The Web    Google
FTC Urges Industry Solutions to Spyware

FTC Urges Industry Solutions to Spyware
April 19, 2004

WASHINGTON -- The Federal Trade Commission (FTC) says the solution to the invasive programs generally known as spyware is more likely to be found in better technology solutions and intensive consumer education than in either state or federal legislation.

Spyware is vaguely defined and often confused by consumers with adware, which are usually legal and legitimate applications. Consumer and privacy advocates attending Monday's FTC Spyware Workshop were concerned about the growing number of programs that often surreptitiously piggyback on downloaded files; they report back Internet traffic patterns to advertisers and generate unwanted popups.

Even when consumers delete the downloaded file, spyware often remains and continues to monitor the user's browsing habits. According to a report released last year by the Center for Democracy and Technology, spyware creates privacy problems, opens security holes and can hurt the performance and stability of consumer computer systems.

One state, Utah, has already passed an anti-spyware law while several others are considering legislation that bars the practice. Congress has also expressed an interest in the issue. A similar groundswell of consumer complaints and state action prompted Congress to pass the country's first federal anti-spam law last year.

"What you see is a range of behaviors from companies, some are responsible and some appear to be less responsible," FTC Commissioner Mozelle Thompson told reporters. "If consumers believe that when you use the term spyware -- and, for that matter, adware -- it is automatically always bad, then perhaps there isn't an adequate dialogue between a company and a consumer about the value to a consumer."

Thompson asked industry Internet provider leaders such as Microsoft, America Online and Earthlink to produce a set of best practices for the use of adware, including disclosure statements to consumers regarding what they are about to download.

"At the outset, I think I'd like to have a further conversation about what kind of practices fall outside what the industry thinks is fair practice," Thompson said. "It seems to me there are some kind of practices that we may consider unfair or deceptive. We have existing laws to go after some of them. We have some powerful ones right now. We need to have a discussion, an ongoing dialogue, with industry, so they can also act partly as eyes and ears."

Microsoft and AOL were quick to respond to Thompson's comments, with both companies promoting their latest security and privacy improvements. Earthlink already offers anti-spyware software.

"The whole practice of deceptive software, which is what we call the broader category of spyware, is all about tricking consumers into downloading software that they really don't want -- or they wouldn't want if they knew what that software was truly going to do," said Brian Arbogast, a corporate VP for Microsoft, adding that the next XP service pack would include a popup blocker and an "unsolicited download suppression tool."

Arbogast said the new tools will make it "easier for consumers to understand what's really going on when software is trying to install itself."

AOL plans to introduce its Spyware Protection Net program in the next update to AOL 9.0, expected in the next few weeks.

"Our solution is to try cast a very wide net and give users information and control over what's on their computer, said AOL VP for Integrity Assurance Jules Polonetsky. "I think this is going to be a very effective self-regulation club because if software shows up and a user doesn't know what it is, they are going to make an easy decision to block or restrict that information."

Ultimately, according to security maven John Schwartz, the president and CEO of Symantec, legislation will prove ineffective.

"Any legislation that attempts to deal [with a specific] technology is bound to fail," he said. "There are many other countries besides the United States that produce technology, and it is very difficult to legislate those countries. Technology evolves far faster than any public process can deal with it. So, we might legislate against Technology A, but it morphs into Technology B before the legislation is out."

  • MyDoom Ends but Open Ports Attracting Mutants
  • Critical Flaws Flagged in Mozilla, Thunderbird
  • 10/28: Backdoor.Futro a Server Program
  • 2/11: Rbot-VT Worm Has Backdoor Ability
  • Microsoft XP SP2 Blog Watch
  • Fighting to Keep Smut-Spam in a Brown Wrapper
  • Anti-Spam Bill Clears Senate
  • 10/21: Rbot-NG Worm Spreads Remotely
  • 12/13: Janx Worm Exploits Windows Flaw
  • 2/28: Elitper-A Worm Uses MAPI
  • The Backup Conundrum: More Data in Less Time, Part 2
  • Discussion on Security Camera