[Vision2020] Washington Post: Beware: Spyware

Art Deco aka W. Fox deco@moscow.com
Mon, 19 Apr 2004 08:16:03 -0700


This is a multi-part message in MIME format.

------=_NextPart_000_0053_01C425E6.8EB244D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

FTC to Look Closer at 'Spyware'
Privacy Experts Warn of Dangers to Unwitting Consumers
By Yuki Noguchi
Washington Post Staff Writer
Monday, April 19, 2004; Page A04


A relatively new kind of software that resides in many computers and tracks its
users' Web-surfing habits or triggers pop-up advertisements has come under
scrutiny by federal regulators who have already cracked down on deceptive or
misleading spam.

The Federal Trade Commission today is hosting a daylong workshop in Washington
to discuss the effects of hidden software that may be used to control or spy on
a computer without its user's knowledge.

So far most "spyware" and "adware" programs, often placed on Windows PCs by such
downloaded programs as file-sharing programs, appear to have been used for the
relatively benign purpose of tracking consumer preferences, said Howard Beales,
director of the FTC's consumer protection division. The FTC is watching to see
if criminals start making widespread use of this technology to steal credit-card
and Social Security numbers of unwitting computer users, he said.

"So far [we] haven't thought that it warranted regulation," he said.

Privacy experts and makers of anti-spyware software say the FTC's light-touch
approach leaves too many consumers vulnerable to more unwanted advertising or
even the addition of controls that consumers might not realize are on their
computer.

"There's a number of concerns about spyware, which is that it takes away
consumers' control over their computers," said Ari Schwartz, associate director
of the Center for Democracy and Technology in Washington. "We consider privacy
to be a control issue as well," and many spyware programs act as surveillance
tools for advertisers without the users' consent, he said. In February, the
group filed a complaint with the FTC arguing for stricter enforcement against
two companies involved in using software for allegedly deceptive and unfair ads.

The software generally enters a person's computer when he or she downloads and i
nstalls free music or game programs, for example. Often, popular downloaded
programs such as Kazaa and Grokster require users to agree to a licensing
agreement that allows the addition of adware to the computer's hard drive, legal
agreements that Beales and privacy experts concede many consumers do not fully
read. Other, more underhanded spyware developers automatically install spyware
without the knowledge or informed consent of the user, privacy experts and
software makers said.

Estimating how many computers carry spyware or adware is difficult, in part
because many consumers do not know they have it, said Nate Elliott, an analyst
with Jupiter Research. Some companies consider "cookies," which are small data
files that Web sites can place on a computer to store information about a user's
online activity, to be a form of software, but cookies are not programs and
cannot control computer functions.

Last week, Internet service provider EarthLink Inc. and anti-spyware software
maker Webroot Software Inc. said a three-month audit of slightly more than 1
million computers found 29.5 million pieces of spyware, or nearly 28 per
computer. Almost 24 million of these items, however, were cookies.

"We think the problem is bigger than anyone understood," said David Moll, chief
executive of Webroot of Boulder, Colo. In particular, "drive-by" downloads,
which occur when Web sites exploit weaknesses in Microsoft's widely used
Internet Explorer browser to install spyware and adware surreptitiously, are
increasingly a problem, he said.

Roger Thompson, vice president of product development of Pest Patrol of Carlyle,
Pa., said: "The issue is that there is no line between good behavior and bad
behavior." Although a minority of spyware is used for "malicious" purposes, "it
opens a back door that allows computers to be updated by the hacker and accept
commands to log keystrokes, read files, or turn on the Web cam," he said.

Federal and state legislators have taken notice. U.S. Sens. Conrad Burns
(R-Mont.), Ron Wyden (D-Ore.), and Barbara Boxer (D-Calif.) have introduced
legislation that would prohibit the installation of software on a computer
without notice and consent, and would require easy ways to remove it. Utah
enacted legislation last month, and state legislatures in California and Iowa
are considering action.

While some software installers are sneaky or fraudulent, the bigger problem may
be that consumers neglect to read the fine print before loading programs, said
David Sorkin, a professor at the John Marshall Law School in Chicago. "It's
pretty hard to install controls beyond that contract."




TechNews.com Home


© 2004 The Washington Post Company

------=_NextPart_000_0053_01C425E6.8EB244D0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT size=3D4><FONT face=3DArial><STRONG>FTC to Look Closer at =
'Spyware'<!--plsfield:stop--></A><BR></STRONG><FONT size=3D3>Privacy =
Experts Warn=20
of Dangers to Unwitting Consumers</FONT></FONT><FONT size=3D3> </FONT>
<P><!-- THIS JAVASCRIPT COMES FROM WASHTECH SITE FOR TESTING =
--><!--SCRIPT LANGUAGE=3D"JavaScript" =
SRC=3D"http://www.washtech.com/scripts/adcode.js"></SCRIPT-->
<SCRIPT language=3DJavaScript=20
src=3D"http://media.washingtonpost.com/wp-srv/washtech/javascript/adcode.=
js"></SCRIPT>

<SCRIPT language=3DJavaScript><!--=0A=
setupAdCode("sitename=3Dwpni.washtech","pagename=3Dsoftware")=0A=
//--></SCRIPT>
<!-- END OF WASHTECH AD CODE PREPARATIONS --><FONT=20
size=3D2><!--plsfield:byline--><I>By Yuki=20
Noguchi</I><BR><!--plsfield:credit--><I>Washington Post Staff=20
Writer</I><BR><FONT color=3D#cc0000><!--plsfield:disp_date-->Monday, =
April 19,=20
2004; Page A04 </FONT></FONT>
<P><!--plsfield:description--><NITF>
<P>A relatively new kind of software that resides in many computers and =
tracks=20
its users' Web-surfing habits or triggers pop-up advertisements has come =
under=20
scrutiny by federal regulators who have already cracked down on =
deceptive or=20
misleading spam.</P>
<P>The Federal Trade Commission today is hosting a daylong workshop in=20
Washington to discuss the effects of hidden software that may be used to =
control=20
or spy on a computer without its user's knowledge.</P>
<P>So far most "spyware" and "adware" programs, often placed on Windows =
PCs by=20
such downloaded programs as file-sharing programs, appear to have been =
used for=20
the relatively benign purpose of tracking consumer preferences, said =
Howard=20
Beales, director of the FTC's consumer protection division. The FTC is =
watching=20
to see if criminals start making widespread use of this technology to =
steal=20
credit-card and Social Security numbers of unwitting computer users, he =
said.=20
</P>
<P>"So far [we] haven't thought that it warranted regulation," he said. =
</P>
<P>Privacy experts and makers of anti-spyware software say the FTC's =
light-touch=20
approach leaves too many consumers vulnerable to more unwanted =
advertising or=20
even the addition of controls that consumers might not realize are on =
their=20
computer.</P>
<P>"There's a number of concerns about spyware, which is that it takes =
away=20
consumers' control over their computers," said Ari Schwartz, associate =
director=20
of the Center for Democracy and Technology in Washington. "We consider =
privacy=20
to be a control issue as well," and many spyware programs act as =
surveillance=20
tools for advertisers without the users' consent, he said. In February, =
the=20
group filed a complaint with the FTC arguing for stricter enforcement =
against=20
two companies involved in using software for allegedly deceptive and =
unfair ads.=20
</P>
<P>The software generally enters a person's computer when he or she =
downloads=20
and installs free music or game programs, for example. Often, popular =
downloaded=20
programs such as Kazaa and Grokster require users to agree to a =
licensing=20
agreement that allows the addition of adware to the computer's hard =
drive, legal=20
agreements that Beales and privacy experts concede many consumers do not =
fully=20
read. Other, more underhanded spyware developers automatically install =
spyware=20
without the knowledge or informed consent of the user, privacy experts =
and=20
software makers said.</P>
<P>Estimating how many computers carry spyware or adware is difficult, =
in part=20
because many consumers do not know they have it, said Nate Elliott, an =
analyst=20
with Jupiter Research. Some companies consider "cookies," which are =
small data=20
files that Web sites can place on a computer to store information about =
a user's=20
online activity, to be a form of software, but cookies are not programs =
and=20
cannot control computer functions.</P>
<P>Last week, Internet service provider EarthLink Inc. and anti-spyware =
software=20
maker Webroot Software Inc. said a three-month audit of slightly more =
than 1=20
million computers found 29.5 million pieces of spyware, or nearly 28 per =

computer. Almost 24 million of these items, however, were cookies.</P>
<P>"We think the problem is bigger than anyone understood," said David =
Moll,=20
chief executive of Webroot of Boulder, Colo. In particular, "drive-by"=20
downloads, which occur when Web sites exploit weaknesses in Microsoft's =
widely=20
used Internet Explorer browser to install spyware and adware =
surreptitiously,=20
are increasingly a problem, he said.</P>
<P>Roger Thompson, vice president of product development of Pest Patrol =
of=20
Carlyle, Pa., said: "The issue is that there is no line between good =
behavior=20
and bad behavior." Although a minority of spyware is used for =
"malicious"=20
purposes, "it opens a back door that allows computers to be updated by =
the=20
hacker and accept commands to log keystrokes, read files, or turn on the =
Web=20
cam," he said.</P>
<P>Federal and state legislators have taken notice. U.S. Sens. Conrad =
Burns=20
(R-Mont.), Ron Wyden (D-Ore.), and Barbara Boxer (D-Calif.) have =
introduced=20
legislation that would prohibit the installation of software on a =
computer=20
without notice and consent, and would require easy ways to remove it. =
Utah=20
enacted legislation last month, and state legislatures in California and =
Iowa=20
are considering action.</P>
<P>While some software installers are sneaky or fraudulent, the bigger =
problem=20
may be that consumers neglect to read the fine print before loading =
programs,=20
said David Sorkin, a professor at the John Marshall Law School in =
Chicago. "It's=20
pretty hard to install controls beyond that contract."</P>
<P></P></NITF><BR clear=3Dall>
<CENTER><A href=3D"http://www.technews.com/">TechNews.com =
Home</A></CENTER>
<P></P>
<P>
<CENTER>=A9 2004<!--plsfield:end--> The Washington Post=20
Company</CENTER></FONT></DIV></BODY></HTML>

------=_NextPart_000_0053_01C425E6.8EB244D0--