Analytics Group Takes Stand Against Spyware

The Web Analytics Association (WAA) issued a “statement of principles” today with the aim of making a clearer distinction between spyware and cookies used in Web analytics applications, both of which are often flagged in anti-spyware applications.

“We’ve watched very closely the development of anti-spyware laws around the country and at the federal level. It became clear that there needed to something done to clarify the difference between the deceptive practices of spyware purveyors and the legitimate use of tracking technology by analytics vendors,” said Ben Isaacson, privacy and compliance leader for Experian’s CheetahMail, who has been driving the adoption of anti-spyware principles for the WAA.

State anti-spyware laws have been passed in California and Utah, and both the U.S. House of Representatives and Senate have considered similar bills in each of the past two years, though none has been passed into law. The Federal Trade Commission (FTC) has also looked into spyware, but decided the best course of action would be to prosecute spyware purveyors under existing fraud laws.

Several early versions of the laws have lumped cookies in with spyware, mainly due to a misunderstanding by lawmakers about how the behavior-tracking technology operates, according to Isaacson.

“Web analytics vendors develop and make use of Internet-based tools that measure and track online behavior. Certain components of these tools, such as cookies and Web beacons, are unfortunately being confused with spyware software. But cookies and Web beacons are not downloadable software and therefore cannot execute malicious programs on a user’s machine. As such, they pose no deceptive threat whatsoever to online users,” Isaacson said.

Some of the confusion is caused intentionally by anti-spyware application vendors, who often tag cookies as malicious. Andrew Edwards, managing partner of Technology Leaders and a director of the WAA, believe that’s being done to sell more software.

“Some anti-spyware software vendors target technology such as cookies. We feel that this is not only misleading but may needlessly alarm and confuse consumers,” Edwards said. “Our members rely on cookies to legitimately measure the effectiveness of their Web sites. The types of information they receive as a result of these cookies is clearly and conspicuously posted in a privacy notice detailing the Web sites’ practices. Anti-spyware software vendors should stop attempting to sell software by creating a false sense of fear around cookies.”

The WAA endorses legislation that targets deceptive behavior rather than a particular technology that may be used in such behavior, Isaacson said.

“It’s been our belief that existing laws cover spyware, because it is a deceptive action. The problem has been that the FTC hasn’t had the resources to go after them,” Isaacson said. That may change this year, if a bill that has passed in the Senate calling for additional funding for the FTC to prosecute online crimes is approved by the House as well.

The WAA is a not-for-profit professional organization, founded in February 2005, made up of more than 750 individuals and companies, both Web analytics vendors and users. Its goals include promoting the understanding of Web analytics through education, advocacy, standards, research and technology.

The WAA’s anti-spyware statement of principles includes vows by members not to engage in deceptive practices, and to open up policies and practices to third-party review. The group comes out in support of federal legislation to establish a framework targeting deceptive practices of spyware, rather than focusing on technology, and says it plans to commence plans to educate the public about the benefits of cookies and other tracking tools.

Related reading