Like spam, spyware is unlikely to disappear as a result of laws or regulations, but it is inciting enough popular ire to spur politicians to act anyway.
The latest perceived threat to Internet users privacy, spyware is following the same trajectory in Washington that spam followed before Congress last year passed a law aimed at reducing it. This week, a House panel responsible for commerce and consumer protection will examine deceptive software and possible ways to curb its use. Legislation targeting spyware has been introduced in the Senate and House, and Utah has already enacted an anti-spyware law.
The Federal Trade Commission began discussing the issue in a policy forum with industry and government representatives last week and quickly learned that different interests define the problem differently. Spyware is used primarily as surveillance software—key loggers are often cited as the most insidious form—or advertising software used for gathering data for marketing purposes, but there is no consensus on what should be illegal.
When users discover spyware on computers, they often complain to innocent parties such as ISPs. "Were the people being blamed sometimes," Jules Polonetsky, vice president of Integrity Assurance at America Online Inc., based in Dulles, Va., said at the FTC forum. The next update to AOLs software will automatically scan for spyware and let users decide on keeping it, Polonetsky said.
More than half of all Windows crashes reported to Microsoft Corp. are the result of deceptive software, according to Brian Arbogast, corporate vice president of the Identity, Mobile and Partner Services Group for MSN and the Personal Services Division at Microsoft. The next Windows service pack, due this summer, will include a pop-up blocker in Internet Explorer, an ActiveX blocker to suppress downloads that users do not initiate and improved notices for software updates.
Reminiscent of the policy debate over spam, a strong industry lobby is cautioning against anti-spyware legislation for fear that legitimate monitoring software will be targeted unintentionally. Rather than passing new laws, the government should help better educate users to protect themselves, many in industry argue.
For privacy advocates, however, consumer education is unlikely to solve the problem. Future categories of software will present similar intrusion threats, said Chris Hoofnagle, associate director of the Washington-based Electronic Privacy Information Center, adding that digital rights management software can be particularly invasive.
"I think there will be coercive power in this market, especially when it comes to media," Hoofnagle said.