Putting Spyware on the Hook
Preparing for an FTC suit, an Internet privacy organization launches an online action to collect histories of spyware gone wrong.
The Center For Democracy and Technology released a report criticizing spyware and downloadable adware programs for deceiving consumers and wreaking havoc with their computers.
The Washington, D.C.-based CDT is a public policy non-profit that advocates privacy, freedom of expression and open use of Internet technologies -- and challenging surveillance on the Net is one of its top issues.
Its report, "Ghosts in Our Machines: Background and Policy Proposals on the 'Spyware' Problem," released Wednesday, addresses what the CDT considers the growing problem of spyware, which it defines as everything from targeted advertising programs to keystroke loggers and screen capture utilities that can be used to steal passwords to legitimate applications with weak privacy protections. The report offers advice to consumers about combating the software and it reviews pending legislation, which it finds wanting.
CDT associate director Ari Schwartz said pending legislation against spyware was too vague, and could be taken to include legitimate applications that monitor the status of a user's computer, such as automatic updating of virus protection software or the Windows operating system.
And, while attention has been focused on privacy issues concerning so-called spyware, the CDT report emphasizes that because adware piggybacks on other software, users are frequently unaware it's being installed on their computers, and they're often unable to remove it. "Showing ads isn't necessarily a bad thing," said Schwartz. "But a lot of times, when you go to uninstall the main program, it doesn't uninstall the other program, and it may even destroy other programs." Schwartz said even if a user knows an adware app came along with a download, the assumption is that it will uninstall along with the main program.
These applications, even if intentionally installed on a PC, can cause unforeseen problems like reductions in computer performance and system stability, Schwartz said. He said while the CDT's information about spyware problems is anecdotal, "We hear from software companies and ISPs that this is costing them money. They're getting the calls because the connection is slow or there's interference with e-mail." The CDT wants the providers of adware to offer users clear information about the software installation and contact information so they can complain to them instead of to their ISPs.
The report mentions Gator and WhenU, which, while the subject of lawsuits by Web publishers, have escaped penalty. Also singled out are nCase, which tracks Web visits and search terms; Altnet, which engages the user's computer in a distributed computing network used by third-party businesses; and Radiate, a defunct company that served ads into the interface of specific software applications. It posits Qualcomm's Eudora e-mail application as an example of acceptable adware, because the user can choose to purchase an ad-free version and is given clear notice of what will happen if they use the ad-supported client.
The CDC also kicked off a Web campaign to gather spyware horror stories that it can collect and use in a complaint it plans to file with the Federal Trade Commission.
"We're looking for a pattern with a particular kind of software, something that would allow us to bring a very clear, straightforward unfairness or deception complaint with the FTC," Schwartz said. "If we can get the resources of the Internet behind us and find that pattern through the anecdotes we get in, we'll have a lot less of a battle."