eburger68
Premium,MVM
join:2001-04-28
1 edit | FTC Spyware Workshop: 1st Impressions
Hi All:
I don't have much time to write, but I thought I'd update you on what happened today at the FTC's Spyware Workshop. When I get home I'll post more complete comments.
As most of you know, the FTC's Spyware Workshop was today. We've talked about this workshop in several previous threads:
»Tired of being hijacked? TELL the FTC!
»Telling the FTC About Spyware: A Few Tips...
»Lop.com Goes to the FTC
»What I Told the FTC about Spyware...
»A Guide to Spyware Comments Filed w/ the FTC
»What's the *motivation* for hijack-ware?
»FTC Spyware Workshop Panelists - Worries...
The workshop started today at 9 am and was hosted in the the FTC's Conference Center in Washington D.C. The workshop was structured around six discussion panels, with roughly five panelists per panel. See...
»FTC Spyware Workshop Panelists - Worries...
...for my earlier comments on those panels and panelists.
One question that I might as well answer right now is one that I know many of you will ask: will any new regulations or legislation emerge from today's workshop to regulate or even outlaw spyware or practices associated with the advertising software industry? The answer is a simple one: No.
The FTC is not interested in encouraging new regulations or legislation concerning "spyware" or advertising software. Commissioner Swindle (head of the FTC) indicated as much in the videotaped remarks that were played after the first panel this morning. The FTC is much more interested in encouraging what it calls "industry self-regulation," which involves the advertising industry itself establishing a set of "best practices" that would allow it to "play nice" with consumers. As I've indicated in several previous posts on this board as well as in the comments that I submitted to the FTC, I regard "self-regulation" as oxymoronic doublespeak at its bureaucratic finest.
Rather than belabor the point in the short time I have, let me describe what else happened at this workshop.
Panel 1 (definitions of spyware/adware) was as bad as I expected it to be. Dominated by industry representatives or those friendly to the industry, the panel came to a consensus very early (and even noted that they were all essentially in agreement). What was odd about that consensus is the way is shifted in response to the issues on the table. The panelists initially all agreed that it would be fruitless to get hung up on a term like "spyware," and that it would be much more productive to focus on "bad practices." Now, this is exactly what we anti-spyware folks have been saying for some time. So, for a moment, I almost thought that the something productive might actually be taking place, despite my initial fears.
No such luck. After agreeing that definition disputes would be best avoided, the panel did a complete 180 degree turn when the question of distinguishing "adware" from "spyware" was raised. At that moment every one of them (with the possible exception of Ari Schwartz of the CDT) became suddenly very interested in nailing down a definition of "spyware" so as to distinguish their own software (or the software of the interests they represented) from "spyware." The message from the panel was essentially exactly as I predicted it would be: "Spyware is illegitimate software; adware is legitimate software. We do adware not spyware."
Indeed, Avi Naider from WhenU pursued exactly this line, claiming that most WhenU users were quite aware of the installed software on their computers. In a somewhat bizarre move, Naider attempted to back this claim up by pointing out that of roughly 100 million WhenU installations, 80 million had been uninstalled. He claimed that the fact that users had uninstalled WhenU demonstrated that they were aware of the installations. There are all kinds of problems with this argument, which I won't bother to cover here.
Suffice it to say it was at that moment that Rob Cheng and Dave Methvin of PC Pitstop (the outfit sued by Gator/Claria last fall, by the way) began distributing their new survey of WhenU users that tells quite another story: over 80% of WhenU users are NOT even aware that the software is installed on their computers. See PC Pitstop's 2nd set of comments:
»www.ftc.gov/os/comments/spyware/···stop.pdf
...for the write-up of that survey. And see their 1st set of comments...
»www.ftc.gov/os/comments/spyware/···stop.pdf
...for their earlier survey with Gator/GAIN users, also quite damning.
Needless to say, this caused a minor ruckus with WhenU's attorney, who was not amused that Rob and Dave were distributing numbers that undercut what her client had just told the workshop. Naider himself also approached Rob and Dave, asking why they were picking on WhenU were there were plenty of worse actors out there. What WhenU's official response to Rob and Dave's survey will be is not yet known.
WhenU had a bad day all around. After Avi Naider's appearance on the first panel, things went quickly downhill from there. The low point for WhenU must have come during Panel 3, when Chris Jay Hoofnagle from the Electronic Privacy Information Center (EPIC.org) pointed out that Ben Edelman's research, which reported the results of some extremely clever and tenacious packet sniffing, raised the prospect that WhenU was violating its own privacy policy by collecting and transmitting certain personally sensitive data. See Ben Edelman's research results here:
»www.ftc.gov/os/comments/spyware/···lman.pdf
The fourth panel (industry self-regulation) was almost as bad as the first. Most of the panelists simply talked about what a wonderful success previous self-regulatory efforts had been (privacy polices, P3P, et al), and insisted that the industry be given the time to address the problems of spyware itself.
Beyond the first and fourth panels, though, things went rather well for those hoping to get Washington's attention on this issue. A number of panelists on the second, third, and fifth panels effectively described the problems with spyware and the great difficulties that consumers face in trying to prevent spyware from being installed on their computers or removing after it is installed.
Audience members (including this author) were allowed to put questions to the panelists, but we had to do so via question cards submitted to an FTC employee for vetting. Of the five questions I submitted over the course of the day, one was accepted and read to one of the panels. (I asked how panelists could place such faith in consumer education when 10 plus years of education on viruses and antivirus software has been a demonstrable failure. None of the panelists addressed the question square-on.) Some of the other anti-spyware folks got some of their own questions accepted as well, though the answers they received were often less than responsive.
I must say that the nicest part of this past few days has been meeting with and talking with the many anti-spyware folks who attended. Rob Cheng and Dave Methvin of PC Pitstop organized an informal get together on Sunday afternoon/evening. In attendance were Paul Laudanski of Computer Cops, Mike Healan of SpywareInfo, Bill Pytlovany of WinPatrol, Steve Reutter of Pest Patrol, and Ben Edelman, the Harvard grad student who's done several important studies of GAIN's and WhenU's advertising software. Our conversation was lively and productive. On Monday I got to meet Michael Wood of Lavasoft and several folks from WebRoot (makers of SpySweeper). Needless to say that I found all of these folks to be great fun and right sharp -- just the kinds of people you'd love to spend many hours hanging out with. Too bad it had to end so soon.
I've really not much more time to post right now. I'll have to save other comments (and answers to questions that any of you might have) for a later time. The FTC will be posting transcripts of today's sessions in roughly 10 days time. Also, the FTC plans to issue a report in response to today's workshop. And be sure to check out Bill Pytlovany's blog from the workshop here:
»www.mysteryware.com/blog.html
He's even got a photo of Panel 1 (with WhenU's Avi Naider).
If you do have any questions about today's workshop, feel free to post them here. I'll try to answer them as soon as possible. Perhaps some of the other attendees would care to pitch in with their own observations and reactions.
Best,
Eric L. Howes |
|
B
Premium,MVM
join:2000-10-28
|
Eric, thank you SO much for keeping us so well informed.
The regulators want to encourage "self-regulation"? Uhhhhh, okay. Like the chilling "self regulation" of FCC fines for poopy jokes, or the self-regulation of car makers left to their own devices and and 10 MPG Escalades? Great stuff.
I'm ignorant here; does the FTC get flushed out if there's a different President come January?
-- B
--
In a realm outside causality and function |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO | reply to eburger68
Thanks for keeping us updated...I saw a news story about this in Yahoo! yesterday. |
|
BillPStudios
Premium
join:2004-04-16
Scotia, NY
| Eric,
I agree, it was a pleasure to meet you and all the other amazing folks who showed up for this event. Even though I only recently returned to the hotel, and am exhausted but I did update my blog page with a photo of panel six and some other comments. »www.mysteryware.com/blog.html
I also included a link to a press release that wasn't mentioned at the workshop. This could be an entirely different thread but the Coalition of Anti-Spyware Technology vendors proudly announced their newest member today. New.net.
More to come...
Bill Pytlovany
BillP Studios |
|
B
Premium,MVM
join:2000-10-28 |
No Eric pictures though.
Hey, Avi and Ari look worried. I hope that's a good sign.
-- B
--
In a realm outside causality and function |
|
BillPStudios
Premium
join:2004-04-16
Scotia, NY
| Nope, I didn't get Eric on my camera.
I'm still so stunned about the Coast welcoming New.net that I couldn't sleep so I'll expand on some of Eric's comments.
Avi Naider from WhenU said 100 million users have installed WhenU programs and 80 million have removed it.
He was suggesting this was a positive thing in demonstrating users really do have a way to Uninstall the software they had once agreed to install. According to research surveys by PC Pitstop 86% of those remaining users aren't even aware they have it on their system. Interesting business model.
You can call it adware if you want but its still generating complaints. According to Bryson Gordon from McAfee Security, 86% of their problem reports from their VirusScan were not viruses but were Adware. They defined 3% as Spyware.
Microsoft was there showing off features added to Windows XP SP2 which looked good. Their dialog showing BHO's and Toolbar add-ons was pretty cryptic especially when compared the screen we display in our WinPatrol program but it's a step in the right direction. I'm not sure how useful it is showing the GUID to help the average user decide if they want to keep a program or not.
The funniest comment was from Microsoft's Brian Arbogast on Panel Four. According to Microsoft, 50% of system crashes are caused by spyware. I didn't think Windows was suppose to crash anymore but at least now we know it's due to spyware. 
Bill Pytlovany
BillP Studios |
|
B
Premium,MVM
join:2000-10-28 |
Wow, they must have had a lot of spyware in Windows 3.1.
-- B
--
In a realm outside causality and function |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·Clearwire Wireless
 ·RoadRunner Cable
| reply to B
"I'm ignorant here; does the FTC get flushed out if there's a different President come January?"
I don't know the answer to that question, but I hope not.
The following quote is from Commissioner Swindle.
"According to Orson Swindle, a Federal Trade Commission member and past Hawaii political candidate, taxing Internet transactions "is not a nice scenario."
"By tracking individual transactions, the government would create a massive database that knows all your finances, your buying patterns and your personal preferences -- and all that is controlled by the government," Swindle told a Tax Foundation of Hawaii luncheon crowd this week. He also gave a radio address and spoke to the Rotary Club of Honolulu on the issue during his most recent visit to our state."
That type of position is a very healthy one.
For the full transcript (short) visit here.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
B
Premium,MVM
join:2000-10-28
|
I guess so, although frankly it sounds disingenuous. I mean, many Internet transactions are already taxed (e.g. whenever your vendor has a local presence); and there are already plenty of massive databases of our buying habits -- they're called credit agencies; and as far as I understand (which is not a lot) it's up to the individual vendors to handle the bookkeeping.... It really just sounds as if he was playing to his audience there...
-- B
--
In a realm outside causality and function |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to eburger68
said by eburger68  :
The FTC is much more interested in encouraging what it calls "industry self-regulation," which involves the advertising industry itself establishing a set of "best practices" that would allow it to "play nice" with consumers.
Is this guy on glue or something??? What motivation does this industry have for any form of self-regulation, best practices or to play nice with consumers and why hasn't this motivation already self-regulated the industry? Next question, who exactly does the FTC think they are and I think this is the point they realize in that there really isn't anything they can do to regulate this cr@p, as the internet doesn't understand borders, so its easy to move this sort of operation offshore (a lot of it already has moved) to where people think FTC is the name of a boy band or something.
I fully wish and dream about the day when some of this junk goes buh-bye, but its too easy and the money is too good, so it won't ever go away, and it is slowly killing the internet IMHO (I'm talking about more then just adware, spyware etc, but the whole concept of the internet as nothing more then a huge scam marketing tool).
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·Clearwire Wireless
·RoadRunner Cable
| reply to B
The reason Commissioner Swindle is not Congressman Swindle is that he calls'em as he sees them.
His refusal to pander to special interest concerns doomed his political (elected) career.
Betcha didn't know that when he ran for Congress someone cybersat his name. He is still a little hissed off over that. That's the type of expierience & oversite I like to see in that position of authority.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
B
Premium,MVM
join:2000-10-28
1 edit | reply to Link Logger
said by Link Logger :
operation offshore (a lot of it already has moved) to where people think FTC is the name of a boy band or something.
And the girls love the hit single 2Cool2Spy4U.
I Googled Swindle a bit (not that there's anything wrong with that) and found an interesting set of quotes at »zdnet.com.com/2100-1105-956708.html:
quote:
Why would someone who is breaking the law pay any attention to the law? It's so difficult to catch 'em. You just wonder what the effect would be. Good people who obey laws probably don't send out a whole lot of spam. Bad people who like to rip people off probably won't pay a lot of attention to the law, since they'll do it anyway.[...]You're going to hear the First Amendment argument, "I have a right to market." They're going to continue to do this until they're taught that it's destructive, that it's harmful. That's one of the principles of the OECD guidelines that talks about democracy and ethics. Be aware that you can hurt other people.
He's talking about spam here, but how, exactly, are spyware companies more trustworthy? Can you believe this is the same person talking as the one Eric described above regarding spyware "self-regulation"? Does this man have ANY idea of the scum he's dealing with?
-- B |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·Clearwire Wireless
·RoadRunner Cable
| There isn't any panacea.
But getting together a bunch of S**Ware Advocates to at least define what is not acceptable to even THEM gives a solid baseline for further discussion.
The whole idea is you gotta learn to crawl before you walk & learn to walk before you run.
I'd rather see delayed well thought out regulations than knee-jerk reactions that are either unenforceable or won't survive a contested lawsuit.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| I don't think its possible to regulate this industry, how would you enforce it, so anything that comes out of this is certainly a step in the right direction, be it likely a very small step, but a step never the less and likely a short lived step as adware, spyware, etc have competition as well and if the competition ignores the rules then its likely everything is back to free for all mode, or some companies go out of business and then everything is back to free for all mode so there is really no escaping this continuing adventure.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
dmethvin
join:2004-04-20
Columbia, MD
| reply to eburger68
Hi guys, this is Dave Methvin from PC Pitstop. I just wanted to say it was great getting together with Eric, BillP, and the others at this meeting. Too bad we couldn't slap the cuffs on some of those folks while we had them in the room.
Although Eric's probably right that the FTC won't take any quick action to create new rules, I think there is a good chance that some of the active lawsuits are going to make headway. Also, the paper from Ben Edelman that Eric mentions could be the basis for some action against Whenu for violating their own privacy policy.
All this political lobbying has put me a bit behind in posting content and impressions on the PC Pitstop site, so I guess I should get cracking on that! |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| reply to eburger68
Yes Eric....As always, Thanks for keeping us well informed about the adware workshop and what appears to be a brain fart by the FTC. The foxes protecting the chicken coop ?
Kind of OT
said by BillPStudios :
This could be an entirely different thread but the Coalition of Anti-Spyware Technology vendors proudly announced their newest member today. New.net
Agree about a new thread since 99.9 % of the malware software\reg file entries discussed in this Forum have New.net listed as badware in one form or another. Tell me your throwing out a belated April Fool's 
--
*Team Z* Member |
|
Dave Leary
@comerica.com
| reply to eburger68
In all fairness to the FTC, remember they do not create laws, Congress does.
If you would like to learn about the Commissioners you can find their bios at »www.ftc.gov/bios/commissioners.htm. The Chairman is Timmothy Muris. The term is seven years and there can be no more than three from either party. When there is a vacancy, the President nominates and the Senate approves the candidate. |
|
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs:
 ·AT&T U-Verse
·Comcast
 ·AT&T Midwest
 ·HughesNet Satellit..
| reply to eburger68
Commissioner Swindle? My My Isn't that an ironic last name for the head of the Federal Trade Commision, ROFLMAO!!!
courtesy, dictionary.com:
swin·dle ( P ) Pronunciation Key (swndl)
v. swin·dled, swin·dling, swin·dles
v. tr.
To cheat or defraud of money or property.
To obtain by fraudulent means: swindled money from the company.
v. intr.
To practice fraud as a means of obtaining money or property.
n.
The act or an instance of swindling.
--------------------------------------------------------------------------------
[Back-formation from swindler, one who swindles, from German Schwindler, giddy person, cheat, from schwindeln, to be dizzy, swindle, from Middle High German, from Old High German swintiln, frequentative of swintan, to disappear.]
--
K8T Neo - 2GB DCDDR400 - AXP 64 3400+ - 3DLabs WC4 7210 - CL Audigy 2 PP - WD SATA150 36GB + Hitachi GST 250GB - Plextor PX708A + Sony CRX300A - Dual 535 Watt PSU's, Full Tower El Cheapo Case W/ Sound Padding & Thermal vents. |
|
damonlab
Premium
join:2001-05-02
Detroit, MI
clubs:
| reply to eburger68
This spyware stuff has got to stop. It has worked its way into my home computer, friend's computers, business computers, etc.
You show me a Windows computer with no spyware, and I will show you a computer that is a clean install without the user having more than 5 minutes online.
So far, the best tools I have found to combat spyware are AdAware and Spybot. Both are good to recommend for personal use. Spybot is free for commercial use. AdAware requires a licensing fee for commercial use. Most businesses are always tight on budget, so very few will pay for AdAware.
Even with AdAware and Spybot, some spyware simply can not be eliminated. I have seen systems with NO VIRUSES, NO TROJANS, and they were just hosed with spyware. Far too much spyware for even AdAware or Spybot to take care of.
Maybe it is time to start thinking about ghosting every machine and pushing out a clean image once a month. |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25 |  reply to eburger68
FYI. »zdnet.com.com/2100-1104_2-5195222.html |
|
