FTC Takes On Spyware
At today's FTC workshop on ad- and spyware, a commissioner asks 'the industry' to find best practices to control a growing menace.
At today's FTC workshop on ad- and spyware, a commissioner asks 'the industry' to find best practices to control a growing menace.
At today’s Federal Trade Commission workshop on spyware [define] and adware, Commissioner Mozelle Thompson charged “the industry” to return to the FTC with best practices for quelling the problem. The commissioner did not specify which of the many industries represented at the forum should spearhead such an effort.
The Commissioner’s remarks were made at the FTC’s public forum, “Monitoring Software on Your PC: Spyware, Adware, and Other Software,” in Washington, D.C. Monday. The daylong workshop’s goal is to initiate a dialogue on the subject and move toward possible solutions.
“We are putting a public face on what many see as secret software,” said Commissioner Thompson, noting that this is the first broad public forum to discuss the topic. Workshops included topics like security and privacy risks, industry responses and government responses such as law enforcement, consumer education and coordinating with industry.
As with unsolicited email, Thompson said, “transparency, adequate notice and consumer choice” are key in the spyware issue.
The forum was attended by a wide variety of industries, including virus companies such as McAfee Security; computer companies like Dell; ISPs; Google; privacy organizations including the Center for Democracy and Technology and adware company WhenU.
The plethora of organizations and businesses in attendance demonstrate the difficulty in determining exactly which entity Thompson was designating to determine best practices. Like the spam problem, which the FTC similarly addressed a workshop and meetings that ultimately culminated in the federal CAN-SPAM act, spyware and adware affect multiple entities. It’s generally agreed in Washington that Congress will not this year consider federal legislation on either spyware or adware.
Panelists discussed the harm dealt to businesses by spyware. One speaker pointed out the devastation to the bottom line spyware can cost Internet service providers. A lengthy call to customer service from a subscriber can “wipe out the ISP’s entire margin” for that subscriber.
Other business downsides to include lost time from work by employees whose hard drives must be replaced or cleansed of the spyware, which can take days to accomplish, a panelist said.
One speaker noted, “If the consumer is afraid to share information, such as ZIP codes, online, it affects businesses that need to collect information. The risk for business comes down to this: trust and consumer confidence.”
Spyware and adware are of growing concerns to businesses and consumers alike. A recent study found the average computer houses roughly 28 items of monitoring software, unbeknownst to the user, according to Internet service provider Earthlink and Webroot Software.
U.S. Sens. Conrad Burns and Barbara Boxer recently introduced legislation to prohibit spyware, adware and other intrusive software. The proposed act, known as SPYBLOCK, would make it illegal to install software on a user’s computer without notice and consent. The state of Utah recently passed its own anti-spyware statute, which is currently challenged by adware company WhenU.
The term spyware generally refers to software programs that collect data about computer users and send that information back to the software maker over the Internet without a user’s knowledge. But the definition is tricky.
For example, adware companies such as WhenU claim to make it clear to consumers that their programs are being installed, and make them easy to uninstall them. Spyware is often unknowingly downloaded and installed. Frequently, it’s bundled with other programs. Malware, the nastiest variation of the lot, can commandeer a user’s computer and use it for nefarious purposes, such as making expensive unauthorized phone calls.
During the workshop, the term “spyware” was frequently used as a catchall term for all three kinds of software. A speaker referred to Gmail, Google’s proposed email service involving computer-generated contextual advertising, as “surreptitious monitoring.” The search giant made its plans for contextual advertising public when the service, still in beta, was announced.
“It’s [spyware] expensive, it’s costing people money. I don’t care if it’s spyware, adware or malware,” said John Gilroy, technology contributor to the Washington Post, who spoke speaker on a panel addressing security risks and PC functionality.
One worst-case scenario of spyware is keystroke logging, in which spyware can track every bit of information a user enters.
“They will capture everything you put in your computer, your passwords, your personal information registered on a Web site, financial information entered to engage in a transaction and all that other information,” said Ray Everett-Church, chief privacy officer of TurnTide, Inc.
This, in turn, can lead to a user ending up with bills for thousands of dollars in phone calls and other expenses never knowlingly incurred. Everett-Church did point out this form of malware is far less common.
Though spyware can cause a complete PC meltdown, more commonly it will cause a computer to run more slowly or to pop up unwanted ads, Gilroy pointed out.
Or, as one speaker noted, “Consumers are buying into an experience which was not the experience they signed up for.”