From spam king to spymaster?

In what could prove to be one of the great second acts in Internet history, erstwhile king of spam Sanford Wallace takes center stage this week as Exhibit A in a federal crackdown on invasive online advertising software.

The Federal Trade Commission on Tuesday announced an aggressive new strategy in taking on alleged purveyors of "spyware," a vague term that describes software that may track unsuspecting Web surfers and bombard them with advertisements or even steal log-in information and passwords.

In the first action of its kind, the agency last week filed a civil lawsuit against Wallace, charging the admitted former junk e-mailer with fraudulently installing advertising and other software on consumers' computers through his network of Web sites. The lawsuit was the centerpiece of Tuesday's FTC announcement.

"Spyware spoils the online experience for millions of computer users, and even worse could be an obstacle to the growth of e-commerce," said Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection. "This may be our first case (against spyware), but it won't be our last."

As in the early spam battles, the bombastic Wallace has become a lighting rod for efforts to clamp down on what many now consider to be among the most virulent Net pests. In an interview Tuesday, Wallace said his company had never created spyware, and that the pop-ups and downloads on his Web sites could be turned off by using the most up-to-date security patches for Web browsers.

"We don't think that we're involved in anything illegal," Wallace said. "There is nothing we're involved with that cannot be avoided by a consumer choosing to turn off downloads on their computers or by blocking pop-ups."

Tuesday's lawsuits--particularly in conjunction with federal anti-spyware legislation nearing passage--could help rein in business practices that have posed increasing risks for Net surfers during the past few years.

"Very much like with spam and the spam legislation last year, spyware can be fought through a combination of efforts: enforcement, legislation, technology and consumer education," said Dave Baker, an attorney at Internet service provider EarthLink, which has been an active participant in anti-spyware efforts. "No one thing cures the problem by itself."

The last year has proved to be a tipping point for an issue that has been building for several years. Reports of widespread adware and spyware infection have increased dramatically, in part as consumers have increasingly realized that their computer crashes and slowdowns were being caused by surreptitious advertising software.

EarthLink recently said its online spyware-spotting tool had been used 3 million times since January and had found an average of 26 spyware components on people's hard drives.

The result has been a surge of legislative efforts in Congress and state legislatures, as well as this week's lawsuits from the FTC.

Legal limits
Wallace--once dubbed "Spamford" by a Net community desperate to cut off the flow of unsolicited e-mail coming from his company's servers--has been operating new advertising ventures for several years. Regardless of the suit's outcome, the charges brought against Wallace's companies--Seismic Entertainment Productions and SmartBot--could help raise awareness of the issue.

In an interview with CNET News.com in 2001, he outlined his strategy of boosting traffic by forcing people to click through multiple pop-up windows in order to exit his PassItOn.com entertainment site. He said he would soon start collecting personal information from people who wanted to use his site without so many windows.

"We don't violate anybody's privacy; everything is disclosed," Wallace said in that interview. "We're giving something away for free in exchange for consumers' permission to use private information. It's no secret. Publishers Clearing House has been doing this type of thing for years."

The FTC cited that interview in its lawsuit, which was filed in New Hampshire federal court last week. Wallace said the current incarnation of his Web sites did not collect any personal information about consumers at all.

In the lawsuit, FTC and independent investigators outline a string of what they say were potentially abusive practices.

FTC investigator Sallie Schools said Web sites operated by Wallace changed the home page in her Internet Explorer browser. Programming code on one page popped open the CD drive in her computer and showed text saying "If your CD-ROM drives open...You desperately need to rid your system of spyware pop-ups immediately." The site then offered a product called Spy Deleter.

Other sites surreptitiously downloaded software from another company's site, which in turn led to the installation of numerous other spyware and advertising programs, the lawsuit charged. All of the actions took advantage of publicized security holes in Microsoft's Internet Explorer browser.

Anti-spyware activists say a successful case focusing on these practices--changing home pages without consent, installing software without consent and "compelling" the purchase of anti-spyware software--will help clamp down on some of the worst practices online.

"We're very positive about the way this is looking; it looks like they've built a good case," said Ari Schwartz, associate director of the Center for Democracy and Technology, which first brought Wallace's company to the attention of the FTC. "This fits into the kinds of cases where the FTC could get their feet wet on this issue."

Wallace said he would pursue the case and pull down the sites if a judge ruled against him.

"We want to confirm that our model is legal," Wallace said. "If the court finds that it's either illegal or deceptive or unfair, by the FTC's definition, we will cease operations voluntarily."

As the FTC moves ahead with its more aggressive strategy, Congress remains close to passing legislation that would boost fines for spyware purveyors and potentially impose criminal penalties.

The House of Representatives passed two separate bills last week aimed at the practice. Major technology companies, including Microsoft, Yahoo and Dell, have signed on to the idea after some trepidation, though some technology executives privately say they are still worried about provisions focusing on types of technology rather than on the behavior of potential "bad actors."

Some insiders say the pending bills are likely to be joined, providing both criminal penalties and higher civil fines, and passed when Congress returns to Capitol Hill after Election Day.

The issue has been a strong focus for several legislators, including House Commerce Committee Chairman Joe Barton, R-Texas.

"Spyware is to computers what an open window is to burglars," Barton said last week, following the passage of a bill authored by Rep. Mary Bono, R-Calif. "This will provide some real, sorely needed online protection for consumers."