RealTime IT News

A Hobbled Anti-Spyware Law

California's Gov. Schwarzenegger has signed the state's first anti-spyware bill into law, but it doesn't do enough to terminate the growing use of spyware that logs your moves online.

Watered down. Toothless. Choose your metaphor for this limp piece of legislation. For all its good intentions, California's Consumer Protection Against Computer Spyware Act has too many holes and sets too high a bar to effectively prosecute offenders. Don't expect it to deter businesses from engaging in sneaky practices to get you to download keystroke-monitoring software.

Sure, California's SB1436 covers the outright criminal practices associated with spyware . For this piece at least, the term applies to software that is loaded onto your computer without your knowledge, with the potential to record your keystrokes, steal your personal data, and commandeer your computer, to name a few.

But here's the rub. The law also uses the phrase "intentionally deceptive means" to prohibit spyware-makers from taking control of a computer, or to collect personally identifiable information and generally spy on your online and computer use without your knowledge.

Notice and consent features in the law are not as strong as they were in the original bill, and there are plenty of ways clever coders -- should we say sneaky -- can get around some of the language and wink their way out of any prosecutions.

That's why critics say it has no teeth. Sure, you can sue companies for spyware practices under the law now. Good luck proving intent. Ask your local district attorney or your state attorney general's consumer protection bureau how that law might be used to prosecute offenders.

Then again, with all the cash that behavioral marketers are raking in with targeted ads, it's no surprise the bill was watered.

The fact is, companies that specialize in adware, such as Claria Corp. (formerly known as Gator) and Utah's WhenU, which is battling Utah's own anti-spyware bill, are doing a brisk business helping Yahoo and other blue-chip advertisers use your behavior online to target you with ads. Claria says it earned $35 million on $90 million in sales during 2003 and is looking to go public at some point.

Indeed, Claria's lobbyists were quite successful in changing some of the wording of the final version in California, according to people who tracked the legislation. Reed Freeman, Claria's chief privacy officer and one of Claria's Washington, D.C., lobbyists, would only say he is focused on the legislation that is working its way through Congress.

In a nascent industry such as behavioral marketing, there's already enough money sloshing around to hobble aggressive legislation that would have kept spyware, and in my view, adware from collecting a lot more than folks who approve it may be aware of. We've seen this debate over and over, notably with the financial services industry's ability to profit from your information.

By watering down this law, makers of adware (which does the same thing only somewhere in your download process you might have said yes to loading it on your computer), will be emboldened to push the envelope even more than they have already about how they track and profit from your behavior online.

Eventually, the more consumers realize how profitable their online behavior is to marketers, the more aggressive they'll be about whether to click on "yes" so quickly. Bring on the info brokers. In the meantime, expect to see more sites like this rating software that can sniff out and remove spyware, and adware for that matter.

And don't expect to see much stronger legislation in Congress compared to California's new law. It winks its way past what is, in effect, a sneaky way to do business.