We take a moment to speak with the Center for Democracy and Technology about their recent anti-spyware report and subsequent public feedback request. Their report, "Ghosts in our Machines", examines the problems in properly identifying, and then drafting legislation to eliminate spyware. The CDT has turned to the public to accumulate user experiences with intrusive software; users can offer their own experiences with spyware, adware, or snoopware here at the CDT website. We spoke briefly with CDT Associate Director Alan Davidson about the organization's anti-spyware campaign.

BBR: Can you briefly outline what kind of responses you've received so far to your request for public feedback?

Davidson: We've been gratified by the responses from the public so far. Besides some very good coverage by the press and good general feedback, as of Friday morning we'd received dozens of detailed responses to our call for real-life stories about spyware problems.

BBR: Will these responses be made public?

Davidson: Only if we get the permission of those who sent them in. We ask people on the site to choose one of:

"I prefer to remain anonymous."

"I would like to submit the story to CDT with my contact information so that CDT can contact me and follow up with more questions on the story if necessary, but do not disclose my identity to anyone else."

"I would like to submit the story to CDT with my contact information so that CDT can follow up with more questions and/or submit my name publicly to the Federal Trade Commission as a consumer who had trouble with this software. Hope to follow-up and use the most egregious examples as the basis for further work."

The default is set to anonymous - a good privacy best practice!

BBR: What will be done with the responses once collected? Will the FTC simply be given the collection with some suggestions for legislative improvements, or does the CDT intend a broader campaign?

Davidson: Our hope is, where people give us permission, to use the most egregious examples as the basis for a filing with the FTC. But beyond that we expect to use the information we collect as the basis for further research on where real spyware problems lie, including producing a follow-up report.

BBR: Gator corporation recently sued the PCPitstop website for referring to their Gator wallet product as spyware (see previous BBR report). Is this a common occurrence, and do you expect this to be an increasingly common response from companies as the dubious nature of their products is explored?

Davidson: I don't know if this is a common occurrence, but it is an unfortunate one. Whether products are called spyware or snoopware or adware, they still have the capabilities that they have - and many are a cause for consumer concern. While I can't comment on the specifics of the Gator litigation, in general we believe that suing people to stop discussion of the issues is unlikely to resolve the real consumer issues raised, or to increase the reputation of these companies.

BBR: Is there an increase in peer to peer spy/adware applications such as altnet?

Davidson: I don't know about an increase, our impression is that the applications have existed at a large scale for some time. If anything, I believe some of the larger file-sharing companies are trying to clean up their act a bit - or at least make their actual practices clearer - in the face of consumer reactions. We hope our report can help in this regard.

BBR: What would the "perfect" legislation ask of companies who offer intrusive products?

Davidson: Targeted legislation might start with conspicuous notice for consumers about adware, snoopware, and other spyware capabilities, and meaningful choices about whether to accept those capabilities (including the ability to uninstall software easily.) But we are keenly aware that overly broad or invasive legislation in this area could chill legitimate applications, and we are always concerned about regulating software, so we are also wary of imperfect legislation.

BBR: Other than legislation, which wouldn't defeat the problem single-handedly (and wouldn't affect many companies world-wide) what else does the CDT believe can be done?

Davidson: Tons more user education is needed - good consumer information about what applications might do is the best first line of defense. People need to ask hard questions before installing software on their computers. We also believe companies can do a much better job developing best practices about notice, uninstalls, default settings, and general practices. The more "legit" applications will do so and will ultimately survive best in the marketplace.

BBR: Many ISP's seem to have a conflict of interest. Marketing relationships with companies that utilize spyware, and often their own intrusive programs buried in installation CD's to gather consumer data - Yet they also must serve customer's quality and security concerns. Have you received any support from ISP's in your push against spyware?

Davidson: Not specifically, but we believe that ISPs just like other large application and service providers are ultimately best-served by building trust with their customers - and so should be very concerned about providing users with notice and control over adware, snoopware, and other spyware.

BBR: What can Broadband Reports readers do to assist the CDT's efforts?

Davidson: Send us your stories, talk to your elected representatives, and be savvy users who demand good spyware practices before downloading software!