Almost a year has gone by and so much has happened, yet so little has changed. The proposed anti-spyware bills have rapidly emerged at the Federal and the State level, but there have been no real solutions and a lot of failed attempts.
Microsoft finally stepped into the Anti-spyware software space and then angered everyone by going soft on Claria, Intermix settled a spyware suit with New York State for $7.5M and then got acquired for $580M, WhenU cleaned up their act and won a landmark Internet trademark case, the Supreme Court ruled on Grokster and Claria ended its profitable relationship with Kazaa, the Anti-Spyware Consortium fell apart and the Anti-Spyware Coalition was born, web users have started changing their habits to avoid spyware, but as of now, this is the only real solution we have for the spyware problem!
It’s almost been two months since my last post and I had considered discontinuing this blog for various reasons that are not worth mentioning here. However, news about the dangers of spyware, adware, malware or whatever you may call it seems to be everywhere, and it’s left my head spinning.
I completely support empowering the masses and making Internet users more aware about the plethora of online threats that are out there, but a lot of what's being reported in the press is vague and inconsistent and that’s not helping anyone. I agree that spyware is not easy to define, but I do believe that there is need to draw a clear distinction between applications that are dangerous and those that are legitimate, do no harm to consumers and are crucial for e-commerce. To add to the escalating mess, anti-spyware vendors tend to label a whole host of things as either spyware or adware that should be feared by everyone and lawmakers seem to be in a hurry to arrive at a quick-fix solution that could do more harm than good. So who's to blame for this rising tide of misinformation and more importantly, who has the solution? I believe the answer lies in the online marketing industry and I also believe that they are not doing enough.
A combination of anti-spyware tools, legislation and good business practices seems like the only plausible solution in sight, but the industry has to first take a lead on self-regulation and consumer education. So far, the industry has adopted a responsive approach to protect their vested interests, but I think its time they got more proactive. I'm not talking about isolated efforts by a few companies, because if one truly wants to educate consumers and embrace self-regulation, the industry has to adopt a united stance and inform the world about what (in their opinion) amounts to responsible business practices. Although this might seem like a Herculean task, I'm afraid that if we don't hear from the industry soon, internet users will get used to being suspicious about anything that interacts with their computers and will turn to firewalls and anti-spyware tools that not only block the bad guys, but also impact legitimate applications.
There is still ample opportunity for legitimate companies that are likely to be impacted by anti-spyware tools and poorly drafted laws to step up and be honest and clear about what they do and why no internet user should be concerned about their business practices. Crafting exceptions in proposed spyware laws to meet one's own business goals will do nothing to combat long-term consumer concerns about the safety of their computers and personal information.
If things continue the way they are, we’re not going to achieve anything because the bad guys are getting smarter and Internet users are just getting screwed!
Utah judge freezes anti-spyware law - News - ZDNet
I do think that temporarily enjoining the Utah law and permitting the WhenU case to proceed to trial is a small step in the right direction. Not because I believe that the Utah’s Spyware Control Act has no scope of doing any good, and not because it has anything to do with WhenU but because state level spyware regulation on the whole might not be the best approach.
Each state law might establish their own notice and consent requirements in an effort to regulate spyware. Such an approach in the US would mean that online businesses would have to navigate through a minefield of complicated legislations to determine how one can fine tune privacy policies and online business practices to ensure compliance. Online businesses would therefore be compelled to comply with the most stringent regulations and adopt extensive measures that are not user-friendly and would require users to sift through various policy statements and disclosures while on the Internet. This could ultimately result in reducing the efficiency of the Internet and would have a negative impact on consumers, instead of protecting them.
Further, the internet is a global medium of communication without geographic borders and state-level attempts to regulate activity on the internet will have overbroad enforcement implications. Another good reason for resolving this issue at the Federal level is because the Constitution gives the authority to regulate Internet commerce to Congress. Utah's attempt to regulate the entire Internet seems to exceed its authority under the Constitution. Similar state attempts to regulate the entire Internet have been found unconstitutional in the past (e.g. American Library Association v. Pataki).
However, as I write this, the Federal Spy Act (H.R. 2929) seems to be moving a little too rapidly for comfort. A self-regulatory solution seems out of the question at the moment, but if Federal legislation is the answer, then we definitely need to spend more time to create a legislative proposal that would truly be effective. The issue of spyware raises some fundamental questions that impact the way the US approaches internet privacy regulation. Can a uniform Notice and Consent provision really be the answer to all spyware issues? Would an opt-in or an opt-out regime be more adequate considering the potentially hazardous/annoying as well as beneficial uses of some technology? I think that no legislation can truly combat the spyware threat, unless lawmakers, consumer groups and the industry first think long and hard on how to achieve this delicate balance between what is fundamentally good or bad.
I only hope that an over-zealous effort at the Federal level to find a quick solution does not result in a law that is riddled with drawbacks, which will give people like me even more reason to whine (but who’s listening anyway?).
An amended version of California's Bill No. SB 1436 was introduced on June 14, 2004 and a hearing before the Assembly Business and Professions Committee is scheduled for June 22, 2004.
Back on the east coast, New York's Bill No. S 07141 was amended on third reading on June 14, 2004. It was subsequently passed by the Senate, delivered to the Assembly and referred to the Codes Committee on June 17, 2004.
House Subcommittee Approves Anti-Spyware Bill
A revised House Bill 2929 returns. Keep an eye out for this one, because it might just be the Federal legislation that might go all the way. Kudos to whoever came up with such an original name. The Securely Protect Yourself Against Cyber Trespass Act! So this is the "Spy Act Act?"
More intelligent commentary to follow in the coming weeks...Watch this space.
California Anti-Spyware Bills Progress
SB 1436, introduced by Sen. Kevin Murray was sent to the Assembly by a 36-2 vote and AB 2787, introduced by Assemblyman Tim Leslie is scheduled to be heard by the full Assembly next week.
Google Releases Spyware Prevention Guidelines
I personally think this is a great move by Google and although they have their own interests in mind, I'm glad they've made an attempt and its been done in a simplistic manner (the way we've grown to expect things from them).