FTC to shine light on spyware
Growing consumer frustration sparks industry fears of new laws limiting software development.
The issue will get a high-profile hearing next week, when the Federal Trade Commission (FTC) plans to convene a workshop on the dangers of spyware. In a common scenario, such programs might bombard victims with unwanted ads or, more rarely, allow hackers to snoop on Web surfing activities and steal confidential data such as passwords to online bank accounts.
Monday's FTC hearing, which will draw technology executives, lawmakers, and consumer groups from around the country, could be the first step toward federal action against spyware companies, following the path the FTC has previously taken on spam e-mail and other Internet privacy issues.
It also highlights rising national concern about this ill-defined category of computer pest. The pitch of consumer complaints about spyware and adware now rivals that of the outcry against spam several years ago, and is prompting response from legislators in Congress and in a growing number of states.
"So much stuff is being foisted on people that it's really slowing their computers down," said Roger Thompson, vice president of product development at Pestpatrol, which markets software that promises to clean spyware out of infected systems. "That's stepping out of bounds of what's fair and reasonable."
The quickening pace of legislative proposals has many in the technology industry worried that their ordinary software development could get caught in the cross fire, however. Many technology companies were deeply critical of the first anti-spyware law , passed recently in Utah, and they're looking to the FTC hearing in part to help guide future action.
"The first step is to get a common understanding of what kinds of activities we're really trying to get at here," said Mark Bohannon, general counsel for the Software and Information Industry Association, who will participate in the workshop. "That will allow us to see what we can do under existing law, and where we need to fill in."
The debates over spyware and adware have the potential to become as divisive as the ongoing battle over commercial e-mail. Outraged consumers who see their computers routinely captured by streams of pop-up windows and other hijackers, or discover their personal information being sent to outside companies, are ready to embrace draconian solutions.
But the efforts to control this unwanted software raise similar concerns to spam, in which some companies worried that newsletters and other commercial speech would be indiscriminately lumped together with ads for Viagra. Similarly, proposals to regulate pesky software programs could threaten technology companies' traditional development practices, industry figures warn.
"We are very concerned about legislative mandates that define what is spyware by the nature of its technology rather than focusing on the behavior and bad practices that we're trying to stop," said Robert Holleyman, president of the Business Software Alliance. "A lot of functionality that some people with the best intentions try to address also applies to the way some antivirus software is routinely updated, for example."
Many critics are sympathetic to this issue. The Center for Democracy and Technology, a public interest group that has taken the lead in highlighting fraudulent techniques among spyware and adware companies, is putting together a coalition of consumer groups, technology companies that will present a list of "worst-case scenarios" to the FTC.
Focusing on those types of cases, in which clear fraud or otherwise problematic behavior is evident, could be a good start for federal enforcement, CDT Associate Director Ari Schwartz said.
Nevertheless, legislators around the country are responding more quickly, largely because of rising complaints from consumers and other constituents.
The Utah law, the first in the nation to be approved by a state legislature, came largely in response to complaints from local company 1-800-Contacts, which discovered that advertising software WhenU was launching advertisements for rivals when Web surfers visited the Utah company's site. WhenU has now sued the state, saying the law is unconstitutional.
Three bills seeking to regulate spyware and adware have been introduced in California, and are moving through the legislative process there. Lawmakers in Iowa introduced their own proposal, but it did not pass before the end of the year's legislative session.
Several bills have been introduced in Congress. While technology companies are watching these closely, and for the most part say they would prefer to wait, they say national laws would be preferable to a patchwork of local legislation.
The FTC hearing, which will see a full day of debate on how exactly adware and spyware should be defined and on what governmental responses are appropriate, could help guide legislators and technology companies in developing both laws and software itself.
"Part of it will be about formulating a plan on how to deal with the problems," FTC staff attorney Beth Delaney said. "That's really how we view this, as a first step."