House Passes Spyware Bills 226
stinerman writes "Today the house passed two bills aimed at stopping spyware / adware and unauthorized use of computers. H.R. 29 makes it 'unlawful for any person who is not the owner or authorized user of a protected computer to engage in deceptive acts or practices'. H.R. 744 (I-SPY Act) prohibits accessing a protected system via code copied on to the system to, among other things, disseminate personal information. Both bills sailed through the house and are expected to be passed by the Senate."
Phew! (Score:5, Funny)
There'll be no more spyware by Christmas, let me tell you.
But... (Score:4, Insightful)
Is this really something that government should be legislating at all?
It let's both ignorant users (whom I can forgive) but also Microsoft (whom I can't) off the hook. Rather than having to secure their systems/fix fundamental security flaws in their OS and applications they can just hide behind this new law: "It's not our fault we didn't do anything wrong, they broke the law!"
Re:But... (Score:2, Insightful)
Re:But... (Score:3, Insightful)
Now my insurance policy requires me to have secure locks on the doors and windows from a list of approved types, the builders of my house actually installed good locks and latches which actually were on the list... now it's up to me to actually use the locks and latches... if I do and thieves still break in, then I'm covered by my insurance, if I failed to secure a door or window a
Re:But... (Score:2, Troll)
Re:But... (Score:2)
It really isn't a horrible analogy, there are some bad lock systems in place in Microsofts products. But the worst part is most spyware/junk gets through by the users letting them in.
No product can stop this, just as no security system can stop your from opening the do
Unfortunately... (Score:2)
Ever tried running Windows under "Restricted User"? I did. Even with mostly reputable, well behaved apps it's a PITA. Introduce a user who needs the odd browser plug-in and small custom software vendor tool, and you're screwed. Almostnt nothings sets correct registry permi
MS Home sales pitch (Score:4, Funny)
Re:MS Home sales pitch (Score:3, Funny)
MS:
Linux: Don't buy a house from this man! You need a secure entry and exit system! Our house plans are completely free, and there are plenty of liscensed contractors that can build one for you at a very reasonable price! Plus, it doesn't come with a door unless you ask for one - which, incidentally, I wouldn't! Thieves can get in, after all.
Luser: So... how do I get in?
Linux: We have two cannon-powered one-
Re:But... (Score:4, Interesting)
Slashdot is too full of narrow-sighted people who will say the same things I just did about acts like REAL ID, but fail to realize that legislating computer software is also not within their rights. The 10th amendment is always my favorite defense, but nobody really cares about the Bill of Rights anymore and it's sad.
Re:But... (Score:2, Insightful)
Both Real ID and spyware are invasions of the target's liberty and security.
Re:But... (Score:4, Insightful)
Re:But... (Score:2)
Re:But... (Score:3, Informative)
Now my two bits: I see spyware as an act of trespass. My computer is my private property, as much as my house. My computer and my house are both extensions of my
Re:But... (Score:2)
Re:But... (Score:2)
Me, I tend to have faith in the 1st and 2nd. If they're honored, then the other 8 will have a long term tendency to fall into line.
Right here and now, I'm exersizing the 1st, my right to make a statement. We have had that for so long now, that attempts to limit it, are, including the recent "campaign finance reform" that took away over 5 million voters rights to say how they fe
Re:But... (Score:3, Informative)
She can't see these things that pop up in small corners at times. Or can't be arsed to read them considering how long it would take her away from something thats already going to take her a while to get done.
MS on the other hand should be ashamed of itself. Crap ass browser lett
Re:But... (Score:2)
Microsoft should be part of this issue. With the ability to add plugins automatically, users should be able to remove those and turn off the autoinstall feature. I doubt this will be in the next release of windows and it sure as hell won't be in any upgrades to IE anytime soon - too much money to gain by having people buy the new
Re:But... (Score:3, Informative)
Along with Ad-Aware, it is quite effective.
---
Read my Journal [slashdot.org]
Re:But... (Score:2)
Re:But... (Score:3, Funny)
Re:But... (Score:2)
Re:But... (Score:2)
If I choose Linux I effectively become the developer and have to learn every single package and help her to use them. I just got no time... While there are packages we have found that work on windows, and that took several years too.
Re:But... (Score:2)
Yes it will. Linux works for my mother. I am sure MacOs is easy too, but his mother would have to get a new computer.
Actually, it's unnecessary and absurd (Score:2)
Spyware with permission? (Score:5, Interesting)
Re:Spyware with permission? (Score:2)
Re:Spyware with permission? (Score:5, Insightful)
I'd expect not for things like Gator, since that would be "authorised" access to your computer, with you authorising it. Spyware that comes bundled with other code could sneak past by havting the authorisation burined in the bundling software licence agreement.
On the bright side, it should make the covert installation of spy/malware from a web page illegal. Or maybe more illegal. Of course, those who argue that web page access entails an implicit social contract are likely to feel they have been granted all the authority they need.
I'd guess it needs to be tested in the courts before we can tell wether this is going to be a CAN-SPY bill or not.
Re:Spyware with permission? (Score:3, Insightful)
Don't worry, neither has most of Congress.
Re:Spyware with permission? (Score:3, Interesting)
Lots of spyware is installed by installing programs that bundle spyware with them. Kazza, divx, etc. People just press "OK, OK, Next, OK" even in the license field. Cookies are used sometimes as a spyware too. This bill is not going to change anything for those.
Re:Spyware with permission? (Score:2)
Oh, yes. The popular view window that Windows love using that allows you to look at a 1,200 line file three lines at a time. Everyone, and I mean everyone, just loves that. After encountering one of those, does anyone actually spend time wondering why people merely click through without reading the effing EULA? Not that a resizable window would cause everyone to thoroughly read the legalese but it would at least m
Unenforceable? (Score:5, Interesting)
When the spammers and spyware makers start getting fined and sent to jail I think we'll have something to crow about.
Until then, it's just a feelgood law.
Re:Unenforceable? (Score:2)
As the old saying goes... what we need to have is several sensational murders involving spammers to significantly reduce the volume of spam. Once the spammers figure out that the cost of a few million emails is their lives, they will quickly find alternative employment... like processing missing backup tapes from banks.
That way we'll be sure that what they say is true (Score:2)
Re:Unenforceable and pointless (Score:2)
Re:Unenforceable and pointless (Score:3, Insightful)
The term 'spyware' has fuzzy definition (Score:4, Insightful)
When the very definition of spyware is hanging in balance, I dont see how they can strictly enforce the law.
My 2c.
Re:The term 'spyware' has fuzzy definition (Score:4, Informative)
I think that pretty much covers what is defined under the bill , These companys can try to rename it all they want
FINANCIAL is as simple as PayPal (Score:2)
(2) the term ''protected computer'' means a computer -
(A) [...] or
(B) which is used in interstate or foreign commerce or communication;
Any computer supporting common Internet protocols, such as TCP/IP, HTTP, and HTML, is capable of interstate communication. Add HTTPS, and you get capability for online shopping, a form of interstate commerce. So from the moment that the owner of a typical home computer visits ebay.com using that computer, it "is used in interstate or foreign commerce or communication."
Re:The term 'spyware' has fuzzy definition (Score:3, Insightful)
"Thats not spyware! Since they have visited my website they are my customers and thus I therefore have their expressed permissions to install software on their computers to be able to send targeted promotions to them. "
What's the catch? (Score:4, Insightful)
TCPA? (Score:2)
Unintended consquences (Score:5, Interesting)
I'm sure that Congress-critters didn't intend companies using the DMCA as an agressive legal weapon it has become.
What twists will these bill's be given to turn them into tools for the harassment of honest people?
Re:Unintended consquences (Score:5, Funny)
Re:Unintended consquences (Score:2, Interesting)
Re:Unintended consquences (Score:2)
Re:Unintended consquences (Score:3, Insightful)
First Steps... (Score:4, Insightful)
The problem with first steps (whether it be Congress's legislation or international treaties) is that because it's a first step and getting agreement it hard enough they can't accomplish very much and, yet, after the first step has been taken no one feels the need to take another step. My guess is that this legislation is too weak to accomplish anything and nothing will really be done until it becomes a big enough problem that the politicians can't say that they worked on it and are waiting for it to take effect or some BS like that.
Now if they had only made it part of the DMCA, then we would get some quality legal action going by the **AA and we might actually solve the problem.
Re:First Steps... (Score:2)
This act makes it clear that the Federal Trade Commission is to see spyware as a clear violation on the prohibition against deceptive trade practices. Does just mentioning the DMCA and **AA get you an Insightful mod these days, no matter how far off-topic you are?
what about m$ (Score:3, Interesting)
Does it prevent M$ from collecting info from your PC?
phoning home allowed, "discretely" (Score:1)
Oh, sorry, that was HR29 "discretely" (Score:1)
Re:what about m$ (Score:2)
Re:what about m$ (Score:3, Insightful)
Protected computers? (Score:2, Insightful)
I'm no lawyer but... (Score:5, Informative)
Re:I'm no lawyer but... (Score:3, Informative)
Re:I'm no lawyer but... (Score:5, Informative)
Re:I'm no lawyer but... (Score:2)
Though I'm not sure that's exactly true, the real issue is that if somebody's malware does get onto the desktop of, say, a project manager working at the Agriculture Department, then that publisher's going to wind up in heaps o' trouble regardless. I don't care if they go down because my local sheriff presses the case, or the feds do. They'll go down harder if the feds do it.
Re:I'm no lawyer but... (Score:2)
I sound like a broken record, don't I. But this is depressing. They could have done something good, and it would have only hurt a few spammers and jerks. Unfortunealy, I a
One more law (Score:3, Funny)
Re:One more law (Score:1)
What about non-US spyware? (Score:5, Interesting)
Re:What about non-US spyware? (Score:3, Funny)
Write to your congressman. He'll forward your letter to a collating department at the Dept of Homeland Security. The first country/state/banana republic to score a stack 1 inch high (or 1000 complaints, whichever occurs first) wins a free WMD inspection courtesy of Dubya. Use really thick paper for quick results...
Re:What about non-US spyware? (Score:2)
Re:What about government sanctioned spyware? (Score:3, Interesting)
The current regime in power has gone out of its way to characterize "terrorism" in the broadest possible definition, to include such things as copyright violations and DMCA violations. Trading partners of the USA have been coerced into passing legislation that brings them into compliance with American law. But protecting the sanctity of citizens'
Re:What about non-US spyware? (Score:2)
It is basically impossible to enforce any kind of embargo on spam.
lawful at home? (Score:1)
Spyware? How about spam proxies (Score:2)
Oh wait... it only applies to computers used by the United States Government according to tfa...
Wiretapping (Score:5, Interesting)
Jw
Re:Wiretapping (Score:2)
Re: (Score:3, Funny)
Great except for one little detail (Score:3, Insightful)
I guess this means my deceptive aliases on slashdot and every other potential spammer Web site can now land me in jail, assuming slashdot is a "protected system". I guess I'm an "authorized user" of
Interesting choice for a sunsetted law (Score:3, Interesting)
Great! (Score:4, Funny)
I hope this is carefully written... (Score:2, Interesting)
How about cookies?? (Score:2)
Could a shared cookie be considered spyware? (I visit foo.com, which has an image on evil.com that places an evil.com cookie on my machine. Then I visit bar.com, which also has an image on evil.com. Evil.com shares this information between foo and bar. $Profit$
I-SPY and other such acts (Score:5, Funny)
Well I'm going to become a politician and write up the OMGWTFBBQ act.
Re:I-SPY and other such acts (Score:2)
Vague. (Score:2)
It could be completely toothless. Do you have to spend $10,000 per year on IT security services before your computer is considered secure. And is an unpatched system considered "not protected"?
WRONG. (Score:2, Informative)
A computer is "protected" if it is used for interstate or international commerce or communication. If you don't live in Michigan and you post on Slashdot, that's you.
Re:WRONG. (Score:2)
The slashdot article was vague.
Also prohibits sueing spyware users? (Score:4, Insightful)
Why Bother? (Score:5, Insightful)
Yet another unenforced law doesn't do any good.
File under stupid laws. (Score:3, Insightful)
"Wahoo, the Senate made it illegal for Spyware companies to install it on my system, wait a tick. If I install a trojan on someones system why is that a stiffer penalty than spyware? Both are installed without the users consent to track movements, wreak havok, both could be used for malicious purposes."
I can see this already, spyware will still be produced en masse, the people who deploy it will simply move somewhere not governed by US law. New law circumvented, tax money wasted, spyware still rampant.
Why? (Score:3, Interesting)
Be careful what you wish for (Score:5, Informative)
First let me say IANAL. I've been around them my whole life but that doesn't mean I am one. I have been told by some that I think like them though.
I don't think this quite protects like people seem to think it does.
I interpret Section 2a2D of the SPY Act to say it's okay to change security settings without the knowledge of the protected parties as long as you don't seek to do damage. Imagine a defensive claim that a change to weaken security settings is to make the computer easier to use and less confusing. Prove they had a different motive. That could be tough. No question that changing a settings of allowing ActiveX controls to always run makes it easier for a website targeting ActiveX capable browsers to run whatever they want "for the purpose" of serving their users and it's "easier" for their "customers" to use the site because then they don't have to bother with or know about changing browser security settings.
Additionally, has any one read Title 18,1030? This bill references another which goes to Title 18. Title 18,1030 reads:
(e) As used in this section--
(1) the term "computer" means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;
(2) the term "protected computer" means a computer--
(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
That *might* protect you buying something on eBay but I read that to mean it doesn't protect you regarding, for example, online banking necessarily. Phishing seems to prohibited in the SPY Act but I think this needs more analysis. I think the Act protects companies like Microsoft and others (Symantec?) that are using DRM and the like. A number of companies (*cough* Real Networks *cough*) get caught not infrequently sending off more information than they claim that they do; they apologize and do it again. So say they "encrypt" it in pig Latin because they aren't supposed to any longer. Now because you've decrypted it (as any American Kindergardener can do), you've now violated God knows how many other acts.
I'm not trying to say the sky is falling. These Acts could be a good start. But anyone who thinks this is the cure is a fool. Don't forget CAN-SPAM legitimized spam while being (mis-?)represented as outlawing it.
What is really needed is more general privacy (Score:5, Insightful)
For example, if collects personal details they should be required to tell you that they have those details.
And allow you to change those details if they are wrong.
And if they give those details to another company (e.g. credit agency, firm that is going to use the details to send you marketing crap etc etc) they should be required to tell you about that too.
Spyware companies would be required to notify you in advance what personal details their software collects (if any) and what is done with those details.
The problem with this proposal is that it would cost the big corporations money to implement. But more to the point it would prevent the corps from hiding what is going on (for example, I occasionally get letters from American Express asking if I want an American Express card even though I have never had any dealings with American Express in my life which means that some other company I deal with such as my bank must have given American Express my postal address and stuff)
Really, the 5 biggest problems with spyware are:
1.Spyware takes various levels of personal details and sends it to some company (with you not knowing what those details are or what is being done with them)
2.Spyware installs without it being clear that it is installing
3.Spyware messes with system files and settings
4.Spyware takes up memory/system resources (and often internet bandwidth to download ads etc)
and 5.Spyware is almost always impossible to remove without tools like ad-aware, MS anti-spyware or Spybot.
I'm Really Friggin' Jaded (Score:3, Funny)
Unintended consequences (Score:2, Interesting)
"(2) EXCEPTION FOR SOFTWARE COLLECTING INFORMATION REGARDING WEB PAGES VISITED WITHIN A PARTICULAR WEB SITE- Computer software that otherwise would be considered an information collection program by reason of paragraph (1)(B) shall not be considered such a program if--
(A) the only information collected by the software regarding Web pages
This means nothing to most people (Score:2)
And as it happens, that term already has a legal definition in the US Code.
Thus, this only impacts computers used for interstate or foreign commerce, or by the US government.
A few observations (Score:5, Interesting)
Second, the first bill, H.R. 29, doesn't provide for a private cause of action. It says it's enforced by the FTC. Which means you can't sue under this bill (if it becomes law).
Third, the second bill allows for an (implied) private cause of action: No person may bring a civil action under the law of any State if such action is premised in whole or in part upon the defendant's violating this section. It doesn't say you can't bring a criminal action under state law, so you may not be required to file in federal court.
My sense of the bills is that the first goes after companies who make and bundle spyware, while the second goes after extortionists, phishers, virus writers and the like.
Microsoft Is Out Of Business! (Score:2)
What do these bills *do*? (Score:2, Interesting)
Similarly, stealing personal information is illegal (or should be, regardless of whether spyware is involved!). The class of social engineering attacks, such as phishing that these bills outlaw, seem to me (IANAL) to be the same thing as the old con artist sc
Yeah, right. (Score:2)
Yes of course. Because the law says that if the spyware has been developed in India instead of the US, it's perfectly legal for it to install itself, right?
I know you're always looking for an opportunity to whine about outsourcing, but try to keep it on topic. Whether or not the spyware companies outsource to India does not affect these Spyware Bills in any way; so your post is just offtopic.
Re:Yeah, right. (Score:2)
If a spyware company itself moves off US soil, then what you say is perfectly right. Not being a US company, it would possibly not be subject to the same legislation.
On the other hand, what he said was " now all spyware companies is gonna outsource to india instead?", referring to a US-based company outsourcing the development of its spyware to some cybercoolies in India or anywhere else. In this case, the company would continue to be
Re:so... (Score:1, Offtopic)
BTW, "Dude!" could also be an interjection and it's just fine, although I'll agree with you on the total waste of a post.
Re:Code (Score:3, Interesting)
However there's another fuzzy border: Where does code end and pure data begin? E.g. if I set a cookie at a browser, then it causes the browser to send the cookie back to me every time someone accesses my web server. Now, is the cookie code (because it actually triggers an action), or is it just data (because it doesn't actually have commands, it's just a name/value pair, and it's the browser which does the sending anyway).
This line is fuzzy because for inte
Mod parent up! (Score:2, Insightful)
Re:Useless? 'protected computer'? (Score:5, Informative)
So this bill applies to any computer in the United States which communicates with any computer not in the same state (reserving that power for the legislatures of the states). It even covers your computer, as long as your comments here can be broadly interpreted as "communicating". Yeah, I know -- it's a stretch.