3 edits | FTC Goes to Bat for Spyware Industry Hi All:
If you've been following the FTC's ruminations about the problem with "spyware," then you'll know that last week's Spyware Workshop at the FTC had more than its share of depressing moments, with the FTC stacking key panels with industry representatives, and several key FTC commissioners endorsing "industry self-regulation" as a viable method for reigning in unscrupulous spyware vendors (see »FTC Spyware Workshop: 1st Impressions ).
This week things got worse, as two officials from the FTC went before a House subcommittee to oppose new legislation that protects consumers from exploitative "spyware." See this article from CNET for the details:
»news.com.com/2100-1023-5202016.html
The officials' endorsement of "industry self-regulation" apparently didn't go over very well with several members of the committee, according to CNET's Declan McCullagh. To their credit, several of the committee members let Thompson and Beales have it:
said by Decaln McCullagh, CNET:
Two Federal Trade Commission officials ignited a political firestorm on Thursday by criticizing proposed laws targeting spyware and suggesting that the measures might harm legitimate software products, too.
During an appearance before a House of Representatives panel, FTC Commissioner Mozelle Thompson said the measures were the wrong approach to spyware and adware. "I do not believe legislation is the answer at this time," he said. "Instead, we should give industry the time to respond...Self-regulation combined with enforcement of existing laws might be the best way to go."
Members of the Energy and Commerce subcommittee on consumer protection reacted angrily to the advice, accusing Thompson and Howard Beales, director of the FTC's bureau of consumer protection, of being the only Americans who enjoyed having their computers infected by spyware and adware.
Today's Washington Post carried a similar article, with quotes from Beales and industry ally Ari Schwartz of the CDT:
»www.washingtonpost.com/ac2/wp-dy···=printer
Until we can get a transcript of today's hearing, we'll have to make do with piecemeal news reports such as CNET's, but the fact that members of Congress are apparently getting the message and not buying the FTC's fantasy of "industry self-regulation" is encouraging indeed.
Best,
Eric L. Howes |
|
 markwp2001SpreadheadPremium
join:2002-05-25
Long Beach, MS | C'mon, FTC clowns, get a freakin' clue here  |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| reply to eburger68
The congressional hearings may find friendlier audiences in the form of legislators running for re-election and hearing from their voting constituents. It seems that little may happen without a couple of things like
1) An NRA/AARP style campaign to remind legislators and the elected officials to whom the FTC reports that waiting for the industry Godot to show up will be unacceptable. Under industry self regulation the problem has become worse, not better.
2) A big, publicly reported, ugly, expensive problem caused by spyware within a corporate, government or military network that brings the problem to a head with the private sector heavy hitters or legislators whose systems are affected. That's how it usually goes with the feds. It takes some major disaster that provides photo-ops and publicity before they rush to fix a problem.
Tools like capwiz »capitoladvantage.com/online.html used by AARP have had some positive effects.
--
"He beheld the form of Sleeping Beauty, wondering how her supple lips would feel against his own and contemplating whether or not an Altoid was strong enough to stand up against the kind of morning breath only a hundred year's nap could create." |
|
 hpguruCurb Your DogmaPremium
join:2002-04-12 | reply to eburger68
Hmmm... maybe users should start emailing their HJT logs or Spybot screen caps to their representatives. 
--
The Justice for Pat Richard Campaign |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5
 ·RoadRunner Cable
 ·Clearwire Wireless
| "Hmmm... maybe users should start emailing their HJT logs or Spybot screen caps to their representatives."
If every infected computer in the U.S. where to do that, I'd think we'd see the mother of all dos'es.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
1 edit | reply to eburger68
Hi All:
A few more links to news stories and documents related to today's appearance of the FTC and the CDT before that House subcommittee. First, two more news stories
Eyeing Spyware
»www.crn.com/sections/BreakingNew···ID=49801
Congress Eager to Ban Spyware
»www.pcworld.com/news/article/0,a···7,00.asp
Next, here's the press release from the FTC, which includes a link to the FTC's prepared statement, which strangely enough almost neglects to mention "industry self-regulation":
FTC: Spyware Poses Risk to Consumers
»www.ftc.gov/opa/2004/04/spywaretest.htm
And here's the testimony of Ari Schwartz of the CDT:
»www.cdt.org/testimony/20040429schwartz.pdf
Note that Schwartz's statement is substantially similar to that of CDT President Jerry Berman before a Senate subcommittee just over a month ago:
»www.cdt.org/testimony/20040323berman.pdf
In his testimony today, Ari Schwartz again reiterated the CDT's preference for "industry self-regulation":
said by Ari Schwartz:
Better consumer education, industry self-regulation, and new anti-spyware tools are all key to addressing this problem. New laws, if carefully crafted, may also have a role to play. Many spyware practices, however, are already illegal. Even before passing new legislation, existing fraud statutes should be robustly enforced against the distributors of these programs.
Those puzzled at the CDT's stance on spyware may want to check out this page at the CDT's web site, which details its funding:
Supporting CDT
»www.cdt.org/mission/supporters.shtml
Note that the CDT receives 44 percent of its funding from large industry groups, including many prominent online corporations. That page contains the following eyebrow-raiser:
said by CDT:
Foundations fund our work on a specific project or give us general support. CDT receives funding from corporations and trade associations to join our working groups...
In other words, the CDT's Consumer Software Working Group, which is working on the "spyware" issue (see »www.cdt.org/privacy/spyware/20040419cswg.pdf ), is dominated by big industry groups -- many if not most of whom have no track record whatsoever on the "spyware" issue -- because they bought their way into the discussion. This arrangement, mind you, from an organization that presents itself as "promoting democratic values online."
Best,
Eric L. Howes |
|
EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7 Reviews:
·Callcentric
| reply to eburger68
The spyware issue brings up an interesting dilemma - if a user no longer agrees to the terms and conditions of licensed software that has spyware/adware characteristics, does the software owner need to provide a way to remove it?
Additionally, is the user in violation of copyright laws if he/she no longer agrees to the licensing terms even though there is no reasonable or workable removal method?
--
"He beheld the form of Sleeping Beauty, wondering how her supple lips would feel against his own and contemplating whether or not an Altoid was strong enough to stand up against the kind of morning breath only a hundred year's nap could create." |
|
| EGeezer:
You raise some interesting questions:
said by EGeezer:
The spyware issue brings up an interesting dilemma - if a user no longer agrees to the terms and conditions of licensed software that has spyware/adware characteristics, does the software owner need to provide a way to remove it?
Currently, there is no requirement that software vendors supply a prominent, reliable uninstallation method. That is one thing that anti-spyware activists have been insisting upon, though. Scarily enough, Mark Bohannon, one of the industry reps on Panel 1 at the FTC's Spyware Workshop, recommended against such a requirement, cautioning "be careful what you ask for." Mike Healan's outraged reaction to this (see »www.spywareinfo.com/newsletter/a···4/24.php ) was appropriate:
said by Mike Healan:
Mark Bohannon of the Software & Information Industry Association answered by saying he does not believe consumers should have a specific legal right to uninstall software from their PC. I wanted to rise up out of my chair at that rubbish.
I'm sorry Mr Bohannon, but it doesn't work that way. When I buy $2,000 worth of PC equipment, that hard drive is my private property to do with as I wish. Just as I can remove some politician's "vote for me ... FOR THE CHILDREN!!!!" sign from my front lawn, I should be able to remove any software program from my computer. Any software which refuses to be removed is violating my property rights and the company which developed it should be sanctioned for creating it.
You also asked:
said by EGeezer:
Additionally, is the user in violation of copyright laws if he/she no longer agrees to the licensing terms even though there is no reasonable or workable removal method?
That's a tougher question that I'm reluctant to pronounce judgment on. The wild card in this equation is the DMCA, which has specific provisions against the creation and dissemination of methods and technologies that could be used to circumvent the copyright protection controls on protected works.
Most of those copyright protection measures or controls are crypto-based, and it seems to me that it would certainly be feasible for spyware vendors to protect their software installations through these kinds of methods and technologies, effectively preventing users from removing the software and making attempts to circumvent that protection illegal under the DMCA.
I'd be interested in hearing the opinions of those with a legal background on this issue, though.
Best,
Eric L. Howes |
|
 tim_kButtons, Bows, Beamer, Shadow, KaseyPremium,VIP
join:2002-02-02
Stewartstown, PA
kudos:13 | reply to eburger68
Just so the law is written where I can continue to put spy software on my own computers. |
|
1 edit | reply to eburger68
Hi All:
Evidently Declan McCullagh wasn't kidding when he wrote in his CNET article that the FTC's comments "ignited a political firestorm" at the House subcommittee hearing yesterday. See this AP article published in USA Today:
Fiery House debate probes threat posed by spyware
»www.usatoday.com/tech/news/techp···re_x.htm
Best,
Eric L. Howes |
|
1 edit | reply to eburger68
said by eburger68:
... Note that the CDT receives 44 percent of its funding from large industry groups, including many prominent online corporations. ...
CDT, as a nonprofit (501-c-03 public charity) must file a 990 form every year, which is public information, and is available at GuideStar:
»www.guidestar.org/controller/sea···d=138373 |
|
 Khaine
join:2003-03-03
Australia | reply to eburger68
Thanks eric for keeping us abreast on this issue  |
|
 CajunTekInsane CajunPremium,MVM
join:2003-08-08
Arlington, TX | reply to eburger68
Gee Eric... You want me to go blind don't ya.. All this interesting reading...
Wow... You do Great work guy!!
--
Lost in Texas |
|
1 edit | reply to Bobby_Peru
Bobby:
You wrote:
said by Bobby_Peru:
CDT, as a nonprofit (501-c-03 public charity) must file a 990 form every year, which is public information, and is available at GuideStar:
»www.guidestar.org/controller/sea···d=138373
Thanks for that information. The Form 990 you posted is interesting, however, the names of contributors are blanked out in that copy of "Schedule B: Contributors." The amounts of the contributions are shown, but the names of those responsible for the contributions are missing.
It would be interesting to see if their contributors have changed over the past few years.
Best,
Eric L. Howes |
|
|
|
| Hi Eric,
Darn! The 990 for 2000 from GoldStar is likewise contributor nameless. There must be an exemption for public charities (as opposed to Foundations), that permits _public_ non-disclosure of the names and addresses of "contributors". Might be able to correlate the totals with the figures from the Support chart on CDT's site, but it's not worth the time.
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** |
|
| reply to eburger68
Hi All:
CBS Marketwatch is carrying a most interesting story by Michael Cowden about Thursday's House subcommittee hearing, with several bits of information that I haven't seen reported anywhere else.
Key quotes
said by Michael Cowden, Medill News Service:
House Republicans and Democrats lashed out at the Federal Trade Commission at a hearing Thursday for not doing enough to protect consumers from computer spyware.
They also vowed to pass anti-spyware legislation with or without FTC support.
"I don't want anybody to be under the impression that this hearing is just a hearing and nothing's going to happen," said Rep. Joe Barton, R-Tex., chairman of the House Energy and Commerce Committee. "We are going to move heaven and earth to work on a bipartisan basis to modify the Bono bill . . . to pass the House and Senate this year."
And:
said by Michael Cowden, Medill News Service:
Barton was in no mood to split hairs.
"I'm not a computer expert, but I can count votes on my committee," he said. "And I would encourage the federal officials at the table to work with us on how to clarify the language to help you enforce the law instead of trying to defend something that is not defendable."
Of note is Barton's interest in revising the language of the Bono bill to make it a stronger, more viable piece of legislation. I also take heart at Barton's unwillingness to put up with obstructionist shilly-shallying from the industry or the FTC.
This is similar to the attitude of Stephen Urquhart of Utah House of Representatives, the sponsor of the Utah anti-spyware bill who appeared on Panel 6 of the FTC's Spyware Workshop April 19. Urquhart seemed a bit exasperated with the industry when he remarked that the Utah House had received absolutely NO useful input from the industry on the content of the Utah anti-spyware bill (despite the industry's publicly affected rhetoric of wanting to "work with" legislators). All the industry wanted to do was kill the bill.
I can't say that I was too surprised to hear that. We should be on the lookout for mentions of other U.S. Representatives and Senators who show interest in doing something on the spyware issue.
Best,
Eric L. Howes |
|
| reply to eburger68
Hi All:
Still more news about the House subcommittee hearing and the larger picture on spyware legislation in Washington:
Anti-spyware bill drawing praise, support
»www.azcentral.com/news/articles/···-ON.html
Lawmakers Vow to Pass New Law Against Spyware
»story.news.yahoo.com/news?tmpl=s···yware_dc
Lawmakers Vow Tough Spyware Laws
»www.esecurityplanet.com/trends/a···/3347941
And Mike Healan offers his own thoughts about legislation, including the SPYBLOCK bill currently moving its way through the Senate, in the latest SpywareInfo newsletter:
»www.spywareinfo.com/newsletter/a···4/30.php
Best,
Eric L. Howes |
|
SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5 Reviews:
·RoadRunner Cable
·Clearwire Wireless
| An acceptable point of the proposed Spy Block Act according to Mike Healan
"It outlaws installing software without a clear disclosure to the PC owner. It requires that an uninstaller be provided. It requires that any information gathering be disclosed. It requires disclosure that the software will display ads and how those ads will be displayed"
As I see it, one of the possibly unanticipated benefits of such legislation is that it would effectively indemnify any Spyware removal software developers (Lavasoft, Kolla etc...) from lawsuits over the removal of their software if they are not compliant with this legislation.
A shift in $ resources from the legal dept. to development can only be good.
.
--
Dave said "By the way, 4294967295 is just another way to write -1". |
|
