Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

Iowa Senate Proposes Making Spyware A Crime 26

Cooked Chicken writes "Iowa State Senator Keith Kreiman (D) is proposing Senate File 2200, an act making the distribution of Spyware without notice an aggravated misdemeanor, punishable by confinement for no more than two years and a fine of at least $500 but not more than $5,000. The proposed bill also provides victims and county attorneys with the ability to file a civil cause of action for relief from conduct constituting the crime of unauthorized collection and disclosure of personal information by computer."
This discussion has been archived. No new comments can be posted.

Iowa Senate Proposes Making Spyware A Crime

Comments Filter:
  • I'm all for it. (Score:5, Insightful)

    by HotNeedleOfInquiry ( 598897 ) on Monday March 01, 2004 @10:54PM (#8436844)
    It's illegal to personally use someone's machine without their consent. It doesn't take a huge jump of logic to see that launching a program to use their machine without their consent should be illegal as well.
    • Re:I'm all for it. (Score:4, Informative)

      by sdibb ( 630075 ) on Monday March 01, 2004 @11:36PM (#8437201)
      Agreed, but don't those asinine EULAs apparently cover everything? I mean, even one of Microsoft's says that you give them permission to remotely login and change anything anytime for any reason (if I remember correctly).
    • Re:I'm all for it. (Score:3, Interesting)

      by Bishop ( 4500 )
      Agreed. I hate spyware. I hate programs that call home with file listings from harddrives. But a nasty law like this is not the solution. There are even enough clauses in section 3 that would allow most spyware as legal. (Read 3a and 3b.) Similar to anti-spam laws this law is not going to stop the sleaze balls. There are already laws on the books now that could be used to punish spyware.

      Worst this is the kind of law that will be used as a trump card to make a criminal out of some kid who causes a little mi
      • Re:I'm all for it. (Score:5, Informative)

        by Ethidium ( 105493 ) <`moc.oohay' `ta' `ket_aihc'> on Tuesday March 02, 2004 @01:23AM (#8437789) Homepage Journal
        Section 3a allows software programs to determine whether the user is licensed or authorized to use them (i.e. collecting information is not the main purpose of the program)

        Section 3b allows software for technical support purposes on the user's request.

        How does this "allow most spyware as legal?" The infamous gator, for example, is neither.
        • Re:I'm all for it. (Score:3, Insightful)

          by Bishop ( 4500 )
          Gator provides a service of "autocompleting web forms." While this service is useless, Gator can still claim that monitoring every website the user visits is an important part of insureing that Gator works. E.g to diagnose crash information. This really is not much of a stretch and any lawyer would argue this in court. Remember that logic has no place in a court of law. Gator also dosen't give a damn about "personal information" as deffined by para 4.a.1-7 of the proposed bill. Gator is mostly interested in
    • Right on. The more people react against this junk, the better. And they're gaining momentum. Oh happy day.
  • Penalties (Score:5, Insightful)

    by Bad Boy Marty ( 15944 ) on Monday March 01, 2004 @11:06PM (#8436935) Homepage
    In my humble opinion, those penalties are only remotely strict enough if they are assessed per instance installed. Otherwise, even the maximum fine of $5000 is a drop in the bucket for most adware/spyware perpetrators.
  • I am skeptical (Score:5, Interesting)

    by MobyDisk ( 75490 ) on Monday March 01, 2004 @11:16PM (#8437052) Homepage

    This is a step in the right direction. We need this type of legislation ASAP. However, I should point out:

    This bill establishes a criminal offense of unauthorized collection and disclosure

    The problem is that much spyware explicitly tells the user what it is going to do: in the EULA. But how many users read the EULAs? How many people understand them? As a computer repairman for lots of moms, granny's, and kids, I can tell you that these people won't read the licenses even if I explain to them the importance.

    the crime...by making available or providing access to computer software or an interactive computer service that collects identifying personal information and discloses such identifying personal information to persons other than the user without first giving the user notice.

    Some interesting stuff

    • It's legal if you disclose it in the EULA
    • Making the software available is the crime: So hosting providers better watch out.
    • Malware and adware are still okay
    • "anonymous" usage info is still okay.

    We privacy freaks now understand that "anonymous" usage information tied to "unidentifyable" facts like my sex, birthdate, and zip-code are sufficient to identify me when partnered with other databases.

  • While they're at it, they could make identity theft a capital crime, raise speed limits on rural roads, and skip raising the sales tax.
  • To paraphrase, the bill defines spyware as programs that send "Identifying personal information" without user knowledge or consent. It has a list of obvious exceptions, what's left is spyware.

    a. "Identifying personal information" means ...
    the following:
    (1) Name.
    (2) Address, including the street name or name of city or town.
    (5) Social security number.
    (8) Any other information identifying an individual.
    (I cut some stuff out, but you get the idea.)

    Do we hate spyware because it sends out this kind of information, or do we hate it because it runs in the background, shows pop-ups, and makes the computer unstable?
    I don't have a problem with the bill, but I don't think it target's the underlying problem of nearly self-installing crap-ware.

    btw, my computer's always 100% spyware free, it's my parents' computer that's beyond redemption.

    Sangloth
    I'd appreciate any comment with a logical basis...it doesn't even have to agree with me.
  • Bad Law (Score:3, Insightful)

    by max born ( 739948 ) on Monday March 01, 2004 @11:47PM (#8437267)
    If you have too many laws for the Internet, you'll stiffle its development and waste a needless amount of society's resources.

    People will be more apprehensive about developing new ideas for fear of lawsuits and others will spend enormous amounts on litigation.

    And even if that's not true.

    How could you write such a law. Spyware? What's that? If Microsoft polls your computer for update requirements, would that not constitute a violation of such a law? If so Microsoft will amend its license agreement to compel a user to allow such Spyware. People who write programs will draft similar licenses, then they'll be lawyers, and endless amounts of everybody's time and energy.

    I would much prefer a technical solution at the user end, it's cheaper and more elegant.

    • Re:Bad Law (Score:3, Insightful)

      If you have too many laws for the Internet, you'll stiffle its development and waste a needless amount of society's resources.

      Just how does banning spyware stiffle development? Where do you draw the line? And the line does have to be drawn somewhere. As far as I'm concerned, the line is my hard drive. Muck with it without my permission and you've crossed the line.

    • Re:Bad Law (Score:5, Insightful)

      by cgenman ( 325138 ) on Tuesday March 02, 2004 @12:37AM (#8437537) Homepage
      It's illegal to use another person's equipment in a way that they don't approve of, why not another person's computer? Does it matter if your mechanic hands you a stack of papers that says, somewhere on page 25b, that your car will be used every tuesday by Stop and Shop? It's still flagrantly illegal. Windows update is understandable behavior for an operating system, whereas if Internet Explorer sent your surfing habits back to Microsoft it wouldn't be.

      I'm all for technological solutions, but if I'm going to be legally banned from flamethrowing someone's servers I want some degree of protection in return. Malware is any software that performs activities significantly differently than those it presents to the user for the purpose of doing something the user probably wouldn't approve of. If someone releases a program to stop pop-up advertising, and it turns out to also replace every icon on the desktop with a link to an AOL signup page, I want justice.

      The first thing that needs to be done is, of course, throwing out EULA's. EULA's are not a product of necessity for the internet age, but rather an old leech in new clothing. There are widely accepted practices for software usage and sales, and those should be considered the standard.

      Everyone knows what "Spyware" is, the same way that everyone knows what "Sexual relations" means. Just because some lawyer may try to make it meaningless by envoking a draconian definition doesn't make it any less meaningful to the person on the street.

  • Think about it.... (Score:4, Informative)

    by Sayten241 ( 592677 ) on Tuesday March 02, 2004 @12:27AM (#8437485)
    The problem is that in the EULA of the program it usually says something about you permiting the company to run the spyware. We don't need laws about this, just more competent computer users.
    • by WebGangsta ( 717475 ) on Tuesday March 02, 2004 @09:27AM (#8439939)
      Even if it's printed in the EULA, it would be nice if the installer would inform you of exactly what program(s) was being installed, and that the spyware's uninstaller worked and removed it. We've seen numerous cases of spyware programs getting installed behind-the-scenes that don't have valid uninstallers to go with them.

      And I'm not just talking about uninstallers for the spyware -- if I install a program that has a tagalong app bundled with it, I expect the original program to have uninstall options for those tagalong apps as well. Otherwise, it's a form of electronic littering.

  • It's nice that some state governments are willing to look after their constituents. It's just too bad that the US federal government (and most other governments worldwide) are unwilling to take such measures.

    The history classes I've taken seem to suggest a time when western governments actually worked for their citizens, rather than against them. It would sure be nice to see a return to such days. (smarminess intended)

  • by j-turkey ( 187775 ) on Tuesday March 02, 2004 @10:09AM (#8440306) Homepage

    One important thing to remember in this discussion is that many companies spend far more time keeping their networks spyware-free than they do worrying about viruses/worms. I know mine does.

    I don't really view spyware/adware/etc as anything other than a virus/worm with an EULA. If mydoom had an EULA attached to it which specifically states how it will work, and what it will do (in perfect legalese) -- should this be legal to write and spread in the wild? I say hell no. Anyway, since EULA's are not signed (in any way), and don't even have to be read -- they're not really an "agreement". They're more of a proclimation. Not only are their names misleading, but certain fundamental rights cannot be taken away by an EULA (and these are). Why not call one of those rights "control over your computer and personal information"? Maybe even redefine how EULAs are written. If you're giving up control over certain functions and information, maybe it should be in BIG BOLD LETTERS in plain English at the top of the agreement (rather than somewhere in the middle, small print, and in legalese so ambigous, most lawyers would read it and say "WTF?").

    It's about time that someone did something (not that this is the best thing to do). I'm all about freedom -- let people do what they want as long as nobody gets hurt. However, when software depends on mass trickery in order to propigate, then there is a problem. When it comes to spyware/adware, it's important to let people know what they're getting into -- this is where we should start.

    • Even with these changes, you still have the problem of extortion. If I buy software from the store, open it, read the EULA, and don't like it, it is very hard to get my money back. Also, there is the lost time and potential lost business and missed deadlines from having to find another program. Store bought software can also have malware.

      And then you have the unequal position of the two parties (unless you're a very big business).
      • Even with these changes, you still have the problem of extortion. If I buy software from the store, open it, read the EULA, and don't like it, it is very hard to get my money back. Also, there is the lost time and potential lost business and missed deadlines from having to find another program. Store bought software can also have malware.

        As long as retailers accept the software returns, I don't see a problem. As far as lost time and potential lost business -- caveat emptor. That's never been a reason

  • 3. This section shall not apply to persons making available computer software or interactive computer service that is reasonably needed to do any of the following:

    a. Determine whether or not the user is a licensed or authorized user of the software.

    b. Provide technical support for the use of such software or computer service upon request of the user.

    c. For any legitimate law enforcement purpose as authorized by applicable federal, state, or local law.

    d. To enable an employer to monitor employee co

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...