FTC Urges Industry Solutions to Spyware


WASHINGTON — The Federal Trade Commission (FTC) says the solution to the
invasive programs generally known as spyware is more likely to be found in
better technology solutions and intensive consumer education than in either
state or federal legislation.


Spyware is vaguely defined and often confused by consumers with adware,
which are usually legal and legitimate applications. Consumer and privacy
advocates attending Monday’s FTC Spyware Workshop were concerned about the
growing number of programs that often surreptitiously piggyback on downloaded
files; they report back Internet traffic patterns to advertisers and
generate unwanted popups.


Even when consumers delete the downloaded file, spyware often remains and
continues to monitor the user’s browsing habits. According to a report
released last year by the Center for Democracy and Technology, spyware
creates privacy problems, opens security holes and can hurt the performance
and stability of consumer computer systems.


One state, Utah, has already passed an anti-spyware law while several others
are considering legislation that bars the practice. Congress has also
expressed an interest in the issue. A similar groundswell of consumer
complaints and state action prompted Congress to pass the country’s first
federal anti-spam law last year.


“What you see is a range of behaviors from companies, some are responsible
and some appear to be less responsible,” FTC Commissioner Mozelle Thompson
told reporters. “If consumers believe that when you use the term spyware —
and, for that matter, adware — it is automatically always bad, then perhaps
there isn’t an adequate dialogue between a company and a consumer about the
value to a consumer.”


Thompson asked industry Internet provider leaders such as Microsoft, America
Online and Earthlink to produce a set of best practices for the use of adware,
including disclosure statements to consumers regarding what they are about to
download.


“At the outset, I think I’d like to have a further conversation about what
kind of practices fall outside what the industry thinks is fair practice,”
Thompson said. “It seems to me there are some kind of practices that we may
consider unfair or deceptive. We have existing laws to go after some of
them. We have some powerful ones right now. We need to have a
discussion, an ongoing dialogue, with industry, so they can also act partly
as eyes and ears.”


Microsoft and AOL were quick to respond to Thompson’s comments, with both
companies promoting their latest security and privacy improvements.
Earthlink already offers anti-spyware software.


“The whole practice of deceptive software, which is what we call the broader
category of spyware, is all about tricking consumers into downloading
software that they really don’t want — or they wouldn’t want if they knew what
that software was truly going to do,” said Brian Arbogast, a corporate VP
for Microsoft, adding that the next XP service pack would include a popup
blocker and an “unsolicited download suppression tool.”


Arbogast said the new tools will make it “easier for consumers to understand
what’s really going on when software is trying to install itself.”


AOL plans to introduce its Spyware Protection Net program in the next update
to AOL 9.0, expected in the next few weeks.


“Our solution is to try cast a very wide net and give users information and
control over what’s on their computer, said AOL VP for Integrity Assurance
Jules Polonetsky. “I think this is going to be a very effective
self-regulation club because if software shows up and a user doesn’t know
what it is, they are going to make an easy decision to block or restrict
that information.”


Ultimately, according to security maven John Schwartz, the president and CEO
of Symantec, legislation will prove ineffective.


“Any legislation that attempts to deal [with a specific] technology is bound to fail,”
he said. “There are many other countries besides the United States that
produce technology, and it is very difficult to legislate those countries.
Technology evolves far faster than any public process can deal with it. So,
we might legislate against Technology A, but it morphs into Technology B
before the legislation is out.”

News Around the Web