how-to block ads
|
|
Uniqs:
1181 |
Share Topic
 |
 |
|
|
|
Reviews:
 ·Verizon Online DSL
| Tired of being hijacked? TELL the FTC! »www.ftc.gov/opa/2004/02/spyware.htm
For Release: February 18, 2004
FTC To Host Spyware Workshop
The Federal Trade Commission will host a public workshop, “Monitoring Software on
Your PC: Spyware, Adware, and Other Software,” on April 19, 2004, from 8:30 a.m.
until 5:30 p.m. The workshop will explore issues associated with the distribution and
effects of software that is loaded on personal computers without users’ consent and that
gathers and sends information about users to third parties or that adversely affects the
computers’ functioning. A Federal Register Notice describing the workshop in more
detail will be published shortly. The workshop, which will be held at the FTC’s
Conference Center at 601 New Jersey Avenue, N.W., Washington, D.C., will be open
to the public.
--
Kevin McAleavey support@nsclean.comhttp://www.nsclean.com/ | |
| Thanks for the heads-up Kevin.
quote:
Interested parties can submit written comments, including studies, surveys, research, and empirical data to Federal Trade Commission - Office of the Secretary, Room 159-H, 600 Pennsylvania Avenue N.W., Washington, D.C. 20580. Comments and envelopes should be marked “Spyware Workshop - Comment, P044509". Interested parties also are encouraged to submit written comments to the following e-mail box: spywareworkshop2004@ftc.gov.
Persons seeking to participate as panelists in the workshop must notify the FTC in writing of their interest in participating and describe their expertise in or knowledge of the issues.
Wonder if any AntiNastieware folks will be submitting and/or attending, especially those with knowledge of the true "cost" of this crap. | |
| reply to K McAleavey
I wonder what the true cost of spyware is when you consider lost productivity, computer repair costs when a user's machine is "acting funny", etc.
I can only imagine how big of a problem is for the average computer user who is using IE, clicking yes when a activex warning appears, while they are downloading stuff on Kazaa  | |
1 edit | reply to K McAleavey
Kevin:
Thanks for posting this notice. Having looked over the FTC's announcement, I must say that there are a few things things that I find worrisome.
Here's the short agenda provided by the FTC:
said by FTC:
* Defining and Understanding Spyware, including a discussion of how spyware may differ from adware;
* Distribution of Spyware, including the role that peer-to-peer file-sharing may play;
* The Effects of Spyware, including the extent to which spyware affects the functioning of personal computers and raises privacy or security concerns; and
* Possible Responses to Spyware Concerns, including a discussion of what consumers, government, and industry have been doing and intend to do, by themselves or together, to address the harms associated with spyware.
It's the first two points that concern me. Certainly it's legitimate and appropriate to attempt to distinguish between the various different types of unwanted software out there. And certainly it is true that P2P file sharing software such as KaZaA have been vehicles for the distribution of "spyware."
When those two points lead off an agenda to discuss a topic that ought be be primarily about protecting citizens and consumers, though, I have to suspect that the FTC's friendliness towards commercial interests is playing a role here. What we may have here is an attempt to shape and determine the discussion in advance so that: 1) commercial interests of marketers and advertisers are protected, just as they were with the recent CAN-SPAM legislation; and 2) the RIAA is given yet another platform to weigh in against P2P networks.
Point 1 (adware vs. spyware) is especially worrisome, as that distinction is taken directly from the playbook marketing and advertising outfits like Claria (nee Gator).
Keep in mind that the marketing and advertising industry recently faced two bills:
1) the Do Not Call bill, which was a disaster for the telemarketing industry and which actually has helped to protect citizens and consumers from unwanted commercial intrusions on their lives;
2) the CAN-SPAM act, which was effectively co-opted by the direct marketing industry to such an extent that the direct marketing industry actually CELEBRATED the passage of that bill; to no one's surprise, the CAN SPAM act has done little to nothing to stop the flood of spam into citizens' and consumers' inboxes.
The commercial "crapware" industry knows that it has a potential problem -- namely, that most folks absolutely deplore their main product. Their job now is to either head off legislation that might actually give people strong protection from their intrusive marketing or, if legislation seems inevitable, to shape and co-opt that legislation so that it actually serves their interests.
The CAN SPAM act offers a classic model for co-opting legislation so that it actually protects and advances the interests of the very parties the legislation is supposed to be regulating. The marketing and advertising industry effectively used that bill as a means for legitimizing their activities and also, perhaps more importantly, using government regulation to drive out competitors.
That last point needs a bit of explanation. The direct marketing industry had opposed for years any and all spam legislation on the grounds that it violated the free speech rights of advertisers. Those free speech concerns went out the window, however, when it became clear that the flood of spam was actually working against the interests of "mainstream" direct marketers. Not only was there too much competition for the eyeballs of consumers, but the anti-spam solutions built by private entities (software, black lists, et al) were threatening their spam as well. Moreover, consumer anger against spam threatened to "poison the well" for marketers of all types.
So they worked with Congress to craft legislation that would protect their own spam while setting standards for unsolicited bulk commercial email (i.e., spam) that might drive out the more unscrupulous interests who threatened the viability of email as a direct marketing tool. In other words, the CAN SPAM is less about protecting YOU from spam than it is about protecting a certain class of direct marketers by using government legislation to drive out potential competitors.
One of the key ways they did that was to insist over and again on the distinction between "legitimate" spam (sent by them) and illegitimate scam spam (sent by their unscrupulous competitors). Does this pattern or distinction sound familiar? It should. It's a model for what the commercial "crapware" industry is now starting to do. In fact, they've already started using that line against those who provide anti-crapware information and tools to internet users: Gator sued PC Pitstop over just this distinction.
What's the distinction between "adware" and "spyware"? One thing: a EULA (End User License Agreement). The commercial crapware industry insists that the minute it puts a EULA in front of users (never mind the fact that most of them are 500-1500 word monstrosities that only a practicing attorney could make sense of), their unwanted applications cannot be classed as "spyware" (or whatever other abusive term is being used to describe them) because the user has "elected" to install their software. What's important to understand is that the commercial crapware industry has started to use this distinction not only to paint a veneer of legitimacy over what they do (and we ought to keep in mind that their business models are predicated on exploiting people's ignorance about their computers and the internet), but to wield it as a weapon against its critics. That's why the first point on the FTC's agenda worries me.
To summarize briefly, the commercial crapware industry faces many of the same problems as the spam industry (too much competition, the growth of anti-crapware tools, and a "poisoned well" of pissed off internet users). That industry now also faces federal scrutiny and, potentially, regulation. It ought to surprise no one that the industry would try to steal a page from the spam industry's playbook. It worked for the spam industry; it can also work for the crapware industry.
If you were wondering whether representatives from the commercial crapware industry will be at this "workshop," you better believe they'll be there. And they'll be working to frame the debate so that the FTC protects their interests and not yours. Unfortunately, it appears that the FTC may already be bending in their direction.
Those who are concerned about the commercial crapware industry need to insist that the workshop be used to protect the interests of consumers, not the interests of commercial crapware pushers. To do that, they should anticipate that the commercial crapware industry will be pushing the following dubious propositions:
1) The worst abuses of "spyware" are committed by a small number of unscrupulous entities whose software truly is "spyware," while the software offered by the larger players (Gator being a prime example) is "adware" and not malicious;
2) "Adware" is not malicious in any way because internet users are offered "choice" and "disclosure" in the form of EULAs;
3) The FTC should commit itself to preserving consumer choice and a healthy free market for commercial advertising, products, and services;
4) The software industry already offers consumers a wealth of tools to deal with unwanted software; moreover, the industry leaders among "adware" vendors already offer uninstallation tools;
5) The best policy for the FTC to follow is "self-regulation," where industry players strive to follow a set of "best practices" to protect consumers with a minimum of intrusion into the market from the government;
6) "Self-regulation" should be supplemented by consumer education; "self-regulation" has worked in other areas of privacy (witness P3P compact policies, IE 6's privacy features, and privacy seal programs such as Truste); once consumers are properly educated, the "spyware" problem will solve itself.
7) If legislation will be adopted, it should distinguish between legitimate "adware" and truly malicious "spyware."
There will be variations on the above themes, but that is essentially the line they will push. Anyone who is familiar with what has been happening on the "spyware" front will already recognize the many problems with this line. Those who are interested in writing to the FTC or participating in this workshop should be well aware of these propositions and be prepared to answer them point by point.
Apologies for the long post. I would expand on this by responding to the seven propositions listed above myself, but that would make this post into a small book. I would be interested in hearing what others think of this workshop and its potential for being used to make the FTC recognize the problem that consumers and citizens now face with the explosion of commercial crapware on the internet.
Best,
Eric L. Howes | | |
|
3 edits | reply to K McAleavey
Hi All:
One quick followup to my previous post. There have already been a few bills introduced in Congress to address the "spyware" problem. They didn't go anywhere, but coupled with the FTC workshop, that could mean that we're at the start of a Federal discussion of the "spyware" problem, which until now has received almost no attention.
What are the potential outcomes of that process? There are three broad outcomes, so far as I can see:
1) Nothing gets done
The FTC wrings its hands over the problem but eventually agrees with the commercial crapware industry that government regulation is a bad thing; that the industry "self-regulation" is much more effective and even preferable; that consumers are being offered "choice" in the form of EULAs, commercial anti-spyware applications, browsers settings, and vendor provided uninstallers; that consumer education is all that is needed from the FTC for the "spyware" problem to solve itself. Everyone involved will give themselves a pat on the back for protecting consumer choice, respecting the beauty of the market, for committing themselves to self-regulation and consumer education, and then they will go home, having done absolutely nothing.
2) A CAN SPYWARE Act
The FTC works with the commercial crapware industry to craft legislation for Congressional adoption. This legislation will distinguish between "spyware" and "adware" by imposing a minimal set of requirements for software installation (a EULA for example). This minimal set of requirements will not stop the usual suspects from doing what they're already doing, but it will allow the industry to proclaim that their software conforms to strict government regulatory standards. It will also allow the FTC to prosecute a small number of the more unscrupulous "spyware" pushers, thus giving the larger players protection from unwanted competition.
3) Real "Spyware" Regulation
The FTC actually responds to consumer outrage (as it did with the Do Not Call legislation) and, to the horror of the commercial crapware industry, pushes Congress to adopt legislation that would place real restrictions on the abusive tactics of the commercial crapware industry.
Outcomes #1 and #2 are the preferred outcomes for the commercial crapware industry. Outcome #3 would be a disaster.
Outcome #2 does have one potential "worst case scenario" variant for those concerned with "spyware." In this variant, the FTC pushes for legislation that not only enshrines the "adware" vs. "spyware" distinction in law, but uses that distinction to give the commercial crapware industry relief from anti-spyware applications that target their programs for detection and removal. In other words, after establishing the distinction between "adware" and "spyware" and setting some minimal standards for vendors to make their applications "adware," this legislation would prohibit the unauthorized uninstallation of programs that meet the requirements for "adware." This clause would be surrounded by all kinds of language about "unauthorized" computer use (hacking), the enforcement of contracts (i.e., EULAs), and perhaps even the protection of intellectual property.
The result, though, would be a disaster for anti-spyware vendors. "Crapware" pushers would effectively be granted federal protection once they stuck a EULA of some sort in front of users. It would ILLEGAL to create or distribute software that uninstalled "adware" or that uninstalled software in contravention of the EULA that accompanied it (many EULAs now prohibit the use of 3rd party tools for uninstallation).
One last observation: if you'd like to get the flavor of what the commercial crapware industry will be serving up in Washington come April 19 (the date of the FTC's workshop), then peruse the following "ONLINE ADVERTISING 'RULES OF ENGAGEMENT'" offered up some time ago by Gator/Claria:
»www.claria.com/companyinfo/press···502.html
I might add that you need "rules of engagement" only when you've declared war on hapless enemies who have no real means of defending themselves.
Best,
Eric L. Howes | |
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX | reply to K McAleavey
As far as I'm concerned, the crapware vendors can go fsck
themselves. I'll use any and all means at my disposal to
remove or better yet prevent their garbage from getting on
my machine. I see nothing wrong with using third party
uninstallation tools to remove their junk, regardless of
what the EULA says. And if got onto my system by deceptive
means (poorly worded EULAs, bundled with other products but
not informed of such bundling, or drive by downloads), then
the entire EULA is null and void IMO. And this goes for
using products like Spyblocker or a hosts file to prevent
such spyware from transmitting information. I understand the
questionable legality of using bundled adware with the
advertising and tracking components disabled, removed, or
prevented from phoning home: if I found out that software
I was installing had bundled adware, it would be removed
as well.
As for the FTC conference, it may very well go a lot like
the spam conference held last year - after all, crapware
vendors are about as low as spammers, and just about as
hated.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors. | |
nonymousPremium
join:2003-09-08
Glendale, AZ Reviews:
 ·Callcentric
| reply to K McAleavey
The FTC should make it illegal for a program to detect or delete adware. It would be stopping the perfectly good right of a company to advertise. I mean it interferes with perfectly healthy American business.  | |
|
