CDT Pins Antispyware Hopes on Private Pressure on Advertisers
STANFORD, Cal. -- Spyware-fighters are shifting some emphasis from lobbying toward pressing big companies to break off ties with intrusive online intermediaries, said a Center for Democracy & Technology (CDT) staffer. State spyware laws haven’t been effective, contributing to low expectations for legislation that will be pushed in the 110th Congress, CDT Policy Analyst Alissa Cooper said in a Stanford Law School presentation this week. Meanwhile, researchers have found success researching the money chain that lands big companies’ brands in front of Web users through software they didn’t want installed, she said. CDT’s recent strategy is to press companies to adopt adware policies and “clean up their acts” by enforcing the rules with affiliated businesses, Cooper said.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The problem with antispyware laws isn’t lack of interest by enforcers, Cooper said. “We've really seen a stepping up of efforts” by state and federal authorities, she said. But “the FTC has been leading the charge,” under its general power to go after unfair or deceptive business practices, Cooper said. The Commission’s Nov. settlement with Zango, formerly 180solutions, is “almost a standard-setting action” when it comes to buried adware disclosures in end-user licensing agreements on the Web, she said. The federal govt. also has hooks on the books in the Computer Fraud & Abuse Act and the Electronic Communications Privacy Act for going after spyware, Cooper said.
Sixteen states have enacted spyware laws “and many more are considering” them, Cooper said. But they generally have “a very high standard for intent,” so “it can be very hard to bring a case.” Cal. -- the 2nd state to enact such a law, in 2004 -- hasn’t yet used it, she said. Wash. has an active attorney general’s office, but its law is too narrow to cover many cases that the Anti-Spyware Coalition (ASC) considers malware, Cooper said. CDT organized the coalition -- which includes network-security companies, the largest Internet players and university Internet-law clinics, but not Stanford’s -- and does its publicity. Getting antispyware companies to collaborate with each other was a coup, she said.
One or more bills are expected this Congress, after antispyware efforts fell short in both houses last year, Cooper said. A federal law could impose stiffer penalties than the states have and could criminalize spyware, she said. Penalties in FTC cases have been inadequate, because they're limited to ill-gotten gains rather than damages, and CDT seeks tougher punishments in federal law, Cooper said. But criminal prosecution may not be appropriate, because defining spyware is tricky and “spyware is just fraught with gray areas,” Cooper said. Problems agreeing on a “safe harbor” for aboveground software companies illustrate this, she said. Federal legislation would also pose preemption of state laws, and CDT opposes that, Cooper said.
Jennifer Granick, exec. dir.-Stanford Center for Internet & Society, agreed spyware-fighters should be “squeamish” about criminal provisions. “There’s definitely a question whether we need [federal] legislation at all,” since 95% of spyware activity already is illegal, and a new law could be too narrow, going after only the most egregious behavior, she said.
The ASC went to 18 large companies whose products and services were advertised through adware, Cooper said. Most didn’t respond and “are still advertising through malicious adware,” she said. Of those that did reply and have adware policies, most laid blame for the ads on affiliates, Cooper said. But N.Y. Attorney Gen. Andrew Cuomo’s (D) adware settlement Jan. 29 with Priceline, Travelocity and Cingular is encouraging, showing that “advertisers can be held responsible for their ads show up” online, she said. 2007 and 2008 “will be very telling” as to whether the business model for adware can hold up under govt. and private pressure, Cooper said.