Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Washington State Outlaws Spyware

Posted by timothy on Tue May 17, 2005 05:11 PM
from the good-luck-with-all-that dept.
Privacy
An anonymous reader submits "Today, the Governor of Washington signs a a bill outlawing spyware (bill history) which imposes penalties of $100,000 per violation. Spyware is broadly defined. It includes everything from changing a browser's bookmarks or homepage settings, "Opening multiple, sequential, stand-alone advertisements in the owner or operator's internet browser", keystroke-logging, taking over control of the computer, modify its security settings, and even "Falsely representing that computer software has been disabled." But here is my favorite: "Prevent, through intentionally deceptive means, an owner or operator's reasonable efforts to block the installation or execution of, or to disable, computer software by causing the software that the owner or operator has properly removed or disabled automatically to reinstall or reactivate on the computer." Microsoft and Ebay both testified in support of the bill. On May 10th, a similar law banning Internet and email phishing was also passed."
+ -
unknown
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Washington State Outlaws Spyware 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Washington state also outlawed killing sasquatch.
    • and not a single one has been killed since.

      • Re:If I'm not mistaken... (Score:5, Funny)

        by Surt (22457) on Tuesday May 17 2005, @05:41PM (#12561054) Homepage Journal
        That's not true, I killed one last week. Just wasn't in washington state, so i'm off the hook as far as the law is concerned. Sure, some people will argue 'it was just a hairy guy backpacking in the redwood forests!', but I had my hunting license.

    • Re:If I'm not mistaken... (Score:5, Funny)

      by plover (150551) * on Tuesday May 17 2005, @05:30PM (#12560950) Homepage Journal
      Oh, come on, the governor is going to sign ANYTHING Redmond wants signed. If Bill Gates wants Sasquatch dead, Sasquatch is gonna die. Make no mistake.

      • Re:If I'm not mistaken... (Score:4, Informative)

        by zoobaby (583075) on Tuesday May 17 2005, @05:35PM (#12560996)
        For those that do not follow Washington politics, the Governor's race was very close. A republican won the first count and the first machine re-count. The margin of victory in each was less than 100 votes. On the hand recount, the democratic person won by 142(?) votes. There are some issues about dead people voting, and people voting twice. While the results have been certified, the republican party has taken the case to court. As of today, there is a democratic governor, but how long she will be in power is unknown.

        • Re:If I'm not mistaken... (Score:5, Informative)

          by tepp (131345) on Tuesday May 17 2005, @05:54PM (#12561163)
          Actually, the Republican party is mostly claiming that felons were illegally voting. The problem is, many of the people the Republicans are claiming are felons - aren't. Most have juvy crimes, which should have been sealed at 18 which did not affect their voting rights. Others, never had their rights removed at all, or had their voting privilages reinstated.

          Meanwhile, in the Democratic heartland of King County, 50 valid ballots were found to have never been counted, and are still in their envelopes. What a mess. I just hope my vote isn't one of those 50.

          The whole mess has been playing out in the papers for months now, it's getting very old.

        • Re:If I'm not mistaken... (Score:5, Informative)

          by pizzaman100 (588500) on Tuesday May 17 2005, @05:59PM (#12561200) Journal
          Your facts are basically accurate, but here are the actual numbers: First count - Rossi (R) wins by 261 votes. Second count - Rossi wins by 42 votes. Third count - Gregoire (D) wins by 129 votes.

          Here is a Timeline [soundpolitics.com] for the events (with an obvious conservative slant).

      • I imagine this won't put to rest the rumors of spyware in their recent players

        That's because you're misunderstanding the "rumors" (which are not rumors, but facts, by the way). The problem is that Real's software (maybe not the very latest version, I haven't tried it, but for relatively recent versions this is certainly true) IS spyware in and of itself, because it (1) deceives users into installing stuff or signing up for stuff they didn't want or expect to be signed up for, (2) deeply integrates itself

  • Not sure how I feel... (Score:5, Insightful)

    by bananahead (829691) * on Tuesday May 17 2005, @05:12PM (#12560747) Journal
    OK, this is great. So how does one go about enforcing such a law? I have very mixed feelings about this one.

    I love the idea that we are making something so irritating illegal in the strick legal sense of the word. Make no mistake, I hate Spyware.

    At least I think I hate Spyware. I am not really sure, given the broad definition. Some Spyware is good, based solely on MY definition of 'good' and the mood I am in. So what if I have to give up something 'good' because the purveyors of that 'good' thing felt it might fit into the broad definition of Spyware and thusly discontinued it. I lose.

    On the other hand, the creepy porn junk and the crud that wants my bank account so they can sell me into slavery in Korea definitely (again, in MY definition of...) fit the model of BAD Spyware and need to have its purveyors captured, subjected to Janet Jackson Videos and sent to prison for a long time. And thus begs the question:

    How does this law get that done? Certainly these guys aren't going to stop their nonsense, they are making money doing it, so we will HAVE to enforce this law to get them to stop, and if they don't stop because there is no good way to enforce this law, then the BAD stuff continues and the GOOD stuff is thwarted.

    I am just not sure about this one.

    I suppose it gives teeth to companies like Microsoft and EBay to go after these guys and have them bundled away. That is good. But Who decides which ones Microsoft and EBay go after? And do I really want to create a system whereby Microsoft and EBay are the US Marshals and are enforcing laws the way they see fit, and going after those criminals that they decide to go after?

    I'm just not sure about this one.

    • OK, this is great. So how does one go about enforcing such a law?

      It won't help from outright viruses, but it could result in massive punitive damages for semi-legitimate corporations. e.g. Gator would be effectively banned from doing business in the state of Washington, under the penalty of heafty fines and/or criminal charges. (Sorry, I didn't read the law in any detail. I didn't catch if it was considered a criminal action or not.)

      As for finding someone to prosecute these companies, that may not be as hard as it seems. Lawyers love to make money by bringing forward any cases they can. In the absense of money, they love high-profile cases that make a name for themselves.
    • It doesn't necessarily STOP the software from running; it forces the software to play nice with the other children and submit to removal if the user wishes.

      If you want various background processes tracking your purchases and webuse to supply you with "tailored results" then you should be welcome to them.

      If you DON'T, however, you should be able to remove the damn things with a minimum of fuss. It's never been good marketing for a company, in my opinion. Would you, in your right mind, buy something from a
    • I, too, wondered if certain types of benign software might be caught in the crossfire with this legislation. After reading through it, I'm not worried about that.

      The bill is littered with words/phrases like "through intentionally deceptive means", "deceptively", "intentionally misrepresenting", "falsely representing", "without the authorization of an owner or an operator", etc.

      In every section of the bill, it's rather clear that the target of the legislation is software that deceives the user and/or does
    • Off topic, but tangentially related: Austin, TX recently passed a city-wide smoking ban. On the news a couple nights later, the anchorwoman said: "With Austin's voter-approved smoking ban coming into effect soon, people are asking how it will be enforced."

      Oh, I'm so glad they thought to ask about that tiny, niggling issue of enforcement after voting for it.

      And you're right, enforcement is going to be a big issue here. How many spywhores are operating in Washington? How many are operating in the U.S.

  • Leading the way again... (Score:5, Insightful)

    by spyder913 (448266) on Tuesday May 17 2005, @05:15PM (#12560781)
    We were also one of the first to make spam illegal. I don't really think it has helped all that much...

    • Re:Leading the way again... (Score:4, Informative)

      by calyphus (646665) on Tuesday May 17 2005, @06:24PM (#12561398) Journal
      All state anti-spam laws were rendered inoperative by completely ineffectual federal legislation.

      WA's anti-spam law was useful for the dedicated individuals that took the time to track spam to it's source and file a civil action with the state against them. If you could track them down and you had otherwise fulfilled your own obligations under the law, it was a simple matter to get a $500 judgement in your favor for each actionable missive. Collecting was another matter.

      The only real chance for success would be if the spammer were also in Washington.

      Like all anti-spam legislation it did require some compliance with legal authority on the part of the spammer. as if someone selling fake Chinese Cialis is worried about legal authority.

  • Realplayer now illegal? hopefully (Score:5, Interesting)

    by Toby The Economist (811138) on Tuesday May 17 2005, @05:15PM (#12560783)
    RP is a complete pig to remove.

    Wonder if it's now illegal?

    In fact, I'd like all third-party hidden-startup applications, which generally are unwanted and adopt this method since they know they'd be removed, to be illegal. I get VERY annoyed when other people feel fit to try to force their software into *MY* computer. How would they feel if I came into their front room and took over the remote control?

    --
    Toby

    • Re:Realplayer now illegal? hopefully (Score:5, Insightful)

      by Chris Burke (6130) on Tuesday May 17 2005, @05:31PM (#12560957) Homepage
      How would they feel if I came into their front room and took over the remote control?

      The same way a Mafia racketeer would feel if you threatened to burn their house down if they didn't pay for your "fire insurance".

      They aren't children; they know people hate what they do. As long as the annoying thing is happening to you for the profit of them, then they don't care, whether "they" are the Mafia or Gator or whoever.

    • Re:Realplayer now illegal? hopefully (Score:5, Interesting)

      by plover (150551) * on Tuesday May 17 2005, @05:41PM (#12561058) Homepage Journal
      Try removing HP printer "drivers" some time, or "desktop helpers" that come with video cards, sound cards, TV tuner cards, MP3 players, Bluetooth dongles, printers, scanners, faxes, cameras or any other peripheral your PC may have seen on a TV commercial.

      As far as I'm concerned, start arresting them all. I don't want their sh!tware on my box. I want their stuff to sit there nice and quiet up until the moment I want it to do something, and then I want it to do nothing extra. I don't want a pop-up "toolbox" to fix my printer; I don't want a noisy "Lookie what I printed for you, John, aren't you proud of my wonderous inkjets?!" dialog box. And when it's done I want it to get the hell out of my way. Completely. Don't ask me to update, don't leave a tool tray icon behind, don't leave a task running in task manager.

      If all this requires sending a few developers to Federal Pound Me In The Ass Prison, all I can say is "don't drop the soap, guys."

      • "I don't want a pop-up "toolbox" to fix my printer; I don't want a noisy "Lookie what I printed for you, John, aren't you proud of my wonderous inkjets?!" dialog box."

        well you could not install those "features". Most driver cd/downloads have their drivers tucked in a directory some where. Especially true with driver updates you download from the manufacture's website. So yeah, you installed all that crap, you live with it. When i install an epson or an HP i just point add printer wizard at the driver dir

      • Re:Realplayer now illegal? hopefully (Score:5, Funny)

        by Rorschach1 (174480) on Tuesday May 17 2005, @06:01PM (#12561216) Homepage
        ...or any other peripheral your PC may have seen on a TV commercial

        This is exactly why I don't let my PC watch TV.

    • Copy Protected CD's (Score:5, Interesting)

      by complete loony (663508) <<Jeremy.Lakeman> <at> <gmail.com>> on Tuesday May 17 2005, @06:16PM (#12561335)
      And the driver that copy protected CD's install without your permission to prevent the tracks from being ripped? I had to clean up one of these last week while I was ripping music for my father in law's new iPOD....
      • The parent makes a very good point. A lot of sleazy Digital Restrictions Management software uses spyware and malware tactics to control your computer. After all, it can't work without restricting your use of your own system to some degree.

        Can Washingtonians now sue record labels that use malware to prevent CD copying? That would be a terrific step towards ending such nonsense.

  • Agreed-hard to enforce (Score:3, Interesting)

    by Coopjust (872796) on Tuesday May 17 2005, @05:16PM (#12560789)
    Hard law to enforce. If it was a national law, then it would have some effect. Hopefully it doesn't become "National weak law" takes over "Strong state law" like can spam

  • Outlook Express (Score:3, Interesting)

    by McGiraf (196030) on Tuesday May 17 2005, @05:17PM (#12560797) Homepage
    Outlook express will re-copy its files next time explorer is started if you delete them.

    at $100,000 per violation that is $100,000 * the number of windows instalations out there, I think microsoft is going broke!

  • Phishing is already illegal (Score:4, Insightful)

    by 77Punker (673758) <spencr04 AT highpoint DOT edu> on Tuesday May 17 2005, @05:18PM (#12560813)
    Shouldn't phishing just fall under fraud?

  • People outside the US? (Score:3, Insightful)

    by nizo (81281) * on Tuesday May 17 2005, @05:18PM (#12560817) Homepage Journal
    which imposes penalties of $100,000 per violation.

    Give half of that to bounty hunters who bring the culprit to justice and we could have a new series of reality shows. Who woulda thunk spyware could be entertaining?

  • Class Action Lawsuit (Score:3, Interesting)

    by benspikey (658022) on Tuesday May 17 2005, @05:19PM (#12560820)
    Consumers and the state attorney general would be able to seek damages up to $500 per violation, or actual damages if phishers try to get consumers' information. Victimized Internet service providers could get $5,000 or actual damages. Judges could award an ISP three times the amount of fines if they so choose. Alright who wants to sign up with me.. We get 1000 systems download bonzibuddy and weatherbug and make a fortune. or at least have fun trying.. :)

  • where are the teeth? (Score:3, Interesting)

    by spamchang (302052) on Tuesday May 17 2005, @05:22PM (#12560860) Journal
    or dentures, at least, for this bill?

    i want to see people paying up the wazoo for this: collection agencies pounding down doors, spyware companies going belly up, class action suits, the like. hell, if they put filesharing on the same penalty level as involuntary manslaughter (because you know those two are equally evil in the eyes of MPAA/RIAA/congress), why don't they send spyware companies to bankruptcy? /annoyed

  • All that needs to be done (Score:4, Insightful)

    by doofusclam (528746) <slash@seanyseansean.com> on Tuesday May 17 2005, @05:23PM (#12560870) Homepage
    .. is to make companies accountable for the actions of their 'affiliates'. Many a spyware company uses this defence, and end up gaining customers from dodgy affiliates who they don't need to pay as the affiliate has broken the terms and conditions. Genius. Their business model is just like bill posting on roads and streets.

  • Mod this bill redundant? (Score:4, Interesting)

    by mr_Spook (458791) on Tuesday May 17 2005, @05:25PM (#12560898) Homepage
    Okay, it might just be me, and I might just be an idiot here, but isn't spyware illegal already, since it's modifying the contents of my computer without my knowledge or authorization? To me, it seems that spyware makers should be prosecuted just like anyone else who writes malicious code (viruses, trojans, worms, and so on).

    Any technically-literate lawyers have a comment on this?

  • So now there's a law (Score:3, Insightful)

    by RM6f9 (825298) <rwmurker@yahoo.com> on Tuesday May 17 2005, @05:26PM (#12560908) Homepage Journal
    The next steps will be legal definitions of what constitutes spyware, and refinements of those definitions based on cases brought to trial.

    How will they know who's doing spyware? Offer rewards to reports resulting in convictions.

    Of course, the thing might be struck down as unconstitutional depending on the breadth of definitions it starts with and the zeal of the ever-loathed ACLU in promoting the letter of the First Amendment to the detriment of the spirit of it.

    sigh.

  • That's just a bandaid on the problem. (Score:5, Insightful)

    by pg110404 (836120) on Tuesday May 17 2005, @05:30PM (#12560943)
    Some of the better places to go to get spyware are places in russia or developing countries, etc.

    The advantage and disadvantage of the internet is that you can go access web sites from anywhere.

    By making it tough for any group/organization to spread their malware from washington state, means they'll go elsewhere to host their stuff.

    Suppose all the spyware people jump ship and go elsewhere, somebody WILL find a site that has it and will get the spyware.

    It's like passing a law that makes it illegal to skid out of control and hitting a particular tree in the hopes of eliminating accidents.

  • AOL's AIM (Score:4, Interesting)

    by yrogerg (858571) on Tuesday May 17 2005, @05:30PM (#12560945)
    Have you ever tried installing AIM from AOL? It install links everywhere regardless of if you tell it 'no' in the setup process. Maybe they'll finally change this.

  • maybe the religous fundies should promote this law (Score:3, Insightful)

    by hurfy (735314) on Tuesday May 17 2005, @05:35PM (#12561003)
    ""Opening multiple, sequential, stand-alone advertisements in the owner or operator's internet browser"

    hehe no free porn for Washington :)

    We know what at least one state congresscritter is up to...

    Sounds all warm and fuzzy but actually doing anything is doubtful...at least til califonia catches up.

    I believe you cant make automated telesales calls here but several computers havent read THAT law either :(

  • Alexa (Score:5, Insightful)

    by HermanAB (661181) on Tuesday May 17 2005, @05:40PM (#12561050)
    So, will MS finally stop shipping Alexa with IE?

  • Huge Loophole, Crappy Bill (Score:4, Informative)

    by Erris (531066) on Tuesday May 17 2005, @05:41PM (#12561056) Homepage Journal
    Of course M$ loves this one. Check out this wopping loophole:

    These prohibitions do not apply to any monitoring of a subscriber's internet service by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service for network or computer security purposes.

    So, when M$ looks at and deletes your files for supposed copyright violations, that's a "security" issue and they are OK. It does not matter that they have all of the other definitions of spyware and are much more invasive, they are a "software provider" doing it for "security".

    The definition is so broad that it's hard to imagine who is not a "software provider" doing something for "security". Oh wait, now I know, anyone Microsoft does not like is not a "software provider".

    A real spyware law would spank M$, HP and many other "software providers" for all the things this bill legitimately complains about and then allows.

  • Considering their actions (through contraction of Overpeer) to smuggle spyware in through windows media files..

  • Real Player (Score:5, Interesting)

    by m00nun1t (588082) on Tuesday May 17 2005, @05:51PM (#12561138) Homepage
    Like many others, I consider Real Player to essentially be spyware.

    I think (correct me if I'm wrong) that Real are based in Washington State. So what's the impact here, for both current and future versions of Real Player? Would make an interesting test case.
  • Hmm.. Recently I played Splinter Cell: Chaos Theory, which installed StarForce without my knowledge or consent--and which doesn't uninstall ever unless I download the uninstall tool.

    Would this violate this law? I think it should. I wish I'd known about the StarForce installation--I wouldn't have bought the game.

  • Won't this ban some of those 'copy-protected' CDs that automaticaly install some kind of driver through auto-run?

  • Great and everything... (Score:3, Interesting)

    by Zach978 (98911) on Tuesday May 17 2005, @06:19PM (#12561357) Homepage
    I like it, but I don't like legislators getting used to writing bills dealing with the Internet...

    They get their foot in the door and we might be in trouble...

  • valuable legal principle - accountability (Score:4, Insightful)

    by heretic108 (454817) on Tuesday May 17 2005, @07:40PM (#12562011)
    From this Bill it seems that an important legal principle is being established - when code written by Alice runs on Bob's computer, then Alice has the same accountability for her (code's) actions that she would have if she were physically allowed into Bob's home or office.

    If Alice was an interior decorator who, on gaining access to a client's home, did stuff like:
    • Changed all the speed-dial numbers on the telephone
    • Installed listening/recording devices in all the rooms
    • Modified the TV/video so it overlays ads of her choice over the top of programs (in addition to the regular ads screened by the station)
    • Duplicated door keys and alarm codes and sold these to others
    • etc
    then Alice would be doing hard time at Club Fed or Her Majesty's.

    So why should it be any different with software?

    When someone runs your software on their computer, they have admitted you into their sovereign private space, and you have a responsibility to behave in a manner respecting this. Well done, Washington. I note also that the Australian Democrats party has introduced similar legislation, which God-willing will also pass.

    • Re:I see why you like that line (Score:5, Interesting)

      by tehshen (794722) <tehshen@gmail.com> on Tuesday May 17 2005, @05:17PM (#12560799)
      That is not a bad point, in general - if I write a program with a security vulnerability, and people use this vulnerability to install spyware on people's computers, do I share the blame with the spyware writers?
      • As much as you'd share the blame if you were being robbed after leaving an open window.

        In some places, you'll be blamed harsher than the robber himself, in others the window matter won't, actually, matter.

        Oh, and your income matters, too
      • Good question, I think so.

        But... MS is one of the largest employers in the state. Their employees are highly paid. Those employees spend money, buy expensive houses, etc. Microsoft builds buildings, buys land, and supports the arts and such. And lets not forget all the computers and software that they donate/discout for the state and it's schools.

        Washington state will not piss off Microsoft. It is a fact. When those state AGs sued because they didn't like the settlement the DOJ did with Microsoft, was the Washington State AG among them? Why do you think that was?

        MS is behind this law because if it works, it removes some (much?) of their responsibility (and also codifies in law that spyware is the programmer's fault, and doesn't specify it to be MS's fault). If the law said that, do you think it would have gotten a vote, let alone pass?

        Things like this happen. At least it is a win for the consumer if it works, even if MS still isn't held accountable. All us geeks can do is answer questions from friends truthfully. "What's with/causes/why is there so much spyware?"... "Microsoft." Grass roots will work, we just need it to be organized. But then again we need to do that with lots of things (accepting buggy software, the release-then-patch mantra, overpriced software, etc.)

    • It's not excessive in my opinion. Small fines are what nullified the effectiveness of many previous anti-spam, anti-virus laws.

      There has to be a substantive risk on the part of the perpetrator to dissuade him from producing the spyware, and there also needs to be suitable incentive to pursue legal action. Small fines aren't worth anything because you can't find a lawyer who would take the case.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.