FTC Wants Time In The Clink For Spyware Distributors

from the and-throw-away-the-key dept

Wed, Apr 11th 2007 3:24am — Joseph Weisenthal

Despite its best intentions, the FTC has been notably impotent in its efforts at stamping out spyware. Even after they've paid fines, many spyware distributors continue to operate and thumb their nose at the the government. Since it doesn't look like fines are working, the FTC is now endorsing the idea of jail time for spyware distributors, as it hopes that the key to solving the problem is in stiffer punishments. Anyone who has had their computer overrun by spyware or had their identity stolen could be forgiven if they wanted the people behind spyware thrown in jail, but it's not clear that it's the best solution. For one thing, there's no good definition of spyware, nor is it clear what aspect of it is illegal. Most people, to use an old line, know what spyware is when they see it, but such subjective definitions don't cut it when you're talking about imprisonment. Furthermore, the FTC doesn't have a good way of tracking down spyware distributors, particularly when it comes to its most pernicious forms (aimed primarily at stealing confidential information), much of which originates outside of US borders. As is the case with spam, it's unlikely that government actions will accomplish too much in this battle. The FTC probably realizes this, and in the absence of anything effective that it can do, it at least wants to sound tough.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

dorpus, 11 Apr 2007 @ 4:01am

Packing Heat
When I parked my car at the apartment complex's mailbox tonight, a guy wanted to borrow my car's cigarette lighter to recharge his cell phone. I was confronted with a dilemma, but let him do it, he turned out to be safe.

Is it possible to infect cars with spyware by plugging into the lighter? If this had happened in California or New York, I wouldn't have let him do it -- but it's Alabama, strangers can and do make off-the-wall requests.
[ link to this | view in chronology ]
rahrens (profile), 11 Apr 2007 @ 4:29am

No
A car's computer isn't networked with the cigarette lighter. It shares the electrical system, but that doesn't get you connected to the computer, as a car's computer is a very specialized unit with specifically designed connectors that only work with the Mfr's designed diagnostic machines. They don't do ethernet or wireless, so no, you can't get a virus on your car's computer through the cigarette lighter.
[ link to this | view in chronology ]
RobbieC, 11 Apr 2007 @ 5:15am

Shoot Them
I would rather them be shot between the eyes, but would settle for jail time.
[ link to this | view in chronology ]
- James, 11 Apr 2007 @ 6:18am
  
  Re: Shoot Them
  I agree! Prison is too expensive lets line them, and the spammers, up and put a bullet in that empty space they call a brain.
  [ link to this | view in chronology ]
dourpus, 11 Apr 2007 @ 5:28am

No by rahrens on Apr 11th, 2007 @ 4:29am

Errr Rahrens - Dorpus is a regular poster here who likes getting the 1st post in on a topic and in that 1st post says something moronic.

Some call it trolling, I'm guessing just standard-run-of-the-mill mental defect.
[ link to this | view in chronology ]
Steve R. (profile), 11 Apr 2007 @ 5:42am

Regretfully, one of the things "wrong" with our country, that results in a lot of no-action babble is: "For one thing, there's no good definition of spyware, nor is it clear what aspect of it is illegal. " To borrow a pet phrase "Analysis Paralysis". I think that there are several clear tests that can be imposed that would serve as clear proof that something is spyware or other forms of garbage. My comments actually go beyond spyware itself. One is the requirement that all programs that phone home inform/allow the user to control its operation. Eliminate the requirement that the user must opt-out, instead offer the user the opportunity to opt-in, marketers do NOT have a right to send you anything. Require that the user have the ability to easly remove any program.

To a degree we don't have to "define" what is or is not spyware or other type of offensive program. All we need to do is define certain rights for the computer owner. If those rights are violated the assets of the offender are seized.

[ link to this | view in chronology ]
- Anonymous Coward, 11 Apr 2007 @ 6:35am
  
  Re:
  While the tests you mention sound good in theory they fail in actual execution. Based on those tests the Window's operating system would be classified as spyware. While there are many that would be willing to debate that it's true it does illustrate how even tests that appear to be clear and well defined end up including a lot of unintended things. Another example are the active web pages, those that use such things as AJAX. They "call home" and allow "tracking" and user's aren't "asked" whether they want to do this and many don't even know that it is happening, which runs into problems with the opt-in vs opt-out. So under the example rules a lot of web content (hotmail, yahoo mail, gmail to name a very few) would be classified as spyware. Based on how well our government is at clearly defining such tests and then reacting when it's discovered that there's a problem I for one don't want them governing this, especially when it involves loss of freedom. They've managed to mess things up enough as it is.
  [ link to this | view in chronology ]
Adam, 11 Apr 2007 @ 6:12am

Yeah, let's waste more taxpayers money to keep the scum in jail. Bad idea. Work camps would be a lot better, 5 years of 10/6 work in mines would do the trick IMHO. A.
[ link to this | view in chronology ]
Kyles Mom, 11 Apr 2007 @ 6:31am

Its the users fault for not reading EULA on installing software. This is like lazy parents who cant watch thier kids.

Trojan droppers and such that result in spyware through exploits from malicious web programming without using a EULA is a different story.

So it is a tough one. Just stop looking at porn and go buy a girls gone wild dvd.
[ link to this | view in chronology ]
- drjones, 11 Apr 2007 @ 6:48am
  
  Re:
  I think its hardly fair to make the assertion that users should read their EULA's, and would even be able to comprehend them if they did. There is nothing ethical what-so-ever about a typical EULA.
  
  Most are so obfuscated with overly complex legal-speak and jargon as to make them unreadable to anyone without a law degree, anyhow.
  [ link to this | view in chronology ]
Anonymous Coward, 11 Apr 2007 @ 6:54am

i hope this includes stuff like ms collecting your info when u update, but i imagine it wont affect corporate spyware, those companies the infect your computer when u install or update the compnents (as mentioned earlier) but i imagine they are talking about spyware that isnt under the corporate logo

i wish they would just leave the net unregulated and allow us to protect ourselves, but remember when massachusetts wanted to outlaw firewalls because they might mask an indentity? they will botch this one too
[ link to this | view in chronology ]
Fred Flint, 11 Apr 2007 @ 7:12am

It'll Never Happen...
... because by any definition of spyware, you'd have to include Microsoft Windows, starting with XP and especially, especially the new Vista. Then there's Hewlett Packard, Dell, even keyboard makers, etc. etc.

All of them spy on you, they don't ask permission and it's damned difficult and sometimes near impossible to get them out of your computer. In the case of Windows, it is impossible to stop them.

Bill Gates won't be going to jail...
[ link to this | view in chronology ]
Billy, 11 Apr 2007 @ 7:27am

The Can-Spam act already makes it a federal felony to spam more than 20,000 unsolicited messages a week. This is punishable with BOTH jail time and a fine. It's already been used several times to send people to jail.

How is spyware any different than spam? Ethically, they are both in the same category.

Let's make it real easy. Make the law read "....software that is installed without the users knowledge or direct authentication shall be ILLEGAL"

Granted this will make writing EULAs a little more difficult, but only to that special group of jerks that want to sneak "Bonsi Buddy" onto your machine.

You'd figure it's been long enough that people will realize that spam mail, pop up ads, and banner ads are possibly the WORST form of advertisement there are.

You get out what you put in. Spam mail advertising couldn't be more simple. So guess how effective it is? That's right, it actually hurts your product sales, not increases them.
[ link to this | view in chronology ]
hi, 11 Apr 2007 @ 7:45am

my name is
weeeeeeeeeeeeeeeeeeeeiner
[ link to this | view in chronology ]
Wolfger, 11 Apr 2007 @ 8:14am

I think the definition is simple
Spyware: Any software which transmits data about the computer user without his knowledge and consent.

This would stop anything that transmits passwords, web browsing information, credit card info, name, address, phone number... but legitimate software with a real need to transmit this stuff could still do so by way of a pop-up box informing the user of what is to be transmitted, and requesting permission. The important thing would be to make it illegal to bury this "information and approval" in a EULA that 99% of people do not completely read.

In fact, let's just make EULAs illegal, while we're at it. :-)
[ link to this | view in chronology ]
Brilliant Idea, 11 Apr 2007 @ 9:14am

Suggestion
Maybe the FTC should invest in some spyware-sniffing wonderdogs. I'm sure the MPAA could help them get a great deal on a pair.
[ link to this | view in chronology ]
Dumd, 11 Apr 2007 @ 10:12am

Stupid
Throug there asses in the brig.
[ link to this | view in chronology ]