Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, March 17, 2007

Congress Tries Again to Define Spyware

I’ve made a number of trips to our nation’s capital to discuss the problem of Spyware. The FTC and all the politicians love to say that they’re going to do something to stop the madness but every time, the number one issue always comes down to “What Defines Spyware”.

The Webster definition is pretty simple.

Main Entry: spy·ware
Pronunciation: 'spI-"wer
Function: noun
software that is installed in a computer without the user's knowledge and transmits information about the user's computer activities over the Internet

The debate began again last week with focus on the H.R. 2929Securely Protect Yourself Against Cyber Trespass Act”.  This bill was first introduced by Mary Bono in July of 2003.  Personally, I think they should have called it the “… Cyber Terrorism Act” and perhaps it would get more attention. 

In Feb 2004, S.2145 “Software Principles Yielding Better Levels of Consumer Knowledge Act” or SPY BLOCK ACT was introduced into the Senate.

Watch this week for a new improved bill to be introduced which would stiffen penalties for anyone convicted of installing software in a fraudulent manner. The Adware folks are already circling their wagons to fight any legislation. Their fear is the wrong wording or interpretation of an AntiSpyware bill would criminalize their business.

According to the Interactive Advertising Bureau, “there is always a risk that legislation that governs complicated technology could result in limiting and/or stifling innovation.”  While the IAB may make some good points, they won’t be offering alternatives.

According to Dave Morgan, who was expected to testify on behalf of the IAB…

“In this case, Congressional involvement is good. While I am not a big fan of government intervention, the focus of Congress and folks like Rep. Bono and Rep. Barton on combating spyware has changed the game. Before their interest, spyware was a much bigger problem. Since they focused on the problem, it has largely disappeared.”

Excuse me? Spyware has largely disappeared?  I can’t help but point out the first line of the IAB Mission is…

The IAB is the only association dedicated to helping online, Interactive broadcasting, email, wireless and Interactive television media companies increase their revenues.

Unfortunately, any responsible legislation will continue to hang on an accurate definition of what we consider Spyware.  My opinion hasn’t changed much since I participated in the first FTC Spyware Workshop held in 2004. The FTC still has my official position on file and you can read it at

This may be a good time to write to your representatives in Congress.  You can click here to find out who they are and how you can contact them.

Share on Facebook


Anonymous Anonymous said...

A lot will depend on the definition of "without the user's knowledge". Spyware/malware vendors argue that if there is something in the EULA, even if buried in hundreds of lines of text, then they can assume they are acting with the user's knowledge.

12:44 AM  
Blogger Gary McGath said...

There's an obvious problem with that dictionary definition: What about software which is installed with the user's knowledge, but then transmits information which most users wouldn't want divulged? This makes things much messier.

I think the existing bill is too bogged down in technological details, and too Web-oriented, particularly in its "Notice and Consent" requirement, which doesn't allow for plain old written consent, the preferred approach in many B2B situations.

1:06 PM  
Anonymous Anonymous said...

spyware: software that is installed with or without the
sysops consent that sends information that the sysop has
not knowingly consented to having sent, or without the
knowing consent of the sysop creates a database that does
not improve the functioning of that program or creates a
database that degrades the functioning of other programs
and does so without a court order.

Note: The database part really needs work. As I have it
an internet cache folder group is fine but the M$ IE 5 and
6 file "*\Temporary Internet Files\Content.IE5\index.dat"
is not and I think that the word "database" should perhaps
be "performs actions."

My firewall has my knowing consent to degrade my system's

IIRC, I paid 9.95 for Scottie, and if he saves me again I
plain to pay again.
Shawn T

9:36 PM  

Post a Comment

<< Home