NYS Senator Suggests Criminalizing Spyware 322
putch writes "New York State Senator Michael Balboni has introduced legislation to make the dissemination of spyware a criminal act. You can read the full bill text here. Is this a good thing? It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user. It would seem to me (IANAL) that it would be quite unenforceable, but may send the right message to spyware outfits. Also interesting is that it requires any 'legitimate' spyware to disclose any bandwidth it may consume and requires the disclosure to be in bits per second." The bill is quite short and readable. (This might remind you of the recently introduced anti-spyware bill in the U.S. Senate.)
When is he up for re-election? (Score:5, Insightful)
I'd be more interested in something that took a dig at the EULAS, in the grand tradition of protecting silly people from themselves. This bill looks like do-nothing election-year fluff. Were I a New Yorker, I'd tell this fellow to go back to the drawing board and try again.
Re:When is he up for re-election? (Score:5, Insightful)
Gator's lastest tactic is to display a hyperlink in the ActiveX install box that the user has to click on in order to see the terms of service. If the user just clicks "Yes" without visiting that link, they've agreed to a long document worth of terms without having them transmitted.
That shouldn't be possible. That shouldn't be considered an acceptance of the license.
Re:When is he up for re-election? (Score:5, Insightful)
In America, you pay for the privelege to be spied on, infiltrated, and abused? wtf?
Re:When is he up for re-election? (Score:2)
Re:When is he up for re-election? (Score:5, Insightful)
That's been the clause of software packages since, um, forever. Same for hardware. You're out of your fucking mind if you think otherwise: the only way you'd not be in such a scenario is if you paid mucho denero to a company for insurance and/or some sort of odd support contract. You get no gaurantees.
No, these EULAs (spyware, microsoft's, and many others) are more the equivilant of, "You agree to let us fuck you in the ass repeatedly" or, "You agree that we can sell your personal information without your explicit permission," or "You agree that you don't mind these goddamned popups every several seconds." It's like someone saying, "Let us use your lawn to watch the fireworks" and they bulldoze your house to put in bleachers.
Re:When is he up for re-election? (Score:3, Insightful)
-----
EULAs (spyware, microsoft's, and many others) are more the equivilant of
-----
Which is far above and beyond the humorous summary of GPL.
So you're agreeing with me... in an adversarial way?
Re:When is he up for re-election? (Score:3, Informative)
Re:When is he up for re-election? (Score:5, Insightful)
I think this world has degenrated to a level of: Regardless of any legal documents you may think exist, you have no rights. Now, if you'll just sign here and agree to let us hamstring you, we might give you some of those rights that you think you have. If you don't sign the dotted line then you're free to take your chances at paying rent while working as a cashier at McDonald's.
Re:Agreed (Score:4, Insightful)
If software does not behave as advertised, that's par for the course.
As we say in Wisconsin, what the fuck?
Re:Agreed (Score:4, Insightful)
Also there's the fact of multiple bits of software from a multitude of vendors interacting can screw up something royally, even if they apparently should work flawlessly. Sometimes its program logic thats skewed, sometimes library or call incompatability. Hell it could even be library incompatability within different revisions of the same software.
It should work with all the programs working to a reasonable set of rules. But people discover shortcuts and they like these shortcuts in the name of efficiency or laziness. Thusly computers are far more likely to shit themselves.
Then again i have had a workmate who had a warranty repair on a engine failure in his car (second time around in 1000km, still well within the 30,000km warranty) refused under warranty. Simply because the dealer advised him to go out and get a 2nd hand waterpump to make do as getting a genuine part in would mean his car was off the road for a month.
He rocked up after those 1000km's with a very broken car and was told to nick off as they cant touch it. Simply due to the secondhand part in it that could have caused the engine failure. It had nothing to do with their shoddy workmanship and having fergotten to check the bigend bearings as well as the top end.
Re:Agreed (Score:5, Insightful)
Oh and there ARE computers where our 3d graphics products can cause blue screen errors. This is a result of the interaction between Windows, crappy drivers that misreport features, crappy 3d hardware that doesn't comply with spec, and our software. Who the heck do you hold responsible for this? It's all good and well to tell me that my software needs to be responsible, but if I write to the API that MS provides me (DirectX) and the hardware vendors don't provide drivers that comply, whose fault is it now? How do I make the users understand that? How the heck do you think these issues would work themselves out in court?
My point is that a car is a commodity item with a simple and straightforward user interface. The two most critical parts of the UI are "stop" and "go". The whole unit is tested and quality assured as a package by the manufacturer. If you add all kinds of aftermarket dingdongs to it, A) they are usually cosmetic, not functional, B) if they are functional, it's generally your fault if you've fudged it up. Computers are made to have people install software written by hundreds of different manufacturers on them, written to interoperate with often-fuzzy specifications and no central quality control process to make sure they all play nice with each other. And the more hardware-dependent an app is, the more likely there are to be a whole other range of problems with it. So no, it's not reasonable to hold software developers to the same standard as auto manufacturers because the nature of the products are so radically different.
If you want it to just work "as advertised" all the time, it better be a standardized hardware config with a fixed OS version, driver versions, and software installed on it, or you can forget about it.
Re:Agreed (Score:3, Interesting)
The nearest computer equivalent to a car is an IBM mainframe. I was a mainframer in the 1980s, and 100% of the hardware in most shops was IBM. The OS was IBM. All of the software on the machines in every shop where I worked came from three sources: IBM, CA, or it was developed in-house to IBM APIs.
If you had a problem, you could get an
Re:Agreed (Score:3, Interesting)
I know now that DirectX
Computer != car (Score:3, Interesting)
Oh, and if you start mucking around with you're car's internals, throwing in strange fuel additives (while the neighborhood kids pour sugar in the gas tank for good measure), and bolting on
Re:When is he up for re-election? (Score:4, Insightful)
Re:When is he up for re-election? (Score:3, Insightful)
Oral contracts aren't worth the paper they're printed on i.e. no proof no contract.
Both parties have to agree to not only the same contract but also the same interpretation of the contract (which is why when you get a cell phone before you sign anything the sales person has to walk you through the entire contract).
A proper contract is noterized and signed by a witness.
A proper contract is between two people o
Re:When is he up for re-election? (Score:3, Informative)
I agree, there is no way a EULA can be valid under contract law, although there are some factual errors in your post I should clear up. Oral contracts are just as valid as written ones. Of course, if there are no witnesses and the other party is willing to perjure him/herself, then you can have a problem, which is why signed papers are preferable. Notaries and witnesses are not required, they just (like having it on paper) make it easier to establish facts later if you have to sue to enforce it.
But EULAs l
Re:When is he up for re-election? (Score:3, Interesting)
That's not duress. Unless of course you were put in that position by the credit card guys, through no fault of your own, then the point could be argued perhaps.
: wrongful and usu. unlawful compulsion (as threats of physical violence) that induces
Time to fight back (Score:5, Interesting)
There is a concept in law called unjust enrichment. It is actually a very old form of action, but it is kindof not used as a lead claim usually. The idea under unjust enrichment is that the defendant received a benefit which is unjust for him/her to keep. The cool thing about unjust enrichment, if the court buys it, is the plaintiff can get disgorgement of profits.
I am writing a paper this semester on a theory to sue the spyware companies. I even talked to one of the leading attorneys in the US in class actions - involved in such suits as the one against DoubleClick.
All the cases for online profiling have failed so far under federal causes of action - the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the so called Wiretap Act. I'm thinking a better route might be with state level actions such as trespass to chattels and unjust enrichment.
That DoubleClick case was interesting. The judge accepted a settlement agreement. One thing stipulated is that it covered all people in the US who had a DoubleClick cookie on their computers before some date in 2002. The other, get this, is that the attorneys got $1.8 million for "reasonable fees".
Now, who wants to pick an online spyware company and try again? I'm damn serious. If a case succeeded, it could make a career.
Re: EULA's are sometimes illegal (Score:5, Insightful)
Well, kinda. They contain rules that if enforced, would break the law.
Software companies put anything into EULA's and they know that half the stuff in them is likely not enforcable. But you'd have to go to court and have a judge decide; a luxery that most people can't afford.
Re:When is he up for re-election? (Score:3, Interesting)
Re:When is he up for re-election? (Score:5, Interesting)
That shouldn't be possible. That shouldn't be considered an acceptance of the license.
Why should spyware companies be treated differently than anyone else when it comes to agreements?
When I bought my house, I was handed a stack of papers connected with the mortgage, asked to read them, and then sign. The banker did not hold my hand and explicitly tell me anything bad that could happen. It was entirely my responsibility to sit and read those papers.
Likewise when I bought a car, signed on for the utilities for my house, started using a credit card, etc etc so on and so forth. I did not have to prove I really read the papers, not did the companies involved have to explicitly point out bad things to me anywhere other than in those agreements. No one stood over me to make sure I really read the things, and no one forced the companies to read them to me.
While I think spyware companies like Gator (and yes, I'll call 'em "spyware" straight up, and Gator can kiss my ass if they don't like being called spyware) are the lowest form of pond scum on the earth, I also do not believe in subjecting them to tighter requirements than other businesses.
If you don't read the EULA, you have no one to blame but yourself.
And yes, as a matter of fact, I did/do read through all of the agreements I used as examples above, and I sit and read the EULA for every piece of software that gets installed on my machine.
Re:When is he up for re-election? (Score:3, Informative)
When I bought my house, I was handed a stack of papers connected with the mortgage, asked to read them, and then sign. The banker did not hold my hand and explicitly tell me anything bad that could happen. It was entirely my responsibility to sit and read those papers.
The mortgage doesn't require it, but your realtor is required by law to go over the paperwork paragraph by paragraph with you.
It took me over an hour with my realtor just to do the paperwork when I bought my house. Each paragraph was exp
Re:When is he up for re-election? (Score:3, Interesting)
"Value" is in the eye of the beholder. It is not the purpose of government to define what software has "value" and what doesn't.
Re:When is he up for re-election? (Score:3, Insightful)
Side thought: there are regulations on how small the "fine print" in meatspace adve
Agreed (Score:5, Informative)
I'd have to agree. Spyware is any software that installs, either with or without permission, to monitor the user and relay information to third parties, for the purposes of selling merchandise or services. Spyware runs in the background, and is difficult to uninstall, or breaks other programs when uninstalled.
Re:Agreed (Score:3, Funny)
Uh, or spying?
Spyware that steals credit-card-numbers, etrade accounts, etc is the spyware I fear most.
I like some spyware. (Score:2)
If I used Windows, or all sorts of windows apps, I'd want them to spy on me to see if my latest security patches were up-to-date. I think your average windows luser will _want_ to know when he needs an upgrade of certain software.
Spyware I fear most is that that actually does spying - i.e. steal credit card number, passwords, keystro
Re:When is he up for re-election? (Score:3, Interesting)
Anything that gets the idea into the general public consciousness can't be all bad. What is really needed (for the "Survivor" crowd) is an onslaught of PSAs that outline, in simple terms, how to handle spam and scams.
Question is, who is going to pay for it?
Criminalizing is a bad idea (Score:5, Insightful)
Re:Criminalizing is a bad idea (Score:3, Insightful)
Some people (aka myself) don't like to be continually reminded by an application that they have to purchase/download an upgrade for the software.
If there is a patch/upgrade available, they can let me know by email.
The application does not need to "phone home" for any reason.
Re:Criminalizing is a bad idea (Score:2, Interesting)
It defines spyware as software that transmits personal information or computer usage data without obtaining explicit approval from the user.
Technically, any time your computer sends a TCP/IP packet, even for something as trivial as a ping, that is broadcasting the fact that you are using your computer.
So now what do we have? All Internet applications are by definition Spyware unless each user has approved the program to do its duty. But of cour
Re:Criminalizing is a bad idea (Score:3, Interesting)
Re:Criminalizing is a bad idea (Score:5, Funny)
Those of us who warned of the slippery slope of cookies were ridiculed and ostricized by starry-eyed users who were lured by promises of ease of use, functionality, and customized foot rubs.
I guess they got what they deserve--spyware, malware, adware, and spam--now they want us to do something to stop it.
These aren't even in the same league (Score:3, Interesting)
And at every step, somebody complained, loudly, that this was the end of the world.
Maybe it's not a good thing that doubleclick knows just about every news article I read these days. Maybe it's not so great that those news articles are crammed between (blocked) ads.
But you know what? Those are mere trivial anno
Re:Criminalizing is a bad idea (Score:3, Insightful)
The real issue here, from what I can see, is that we're trying to criminalize taking advantage of ignorant and/or gullible people. Yes, it's a bit of a fuzzy line. But ultimately people are resp
Use Utah law as inspiration for a better Fed. law? (Score:5, Informative)
LWN ran a story about the Utah anti-spyware law [lwn.net] last month. A number of parties objected, but don't appear to have any legitimate grounds for complaint. The law doesn't ban spyware outright, but requires that spyware explain to the user what it will do, and obtain the user's consent before doing it. Only naughty people/companies should have a problem with that.
The LWN story links to an excellent analysis of the law by Benjamin Edelman [benedelman.org].
Re:Use Utah law as inspiration for a better Fed. l (Score:3, Informative)
That alone should protect most people.
Explicit Approval? (Score:5, Insightful)
Seems like the problem here is "explicit approval". I have personally witnessed people who just answer "YES" or "OK" to anything and everything that pops up on their screen - are they not giving explicit approval? They may be signing away their first born in a paragraph you have to scroll down to see, and they would never know.
Re:Explicit Approval? (Score:2)
Re:Explicit Approval? (Score:2, Insightful)
Can you imagine the increase of the price in software if it had to go through a federal FDA equivalent to make it to the product shelves? Pirating would go through the roof and then all of these corporate monopolists would push for Trusted Computing that much harder.
Besides, Quaker doesn't admit to adding mercury to their oats and the federal labs don't bother to test Quaker oats but once a decade, with 5 years advance notice, using a special box shipped out the side door. How would labe
Digital Agreements... (Score:5, Insightful)
I think that it'd be useful for there to be a legal standard for how a EULA must be presented to a user to be binding. I don't think it should be possible for a user to be legally bound to an agreement that they might have missed by too quickly clicking a "Yes" button.
Re:Digital Agreements... (Score:5, Insightful)
How about, not binding unless read, agreed to, and signed BEFORE you buy/download the software for a start.
I think shrinkwrap liscenses are a load of bull and they should be just as struck down as they were when they were tried on other products some time ago.
Also the requirement for 'plain language' was a good thing in the proposed bill, however a requirement of prominance and a reasonable effort to make shure it's actually read would be nice as well.
Plus some of the vagueness needs to be taken care of. As it currently stands some spyware could get through and some non-spyware could be 'caught'. I believe someone else mention the update feature on software, though I'd rather not have more than a notice be automatic, or at least require auto-updating to be turned on. McAfee's updater is broken, it tries silently EVERY 5 MINUTES. And if you've configured windows to automatically connect it'll quite happily do so and if your paying by the minute..........
Mycroft
Re:Digital Agreements... (Score:5, Insightful)
It is that people don't want to read them. I've seen some where the reader has to scroll all the way down through the license before it is even possible to click the 'I Accept' checkbox. This is a step in the right direction, but the fact is, it isn't enough to help most users. They will figure out what they have to do do get past the license agreement, and most will never even consider reading it.
Re:Digital Agreements... (Score:3, Insightful)
If anyone agrees to a contract (whether they have read it or not) they deserve to be bound by it. I am in no mind to defend people who agree to contracts they have not read; rather I think we should fight spyware that is true spyware - installed without warning, contract, etc, and hard to uninstall - there is plenty of this about, including from the likes of Gator.
Re:Digital Agreements... (Score:5, Informative)
It's a shame, however. Consider employment. Because I'm a skilled intellectual employee the companies that I work for ask me to sign away all rights of ownership to anything that I do while I'm under their employment, _AND_ to keep them notified for up to three years of where I am and what I'm doing if I leave, _AND_ to agree never to use anything that I learned or discovered while employed with them to benefit any future employers. Strictly speaking, according to the terms of employee agreements, everything that I've done since 1999 is in breach of contract because everything that I do now was built on skills that I learned then. The only thing that saves me is that I'm not a big enough fish and haven't come up with any multi-billion dollar saleable ideas which would attract the attention of their legal vultures.
The US Constitution, specifically the parts about patenting of ideas and inventors retaining the rights to their invention, was written at a time when an individual wasn't dependent upon some communist corporate entity in order to breathe, eat, and have shelter and clothing. The spirit of those sections is being violated on a massive basis by every company in the US through employee agreements.
EULAs are similar. EULAs were written at a time when a few rich idiots lost their harddrives because they wanted to be cool and defrag their hard drive, didn't want to wait for it to finish, and clicked "cancel". Any half-savvy computer user knows that you don't take the disk out of the drive when the red light is on. I guess people thought that the basic premise of read/write integrity is negated by the invention of the "fixed disk".
All rants about incompetent users aside, though, the EULAs have grown to be in direct violation of basic codes of ethics with respect to product quality.
Re:Digital Agreements... (Score:2, Insightful)
Re:Digital Agreements... (Score:5, Insightful)
Maybe the biggest problem with EULAS is the fact that they exist at all.
The only thing an application should have is a copyright notice.
EULAs are only used to try and take away a user's rights (illegaly) that go beyond copyright.
Do you know of any store that will take back a piece of opened software and give a refund that you disagree with the EULA ??
EULAs are immoral in the extreme. This has to be the first issue that a computer rights group should take up.
And the statement printed on software boxes (like microsoft's) that state "You must agree to the end user license to the software" or other such statement is so much poo smelling malarky that it's not funny.
Re:The real purpose of a EULA ... (Score:3, Informative)
That's pretty much straw-men arguments.
First, all you would have to do is a have a splash screen that said "copyright 2004 all rights reserved. No warranty implied nor given." That would pretty much cover the purpo
There's a difference... (Score:3, Interesting)
Re:There's a difference... (Score:3, Insightful)
One can be considered a notice, while the other is an implied contractural agreement (though it is quite legally questionable).
doctor's services, on the other hand, I would categorize essential. But I think you'll find that in situations where software is essential for human life (such as you described above), there is liability involved. That's why those kind of devices cost tens of thousands o
Re:Digital Agreements... (Score:3, Informative)
IANAL but but I do know that paper contracts work the same way. If you sign a lease or a loan agreement, there is no requirement that you actually turn the paper over and read the leagalese on the back. And if that legalese states that some other document is included in the contract, you don't have to read that, either. In fact, the other party does not have to make the included do
Yes, this WILL end spyware (Score:5, Funny)
Re:Yes, this WILL end spyware (Score:3, Interesting)
Sure, it won't elimiate them, but it'll put them in the proper class of scum.
Re:It'll hurt them (Score:3, Insightful)
If these companies want to continue to do business in the USA and sell products to U.S. customers, they will have to think twice about continuing with producing spyware or doing business with spyware companies.
Re:Yes, this WILL end spyware (Score:2)
Re:Yes, this WILL end spyware (Score:3, Funny)
To: The Senate
From: The Supreme Court
RE: Anti Spyware Bill
When writing bills, please refrain from using all caps, IT'S LIKE YELLING.
But... (Score:3, Insightful)
Figures... (Score:3, Insightful)
Re:Figures... (Score:3, Insightful)
Computer Crime Double Standard (Score:5, Interesting)
I think I'd go to prison, don't you?
Why, I think there are some laws against doing that.
Now, switch Big Company with some anonymous little guy. And we debate about whether or not it should even be specifically against the law... Hah.
Re:Computer Crime Double Standard (Score:2)
The problem is that users are signaling that they are making agreements without realizing just what they've gotten into. In order to properly cut these kinds of programs off, we need a higher standard for clickwrap agreeme
Re:Computer Crime Double Standard (Score:2)
We need to get rid of this false sense of security that comes from the EULA. I've noticed that a good portion of the public seems to think that any program with an EULA is a good quality product and any program without an EULA is a cheap home made hack.
Forget Sun-Tzu's "The Art of War", how about "T
Re:Computer Crime Double Standard (Score:5, Insightful)
I use Mozilla. I don't miss the "content" that oh so many of these objects supposedly allow me to access. I don't even know it's missing, most of the time. Most people get so many of these that they just instinctively click "yes," because otherwise something "might not work right".
And yet people are inundated by their scourge many times daily, "Do you trust this person?" Why should I, or anyone else, have to make a value judgement on the person (or company) who set up a web page just to view their content? I shouldn't.
You can blame MS for this mis-feature, as it's nothing but a crude hack for the inherrently insecure design in ActiveX.
END THE SPYWARE (Score:4, Informative)
do what I do... (Score:3, Informative)
Trolling for dollars (Score:5, Informative)
You might also, I don't know, image the person's drive; when they screw up the machine, restore the image instead of trying to "clean" it. That way you only spend a few minutes dealing with that, and they get the reinforcing pain of losing all their personalized settings. After doing that a few times, they'll figure out that downloading CRAP is bad.
Apparently you have never been a sysadmin. (Score:3, Informative)
Apparently I don't work at a Luddite company (Score:3, Insightful)
Obviously, I could never be a sysadmin at your shop,
Re:END THE SPYWARE (Score:2, Interesting)
http://www.pestpatrol.com
I'm doing testing in an environment where there are over 1200 PC's and it works great!
It should be enforceable... (Score:5, Insightful)
If its a 30 page EULA, with a 'next' button, then it is not explicit approval.
If its a large dialog box that says "Do you wish to provide Company X with personal information", and lists what info it will send, then that is explicit.
If someone files a complaint under this law, and the spyware does not comply with the appropriate standards, then the company pays a fine (income for the state!), and possibly jail time.
END COMMUNICATION
Re:It should be enforceable... (Score:5, Insightful)
That's yet another advantage of open source. There is only a relatively small number of licenses: GPL, LGPL, BSD, and a couple others. "This software uses the GPL." You have to read it once, and you then have an idea what subsequent GPL-licensed software allows (or doesn't allow).
Why not make businesses agree on a standard license model that can be used by everyone? "This software conforms to the American Business Ethical License, with the following additions:" (ie, no exceptions, because that would allow for spyware, etc.) or such. It might not be as "free" (as in speech) as OSS, but it will at least provide a standard by which corporations and other companies can be held accountable.
But then again, whoever heard of ethics in business? Certainly not the last couple generations.
The Congress is expert at (Score:5, Insightful)
All of these legal measures, this one and the bill in Utah
that someone else has mentioned are band-aids applied
to the sucking chest wound of the fact that the
average 'Net user wants all the freedom of going to
any site in the world and downloading anything he/she wants
and none of the responsibility of intelligently choosing
said content based on a solid understanding of how information technology actually works.
Call me elitist if you want to, but the scary thing to me about this idea
is that it will give lazy idiots (the people who still call themselves Newbies after using a device for years)
another disincentive to actually gain some knowledge of the tools they use and take for granted every day.
Why in bits per second? (Score:3, Interesting)
Also, if I send 1 bit every 100 seconds, can I round off and just call it 0 bits per second?
Re:Why in bits per second? (Score:2, Informative)
Loophole! (Score:3, Interesting)
So if my keylogger drops all the spacebars then I'm home free, thank you sir!
--
stupid /. won't let me quote all caps
Never get passed (Score:3, Insightful)
Not the solution (Score:2, Interesting)
Re:Not the solution (Score:2)
Say some user becomes a victim of identity theft because of an IE hole in a depracated or little-known ActiveX control. Say some freshman girl commits suicide because her wealthy boyfriend back home was using a trojan to find out that she was starting to exchange online *kisses* with the poor theatre major in her advanced trig class?
Are you going to be responsible for teaching these kids security or jus
Some Spyware (Score:5, Insightful)
Windows XP
Windows Media Player
Internet Explorer
All of these programs transmit personal information without your consent (sometimes this depends on your patch level and the virus du jour as well). That being said, as soon as you turned the computer on, or opened the shrink wrap you accepted the EULA. Thus you explicitly accept that your personal information will be transmitted. The same types of wording are in the EULA's often accompany spyware that people install. In the end - it's probably a mute point. Personally I think it would be more important to look at EULA as a whole and how they are used to take away the rights of consumers, as well a shield companies that knowingly sell out defective software.
cluge
AngryPeopleRule [angrypeoplerule.com]
Down the line (Score:3, Funny)
One problem with this bill (Score:4, Insightful)
Note the non technical term speed to describe bits per second. Downloading doesn't alter the rate your computer transmits data, it depends on bandwith capacity.
We need to inovate, not litigate. Spyware protection should to be built into the computer not regulated by the government.
Make EULAs like Reading Comp. Tests (Score:3, Funny)
saw a loophole (Score:3, Insightful)
SUCH COMMUNICATIONS ARE COMPUTER FILES THAT DISPLAY
7 ALL OF THE KEY STROKES THAT A COMPUTER USER MAKES.
some goon spyware shop just eliminates the letter q or h or a few more, they can slide by and still easily read the keystrokes for most purposes. Should be struck and changed to ANY keystrokes instead of ALL keystrokes then.
Besides that it's an attempt. Hard to describe spyware though legally, isn't it? And what's data, personal data? Say I don't want ANYONE without my permission (and paying me a fee and getting a license) to be able to identify my architecture, operating sytem, etc. I could call that personal data, and it is really. whoops, just wiped out the ole intarweb there.
Maybe a better way. I dunno, let the smarter guys chew on this one.
Make it illegal to transfer any data in or out of my box without the permission-granted by me by a normal http or similar transfer protocol request from the box itself, or by a signed digital signature granting license for specific services, said license being avaialable by a certain request, the "ping of what's cool to do or offer" request we'lll call it before it gets mush mouthed. Doing it, transferring unwanted data in or out of my box with an executable won't matter than, it will be covered if it hasn't been licensed in advance by MY license, not theirs, as well as any external flooding, overflow attempts to get root, whatever. Seems like it would anyway. Simple,to the point, covers most anything illegal. That'll cover quite a bit, and also make all unsolicited email illegal as well.
OR, bring back dueling, make it legal
OR, pass one law, every 20 years all politicians are fired, they may never hold any elective or appointed office, nor may they be hired-on to government, no work as a lobbyist. along with that, all previously passed laws are null and void, a national "jubilee" (in the classical/historic sense) is declared, and we start from scratch all over again with the basic bill of rights and constitution.
Solve all this crap every 20 years painlessly. Every generation should have their own chance to screw up equally, I say.
speaking of Ciminality... (Score:3, Insightful)
Technical solution (Score:5, Insightful)
Instead of a new law, where the cons by far outweight the pros, from being overly broad to being ineffective because of EULAs, how about a technical solution?
One solution would be a browser plug-in that checks a central database for spyware "signatures", similar to anti-virus software. It would then warn you whenever you downloaded spyware, with a link to more information at the central site.
The primary reason spyware has become prevailant is because user's are unaware. The law is not going to accomplish this, and never be nearly as effective as a technical solution.
Remember when they wanted to make cookies and pop-ups illegal? Browser technology made it possible to deal with them, so the user had choice, control and freedem, without the need for a law.
I am honestly trying to think of ONE good Internet law that passed that was effective at accomplishing its goals. Is there one?
Another Useless Bill (Score:4, Insightful)
Besides, im sure its illegal in another way, no need to pass 'yet another law' to make something illegal x2.
Invest in educations not prosecution (Score:5, Insightful)
You can't really stop spyware with illegalizing it. It comes as a addition to a programm your average Windows-users want to install. So it's their fault if they also install features that they do not want. And what's the difinition of 'spyware' anyway? Is the Windows media player spyware because it transmits your UID to Microsoft? Is Windows XP spyware with all this activation stuff? First, there has to be a clear definition of this term and it's uses. Then there might be some kind of strict and standardized guarantee or approval that the original distributor of a proprietary software product doesn't use additional features of tracking users and uses. Then a company can be held reliable if they infringe with the rules of an standardized "spyware-free"-label.
But alas, no law can stop users who have the habit of double-clicking everything clickable, be in their Outlook in-box, their desktop or on some local network share.
There's only one way to stop it: education for users that happen to have a computer just by incident but don't understand a thing about it and are happy without having to read manuals or EULAs
In Europe there was a huge problem with camouflaged dialers that establish a connection to some over-priced service-providers charging as much as $35 per call. Only after the media got interested in people who got an devastating phone bill, politicians got aware of this problem and illegalized certain numbers that dialers use. Lots of loopholes are still open, but just the media coverage and the discussion about illegalizing a certain telephony service sensitized the average Windows-user that dialers is something they don't want and double-clicking unknown objects can indeed have a real-life effect.
Approval from the USER??!! (Score:3, Insightful)
Little Johnny six-pack breaks into your house, shoots you in the head, sits down at your machine... and is now THE USER, and would have authority to consent to such trash.
Think of a corporate layout, for chrissake... end-users have the authority to grant such permission?
BULL$#%. Such garbage language would preclude *any* ability to set policy by the guy who OWNS the machine.
Need to define "computer usage" carefully (Score:3, Interesting)
I'm generally sympathetic to attempts like this to get rid of spyware, but it seems to me that "computer usage" needs to be defined carefully in order to avoid criminalizing the collection of inocuous usage information. For instance, I once wrote a time series editor that was basically an interpreter for a specialized programming language, kind of like emacs. For a while, I collected statistics on memory usage and how many times the language primitives were executed and had the program email it to me on exit. The program printed a brief message about this on startup but didn't ask the user's permission. That didn't seem necessary since the resources used were trivial and no personal information was obtained. I've heard of other people doing the same kind of thing. This could fall under information about "computer usage", which presumably is intended to be restricted to information that the user might want to keep confidential, such as web sites visited.
I dreamed about this for a long time (Score:5, Insightful)
I want to control what enters and leaves my computer, I do not want web sites installing software without my ok or knowledge. When I click "No" on something I expect it not to install.
There are so many HTML/Javascript based Spyware programs out there it is not funny. I just ran into a JS_INOR.M Spyware/Trojan that Norton AntiVirus 2004 did not even know about nor could it remove it. Trend Micro's Housecall found it and I was able to remove it. It was in my temporary Internet files, so it was on a web page I viewed that installed itself. I was doing research for a college class of mine and the online library only works in IE, not Mozilla or Netscape, some site it linked to for an article I wanted to get installed this malware on my system.
BTW even Spybot could not detect the JS_INOR.M bug. So I propose that the Federal Government form some sort of Anti-Malware organization to share removal information about malware with other companies to make better removal tools. This is a serious threat and a good bulk of this malware originates from other countries that do not have virus, trojan, spyware, adware laws.
EULA and the solution (Score:3, Insightful)
Also what about EULA on preinstalled software? Nobody clicked through the agreement, so how is it enforcable? Windows, MSWorks, MSOffice, MSMoney, MSScreenOtters, whatever was installed on the PC by the OEM. If it has Spyware, like Media Player, it is already there and no EULA clickthrough was done. What about those issues?
Does this make Wiki or Slashdot illegal? (Score:3, Interesting)
So, that describes RecentChanges on a wiki.
Should we have a check box, that you must press, before each submit to a wiki?
What does this mean for Slashdot- does it transmit personal computer usage data when my name page shows the posts I've made?
Message of Unenforceable Laws (Score:4, Insightful)
It would seem to me (IANAL) that it would be quite unenforceable, but may send the right message to spyware outfits.
If an unenforceable law sends any message, it is that laws can safely be disregarded. We all remember how Prohibition and draconian anti-drug laws helped to foster our current universal respect for law in the United States.
education, not legislation (Score:5, Insightful)
I'm being overly dramatic and overly metaphorical, so I'll make it simple:
You CANNOT stop spam, viruses, worms, phreaks, spyware, hacks, cracks, modchips, reverse engineering, social engineering, or DOS attacks by making them illegal. I'm not saying that all of them should be legal, just that our tax dollars should not go to writing laws about them.
You can ONLY stop these things by educating people on how to not get hurt by them. Because they are all a confidence game on the user's computer, and on the user themself, they can all be prevented, but only by intelligent users.
Our tax dollars should go to educating people about how to not get hit by these things. Every school should be given funds to educate children in such things as programming/scripting (the basics of which go hand-in-hand with what they're learning in math), security, the basics of how to generally use software (like how to use any email client, not just Outlook Express or Hotmail) as well as things like open source/Linux (teaches them something they can take home without begging mommy and daddy to spend $20-$200 on a new piece of software)...
Even outside of schools, people should know that you don't just go download some new piece of software just because it looks cool and some friend told you about it. You go online and look it up, find out how many people are using it and what they think of it, whether the company that made it is trustworthy, whether there's an open source alternative, and so on. If you still want to try it and it doesn't look trustworthy, you run it in an untrusted user account, throwaway wine setup, chrooted environment, usermode linux, or throwaway computer.
People should know what a web browser / email client is and why you need to use one that is standards-compliant and secure. They should know how to set up sandboxes to play with potentially unsafe stuff. They should know how to use PGP, or at least why they care. They should know that it doesn't matter who they are or how unimportant their stuff is, someone wants to break into their computer, especially if it's easy.
What's more, We [nwsource.com] have [costofwar.com] the [homeboundmortgage.com] money [opensecrets.org]. We just have to spend it on the right things.
following up... (Score:3, Interesting)
let's put it like this... (Score:4, Insightful)
I don't the situation there in America, but here in Spain and in most of the EU, that block would end up in jail for a least a good ten years... besides the fine would be astronomical...
Re:Unenforceable laws... (Score:2)
HUH? (Score:4, Informative)
Re:Can Spam First (Score:4, Interesting)
1. DMCA - If not written by M$, RIAA, MPA, then at least approved by them in content.
2. Can Spam - All words and context approved by the DMA, which makes it useless.
3. Do Not Call - wait, how did that slip through, it works fairly well. Oh the telephone is how old?
If I were an idiot and if I were a Congressman, but I repeat myself - Mark Twain