Government efforts to combat spyware stayed in focus Tuesday morning, as the Federal Trade Commission staged a press conference describing a lawsuit against purveyors of the sneaky software. Even as the federal government's top consumer protection agency was flexing its muscle, lawmakers were mulling over a variety of laws aimed at stiffening penalties against the Internet's newest nuisance.
Last week, the House of Representatives passed two bills designed to scare off spyware authors. While the bills are generally in agreement, most observers think it's too late in the election season for House members to settle the differences, meld them with a Senate version of the bill, and send approved legislation along to the White House. House members began their pre-election break last week and Senate members went home on Monday, making legislative relief from spyware unlikely until next year.
But the Federal Trade Commission isn't waiting around for Congress. Last week, it filed what it now says is the first lawsuit against a spyware distributor. Sanford Wallace, infamous for his involvement in the spam community, is named in the lawsuit, as are Seismic Entertainment Productions Inc. and SmartBot.net Inc.
The FTC says the firms installed spyware on victim's computers, and then attempted to convince Internet users to pay for software that would remove the spyware. Lydia Parnes, acting director of the agency's Bureau of Consumer Protection, described the firm's marketing tactics as "the ultimate in online chutzpah."
She said in some cases, the software would startle victims by opening their CD-ROM door, then flash a warning message a victim that read:
FINAL WARNING ! ! If your cd-rom drive(s) open . . . You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment!
The lawsuit was filed in federal court in New Hampshire.
Not just a nuisance
Spyware is the general name for a range of programs that are slipped onto a computer without its user's consent. Programmers set up spyware to do anything from track a surfer's Web browsing to steal personal information. Often, the programs redirect users' home pages or cripple their computers with an endless stream of pop-up advertisements.
The software is more than a nuisance. Microsoft Corp. says some 50 percent of its customer-support calls related to computer crashes can be blamed on spyware. Dell Computer Corp. told the FTC earlier this year that 10-12 percent of all its customer support calls are spyware-related.
"Microsoft looks forward to having good spyware legislation enacted into law as it is in the best interest of consumers," said Frank Torres, Microsoft's director of consumer affairs. "As the legislative process moves forward, we will continue to work with both houses of Congress to come up with solid legislation that, when combined with technology solutions and consumer education, will help combat spyware.”
(MSNBC is a Microsoft - NBC joint venture.)
Three pieces of legislation
The three main bills all instruct the FTC to more aggressively target spyware makers. The first bill passed last week, The Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), sponsored by California Republican Mary Bono, instructs the FTC to file an annual report advising precisely how many actions the commission has taken against spyware distributors. The bill also imposes heftier fines.
"The goal of this bill is to give consumers a choice. Right now (spyware makers) don't give consumers a choice," said Kimberly Pencille, an aide in Bono's office. "In many ways spyware is worse than spam."
A similar bill, the Spyware Prevention Act or I-Spy Act, sponsored by Bob Goodlatte, R-N.C., provided $10 million to the Justice Department to target spyware makers.
The full Senate has yet to take up its version of the spyware legislation, called Software Principles Yielding Better Levels of Consumer Knowledge, sponsored by Montana Republican Conrad Burns.
The most important element of any legislation is its requirements for informed consent, said Ben Edelman, a software analyst and frequent critic of spyware who is based at Harvard University.
Many consumers end up with spyware on their machines accidentally, Edelman said, by downloading unrelated software and unwittingly agreeing to spyware installations. Often, the consent agreement is buried deep within end user license agreements "longer than the U.S. Constitution," Edelman said. Free programs, including file-sharing programs used to download music, often come with such bundled extras, also known as adware. Critics, however, see little difference between adware and spyware.
Bono's bills specifies consent requirements and instructs the FTC to monitor them, but Edelman is not convinced the law will work.
"The whole question is what constitutes consent," he said. "Tough federal legislation would make a difference. Tough legislation might require minimum font sizes, specific wording. ... Tough legislation could limit bundling. Lots of room for creativity, with an eye to making sure consent is really meaningful. Bono's bill does none of that."
Parnes, of the FTC, declined to answer questions about the bills making their way through Congress, saying the commission hadn't taken a position on any of them.