New Anti-Spyware Bill Won't Stop Spyware; But Will Bring Back Questionable Anti-Piracy Measures

from the that-doesn't-sound-good dept

Politicians have been pushing for an anti-spyware law for quite some time -- mostly because it's the sort of thing likely to draw headlines that make the politicians look good. However, it's widely acknowledged that such laws aren't at all necessary. Anti-fraud laws can mostly take care of the problem cases out there -- and the market itself seems to have actually taken care of the worst offenders in the space. Plus, with such laws (witness CAN-SPAM's failure), they tend to do little to actually stop the activity, but more to define the rules by which companies can continue to do bad things without breaking the law.

However, with the law coming up yet again, Broadband Reports points to an even scarier part of the law currently up for consideration, the Counter Spy Act, as noted by Ed Foster's Gripe Line. Basically, in the fine print, it appears to create a nice little "exception" for software companies that spy on users for the sake of checking whether they're using an authorized copy -- including the ability to let the software provider remotely shut off the computer or internet connection of those found to be using unauthorized copies. This has many folks worried that this is an attempt to backdoor in UCITA, the awful law from a while back that would allow software companies to remotely shut down computers of those found with unauthorized software.

So we've got a law that is unnecessary and wouldn't even stop the problem of spyware if it were a problem -- and opens up a backdoor to allow software companies to spy on users and remotely shut down their computers. But it may pass anyway because politicians want voters to think they voted against spyware.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Rich Kulawiec, Jun 17th, 2008 @ 4:45am

    Of course this is the point

    Just as the point of CAN-SPAM was to provide a legal pretext for spam (much to the pleasure of pro-spam lobbying organizations like the DMA), the point of this "anti-spyware" legislation is to provide a legal pretext for the forcible hijacking of users' computer systems. The impact on actual spyware will of course be negligible (if any) and those responsible for the passage of this bill will trumpet their "success" at addressing the issue.

    The best legislation money can buy.

    reply to this | link to this | view in thread ]

  2. icon
    Crosbie Fitch (profile), Jun 17th, 2008 @ 4:48am

    Copyright Abridges Privacy Anyway

    The solution is to abolish copyright, for then no-one would seek to facilitate its unethical jurisdiction of the private domain in the first place.

    reply to this | link to this | view in thread ]

  3. identicon
    Abolish Everything, Jun 17th, 2008 @ 5:31am

    Re: Copyright Abridges Privacy Anyway

    Every time you pop up on this blog, you say the same thing. So ... abolishing copyright is the solution to all our problems, the long-awaited technical panacea?

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, Jun 17th, 2008 @ 5:45am

    Re: Re: Copyright Abridges Privacy Anyway

    Ignorance breeds ignorance.

    reply to this | link to this | view in thread ]

  5. identicon
    Meh, Jun 17th, 2008 @ 5:56am


    By looking through the law, as long as the spyware maker puts a EULA on their software making them authorized users of the computer and taking all blame away from them, its not spyware...

    I also found this clause funny(about uninstallation):

    requiring in an unfair or deceptive
    manner the user to access the Internet to
    remove the software with knowledge or
    reckless disregard of the fact that the software
    frequently operates in a manner that
    prevents the user from accessing the Internet

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, Jun 17th, 2008 @ 6:15am

    Re: Copyright Abridges Privacy Anyway

    The solution is campaign finance reform. Then the politicians wouldn't have to sing for their supper when it comes to this kind of double-speaking BS bill. Of course, any "campaign finance reform" bill would be written by corporate lobbyists and riddled with so many loopholes that it would make the situation worse.

    reply to this | link to this | view in thread ]

  7. identicon
    DavidB, Jun 17th, 2008 @ 6:41am

    It's really funny, cuz I believe it was the FTC that said they didn't NEED this new law in order to help in the fight against spyware. As Ed has pointed out so frequently over the many years I have followed him, enforce the existing laws, don't create new ones just because it's politically expedient to do so. Ah, but there's the rub, politics.

    More than campaign finance reform, we NEED term limits. There is NOTHING that more corrupts our political process than those who make a "career" out of politics.

    reply to this | link to this | view in thread ]

  8. identicon
    some old guy, Jun 17th, 2008 @ 6:50am


    Forget term limits... Allowing a politician to have even one extra term is a powerful enough corrupting influence. There just shouldnt be possible any "re-election". It would solve a tremendous amount of corruption.

    reply to this | link to this | view in thread ]

  9. identicon
    sonofdot, Jun 17th, 2008 @ 6:55am

    Re: Re:

    Members of Congress should be chosen by lottery from the general population, and should serve for only one term. Anyone who willingly wants to run for elected office should be immediately imprisoned.

    reply to this | link to this | view in thread ]

  10. identicon
    Overcast, Jun 17th, 2008 @ 7:22am

    "create a nice little "exception" for software companies that spy on users for the sake of checking whether they're using an authorized copy"

    So I can give out a "free" screensaver - bundle it with tons of spyware, and it's legit? Maybe I can put in the EULA that you have to register with my service to use the software and then it's all good.

    Heck - that might lead to even more spyware - with a legal 'ok'.

    reply to this | link to this | view in thread ]

  11. identicon
    Hulser, Jun 17th, 2008 @ 7:43am

    Re: Re:

    Forget term limits... Allowing a politician to have even one extra term is a powerful enough corrupting influence. There just shouldnt be possible any "re-election". It would solve a tremendous amount of corruption.

    On thing that it doesn't sound like you've considered is the counterargument to term limits that people who are not career politicians would be susceptible to people who make politics their career. For example, if every election cycle, you had a new groups of senators coming in, they could be taken advantage of by people who have been working in Washington for decades.

    I'm not saying that I totally buy into this counterargument. There's probably a happy medium, but I personally don't think that term limits, even one term term limits, are a magic bullet that would "solve a tremendous amount of corruption".

    reply to this | link to this | view in thread ]

  12. identicon
    Mike C., Jun 17th, 2008 @ 7:59am

    Script kiddies...

    And what happens when the script kiddies and malicious "hackers" discover how to use the back door? Forget Blaster, Melissa, Storm, etc... imagine a wave of virus infections that send themselves out to your address book followed by a disconnect. You'll never get the AV update that removes it and never get back online.

    Sounds like a plan to me...

    reply to this | link to this | view in thread ]

  13. icon
    chris (profile), Jun 17th, 2008 @ 8:24am

    go for it, in fact, let me help you.

    i love anti-piracy measures, they are expensive, intrusive, and they don't work, just like DRM and anything else that tries to limit what you can do in a PC. the more software companies waste resources on these counter[productive]measures the more people will seek out and support open source alternatives.

    here is a doomsday scenario that happened to me just yesterday:

    i have a whitebox PC from a small vendor. said vendor preloads an oem version of windows xp pro. the machine is installed in an office at the university i work for and some deviant who molests farm animals peeled the certification sticker off the back of the machine.

    the machine bluescreens one time too many and i reload windows, but i don't have the key for it since i don't realize the magic sticker is gone until AFTER i've formatted the hard drive. this are two very easy mistakes to make. so i use the key i have on file.

    turns out i have the wrong key on file. how do i know this? i am able to install windows, but the activation screen comes up tigh after the first i can't activate online since the activation comes up at the first login (no network card set up yet), i can't register by phone because the registration app doesn't give me the magically generated number i have to give the customer service rep. i try to get MS to escalate the issue, but it's easier and faster to just use the university's volume licensed version instead. if i were a small company with no purchasing power for VLK's, i'd be up the proverbial creek.

    this would be sad, if i didn't know of 5 different versions of XP floating around BT with no such key problems and all the device drivers and secrity update slipstreamed in. some of them even have office and a ton of software (like office) folded in as well.

    good job guys, not only did you stiff arm a paid customer, but you failed to stop any actual piracy. good thing there is no competition in your space, or you would get eaten alive.

    anti-piracy software is the chief cause of software piracy.

    so go ahead and change the law. put in all the anti-circumvention nonsense you want, spy on us and log our keystrokes. make sure you report our activities to the government too. the sooner you have pushed yourselves out of the market, the better off we will all be.

    reply to this | link to this | view in thread ]

  14. icon
    Crosbie Fitch (profile), Jun 17th, 2008 @ 8:53am

    Re: Re: Copyright Abridges Privacy Anyway

    Yup, the solutions are easy to spot. Their adoption and implementations are tricky.

    Whilst copyright abolition is the obvious solution, it won't happen unless there's any money in it - even if you did achieve an apparent enabling solution of campaign finance reform.

    Therefore, the only viable solution in the near term is enabling people to make more money out of copyleft works than copyrighted ones.

    When copyright is discovered to be commercially counter-productive it'll be dropped as if it were a badge that said "Made by slave labour".

    Nevertheless, the ultimate solution remains the abolition of copyright.

    reply to this | link to this | view in thread ]

  15. identicon
    John, Jun 17th, 2008 @ 1:37pm

    How to stop this bill/ law

    If this bill does actually become law, it will be struck down approximately 5 seconds after a Senator's staffer has their computer shut down because someone installed a copy of Office.

    Oh, wait, that copy was perfectly legal and Microsoft sent out a "false positive" signal which shut off a paying customer's computer? Oh, well, the law was passed, so it's legal for them to do so. Too bad, staffer, you can't get your work done today. Hope that Senator didn't need the speech you were working on.

    Of course this situation will only happen after hundreds or thousands of people have complained about the law and after the Senators and software companies have said "There's no way a 'false positive' can occur. Paying customers have nothing to worry about."

    reply to this | link to this | view in thread ]

  16. identicon
    There is a flaw in there somewhere, Jun 17th, 2008 @ 4:58pm

    Pinky: What are we going to do today Brain?
    Brain: Why, take over the world of course Pinky.

    If people do not install the crapware, how will the plan to take over the world ever succeed ?

    reply to this | link to this | view in thread ]

  17. identicon
    John, Jun 18th, 2008 @ 5:53am

    Spyware Malware

    There is a simple solution, and I have used it successfully.
    Most malware is actually advertising related. The advertising pops up without the computer user having intentionally installed anything to have that effect (apart from maybe agreeing to section 2 , paragraph 3 , line 6, microline 5 of a eula somewhere that is not immediately re-traceable back from the popup or popunder.
    What you do is locate the name of the 'service' that is creating the popunder etc.
    Then, you make it reload as many times as possible, to get the websites of as many primary advertisers as possible.
    You then send them a complaint email about the 'service' that is set up using subterfuge, and telling them that it puts their product into disrepute, as it is their primary financing that is perpetuating the situation.
    You send an email also to the perpetrating 'service' (that in my case was at a different URL from the supplier of the software)telling them that you intend to systematically contact every advertiser that appears in a popup window with their name on it, and inform them that their product will be boycotted due to their advertising methods in using the 'service' that has caused an infection to occur.
    Also, if the perpetrating 'service' is within a so-called first world jurisdiction, you contact the Chamber of Commerce for that particular location, and inform them of the world wide spamming type activities that their town or city is involved in. You also make a complaint to the appropriate Better Business Bureau.
    In my case, I received an apology email from the perpetrator, who said that it was their 'publisher' who had done it, and that the software involved now had a clear warning in red text that it would produce popup windows with advertising content. I checked, and indeed it now did. (in my case it was actually some script in a blog 'widget' on my wife's blog page)
    It was not an easy evening, in fact, it was driven by rage, but I have proven that the key to resolution is to threaten the funding supply. I had resolution within 24 hours. I then emailed all involved informing them of the resolution.

    reply to this | link to this | view in thread ]

  18. identicon
    Anonymous Coward, Jun 18th, 2008 @ 4:46pm

    Re: Spyware Malware

    Now imagine spending all day every day doing that over and over for different malwares operating under the protection of this proposed law. Not a pretty thought.

    I've been using the internet since before it went commercial and can remember when e-mail spam first started going around when it went commercial. It was just a message or two every now and then back then yet I was complaining to a group of coworkers about the potential for spam to become a real problem when one of them made the comment "So what's wrong with spam? All you have to do is manually delete it. Simple. Is that too hard for you?" I wonder if he goes around espousing that position. Anyway, the point I'm making is that "simple solutions" sometimes don't scale very well when the problem grows larger.

    reply to this | link to this | view in thread ]

  19. identicon
    Peter, Jan 20th, 2010 @ 9:08am

    This is just another example of the government really not understanding how to implement regulations based on software restrictions. They always dream up some solution that, like in this case, only makes it worse and allows for even more malware to make it onto systems they are trying to protect..

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.