Congress Debates Anti-Spyware Bill

Spy der Mann writes "An anti-spyware bill could clear the U.S. House of Representatives as early as next week, but there are disagreements on how to define the term 'spyware.' A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors. Could this become another CAN-SPAM?"

Re:whisky tango foxtrot

[strateego]

One effective way to enforce this would be to render Windows illegal to use across the nation...

It's not windows fault that there is spyware. It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.

The same people who buy stuff from spam are the ones that buy everything from Wal-Mart. Then they go complaining that there are no livable wage jobs. Stupid people are part of the problem.

It's Congress, they can solve any problem

[John Seminal]

And they plan to enforce this... how?

Maybe they will start by making all spyware illegal. Then they will notice most of it will come from servers outside the USA. So the next step might be to make software inside the USA incompatible with software outside the USA. Maybe a region lock on all computers, so it can only play software from your country code.

If you want to get a machine which playes region 2 software, do so at your own risk. But I will be safe with my Congress approved region 1 computer. ;) Maybe Congress will even force computers to have a chip on the motherboard, like the Play Station. 90% of people with a play station didn't modify their machine at the hardware level. It is too much work. Congress can make it more difficult to do any activity, and they can increase the penalty. At some point the risk gets too high and the reward is not high enough.

Seriously, there is an easy way to enforce this law. It is with treaties. The USA can force smaller countries to agree not to import into the USA software with spyware. I dunno about the rest of you, but I would HATE to get caught doing ANYTHING wrong in Hong Kong or some country where they will whip me. Remember, the FBI did find that kid in the philippines who wrote the virus a few years ago. He used a public computer to release it, but they tracked him somehow. And now he is in a third world prision.

Re:proper definition...

[timmyf2371]

The problem though is defining a concept like consent without placing overreaching restrictions on software developer's freedoms. I mean, the majority of spyware currently obtains your consent in some way to install itself - buried in term number 11, section 3b of the click-through EULA, it is disclosed that you hereby give consent for Claria to install Gator, for example. Of course, they know nobody has enough hours in the day to read EVERY EULA put in front of them, so of course no real consent is ever formed.

This is hardly an excuse.

Let's imagine for a moment that EULAs are legally-enforceable contracts, which they are in Scotland [kevinboone.com].

Would you say the same thing about any other legally-enforceable contract such as a credit agreement or an employment contract?

When agreeing to a contract whether by signature of by electronic signature, you should always read all the terms of the contract you are agreeing to otherwise if/when things go "wrong" it is the person who agreed to the contract in the first instance who is at fault and no-one else.

Now, the only way I could theoretically see the inclusion of spyware by EULA being ruled illegal would be by something similar to the UK's Unfair Contract Terms Act [dti.gov.uk] - I'm not sure whether there is something similar in the US however it could potentially be argued in a court that the inclusion of such applications would be an unfair contract term, however there is no such rules set in stone as to what is and what isn't an unfair term.

trivially easy

[Anonymous Coward]

all we require is a few free apps designed to feed garbage data to the spyware company's server - if the 'legitimate' data that the spyware returns is lost in a morass of garbage generated by such apps, then the spyware industry ceases to be profitable..

All that is needed is a snappy name to get the public to use it.. Gatorcide, DoubleAgent, something like that..

How about this?

[st0rmshad0w]

I clean this crap up every damn day and I have a plan.

First it requires the gathering of where to serve the papers, i.e. where are all these bastards hiding that make this stuff.

Secondly every bill I give someone for this junk will have attached the necessary forms to file a small-claims suit to recoup some of what they've paid to have their machine cleaned, along with an index of who's spyware was removed.

Let them all try to fight THOUSANDS of small claims filings in every district in the country. It should bury them.

Would any law types out there like to weigh in on the various flaws to my scheme as IANAL and I'm certain there is some problem with this I don't see.

enforcibility is not always the key issue

[DM9290]

I imagine some people will immedietly object to a law based on some practical issue of unenforcibility.

I dont think this is really a relevant issue on whether or not certain activity should be unlawful.

Provided you can strictly define exactly what is being made illegal. The fact that you may never catch anyone breaking that law, doesn't mean the law should not be there.

Some borderline ethical business people consider anything legal to be ethical and will not cross that line. They would happily kill people provided it was legal. But they would not sell a drink to a 20 year old (in the US).

Simply making spyway illegal is likely to deter those people who abide by that business ethic, such as it is.

Provided the definition of criminal spyware is narrow enough to not capture innocent software, I dont see why there is a problem making it a crime.