Senate Restarts Spyware Crusade

The FTC backs a bill introduced by Subcommittee Chmn. Smith (R-Ore.) before the Aug. recess. The measure draws on established models for international cooperation pioneered by agencies like the SEC and the Commodities Futures Trading Commission. The measure -- cursed with the title “Undertaking Spam, Spyware & Fraud Enforcement With Enforcers Beyond Borders Act” for the catchy acronym US SAFE WEB Act -- picked up support from high-tech and Smith’s Senate colleagues (WID Aug 3 p1).

In addition to S-1608, Smith cosponsored a measure by Sen. Allen (R-Va.) in May that would authorize $10 million in additional resources for the FTC’s enforcement efforts. That bill (S-1004) would set a national standard for antispyware laws to provide uniform enforcement and increase the civil and criminal penalties for those who use spyware (WID May 12 p2). Eight states have enacted spyware legislation, and new laws are pending in several states, Allen said, warning a patchwork of state laws could result. Sen. Burns (R-Mont.) told members they “have to get these bills moving and have something passed and on the president’s desk before Christmastime.” The lawmakers pledged to merge the bills as soon as possible.

The House approved 2 spyware efforts last spring (WID May 25 p4). The Securely Protect Yourself Against Cyber Trespass Act (HR-29) passed 393-4; the Internet Spyware Prevention Act (HR-744), 395-1. HR-744 was sponsored by Reps. Goodlatte (R- Va.), Lofgren (D-Cal.) and Smith (R- Tex.). Reps. Bono (R-Cal.) and Towns (D-N.Y.) sponsored HR-29. Both bills were largely focused on slapping spyware firms with notification and consent requirements and chasing hackers and fraudsters, not with global enforcement initiatives. Wholesale change of the industry’s notice & consent regime is “not the most effective tool,” Majoras said. “For better or for worse, consumers don’t read these disclosures and the more they're bombarded with similar disclosures, the less likely they are to read them.”

A ban on an entire category of technologies or products, which has been proposed by some, could have many unintended and serious consequences, Smith said. He worried that if the definition of spyware becomes too broad, “legislation adopted in haste might not take into account the evolution of future technologies,” which could stifle innovation. The lawmaker said limiting “abusive and deceitful practices while allowing industry the ability to build-on and improve existing technologies” is the right approach.

Majoras told the panel that spyware is an enforcement priority and her agency will continue to file cases against those who distribute the applications. The FTC supports Smith’s bill, which would make it easier for agency to share information and cooperate with foreign law enforcers. “The Internet knows no boundaries, and it is critical to improve the FTC’s ability to work with the officials of other countries to prevent online conduct that undermines consumer confidence in the Internet as a medium of communication and commerce,” Majoras said.

FTC Slams Odysseus Marketing

Meanwhile, the FTC asked U.S. Dist. Court, Concord, N.H. to halt an operation that it said secretly installed spyware and adware that couldn’t be uninstalled by the consumers whose PCs it infected. The defendants -- Odysseus Marketing and Walter Rines -- were accused of using the lure of free software they claimed would make peer-to-peer (P2P) file sharing anonymous, according to the commission’s complaint. The agency argued the stealthy downloads violate federal law and asked the court to shut down the business.

Odysseus distributed ads that encouraged users to “download music without fear,” and others alluding to the music industry’s crackdown on online piracy that read “don’t let the record companies win,” according to the FTC complaint. The defendants encouraged consumers to download their free software that the agency charged is bogus, it said. The software does not make file-sharing anonymous and the cost to consumers is considerable because the “free” software is bundled with spyware called Clientman that secretly downloads dozens of other software programs, degrading consumers’ PC performance and memory, the commission alleged.

The accumulated software replaces or reformats search engine results, the FTC argued. For example, consumers who downloaded the spyware and try to do a Google or Yahoo search will be shown a spoof page that appears to have the search engine results, but is actually a copycat site that places the defendants’ clients first on the list. The application also generates pop-up ads and captures and transmits information from the users’ PCs to servers controlled by the defendants, court documents alleged.

The FTC charged that Odysseus is obligated to disclose its “free” download installs spyware and adware on consumers’ computers. But instead, the FTC alleged, they hide their disclosure in the middle of a 2-page end-user licensing agreement buried in the “terms and conditions” section of the website. The Commission also alleged the Stratham, N.H.-based business deliberately made the software difficult to detect and impossible to remove. Although the defendants purport to offer an uninstall tool, it doesn’t work, the Commission argued, instead installing more software.

Odysseus also appeared to be behind Spywarehelp.net, a support site that offered paying members help in ridding their PCs of adware and spyware. The site, now offline, purported to give customers “all the software, tools and live technical support needed to fully eradicate spyware from your PC, and keep it that way.” Domains for Searchassistant.net and Messagebroadcaster.net, also known as Pandora Software, are also registered to Odysseus.

The Center for Democracy & Technology (CDT) -- which identified ClientMan as one of several troubling programs in a spyware complaint to the FTC in Feb. 2004 -- lauded the FTC action. The agency has now filed cases against 3 of the companies mentioned in the CDT complaint, plus a 4th the Commission found through its own investigation. CDT Deputy Dir. Ari Schwartz said the Commission has taken important steps to crack down on spyware distributors but “unfortunately they still have a lot of work to do.”