what packages you have installed throught apt"
Anonymous, apart from being associated with your IP address if they happen to keep it in the logs.
You have to admit that if Microsoft had a program preinstalled in Windows (even if it was turned off by default) which regularly reported every single piece of software you installed and the date you last used it.. I can barely imagine the reaction!
I'm not sure windows update sends all that much back either. As I understand it Microsoft sends the list of available updates and your machine then downloads anything it doesn't already have. But I might be wrong..
455fe10422ca29c4933f95052b792ab2
www.stopsign.con
LOL
I am the unwilling control for my Origin.
.. in order for this to work, they need a clear, concise definition of what Spyware is. As somebody else already said, it gets kind of murky when they have end user agreements which trick the user into agreeing to accept the spyware as a stipulation for using the program. Realistically, 3/4 of people don't sit there and read all the fine print in the end user agreement. If I wanted to legally get spyware onto somebody's computer, all I would have to do is make the end user agreement longer than a War and Peace novel, and then put the 'spyware clause' somewhere in the middle. One final note: I don't agree with the prison time part - this seems too kind to me. Why can't we bring back cruel and unusual punishments? If you were to threaten to flog the people responsible for spyware, that would be an even bigger deterrent.
Unless FTC has Long Arm of Putin, good luck BECAUSE only in Soviet Russia (CCCP) is long arm of Putin reality. By meaning, no one safe with Putin after him. FTC is baby police.
We need better fact checking here. Mark Pryor is the junior senator from Arkansas. The FTC official is William Kovacic.
What those who want activist courts fear is rule by the people.
warning: The above content tests positive for sarcasm and/or is a failed attempt at humor and should be taken with a pound of salt.
"Breaking and entering" should be applied in those cases. I could not find a definitive internet resource on the sentencing on that matter, but people should receive at least 3 months in prison
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
My Dell computer calls home regularly. I didn't ask for this and I don't want it. Until my warranty expired I didn't dare remove it.
I have to keep a copy of IE available because Firefox chokes on the tracking cookies MSNBC shoves at me. And still Zonealarm reports spyware being blocked from time to time.
With this level of white collar participation, business will tell its entertainment branch, government, that this is all perfectly legal. The FTC people are great, and more power to them, but nobody is going to go to jail over it.
On the other hand, I get spyware blocking reports from Zonealarm when I use a couple of well known bittorrent sites. Now THEY should be afraid. They don't own any congresscritters.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
It will be a long time before it comes to that. The FTC can't even assess a decent fine for clear violations of existing spyware laws. Think about it, these guys got off with a measly $1.5m fine total after pocketing $6m to $10m for each of the four partners (see Ben Edelman's site for the details). They're laughing all the way to the bank. So forget about the risks of prison. Quite the contrary, start a spyware company and rake in millions.
Xchat (or mIRC for the non-linux people), now there is spyware. It sends *everything* I type to every damn computer in the channel!!!
Lets fire up the patriot act and use our black helicopters to capture these people and ferry them to secret CIA prisons in 2nd world countries. There we can torture them into admitting anything.
You must be new here.
Hail Eris, full of mischief...
E pluribus sanguinem
You realize that popcon only works for packages that have been installed through the APT system?
In windows the equivalent would be to track things installed with the add/remove programs wizard...
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
isn't it true that spyware is exclusively a proprietary software thing. It would be much easier to criminalize propritetary software makers.
I does bring an interesting point, though... how do you define spyware?
If it's on a law, it must be defined, but make the definition too strict and spyware makers will just find loopholes... make it too broad, and you end up affecting legitimate apps like windows update or the ubuntu popularity contest. Also, how do you define willingly update/activate it?. A spyware maker can claim the user willingly installed it by leaving the "install XXX" checkbox on when installing a program, or by clicking "yes" or "I accept" on an internet website.
It sounds easy to say, but when it comes to laws it must be said on a way that it can't possibly be misunderstood or misinterpreted even by a lawyer that has never touched a computer before... that's where it gets complicated.
And let's start with Howard Stringer as a thank-you for the Sony Rootkit.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
From the horse's mouth:
Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This information includes:
I don't believe for a moment that the above information isn't enough to uniquely track you. Between the PnP IDs of all of your hardware and version numbers of all of your software, you're a pretty unique datapoint.
DJ kRYPT's Free MP3s!
Cause some paper pusher just sent me a student housing application with spyware in it, then made a joke about it when i complained and asked for a snail mail application
I'd rather the jail system reserve the cells for violent criminals, like murderers or rapists. Put the spyware distributors under house arrest (with the ankle bracelet) and forbid them from having a computer or any other device that can access the Internet (no cell phone with web access, no game system, etc.) in their house or from working with computers or Internet-capable devices for the duration of the house arrest. The courts can determine what's allowed and what's forbidden. Any violations nets the distributor a significant fine and an extension on their house arrest.
shouldnt we go after the people who use the spyware and not the producers?
i mean we do the same thing for guns right?
(not attempting to troll here, im just wondering if anyone else feel that soon they could just say "no more video games" or "no more buggy software" or etc, i mean is it the governments job to limit producers or punish users? or is there more?)
Won't have any effect whatsoever on overseas operations.
"freedom is withdrawn" ... interesting euphemism...
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Seriously, I spend enough time cleaning out that Winfixer, Vundo, W32.spybot, SpyAxe, and AIM virus infections from college student computers at work. While thats job security for me I'd rather see the people that make this crap hang for all the frustration, down time, and expense these things cause.
~~ Behold the flying cow with a rail gun! ~~
This is the Internet we're talking about, right?
So you get an IP address and this means exactly what? You call up the ISP and ask for information about this but the response is "we destroy all logs". Assuming you can get law enforcement involved or file a civil suit you might be able to get the ISP a subpoena. Of course, you find out they were lying about not having logs and they can indeed tell you what account had that IP address at the given time.
You have your culprit, right? Wrong - the account holder as no responsiblity. You cannot prove it was an individual, just that it was a computer possibly not under the control of the account holder. Dead end.
The story is worse if the attack originates across national borders. You can't sue, and law enforcement doesn't care until the damages are a large fraction of the GDP. And usually damages are to government directly. Dead end.
With spyware and such, so you track down who is the source for your infection and find a company. It better be in the same country or you find the same "Why would we care?" attitude. Even if it is in the same country, again how are you going to jail a company? You find a group of marketing folks that wouldn't know spyware from wash-n-wear. And their Eastern European "technical division" didn't seem to leave any business cards.
I don't see any enforcement being possible at all. Sure, you might catch up with some really arrogant folks that believe they can get away with anything, but this isn't going to stem the tide. You need enforcement that shows 90-100% of the perpetrators get caught and punished, not 2-3% because at the 2-3% level fines are just a cost of doing business. And business is very, very good.
Besides, this is the US we're talking about. Other countries aren't going to be volunteering to extradite people because they know "the US tortures people" and we have the death penalty. Besides, without PayPal scams, Ebay scams and the like the economy of some Eastern European countries would tank. Stupid Americans are funding these operations and nobody is that interested in making it stop. Except maybe the congresscritter representing these stupid Americans.
Are we really ready to begin prosecution of people who spy because they wonder if their spouse is being faithful? Are we ready to dish out jail time for invading somebody's privacy? How do we quantify the harm done by invading somebody's privacy? What about the paparazzi who invade the privacy of movie stars all day long? Oh but they do so in public. What about keyloggers which measure RF frequencies transmitted by keyboards? So keyloggers will be legal as long as you have the time and the resources to set up RF monitoring equipment?
Then there will be exceptions to the rule. What about parents who install Spyware to monitor where there children visit and who their children send messages to? Are we going to make it illegal for parents to monitor their children? The courts have already determined that the FBI has the right to capture the keystrokes we type into our keyboard (http://yro.slashdot.org/article.pl?sid=02/01/04/1 735230) so there is some question as to whether we can really consider what we type on a keyboard 'private'.
Nothing is simple to legislate. Personally I would prefer if the government stayed OUT of my computer.
I can see it now:
Announcer 1 (Ed): "Well Bob last weeks episode of Hunting Cybercrime was in Dallas and what a show it was. The Dalls PD went to town on that spammer! I guess they don't like having Viagra spams in their inbox any more than the rest of us."
Announcer 2 (Bob) "Indeed Ed, but this weeks looks to be even better! We are here in Korea hunting down a notorious spam operation that's been in busines for years. Since we are overseas we have some special hunters this week, a team of Army Rangers! This team will be doing a hard entry into the building where the spammer is located. As you can see from the optical fiber camera inserted into the room, there he is directing other spammers activities. I can't wait to see his face when the explosives blow the front door off its hinges!"
Announcer 1 (Ed): "Let's switch to the lowlight view of the building, you will see the flash as the explosives go off...."
It will never happen, more appropriate economic, legal and technological steps need to be taken. But I can dream.
You're actually much more traceable with a giant corporation PC because Dell/HP etc. definitely can track a PC from MAC address to serial number, to sale.
I've done the opposite of what you're saying is impossible. We buy pcs in bulk -> over 1000 at a pop. User calls me from a remote site because he/she can't access our wireless network -- because we use mac filtering and some other stuff for security. User doesn't actually know where his laptop is though, so he can't check the mac address for me. (*sigh* I can't explain that either). Fortunately I have a record of what PC we gave to that user.
I look up the serial number, called the support people from the manufacturer with the SN, and they told me it's mac address.
So wise up 00 0B F3 95 42 22 -- we know who you are.
Nothing great was ever achieved without enthusiasm
DJ kRYPT's Free MP3s!
You can't make that comparison. In ubuntu practically everything is installed through apt. In windows practically nothing can be installed through add/remove programs.
I think I have about two programs (second life and google earth) that were installed by hand. Everything else I use here came from packages.
455fe10422ca29c4933f95052b792ab2
Comment removed based on user account deletion
I do agree with you that a tiny clause in the EULA shouldn't be considered warning the user since users almost never read EULAs, but the law disagrees - the EULA is a legal contract and by accepting it you (implicitly?) seem to state that you have read and understood it. IANAL.
How this affects Ubuntu, though, I do not see. The user himself has to activate the feature, not just click an accept button. To me, this is enough - as long as the feature stays disabled by default.