Court Rules That Anti-Spyware Companies Can Call Spyware Spyware

from the what's-in-a-name dept

Thu, Aug 30th 2007 2:03am — Mike Masnick

All too often, we've seen cases where security software firms were sued for calling some piece of software "spyware" or "adware." In fact, Microsoft even wanted to make sure that new anti-spyware legislation would make it clear that there's nothing wrong with calling spyware "spyware." However, in the latest ruling on one of these cases (in which Zango sued Kaspersky), the ruling makes it clear we already have such a law on the books. The judge dismissed the lawsuit, noting that security firms have every right to label software as they see fit, citing part of section 230 of the Communications Decency Act.

We often point to section 230, because it protects service providers from liability for the actions of the service providers' users. However, this is referring to a different part of section 230, which says that no service provider is liable for a good faith attempt to restrict access to something it deems objectionable. The court felt that the security company was a service provider, and that since it believed Zango was objectionable, then it has every right to try to restrict it. The court makes a second very important point. Zango complains that its software is not objectionable, and therefore the security providers cannot block it as objectionable. However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: adware, cda, section 230, spyware
Companies: kaspersky, zango

25 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

A. L. Flanagan, 30 Aug 2007 @ 3:14am

The law
Funny they had to cite the CDA instead of common damn sense. But that's the law for you.
[ link to this | view in chronology ]
- David, 30 Aug 2007 @ 3:47pm
  
  Re: The law
  Yea but there's the thing, This sets a precedent now, so now any of the other spyware, spam and just plain pop-up-ad providers just got a swift kick in the pants per the CDA.
  
  Good job for the law for a chance.
  [ link to this | view in chronology ]
Phil, 30 Aug 2007 @ 3:33am

The flip side (there is one - I'm it)
I make an accessiblity/assistive tool which enables those with barriers to literacy (such as blind users) to access web content anywhere. One of our methods of implimentation is a small footprint toolbar. This toolbar was flagged as 'spyware' by AVAST. I flagged their false positive. No response. Again, no response. Went to their forum and got advice on how to remove the issue, no joy... What am I supposed to do at this point other than sue? While data is pasted to us, we don't hide this (spies don't announce their intentions), and the data passed is passed so as to enable better, free acess to those users.

So... what should we do?
[ link to this | view in chronology ]
- DarkMantle, 30 Aug 2007 @ 4:21am
  
  Re: The flip side (there is one - I'm it)
  Tell your users that the program is not compatible with AVAST Antivirus. Recommend other ones for them to use. If need be make the installer check for AVAST before installing to tell people the two programs are not compatible.
  [ link to this | view in chronology ]
  - Smartypants, 30 Aug 2007 @ 5:31am
    
    Re: The flip side (there is one - I'm it)
    Most defensive apps I've seen give one the option to specifically exclude elements. Granted, it would only work on computers under the user's control, but no need to pitch Avast - just tell it to exclude this product from its detection.
    
    I've been around that block with both Kaspersky and Spybot Search & Destroy - excellent products, but both have occasionally turned up a false positive. It's just one of the costs of running defensive software.
    [ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2007 @ 5:59am
  
  Re: The flip side (there is one - I'm it)
  You could try writing better software.
  
  If your toolbar is being flagged as adware, it's because it's triggering "adware-like" qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don't get flagged as spyware.
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Aug 2007 @ 6:15am
    
    Re: Re: The flip side (there is one - I'm it)
    "You could try writing better software.
    
    If your toolbar is being flagged as adware, it's because it's triggering "adware-like" qualities in AVAST. Rather than blaming AVAST for calling your software spyware, spend more time making your software not like spyware. There are plenty off applications that utilize toolbars and plugins that don't get flagged as spyware."
    
    What he was saying, and correct me if I'm wrong Phil, is that he did try to contact them to have the flags removed, and to find out what his software was doing to warrant a red flag so that he could correct the behavior.
    
    Unfortunately I have had the same issues with Norton and F-Prot years ago when I was developing software and they thought it was a virus. It was a screen capture application for monitoring telemarketing agents. Unfortunately the methods I used were tied to methods used by apps like VNC and back orafice. These apps are considered to be virii and are removed by most AV products. So I had to redevelope my apps because none of the AV vendors would talk to me unless I hired the highest priced lawyer in town to flex my legal muscle. And that was not going to happen. I didn't need the negative publicity.
    [ link to this | view in chronology ]
- David B, 30 Aug 2007 @ 9:13am
  
  Re: The flip side (there is one - I'm it)
  If AVAST has many false positives people won't use it and it will fail to survive. People can elect to use AVAST and/or your software or neither. In addition, it is your job to inform users of your software that that AV programs (especially AVAST) maybe list your program as spyware because of the way your program works. I have seen many vendors do, as well as telling users to turn off AV before installing your app.
  [ link to this | view in chronology ]
- Aaron, 30 Aug 2007 @ 10:33am
  
  Re: The flip side (there is one - I'm it)
  Oh yes- you MUST sue!!! There can't be any other avenue. Sue and sue well. Sue and sue hard. Don't forget to claim emotional suffering and punitive damages.
  
  If anyone has a problem, or they don't like an answer, they sue.
  
  We are not children..STFU and stop complaining!
  [ link to this | view in chronology ]
hilary Mountjoy, 30 Aug 2007 @ 4:16am

Competitors
Just wait until some unscrupulous Adware provider starts labelling its competitors as spyware.... that'll be interesting!
[ link to this | view in chronology ]
- Bill Pytlovany, 30 Aug 2007 @ 6:02am
  
  Re: Competitors
  You don't have to wait...
  Norton already claims program like WinPatrol, Spybot and others need to be removed.
  
  http://billpstudios.blogspot.com/2006/10/nav-2007-application-detection-error.html
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Aug 2007 @ 11:50am
    
    Re: Re: Competitors
    Norton is a crapy bloated program that must be removed at first chance and replaced with some thing like AVG
    [ link to this | view in chronology ]
Killer_Tofu (profile), 30 Aug 2007 @ 6:06am

A Thought
Doesn't this mean that everybody's ISPs could just start blocking sites they don't like (like YouTube because it eats up their bandwidth, and I know that'd be stupid of them, but it is just an example) and they can just say that they find it objectionable?
Anyone care to delve into this further over whether the fear is well based or not?
[ link to this | view in chronology ]
Anonymous Coward, 30 Aug 2007 @ 6:17am

Surely Microsoft would find the term "Linux" objectionable wouldn't it?
[ link to this | view in chronology ]
chris (profile), 30 Aug 2007 @ 6:21am

devil's advocate
i think the spyware decision was a good one, but what about potential abuses of "good faith"?

so, if google, as a service provider, decides that companies that have not paid for placement are deemed "questionable" then they can restrict access to sites that have not paid?

what sort of restrictions are considered legal and what sort is not? is a warning window ("google has deemed this site questionable, click ok to continue") considered "good faith"? what about redirecting a surfer to the site of a paid competitor? can google start redirecting searches for gateway computers to dell's website? at what point is that not considered to be "good faith"?

i don't think google would do something that stupid, but that doesn't mean that someone else won't.
[ link to this | view in chronology ]
MTK, 30 Aug 2007 @ 6:57am

Not good
"However, the court points out that the statute clearly says that it's for what the service provider finds objectionable. In other words, the content in question need not be "objectionable" at all -- it only matters what the service provider feels about it. This is a pretty strong endorsement for the idea that security companies absolutely can call software whatever they feel is appropriate." Doesn't this give the Security companies carte-blanche to call any software anything they want, irrespective of its function? Hell, Security software companies could even tell others, "pay up or get blocked". Far out I know, but could happen in some form. Anyway, just my two cents.
[ link to this | view in chronology ]
Kevin Laing, 30 Aug 2007 @ 6:58am

That's Rediculous
"no service provider is liable for a good faith attempt to restrict access to something it deems objectionable."

In this case, the anti-spyware company is using software, to restrict access to another piece of software citing objectionability as the cause.

Is this not parallel to certain software companies restricting access to software,say on an iphone, that locks a mobile device specific carrier? Perhaps theres a loophole here that makes it okay to pirate DVD's, unlock hardware or circumvent any control mechanism imposed by a company that is deemed objectionable?

Thoughts?
[ link to this | view in chronology ]
D, 30 Aug 2007 @ 7:02am

Turns out
If you're not a moron, you don't need 10 programs to remove spyware/viruses/etc. I run only behind my firewall (router and windows built in), don't leave sensitive information on my computer just in case, and reformat every 6 months for optimal performance. Relying on others due to self-incompetence isn't something I'm a fan of.
[ link to this | view in chronology ]
- Smartypants, 30 Aug 2007 @ 9:15am
  
  Re: Turns out
  D,
  You shouldn't have to have a degree in IT or center your life around your computer in order to use one. Yes, your setup works with careful attention, education and no risk-taking. It's not what I'd recommend for the average user.
  
  And no, I don't think the average user is a "moron". Many are ignorant; most aren't stupid.
  [ link to this | view in chronology ]
  - D, 30 Aug 2007 @ 11:56am
    
    Re: Re: Turns out
    I don't have an IT degree nor do I center my life around my comp. What careful attention do I have to pay? Don't open something if you don't know what it is or trust who it's from. That's the only precaution I take. You also have to recall that the average person is an idiot.
    [ link to this | view in chronology ]
Jamie M., 30 Aug 2007 @ 12:29pm

I can't wait until you are infected by a vulerability in your "Windows" Internet Explorer that allows your system to get infected automatically by just mis-spelling a URL. No need to click or open anything from anyone you don't know. Your faith in "just a firewall" approach will be shattered.

-Jamie M.
[ link to this | view in chronology ]
- D, 30 Aug 2007 @ 2:16pm
  
  Re: Jamie
  Firefox.
  Webmail.
  Name a misspelled URL that will find an unpatched vulnerability in IE anyway.
  
  Considering all the friend's computers I've seen virus and spyware riddled but "I don't know how I have antispyware and AVG/Norton/McAfee", I prefer my approach.
  
  PS. It's not that I believe in "just a firewall", I believe in not being a moron.
  [ link to this | view in chronology ]
anon, 30 Aug 2007 @ 6:27pm

permission for non network neutral actions?
As Killer_Tofu mentioned above, this seems to provide a get out of jail free card for an ISP to engage in just about any form of non network neutral actions. It's the first thought that popped into my head when reading the article. Yet no one responded to Killer_Tofu's comment. Are he and I both misunderstanding? Or was the network neutrality issue blocked before it ever was raised?
[ link to this | view in chronology ]
Killer_Tofu (profile), 31 Aug 2007 @ 6:08am

Heh
So at least somebody else read the post.
I feel it is an issue that does deserve a bit of discussion but I guess 'anon' was the only other person who recognized what I was saying?
Are we misunderstanding?
I do not know as nobody else has talked about it.
Just for reference if anybody just jumps to the end here, my original post is post #8.
Covers the topic of, doesn't this just allow ISP's to block any sites they don't want to let users deal with, and that's just a-okay now because "they find it objectionable"?
[ link to this | view in chronology ]
Anonymous Coward, 3 Sep 2007 @ 11:42am

HHHHH
JHNN
[ link to this | view in chronology ]