Spyware: Already Illegal

The law may be an ass, as Mr. Bumble famously said in Charles Dickens “Oliver Twist,” but its a hardy beast that can carry its load over many kinds of terrain. Indeed, people have been dealing with one another, protecting themselves against one another and making it possible to get along with one another under the rule of law for centuries and through many technology changes.

The Dickens quotation came to mind when two new anti-spyware bills appeared recently in the House and the Senate. Its an understandable but erroneous reaction to seek to enact a new law for every kind of technology that appears. We suggest, however, that well all be much better off if existing laws are applied, like a sturdy draft animal, to prosecute abuses perpetrated through new technologies. We already have laws against fraudulent claims; we dont need a separate law to handle those claims when theyre made in e-mail.

/zimages/4/28571.gifClick here to read Security Center Editor Larry Seltzers take on the anti-spyware bills.

So were encouraged that the U.S. Federal Trade Commission is resisting calls from lobbyists to pass anti-spyware legislation and has instead joined with the IT industry to call for improved self-regulation and user education. Referring to the laws against consumer fraud and identity theft, Mozelle Thompson, a commissioner at the FTC, told United Press International: “There are some kinds of practices that we may consider unfair or deceptive that we already have existing power to pursue.” The consensus of the FTC, as reported in eWEEK, is that its too early to write laws banning spyware and that existing laws should protect consumers.

We applaud the FTC for taking this position against passing more legislation. We have made the same point with regard to anti-spam laws in this space, and we reiterate: It is always a bad idea to think a new technology creates a need for a new form of law. It is this type of mind-set that puts us into a never-ending cycle of “protecting” consumers with laws that are too numerous and unwieldy to enforce. The CAN-SPAM Act (SB 877) passed late last year is one example. To date, the law has had no noticeable impact on the amount of spam traveling the Internet, according to a recent report by Jupiter Research.

/zimages/4/28571.gifRead more about CAN-SPAM compliance here.

Not only is anti-spyware legislation similarly not likely to be effective, but it could make the use of beneficial monitoring and tracking software illegal.

Instead of passing laws and implementing regulations, we call on the FTC and state attorneys general to launch efforts—as they have done with regard to consumer fraud and spam—to educate users on the dangers of spyware and how to protect themselves from it. We also call on vendors and service providers to warn their customers about spyware and to provide features that can counteract it.

There is no new law required to carry out these measures. Passing a new law will not be a substitute for them.

/zimages/4/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWEEK is interested in your point of view. Send your comments to [email protected].

/zimages/4/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif