A Briefing On Public Policy Issues Affecting Civil Liberties Online
from
The Center For Democracy and Technology
(1) CDT Analyzes Spyware Issue and Proposed Solutions, Launches Online Action
(2) CDT Report Emphasizes Control Dimension of Spyware Issue
(3) Currently Proposed Spyware Legislation Imprecise, Fails to Address Significant Issues
(4) CDT Requests Spyware Stories for Potential FTC Complaint
CDT today released a report entitled "Ghosts in Our Machines: Background and Policy Proposals on the 'Spyware' Problem," addressing the growing problem of so-called "spyware" programs. The applications commonly grouped under the term "spyware" range from targeted advertising programs to more invasive key stroke loggers and screen capture utilities that can be used to steal passwords and aid identity theft. These programs pose a threat to privacy and compromise users' control over their own computers.
CDT's report describes the variety of spyware applications that exist and evaluates solutions to the spyware problem. The report reviews pending legislation and also gives users advice about steps they can take to combat these programs today.
In conjunction with the report, CDT has begun a campaign on its website calling on Internet users to send in their experiences with specific "spyware" products, so that CDT can collect the most egregious cases and file a complaint with the Federal Trade Commission.
CDT's report "Ghosts in Our Machines: Background and Policy Proposals on 'Spyware'" can be found at http://www.cdt.org/privacy/031100spyware.pdf.
CDT's call to Internet users for their spyware "horror stories" can be found at http://www.cdt.org/action/spyware/.
CDT's report details the significant privacy concerns raised by spyware while highlighting the larger issues raised by these applications of transparency and user control. These larger problems are sometimes overlooked in discussions about the issue and to a certain extent obscured by the term "spyware" itself.
CDT's report focuses on so-called "adware" and other similar varieties of spyware that often piggyback on free downloads, and which are increasingly the target of legislative and regulatory proposals. Users are typically unaware that these programs are being installed on their computers, and often unable to uninstall them. Even in cases where these applications transmit no personally identifiable information, they are often responsible for significant reductions in computer performance and system stability, and their unauthorized use of users' computers and Internet connections threatens the security of computers and the integrity of online communications. Arguably, a better term for many these applications would have been "trespassware."
By focusing on the range of bad practices employed by the various kinds of spyware, CDT's report emphasizes that the concerns with these invasive applications are not limited to their violations of user privacy.
In its report, CDT reviews two pieces of legislation that have been introduced as targeted responses to the spyware problem by Representative Mary Bono (R-CA) and Senator John Edwards (D-NC), as well as a broader online privacy bill introduced last year by Senator Ernest Hollings (D-SC), which includes a spyware component.
CDT believes that because the term "spyware" is broad and imprecise, it will be very hard to craft a definition that is exact enough for use in legislation. Based on what we have seen in currently proposed legislation, we believe the most effective approach to spyware is likely to be in the context of general privacy legislation, such as the Hollings bill.
At the same time, even considering the issues associated with spyware in isolation, legislation introduced to date has been an incomplete solution to the problem insofar as it has focused primarily on the privacy dimension of spyware. CDT argues that a full solution to spyware must deal with the user-control aspects of the issue, such as piggybacking and avoiding uninstallation. Combating these technologies will require a combination of legislation, anti-spyware tools, increased user-awareness, and self-regulatory practices.
While a legislative approach is under consideration, CDT recommends that existing law be used to address the most egregious cases of spyware. CDT believes that some varieties of spyware may qualify as unfair or deceptive under Title 5 of the Federal Trade Commission Act, which would give the FTC authority to act against those programs.
Spurred by what it found in preparing the report, CDT is launching a campaign to solicit stories from Internet users who may have been deceived or treated unfairly by spyware. CDT plans to compile the reports, test the programs, and file specific complaints with the FTC where warranted.
Again, users can submit their spyware "horror stories" to CDT at http://www.cdt.org/action/spyware/.
Detailed information about online civil liberties issues may be found at http://www.cdt.org/.
This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_9.22.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 9.22 Copyright 2003 Center for Democracy and Technology
