Congress Debates Anti-Spyware Bill 180
Spy der Mann writes "An anti-spyware bill could clear the U.S. House of Representatives as early as next week, but there are disagreements on how to define the term 'spyware.' A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors. Could this become another CAN-SPAM?"
whisky tango foxtrot (Score:2, Insightful)
It's like porn.... (Score:4, Insightful)
too restrictive??? (Score:3, Insightful)
what is happening on my pc isn't business of anybody else. period.
What we need is (Score:0, Insightful)
Wow! (Score:5, Insightful)
I doubt I have that many legitimate programs installed in my computer and I don't think these guys have either. The thought that their computers contain more spyware than software is scary.
I don't believe that a law can change this though. It might decrease the number of US based spyware companies, but I doubt the effect will be noticeable.
More secure browsers and user education seem like a better solution.
pointless (Score:3, Insightful)
Congress wants to be helpful? (Score:1, Insightful)
Tell me, how could spyware even *work* if we had OSes that wouldn't allow programs to connect to the net *unless* we authorize them?
Just put the pet mouse in a cage, no law needed.
Computers appliances (Score:5, Insightful)
Re:Legitimate companies? (Score:5, Insightful)
Well, video codex come to my mind, they are stealthily downloaded and installed by the media player.
And most spyware doesnt install so stealthily, at one point the user has to click yes on a dialog (a very obscure dialog it is). So a lawyer could always argue that the installation wasnt stealthy and that the product therefor isnt spyware.
Re:whisky tango foxtrot (Score:3, Insightful)
Enforcing this internationally is a bit more tricky though.
proper definition... (Score:4, Insightful)
Congress should define spyware as any code that runs on your machine that you did not agree to instal (So if I instal FreeGamePack, I expect to get FreeGamePack and not HiddenBackdoorTorjan. I agreed to instal one but not the other). I remember installing debian once, and it had a list of over 1000 packages, each with a description. I would like to see Windows do that, give me choice. Do you want the Internet Explorer pack? Do you want the Netscape pack? Do you want the Mozilla pack?
The second part of the definition is the software is not allowed to communicate to any other machines unless the owner of his machine allows it. That would kill RealPlayer and their crappy hidden settings.
Re:whisky tango foxtrot (Score:5, Insightful)
Yes. Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.
It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.
Spam != spyware.
It seems to me... (Score:3, Insightful)
If you do bussiness in the US (Score:5, Insightful)
It's also possible the US could seek extradition over this. You can't run to a foriegn country and hide, if those countries have extradition treaties. I'm not sure they'd bother for something like this, and the other nations might refuse to extradite if it wasn't against their own laws, but it's also a possibility.
Re:proper definition... (Score:4, Insightful)
Any third party product that is not functionally necessary for the application a user believes they are installing should be legally required to be a separable item in the installation process that you must opt-in, not opt-out, from. Sure, such a definition can be worked around by a malicious organization by making the spyware linked in like any old software library and claim it is functionally necessary for the advertised features of the software, but since such a connection would constitute an obvious attempt at circumvention, it should be easily thrown out by a judge at his or her discretion. Ultimately, any of these laws will require some of that kind of subjective precendence-setting to establish an enforcement regime.
I would also like to see any modification of already-installed software on your computer require separate, explicit permission-gathering steps from the user (i.e. fucking with DNS a la new.net, or installing components into your browser toolbar). Any modifications those components make to content or user experience should be explicitly and clearly disclosed in that step, as well as any information gathered by said components for transmission back to the author or other third party.
CAN-SPY bill? (Score:4, Insightful)
Windows XP appears to track program usage (see add/remove program in control panel.) Do you honestly think that M$ keep that information are for entertainment purpose? I consider it without a doubt a market research tool, although I am also certain others would consider it a useful end-user tool. Does that count as a spyware? You can be damn sure M$ will make sure the crafted law(s) exclude that as spyware.
In short, "screwed, we are now."
Re:pointless (Score:3, Insightful)
Bad Idea (Score:4, Insightful)
Could this become another CAN-SPAM?
CAN (sorry, couldn't resist) and will.
Seriously, this is an outstanding example of why legislative control is at best worthless, and more likely actively harmful. There's an old legal saying that "good cases make bad law." That is, when we try to achieve a just result in a particular case, we end up with a law that may serve that end well, but ultimately creates more problems than it solves.
This goes double when the law concerns technology. The tech world is noted for the rapidity with which is advances; the legal world is noted for its resistance to change and advancement. When the latter regulates the former, it will inevitably lead to a stifling of future development. Definitions and phraseology become hyper-critical. For example, let's look at "spyware." How do you define it? What would you call a program that quietly looks at everything you type, taking note of some words as being particularly interesting? I'd call it a spellchecker. How about a daemon that goes through your e-mail and reports back to an agent information about how many e-mails you get from a particular sender, what kind of things you talk about, etc.? I'd call it an adaptive mail filter (Bayesian or similar). How about a webmail service that looks at your e-mail, analyzes it, and uses that analysis to present advertisements relevant to you? I think the term for that is Gmail [gmail.com].
Yes, these examples are contrived; I deliberately chose them to demonstrate a point. I'm trying to show that even the best-intentioned law can have dramatic effects down the line, effects that we can't even begin to predict. There's another truism in law that if the case goes to court, the lawyers have already failed. The principle holds true here as well: if the Legislature gets involved, there are no winners, only losers.
Re:It's like porn.... (Score:2, Insightful)
"You mean like every single commercial I've ever seen?" - Bill Hicks
I have a copy of Micro Mart next to my keyboard, featuring an add for Arctic Silver thermal paste. The ad features a picture of a woman in skimpy bikini. I don't think she has an awful lot to do with the paste, and I am forced to conclude that the picture was included simply to try and arouse the viewer, thereby encouraging him look at the ad. Does that mean the ad is pornographic?
Re:Will this change things much? (Score:5, Insightful)
If the credit card companies were threatened with a charge of conspiracy to promote spam/spyware/all the other immoral or illegal acts commited for money via the itnernet, it would stop overnight.
It exits because the credit card companies profit from it. Take the profit from the credit card companies, and it would not exist.
Nothing in the above statement should be taken to imply that I do not support cruel and inhuman torture and/or death for anyone connected with the promotion/distribution of Spam/Spyware.
User Education (Score:4, Insightful)
Re:whisky tango foxtrot (Score:5, Insightful)
Of course, there are many spyware programs that make their way into users' computers through holes in IE/DCOM/SMB/ActiveX/what have you, but the fact of the matter is that the majority of spyware comes with other programs, like Kazaa. That means that the user is willfully installing it. Sure, they may not know about it, but that doesn't mean they're not installing it by their own decision. There's nothing in any other OS that would prevent the user from doing that.
The reason why there's no spyware on Linux is not primarily that Linux isn't yet as popular as Windows, as many others suggest. The reason why there's no spyware on Linux (yet) is that most people run free software on their Linux systems, and free software developers... well, don't normally bundle spyware with their programs. If or when proprietary software ever gets popular with Linux, I'll assure you that you'll see an increase in spyware for Linux.
However, mind you that there's nothing inherent in Linux itself to stop it. Any such thing would just prevent the user from doing stuff, and would therefore be hindering users.
Autopackage has a lot of text on this [autopackage.org].
It WILL be another CAN-SPAM (Score:3, Insightful)
I depress myself. Time for more hooch.
Re:Why TF? (Score:3, Insightful)
"You are about to install MSCFGT38.EXE. Installation of this program will improve your browsing experience, and is required to access this website."
The fact that it is some sort of auto-dialer that connects to a foreign country at a rate of $65/min won't really get mentioned.
Personally I blame Microsoft. They have been trying to hide what the computer is doing for years, undoubtedly out of some misguided notion that when you don't name the problems that you have they will somehow be less severe, even though all it does is frustrate support people.