Spyware spat makes small print a big issue

RetroCoder is threatening legal action against Sunbelt Software, representatives of both companies said Wednesday. The British company wants Sunbelt, maker of CounterSpy, to stop flagging its SpyMon software as spyware. RetroCoder charges that Sunbelt has violated the terms of the copyright agreement contained in its software, which specifically excludes anti-spyware research.

The matter poses yet another challenge for anti-spyware companies, which often face complaints from makers of software that is detected as a threat by their tools. This particular challenge, however, shouldn't be hard to overcome, legal experts said.

"A court could well conclude that this specific provision was unconscionable and thus unenforceable," said David Kramer, a partner at Wilson Sonsini Goodrich & Rosati, a Palo Alto, Calif.-based law firm.

SpyMon logs keystrokes and takes screenshots. It sells for $26 and is advertised by RetroCoder as a tool to monitor kids, spouses or employees. Before downloading the application, RetroCoder asks customers to agree to a statement that forbids its use by a researcher for an antivirus or anti-spyware company, or business related to these.

The SpyMon download agreement continues with a legal condition: "If you do produce a program that will affect this software's ability to perform its function, then you may have to prove in criminal court that you have not infringed this warning."

RetroCoder charges that Clearwater, Fla.-based Sunbelt broke the agreement, according to Anthony Ball, a spokesman for the British company. "In order to add our product to their list, they must have downloaded it and then examined it. These actions are forbidden by the notice," he wrote in an e-mail interview.

Furthermore, RetroCoder argues that SpyMon is not spyware but rather a surveillance tool. "Our program is not a Trojan or virus; it is used to keep a remote eye on your kids or employees," Ball said.

Debate has gone on for years over what constitutes adware and spyware, with manufacturers of certain applications defending them as legitimate tools. The terms are used various to describe software that pops up ads on a PC screen or that can log keystrokes, make screenshots and track a user's Web-surfing habits.

Makers of software judged to be adware or spyware often protest the labeling of their products as such by security software makers, to the point of threatening lawsuits. A proposed federal law aims

"We get about five to 10 appeals a month," said Sam Curry, a vice president at Computer Associates International, which sells the eTrust PestPatrol anti-spyware tool. PestPatrol also detects SpyMon, but CA hasn't had any notice from RetroCoder, Curry said. "The computer user has the right to know the keystroke logger is there," he said.

Purveyors of spyware and adware have also been the target of numerous lawsuits. Symantec, for example, filed suit in June against a New York Internet company for the right to detect its toolbars as adware. The Federal Trade Commission also has gone to court in actions against alleged spyware peddlers.

There is a great deal wrong with RetroCoder's charges, said Charles Kennedy, an attorney at Morrison & Foerster in Washington, D.C., and adjunct professor of cyberlaw at Catholic University Law School. "You can put any kind of license restriction you want in a product, but there is a question about some of those being against public policy," he said.

"If a spyware company had a restriction that said the product may not be used for the purpose of investigating whether it is spyware, that restriction would be hard to enforce, for the reason that it goes against public policy," Kennedy said. "The Federal Trade Commission might attack such a restriction as unfair or deceptive."

Ben Edelman, a Harvard Law School student and spyware researcher, agreed. "When these provisions have been challenged, they have been rejected," he said.

In January 2003, a New York judge ordered Network Associates, now McAfee, to stop using a license provision that barred product reviews or benchmark tests. "That's good law, a clear precedent, exactly on point," Edelman said.

Tools such as SpyMon are the reason why organizations such as the National Center for Victims of Crime, and the National Network to End Domestic Violence, have joined the Anti-Spyware Coalition, said Ari Schwartz. Schwartz has led the work of the coalition of software companies and consumer advocates, which was created to come up with a definition of spyware.

"They joined because of their concern about the increasing use of commercial keystroke loggers by stalkers and perpetrators of domestic violence," Schwartz said.

For now, RetroCoder has only sent an e-mail warning to Sunbelt, Ball said. "I will be consulting with our solicitor (attorney) in the next few weeks about companies like Sunbelt...and how best to involve the U.K. authorities in action against them," he said.

Copyright law plainly wasn't designed for what RetroCoder is using it for, said Christopher Brody, a partner at Clark & Brody in Washington, D.C. "Copyright laws prevent copying, not examination, and I question the enforceability of such a clause based on copyright ownership," he said.

Sunbelt is unfazed by RetroCoder's action. "Their claims are patently ridiculous," said Sunbelt President Alex Eckelberry. "We're in the business of researching software. We're not intimidated by this kind of thing, and I don't think anybody else should be."