Anyone who distributes malicious code that infects your computer and surreptitiously monitors what you're doing deserves what's coming to them. The problem is that the measures in an ostensibly anti-spyware bill due for a vote in the U.S. House of Representatives may not be the best way to punish these folks.
No doubt the bill's sponsors, led by Rep. Mary Bono, a California Republican, sincerely believe that their Spy Act will outlaw dubious adware and spyware .
It's not clear, though, that the Spy Act is necessary or wise. It could end up being no more useful than the workshop on Tuesday in San Francisco to explore this question in more detail.), which hasn't exactly eliminated junk e-mail. (CNET News.com's sister site, Download.com, is hosting an anti-spyware
What the Spy Act's sponsors don't like to admit is that current law already prohibits spyware, which isthrough a breach in Microsoft Windows or Internet Explorer without a hapless user noticing.
The Federal Trade Commission enjoys broad authority to punish any fraudulent and deceptive practices with fines, and its commissioners have testified that they'reto wield that authority against miscreants. Department of Justice prosecutors about filing criminal charges.
Adware also is covered by existing federal and state law. (While the term is somewhat amorphous, it tends to refer tosuch as that bundled by WhenU and , formerly Gator, with other applications.)
The FTC has been paying close attention to dubious adware practices, as have state prosecutors. Last week, for instance, New York Attorney General Eliot Spitzer filed suit against Intermix Media, the company "secretly" installed ad-delivery programs on PCs. For its part, Intermix said it "does not promote or condone spyware" and blamed any ethical lapses on "prior leadership."
In other words, the process seems to be mostly working.
The Spy Act would disrupt that process. The latest version has ballooned to 4,400 words and hands broad new powers to the FTC so that it can police America's software industry. Legitimate companies would have to comply with an avalanche of regulations of dubious value--yielding pop-up privacy notices that Americans may ignore as completely as they do the junk mail that the Gramm-Leach-Bliley Act requires banks and credit unions to send out.
No wonder that even technology trade associations, such as the Information Technology Association of America, that loathe spyware are critical of this legislation. (They do like how it would zap state spyware laws, though, creating a single national standard.)
"The primary risk is that future benign interactive software may be prevented because of the very prescriptive nature of the Bono bill's notice requirements, which depend upon a consumer reading each text-based informational notice when entering a Web site or accessing content," says Mark Uncapher, a senior vice president at the ITAA.
This is whatwhen politicians write laws that treat technology as something that's as easy to define as a food product or an agricultural implement. It isn't. Software is much more malleable: What is a Web browser one day may become an instant-messaging client the next.
"If you're going to write a law targeting bad acts, there are always line-drawing problems," says Peter Swire, a law professor at Ohio State University. "There is a big category of questions. The bill has been focused on computers and retail spyware, if you will. In order to run the network, system administrators have to use all sorts of tools. I've heard complaints from network companies that routing and other network administration tools might be included."
Because Bono's bill is written primarily with Web browsers in mind, odd gaps appear in its coverage. It prohibits "diverting the Internet browser," but doesn't mention mischief aimed at instant-messaging clients. Manipulating "a list of bookmarks used by the computer to access Web pages" is verboten, but not manipulating a list of RSS bookmarks. Monitoring the "Web pages" visited to deliver ads is explicitly covered, but not monitoring the contents of e-mail correspondence.
A better approach might be one that takes aim at problematic behavior rather than problematic technology. That's what a competing spyware bill, introduced by Republican Rep. Bob Goodlatte of Virginia, proposes. Goodlatte's one-page bill simply says it's illegal to install software "without authorization" if it leaks personal information or "impairs" a computer's security--an approach backed by the ITAA and other technology groups.
But the House Republican leadership seems eager to stage a vote soon, so that politicians can claim to have "outlawed" spyware. That means there's not much time left for cooler heads to prevail.