Spyware Legislation To Take Effect Jan. 1 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Spyware Legislation To Take Effect Jan. 1

Some experts doubt whether the California law will have much impact on illegal spyware activity.

A new California law aimed at curbing spyware, software applications that surreptitiously collect the keystrokes, passwords, and credit-card numbers of Internet users, will go into effect Jan. 1.

The law, dubbed the Consumer Protection Against Spyware Act, was signed last week by Calif. Gov. Arnold Schwarzenegger. It outlaws software that secretly steals personal information, such as user names and passwords, sends viruses, or takes control of infected systems as part of a distributed denial-of-service attack. The law also requires software companies and Web sites to inform users if their software or sites will install spyware and disclose what the spyware will do and what information it will collect. California consumers who believe they've been the victim of illegal activity under the law can seek attorney's fees and damages of $1,000 for each violation.

Spyware is a growing concern among consumers and businesses. Spyware has been loosely defined as everything from hacker tools such as Trojan horses and keystroke loggers to programs that track what Web sites consumers visit and what search terms they use. That information is used by online marketers for such purposes as generating pop-up advertisements.

On Monday, Internet service provider EarthLink Inc. and anti-spyware and system-utility software maker Webroot Software Inc., published their SpyAudit Report, which showed a decrease in the spyware-infected systems they monitor. The companies scanned more than 1.1 million PCs for the period of July through September and found a decrease in the instances of adware and adware cookies, as well as a decrease in the number of system monitors and Trojan horse applications on Internet surfers' systems.

Still, for the third quarter, the two companies found an average of 25 spyware-related applications running on each system, compared with an average of 26.5 for the period of January through March of 2004.

Security experts say the decline could be due, in part, to increased awareness of spyware and adware infections and the increasing number of software tools available to fight the threat. Throughout the year more antivirus vendors, including Symantec Corp. and McAfee Inc., have been adding some level of spyware and adware detection and removal tools to their software.

Bruce Hughes, director of malicious code research for ICSA Labs, which tests and certifies IT security products and is a division of TruSecure Corp., doesn't believe instances of spyware infections are on the decline. "I believe the bad guys are still winning and coming up with new ways to get their software on user's PC's," he says.

Hughes blames the lack of quality, automated, anti-spyware tools for much of the trouble people have ridding their systems of these applications. "Many of the solutions today only clean the main components [of spyware], leaving many things behind."

Legal experts often cite the difficulty in crafting anti-spyware laws, saying such laws, if not drafted properly, could affect legitimate applications such as anti-virus software or other software applications that scan a users system without the user's consent.

"This law provides a relatively reasonable and measured response to a growing program because it focuses on deceptive and fraudulent intent," says Mark Rasch, the former head of the U.S. Department of Justice's computer crimes unit and currently a senior VP and head of cyberlaw at the managed security services firm Solutionary Inc., who had been critical of earlier legislative attempts to make spyware illegal.

Legal problems could still arise from the law, Rasch says. For instance, he's surprised there's no legal exception for law enforcement to install surveillance applications. Rasch says it's legal for investigators, with a court's permission, to trick a user into downloading a keystroke logger for an investigation. "It could be argued that court authorization would over-rule this statute, but I'm not so sure," Rasch says.

Others aren't as convinced the law will have much impact on illegal activity. Marne Gordan, director of regulatory affairs for TruSecure, doesn't believe anti-spyware laws will have much impact on spyware activity. "We currently have laws against phishing, spamming, and hacking, but realistically, this kind of activity happens all the time," Gordan says.

However, the number of companies that use spyware to legitimately collect marketing and demographic data could drop because they're more easily tracked. "Typically, less-than-reputable companies use this software to drive pop-up ad campaigns or generate spam ads, based on user profiles developed from analysis of the keystrokes and surfing patterns collected by the spyware. Consumers find it intrusive and generally hate it, and this legislation may have some impact on those organizations that use it to target consumers for advertising, at least in the beginning," Gordan says.

Despite doubts about the effectiveness of anti-spyware laws, more are on the way. The Spy Block Act, now pending in the U.S. Senate, would require a consumer's consent before spyware is installed, make it mandatory that spyware applications be easy to uninstall, and require that consumers be given details about what the spyware software would do and collect.

Various states as well as the U.S. House of Representatives have similar anti-spyware legislation under consideration.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll