Spyware legislation needs more work, according to experts

A bill before the U.S. Senate targeted at spyware needs some fine-tuning, with part of it seemingly allowing broadband providers and computer software and hardware vendors to scan users’ computers without authorization, a couple of spyware experts said.

The Counter Spy Act, introduced last June, would allow broadband providers, computer hardware and software vendors, financial institutions and other businesses to detect and prevent the unauthorized use of software for fraudulent or other illegal activities, said Arthur Butler, a lawyer for advocacy group Americans for Fair Electronic Commerce Transactions. The bill says it would not prevent such scans.

“We think this language is overly broad and could protect activities which could be harmful to computer users,” Butler told the Senate Commerce, Science and Transportation Committee. “It would, in effect, allow a software vendor to truly monitor everything that’s on a user’s computer, essentially setting [vendors] up as an ad hoc police force.”

Another portion of the same section of the bill, aimed at limiting antispyware software vendors and other tech companies from legal liability, would protect antispyware vendors and ISPs (Internet service providers) from legal liability when they protect users from “objectionable content.” But without some accountability for antispyware vendors and ISPs, Web sites could have little recourse to refute being labeled as objectionable content, said Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association (DMA).

Some legitimate DMA members have been targeted by antispyware vendors, and in some cases, the two sides have been able to work out a compromise, he said. But in other cases, the software vendors haven’t responded to concerns, and the bill could make it harder to work out issues, Cerasale said.

“‘Objectionable software’ is a subjective term, and we can disagree on it,” Cerasale said.

However, witnesses at the hearing praised the general direction of the bill. The legislation, sponsored by Senator Mark Pryor, an Arkansas Democrat, could allow the U.S. Federal Trade Commission to seek additional civil penalties against spyware distributors, and it defines several activities as illegal, including creating zombie computers, hijacking Internet access, launching denial-of-service attacks and delivering endless loops of pop-up ads.

The U.S. House of Representatives passed two antispyware bills in 2007, but the Senate has failed to act on spyware legislation during this session.

“Spyware and harmful adware are a critical threat to our online security and privacy,” said Vincent Weafer, vice president of security response at Symantec. “It is wrong, and it must be stopped.”

But Weafer and other witnesses also urged senators to stay away from getting too specific about what constitutes spyware. The bill doesn’t specifically target programs that collect computer users’ Web surfing histories, but some people may consider that a form of spyware, said Benjamin Edelman, a professor at Harvard Business School who studies spyware.

“Practices change quickly, and at our peril do we make a list of practices that ought to be prohibited because, the next day, there will be more practices that we didn’t think of,” Edelman said.

Related content:

German spyware plan fuels debate

Watching the detectives: FBI owns up to spyware

Chinese hackers infect German government with spyware

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now