Top Web Businesses Oppose Utah Spyware Law

theodp writes "According to MediaPost.com: 'Some of the Web's leading content and technology providers have taken action to lobby against Utah's controversial Spyware Control Act, which is awaiting the governor's signature. Web publishers and businesses including AOL, Amazon, Cnet, eBay, Google, Microsoft, and Yahoo! signed a letter to the bill's sponsors arguing that the bill could create serious repercussions for the entire online community. The parties to the letter warned that the bill could interfere with computer security and would also impair the delivery of local, targeted ads'."

I don't think it's a big deal.

I dont see a problem:

Under the bill, any software that reports its users' online actions, sends personal data to other companies, or serves pop-up ads without permission is prohibited.

How hard is it to get permission? All you have to say is: "Do you want to be informed of the best deals in your area?", and %90 of people will say: "Sign me up!". Im sure it will be easy to get around this law if a company wants to. And given the profit motive, why wouldn't they?

Re:I don't think it's a big deal.

dont most of these people already do this, they just bunch it somewhere in the ULA and just about everyone clicks ok.

Re:I don't think it's a big deal.

Those EULAs are a bunch of crap. Just clicking "yes" on a pop-up so it will go the F*%& away does not constitute informed consent. Also, if a user agrees to take one piece of adware, 8 or 9 others join in unannounced, and leave a door open for more. All spyware should be illegal pop-up "agreements" or not. How ya like dat?

I've got a particularly strong conspiracy theory about this. It goes like this:

1. The government should invest all the money for consumer protection in consumer education and programs to inform the public; do away with regulation; let the market make decisions.
2. Informed consumers would not simply click on something, or buy something etc.
3. Making it harder to sell things, more expensive, lowering profits.
4. So the government actually helps big business by pretending to hurt them with regulations. It doesn't abolish regulations and invest in education, empowering people to vote with their pocketbook, because it would work.

The only thing I can't figure out is if harboring this idea makes me ultra-liberal or ultra-conservative...

Re:I don't think it's a big deal.

%90 of people will say: "Sign me up!"

Actually, it will probably be more like SPAM is today: "You gave permission to one of our 3rd party affiliates to receive this great offer (blah blah blah)".

Will a permission clause really make that big of a difference?

Re:I don't think it's a big deal.

Aquateen Hunger Force 'Interfection' episode.

Wwwyzzardd: "You have been signed up to recieve free emails about other emails."

'And the surgery to have the implant inserted in the base of your skull is almost painless'

You're not paying attention.

See, the problem is, Spyware jerks (like Gator) always CLAIM that what they are delivering is (a) with permission, (b) wanted, and (c) delivering some sort of benefit to the consumer.

And it takes a hell of a lot to debunk that.

The BIG one is to get shitholes like Gator to stop using "trickler" apps that reinstall the program if the user tries to remove it.

Re:You're not paying attention.

Uhm, I dunno about you, but it would take absolutely no effort on my part whatsoever to debunk the above claims. Period, paragraph, end-of-story, I do not want advertising, advertising software, tracking software, special deals/offers, targeted marketing, tracking cookies, malware, spyware or anything other than the app I specifically downloaded or the web-page I specifically viewed. I don't give a d4mn if MS or Yahoo! (whose mail service I use) thinks this has security implications for them, as that's total BS of the pointy-haired boss [dilbert.com] variety.

If I went to gator.com (or whatever their website is) and downloaded their marketing software, that would be one thing. But I haven't, and never will. My guess is 98% of people wouldn't either. I don't want to be plagued by their crap. If I wanted to be some kind of running marketing/advertising survey participant, there are places I could go to do that (e.g. NPDOR.com) As it is, I don't even plug my satellite IRD or cable receiver (yes, I have both) into the phone line b/c I don't want them reporting my viewing statistics. I am not a guinea-pig for Nielsen, and neither is my PC.

So yah, fsck MS and Yahoo! and the rest. Destroy all spy/mal-ware and tar-ball and feather the spammers! I shouldn't have to run software on my PC to find out if some asshole webmaster or programmer is hunting for my name/email/home address/surfing habits, etc. Spyware, malware and the like are just overblown viruses (and just as malicious in many cases), and should be treated by the authorities as such. If Y! can and wants to denote my viewing habits within their site, that's fine. I subscribe to their service and use their hardware. If I click on an ad link (I won't), they can track that without ever installing software or cookies on my PC. Sure, that takes some horespower from their servers and space in their DBase, but I don't recall signing up for a Y! "Help us cut costs" distributed computing project. If I should provide my real name, address, or zip code to Yahoo! (I haven't, and won't) and they say they reserve the right to use that info, that's also ok, assuming I'm made immediately aware of this in very plain text at the top of the EULA. I even fed them a nearby zip code... I don't mind that there's an ad on my email page; That's how they make their money. I still won't click-thru, but they get paid by the impression, so if they want to send me ads local to Atlanta, that's ok, just so long as they

• keep their grubby paws out of my box!

The Internet may be the next big advertising medium (it's gotta pay for itself somehow), BUT MY PC IS NOT!

Final thought for close. It is permissible for neighborhoods and office parks, etc., to put up signs saying "No Soliciting". This means that you can't just walk onto mine or someone else's private property and harass them to buy something. People have been shot for less. There is a sign outside of my neighborhood that says "No Soliciting". Boy/Girl Scouts are ok in my book. Jehovah's Witnesses and Insurance salesmen offend me, and I don't want them at my door bugging me. The law gives me the recourse, when properly posted, to have these people fined or in some cases arrested. Used to be bulk mailin my Snail-Mail box. That was bad enough but went away with the internet (USPS must miss those days). SPAM in my email box is just as bad. But installing software/cookies without my consent (something no one will *EVER* get legitimately) is no different than a salesman violating my personal privacy and property to come into my home and pitch me stuff I don't want. I almost never watch TV. Never mind the lack of content on the tube ('cept for Stargate, Enterprise CNN/FNN, and Discovery Wings), the advertising is obnoxious... Can't even legally get a filter to tone down the volume of commericals. But I do suscribe for that content. Thank any and all G-d's that ISP's don't operate th

Re:I don't think it's a big deal.

Without having RTFA (yeah, shocking, isn't it), I'd say /big/ business will fight anything they feel would be the slightest inconvenience to their business-as-usual focus on p.r.o.f.i.t.

"What?! Testing DDT before spraying it EVERYWHERE? What don't you understand: No bugs!! You friggin commie business playa-hata."

"Waddyamean cigarettes might be bad for pregnant women?? What? No, of course we don't need to test it - it's silky-smoooth isn't it?"

"Union? You're fired! Unite that, buster!"

"Our cars burst in flames, you say? For no apparent reason, huh? Well ...how 'bout that.. look, cows!"

Politicians and technology, again.

-- Sigh --

Is this yet another example of technologically illiterate politicians eagerly passing bills without bothering to find out what the law is going to do?

At first, I read the post and thought, why are all these businesses opposed to this law? It must be a good law if a lot of big corporations don't like it.

But after reading the article, I think that the legislators' efforts went off half-cocked, and they let one company write the bill to suit themselves.

I wonder why these big companies waited until after the bill passed to begin lobbying. If the governor signs the bill, isn't it going to be a lot harder to get rid of it?

I'm in favor of laws limiting spyware and adware, but I think it's important to get it right the first time. If the FTC doesn't even have a definition for spyware, it's back to the drawing board.

Utah has done this before

Trying to be leading edge a digital signature law was passed that was basically written by a company that had started up doing what? Digital signatures! Oddly this company was spun off of the bank that the speaker of the house (Marty Stephens) works for.

At least thats how I remember it.

Re:Utah has done this before

This is pretty much how it works. I was listening to the Utah House Legistlative session online (listening for the UTOPIA bill) when I first heard about this anti-spyware bill. I can confirm that many bills are written and submitted by companies with the sole intention of trying to protect their interests and block out competition.

The problem is, there were hundreds of bills that needed to be debated, and so each individual bill gets little debate time. When a technology bill comes up, the attitude they all have is "Well...I really don't know what it means. However, I have to vote on it. If nobody else raises any serious objections, I'll assume its a good bill." This bill didn't have any serious objections, and so it was quickly passed.

On a side note, the anti-UTOPIA bill was written almost solely by Qwest to kill the fiber optic plan. The bill survived the first few legal hurdles before some representatives started to actively question the bill and how it was designed by Qwest solely to kill competition. Then representatives drastically amended the bill for the better.

Re:Politicians and technology, again.

I wonder why these big companies waited until after the bill passed to begin lobbying. If the governor signs the bill, isn't it going to be a lot harder to get rid of it?

The article mentioned that this thing literally sped through the legislature. The companies had to gather enough resistance to seem coherent and by the time they did, the bill passed. In today's climate of "See I help the little people" politics, this doesn't surprise me at all. Look at how quickly other "comsumer" or "security" bills have been slam dunked in US government. Modern politicians are deperate to seem like they are doing something that the common man and woman can grasp. Whether that something is the right something to do probably doesn't even enter the equasion. The more percieved "good" that a politician can do, the more room he/she has to do what they want and still get re-elected.

Re:Politicians and technology, again.

"they let one company write the bill to suit themselves."

People dont realize how epidemic this is in American politics. The politicians often don't even write the laws, they _literally_ allow companies to write the laws, and simply sign what they are given into law.

It even got to the point where laws are copyrighted, and one had to pay hundreds of dollars simply for a copy of the law. Someone posted a copy of the law online and was met with copyright complaints.

see here. http://caselaw.lp.findlaw.com/scripts/getcase.pl?n avby=search&case=/data2/circs/5th/9940632cv0.h tml

of course, they eventually found in Veeck's favor, http://www.ca5.uscourts.gov/opinions/pub/99/99-406 32-cv2.htm but it still must be noted.

heres a slashdot article on it:
http://slashdot.org/yro/01/05/13/1921223.shtm l

I could also post a flurry of links regarding American fore-father's worries about the growing strength of "company" and to watch out for its influence on the government, but that would be preaching to the choir.

Re:Politicians and technology, again.

Your link is incorrect. The case is here [uscourts.gov].

"For the reasons discussed above, we REVERSE the district court's judgment against Peter Veeck, and REMAND with instructions to dismiss SBCCI's claims."

You don't have to be braindead to get elected...

But apparently it helps.

Is this yet another example of technologically illiterate politicians eagerly passing bills without bothering to find out what the law is going to do?

H2O mixup creates scare [boston.com]

ALISO VIEJO, Calif. (AP) -- City officials were so concerned about the potentially dangerous properties of dihydrogen monoxide that they considered banning foam cups after they learned the chemical was used in their production.

Then they learned, to their chagrin, that dihydrogen monoxide -- H2O for short -- is the scientific term for water.

"It's embarrassing," said City Manager David J. Norman. "We had a paralegal who did bad research."

I don't fault folks for not knowing what dihydrogen monoxide is, but for charging ahead, guns blazing, completely unburdened by the thought process. Sounds like presidential material to me.

Smoke & Mirrors

For example, the parties to the letter warned that the bill could interfere with computer security by preventing information technology and security companies from collecting data to analyze and prevent virus attacks, and would also impair the delivery of local, targeted ads.

If they are that concerned about security they could have AV companies include a [X] "Report viruses to Foo.com AV Central" option to eliminate that minor complaint and be compliant with the new law. As for targetted ads.. well, that's what they're really concerned about. It's a multi-million (billion?) dollar industry. Screaming about how bad the bill is for security is just a smoke and mirrors game.

I only hope that the spyware people don't go after the AdAware [lavasoftusa.com] or Spybot Search & Destroy [safer-networking.org] folks under the guise of the DMCA.

The way things today are going though..

Re:Smoke & Mirrors

The Problem with AdAware and the like is that they do not actually block programs/controls by their own published guidelines. They also do not respond at all to any sort of dialog to inquire why they choose to block the programs that they do, yet not other toolbars which have the exact same functionality, privacy statements, uninstaller, and installer.

Hmm...

I doubt anyone is surprised by Microsoft's, AOL's, etc, complaints, but Google and the like? That seems a bit odd.

Do they believe that later legislation will "restrict" even more things that affect their buisness, or do they sponsor spyware?

If you think that...

your "targeted ads" are going to be discarded because someone thinks they're spyware, maybe the ads should be re-thought?

There's a Difference

There's a difference between a *relatively* benign cookie stored in the browser and a trojan spyware program as bundled with kazaa, comet cursor, etc.
Having said that, I'm not sure legislation is the best way to take care of this. Can't we use existing laws in court to fight spyware?

definition of Spyware

While this could potentially be welcoming, I fail to see it actually enforcable. With many programs that contain spyware, you agree to their terms of services which more than likely includes that 1. they may redirect you. 2. You allow them to update/install what they want ... and so forth. Further more there are programs that may not be spyware, but are milicious, and problematic for users (like RealOne).

Re:definition of Spyware

What are you talking about? I mean, I don't get spam anymore since the gov't stepped in, so why would this fail?

local, targeted ads?

..local, targeted ads..

So, since I live in Wisconsin, I should be seeing tons of ads for cheese and beer..?

Re:local, targeted ads?

So, since I live in Wisconsin, I should be seeing tons of ads for cheese and beer..?

What about those folks that live in Dildo, Newfoundland [nationmaster.com]?

Never mind the fact that it's located right next to Spread Eagle...

Re:local, targeted ads?

So, since I live in Wisconsin, I should be seeing tons of ads for cheese and beer..?

No, you should be seeing travel brochures.

Yes, well...

That's why those of us who give a damn do this:

- Refuse most cookies
- Block malicious servers with HOSTS files
- Mozilla (Block Images from Selected Server)
- Spybot/Ad-Aware (If in Windows)

Althought admittedly, this phrase is interesting:

"Under the bill, any software that reports its users' online actions, sends personal data to other companies, or serves pop-up ads without permission is prohibited. It does contain certain exceptions that some industry analysts have deemed "self-contradictory," such as "cookies" used for personalizing Web pages, and ads served by HTML or JavaScript."

That completely outlaws a crapwad of software there.

However, as a lot of spyware is non-U.S. in origin, it won't curb all of it.

Re:Yes, well...

Go to http://www.spywareinfo.com. They have a far better database than I do.

Here's a hint, though - a changed WWW prefix to ehttp.cc. CoolWebSearch.

Re:Yeah

I hate ads as much as the next person, but a couple of ads sure beats having to pay for services online.

I may be alone here, but personally I never really minded ads, and sometimes I actually miss those plain old static banners. Every now and then I'd click on one if it was something that caught my interest, and I even managed to pick up some decent bargains occasionally. As a matter of fact, I never even considered blocking any ads until they became so distracting that I couldn't read a sites content for fear of retinal burn from all the obnoxious flashing going on, so now I simply block everything I can.

So broad, anti-adware and kid-proofing is spyware!

Yep... this is an interesting problem. The bill says (1) A person may not:...
(c) use a context based triggering mechanism to display an advertisement that partially or wholly covers or obscures paid avertising or other content on an Internet website in a way that interferes with a user's ability to view the Internet website.

That could be read to say program that removes any part of the website from the user's view and replaces it with either something else or even plain nothingness is prohibited. So many non-spyware user-friendly uses of technology could get caught in the crossfire...

Re:So broad, anti-adware and kid-proofing is spywa

No it couldn't. It specifically says "display an advertisement", and a blank area is clearly not an advertisement by any definition. (And no, before anyone says "But a clever lawyer could argue...", the law doesn't work that way, it never has done. People get so hung up on urban legends about what clever lawyers have done together with righteous anger about laws that have been abused that they assume everything is a matter of lawyers redefining the English language. It almost never works that way.)

It kind of reminds me of an old Knight-Ridder News Service wire where it was explained why the inscription on the metal bands used by the U.S. Department of the Interior to tag migratory birds had been changed.

The bands used to bear the address of the Washington Biological Survey, abbreviated

Wash. Biol. Surv.

Until the agency received the following letter from a camper:

Dear Sirs:

While camping last week I shot one of your birds. I think it was a crow. I followed the cooking instructions on the leg tag and I want to tell you it was horrible.

The bands are now marked Fish and Wildlife Service.

Flawed laws

I agree that the law looks flawed, and it's okay to protest. What I don't understand is, where were these guys when another flawed law [spamlaws.com] passed congress?

Kiss your Internet companies goodbye...

This is a nice try by a well intentioned legislator, but a state law will have very little effect on the operations of Internet companies not operating from their state. Let's face it, the United States has trouble geting its laws to regulate offshore casinos and offshore-based music download services.

If you don't like the laws of the jurisdiction you're setting up an Internet company, it's far too easy to set up shop in a more friendly jurisdiction. With this law being clearly written by somebody who isn't bothering to carve out a nice safe territory for targeted ads, Utah will basically lose any bit of the Internet content industry it has left to other states.

effect on computer security

only effect on security banning spyware could have is to IMPROVE it. fucking spyware. sick of removing it from people's computers. it might affect computer sales tho. With no more spyware on their computers, newbies will be able to get by with a much slower machine. The loads of spyware make people complain that their 2.4Ghz P4 isn't fast enough and help sell the 3.2s etc, so that even with it's bogged down by spyware it still feels like a 2.0

Oh boo hoo, cry me a river.

I do not want to install their malware, nor should I think it should be legal to trick the user to install it either. If the users knew what kind of program it was, they would not install it. But it has to be hidden behind OS updates, Media Players, shareware, helper programs, toolbars, and other things.

Find another way to make money, I am not buying their defense of Spyware/Adware one bit.

Localized Internet Laws

I've always been puzzled as to how this works. I know there should be lots of cases of such things already (Sharman Networks, for example) where a "local" law is used to prosecute someone from another area.

With the Internet being what it is, how do we effectively enforce such things? Seems like a lot of chest-pumping without much effect. More politicians posturing? So how can local laws be enforced on a global community? (besides pissing enough people off to get the DMCA slapped on you and ruin your US travel itinerary a la Dmitri)

Re:Localized Internet Laws

The whole issue centers around the issue or Nexis in law. (The Connection) So long as the law allows that you are connected or had contact with the Plaintiff you are subject to the laws he has. It would seem that since the webpage is deliberately placed in a media and advertized in a way such as to affect the actions of a person in this or that jurisdiction it comes under the law.

The problem is that the EU for example does not honor UTAH warrants like the 49 other US States do. So this really only applies inside the USA. The Netherlands tried to apply jurisdiction as did Belgium to the whole world over "War Crimes" recently. It almost worked but the USA had other ideas on the matter and turned some screws and that died.

The real issue here is that the Business pushing the spam is selling goods inside the USA so it pretty much comes under the Nexis of US Courts and Laws. It would take a simple act of US Law forbidding the collection of any foreign debt which was incurred outside of US Laws and the Spammers would be out of MONEY.

If any US State simply forbid the collection of Credit Cards and Payments of Debits with Triplicate Damages plus Legal the Money guys would get in line. (Same as US Fair Debt Collection Practices Act of 1979)

CNET Article on state anti-spyware bills

CNET Article on Utah & Otherstates Spyware Laws. [com.com]

The result, after some negotiation and input from Net companies, is a bill that bars companies from installing software that reports its users' online actions, sends any personal data to other companies, or pops up advertisements without permission. It contains some loopholes: Advertisements served by ordinary HTML or JavaScript are exempted, as are the ordinary "cookies" often used to help personalize Web pages.

I still don't see how this is bad. Sure it has 'enforcement' issues, but it carries a $10,000 fine, it might serve as a good deterrent.

My Favorite Part!!

(b) recover the greater of:
(i) actual damages; or
(ii) $10,000 for each separate violation of this chapter.
(3) In an action under Subsection (1), a court may:
(a) increase the damages up to three times the damages allowed by Subsection (2) if the court finds the defendant willfully or knowingly violated this chapter; and
(b) award costs and reasonable attorney fees to a prevailing party.

---
1: Download adware
2: Sue
3: Profit!!!!
---
Bahama vacation here I come!

"TOP WEB BUSINESSES OPPOSE UT SPYWARE LAW"

And in other news:

The NRA is against gun control laws.

Anti-abortionist demonstrated at an abortion clinic.

Muslim extremists sent threatening letters.

The stock market is crashing.

And the sky is falling...

Claria

Companies like Claria and WhenU, for example, are legal adware providers, although each has been involved in high-profile lawsuits over their software. Both companies still face pending legal action.

What are they smoking? Claria is spyware [com.com].

Let me control my own computer!

Criminey Sakes already!

* It's my computer, bought and paid for.
* It's my software, bought and paid for (and/or acquired free, legally).
* It's my bandwidth, bought and paid for (on a monthly basis).

Let me decide what to do with it.

If I want to load up my HD with bloatware, spyware, malware or whatever, as long as it harms no one else... who the hell cares?

If, on the other hand, I want to run my system cleanly, block out all malware sources with a HOSTS file, install anti-spyware and anti-virus software and do whatever else I see fit... again... who the hell cares?

It's my choice to run my computer and my software to twiddle my own bits as I damn well see fit.

If the government doesn't know anything about what the hell it is regulating, it out to stay the hell out of trying to do anything with it.

I hate ads as much as the next guy, but...

I don't think we need Utah legislators dictating technology to us. Maybe I'm cynical after looking at other tech-laws. Do we really want laws written by someone who needs an assistant to write an email? I think everyone in my office has a computer that operates about 20-30% too slow due to spyware/adware. Maybe people should increase security on their browsers and watch what they download. While a law against spyware sounds cool, I just believe it's going to backfire on us somehow. Anyway this law wouldn't even protect against Gator (or whatever they're called) anyway [com.com] :)

Biased Article

I hope that nobody is using this article as a base for their opinion of this bill. That had to be one of the most biased articles I've read lately. Here's just a few of the problems:

• Googe, Yahoo, cNet, and eBay are involved, but the writer never directly quotes them, favoring to paraphrase their letter.
• There are no opposition quotes.
• The only quoted source is Avi Naider, who is the CEO of an adware company that is hurt by the bill.
• MediaDailyNews is not an unbiased source; it is in their best interest to see this bill fail.

I'm not sure whether this is supposed to be actual "news" or just a PR release. I know nothing about the actual bill, but this article definitely did not help me understand it. Why is Slashdot covering such a biased piece?

Send A Public Comment to the FTC

Got an idea on how to make them Spyware laws better?

Turns out the FTC is gonna be hosting Spyware workshop here in DC in April. FTC Workshop Information [ftc.gov]

The workshop is titled Monitoring Software on Your PC: Spyware, Adware, and Other Software and will take place on April 19, 2004. It is open to the public and there is no attendance fee.

On the site is information on how to submit a public comment to the records of the event.

I DO think this is a big deal.

Spyware MUST be outlawed. Otherwise, don't be surprised when, say, Google starts telling you, "Sorry, we just tried to install our 'tracking' software on your system and failed. Please take your searches elsewhere."

Simular to the spam debait

This is very simular to the spam debait, only becuase its the ones that go out of there way to hide who they really are, and where it came from.

I hate spam as much as everyone else. I have a series of filters I use to get rid of as much as possiable. Even then, it only works about 98% of the time.

If I install AIM, they have a little bar that shows ads. That doesn't bother me. I get a free service from them, then just have to have a SMALL add in the "buddy list". Small price to pay.

What I don't agree with, is companys that install spyware without telling you about it. They NEED to say they are going to install it, and when you uninstall the application, the spyware needs to be uninstalled as well.

Another thing, which is how they get you to install there spyware. I had a problem a while back, I went to some silly joke website. It asked if I wanted to install Macromadia Flash. (Notice the spelling) Since this was a new latop, I said sure. From that day on, every 12 hours and everytime the laptop booted up. It would ask if I wanted to install "free scratch cards". Funny, there is a EULA, and an accept button. No decline / cancel / exit button, no close button, etc.

Everytime you would delete the file, it would reappear a few hours later. Still to this day, I can't figure out how to get rid of it. I did however find a way to disable it, but its still on my machine.

That should be illegal. You should be required to tell the user WHAT they are REALLY installing. Misspelling company names and what not should be considered as fraud. Bundling spyware with other freeware apps without mentioning this to the user should also be illegal.

Hijacking browsers and making it very difficult to change, or reset should also be illegal. I had a friend of mine whos machine was taking over so bad, that is browser only had 1 inputbox. No back and forward arrows, no stop or refresh. Just a inputbox which submits to a spyware search engine. Which interestingly enough returned the SAME results as google, even had the same style. The difference is, the names where changed and there was ads ALL over the place. It was so bad, that a reinstall of windows was the best option.

I don't have a problem with ads on freeware apps. As long as ...

1) I am told about it
2) When I uninstall the freeware app, the spyware goes along.
3) It doesn't damage my system by hijacking it.
4) There isn't fraud as to the source of the application or its install methods.

Interfere with local, targeted ads?

"and would also impair the delivery of local, targeted ads.."

Gee, wouldn't THAT suck. Allowing people to use the 'Net without constant harrassment from marketers would surely provoke an outcry from the outraged Net populace.