When the first anti-spyware legislation was introduced last year, I was concerned legislators might do more harm than good in drawing up laws that reduced or eliminated spyware. My concern was the bill’s language might sweep cookies (define) into the same pile as spyware (define) without acknowledging the fundamental difference between the two. Cookies perform many favorable tasks for users, such as remembering you so you don’t have to reregister every time you visit a favorite site. Insidious spyware downloads without user knowledge, enables lots of ad formats consumers simply hate, and often violates privacy ethics and agreements.
I’m now convinced we indeed need legislation to slay the spyware beast. As an industry, we can guide lawmakers toward a result that limits collateral damage to cookie-based programs and functions.
Here’s a summary of where we stand on this very important issue.
Early in January, Congresswoman Bono introduced the SPY ACT (HR 29). The “Bono Bill” sets its sites squarely on eliminating spyware. The bill has a number of detailed provisions prohibiting spyware’s bad practices, including forced downloads, keystroke tracking, and nearly impossible uninstalls. The bill does a very good job balancing the need to eliminate spyware with the need for room for legitimate adware (define), such as instant messagers, tool bars, real-time weather applications, and other valuable and voluntary ad-supported downloaded software.
However, the bill also contains provisions that would apparently regulate cookie use. Whether this result was intended by the drafters is questionable, but it’s a potential application we must watch closely.
Specifically, section 10, “Definitions,” includes an “Exception for Cookies” section in “Computer Software” definition. The exception’s language is vague but apparently only exempts what are known as first-party cookies, those placed from the same technical domain as the Web site the user requested the page from. This would mean most third-party cookies or similar text files would now be prohibited. Publishers, advertisers, and their service providers routinely use third-party cookies to serve, rotate, target, cap, measure, and report on online advertising.
There’s no currently available technology that can replace the functions served by third-party cookies. Under HR 29, major online advertisers such as General Motors, Procter & Gamble, and American Airlines would lose their ability to track their online advertising’s effectiveness. Advertisers would likely decrease the budgets that subsidize free online consumer content on Web sites such as Weather.com, DallasNews.com, and USATODAY.com.
As an industry, I think we can agree cookies, and similar text and data files, are essential to the operation of online advertising and publishing. They’re not spyware and should in no way be regulated by the SPY ACT.
A $10 billion industry, which has been a shining spot of job growth in the U.S. technology sector, would be crippled. Consumers wouldn’t be able to receive — free — much of the content they can today. Without advertising’s substantial support, many consumers would be forced to pay subscription fees for that content. Cookies are a technology, not a bad practice. The SPY ACT should limit its scope to eliminating bad practices rather than affecting technologies with many valuable uses.
This is the time to get involved. Get a copy of the legislation. Talk to the public policy people at your company. Talk to your trade association. Get involved. The folks in Washington are focused on the right thing and are trying to solve a horrendous consumer problem. Help them do it effectively.