Adware Called Too Cozy With Spyware


WASHINGTON — Even if Congress passes an anti-spyware bill, it will be
ineffective unless lawmakers can untangle the frustratingly complex adware
food chain. Absent that, spyware hustlers will be able to dodge liability
through their murky deals with advertising affiliates.


Ari Schwartz, the associate director of the Center for Democracy and Technology, told the Senate Commerce Committee today that the spyware
problem must be addressed at the root level of affiliate marketing.


“The affiliate issue has become a central aspect of the spyware epidemic,”
Schwartz said. “Finding ways to effectively reform affiliate relationships
will remove a linchpin of spyware purveyors’ operations.”


Both the Senate and the House are considering anti-spyware legislation that
makes it illegal to install software on a computer without the authorized
user’s express consent. Both bills contain a long list of exemptions,
including pre-purchase installations, cookies and software and network
security upgrades.


The bills prohibit phishing, keystroke logging, homepage hijacking and ads
that can’t be closed, except by shutting down a computer. They also require
an opt-in notice and regime for legal software (i.e. adware) that collects
personally identifiable information from consumers.


Despite the proposed requirements on adware companies, such as WhenU and
Claria (the former Gator), Schwartz said it isn’t enough.


“Deceptive and often clearly illegal software download practices are a
regular part of the business of many American companies operating in online
commerce,” he said. “These practices are funded and ‘incentivized’ through
poorly policed download commission programs … that, in turn, are funded by
large, mainstream advertisers.”


He added, “The entire process is sustained through a nearly impenetrable web
of affiliate relationships that is used to deflect accountability and
frustrate law enforcement.”


The end result, according to Schwartz, is when unauthorized pop-up ads
appear on a user’s computer, the ads will be “many steps removed” from the
advertiser who originally paid for the ad.


“Many of the companies involved, particularly the advertisers, have no idea
what is going on,” Schwartz said.


While adware companies, advertising brokers and others involved in the online
advertising supply chain deny engaging in deceptive practices, Schwartz
said, they encourage bad behavior through their affiliate arrangements and
lax oversight of the networks of affiliates acting on their behalf.


“Advertisers, too, should be pushed to take greater responsibility for the
companies they advertise with,” he said.


Sen. Ron Wyden (D-Ore.), co-author of the Senate bill along with Sen. Conrad Burns (R-Mont.), also took aim at the advertising affiliate relationships,
saying much of the spyware and adware infecting computers travels as
“imposters” piggybacked on legitimate Internet advertising.


“Companies enter into advertising arrangements with legitimate Internet ad
buyers who, in turn, go to advertising networks that can use thousands … [of] affiliates, some of which are not so legitimate,” Wyden said.


Schwartz applauded the anti-spyware efforts under way by Congress, but added
that there is only so much any new legislation can actually do to curb
spyware. Legislation, he said, should complement industry self-policing,
consumer education, better anti-spyware tools and aggressive law
enforcement.


“In addition, any legislation must take care to ensure that the use of
complex affiliate relationships … will not enable responsible parties to avoid
liability.”

News Around the Web