Spyware, Be Gone! If Only It Were That Easy

Spyware, New Privacy Watchdog Target

Meet Spyware, the James Bond of the computer world. It’s sleek, cunning, and perpetually gets itself out of jams—it’s “slippery.” What is it and why does it never seem to get caught? The Center for Democracy and Technology (CDT) seems to know.

Released just a day prior to Representative Mary Bono’s (R-CA) public hearing before a congressional subcommittee (regarding, of course, spyware) CDT released a thorough report on the subject—“Ghosts in Our Machines: Background and Policy Proposals on the Spyware Problem.”

Spyware, a loosely defined term, is essentially software that aids any unauthorized party in obtaining private information from one’s computer without his or her knowledge. The term can apply to anything and everything from key stroke loggers, web cookies, web browsing trackers, and programs designed to help provide security patches for users. Moreover, and perhaps more annoyingly, are adware applications; they essentially piggyback on peer-to-peer file-sharing software and free downloads, like Gator or Kazaa. Occassionally, this is also referred to as “Scumware“.

“Computer users are increasingly finding programs on their computers that they did not know were installed and that they cannot uninstall,” said CDT associate director Ari Schwartz. Subsequently, this causes privacy and security holes that can hinder the performance of computers. Software companies, in turn, mistakingly take the blame. They are taking the calls relating to slow connection or e-mail interference, said Schwartz. And it’s costing them money.

Okay, so CDT criticizes spyware and other downloadable adware programs. It wants a solution to its top issue. But isn’t that what Bono and several other key legislators want? Not necessarily.

What CDT wants is not some direct, pin-pointed piece of legislation aimed at ceasing spyware, but rather basic privacy standards to which all programs should be held. It feels, according to Schwartz, that “more thought needs to be given to spyware as a problem of trespass in addition to as a privacy issue.”

Defining the term “spyware” is a tricky task, one that Bono and her allies seem to be forgetting. Under the legislative definition of spyware, restrictions would encompass an array of programs—most cookies, even ones that are temporarily stored in browsers, virus protection software, and even software that keeps tabs on children’s computer use.

Because of this, CDT thinks that customers will be better served by privacy legislation—legislation that forces software programs to give computer users notice if they are collecting any type of information and, more importantly, give users the ability to easily turn off or uninstall the program.

CDT associate director Alan Davidson stated, “The question is do people know how their computer is being used, and do they have a meaningful choice to uninstall a program if they don’t want it. In the most troubling cases of spyware, the answer is still no.” Davidson also wants adware providers to offer clear instructions regarding contact information so that users can call them, not the software companies, concerning complaints.

For the spyware makers who are truly, in current terms, legal, there is still hope for survival. Pest Patrol, Aluria Software, and Lavasoft—antihacking programmers—have formed the Consortium of Antispyware Technology (COAST) to increase consumer awareness and one day create a code of conduct for adware. Roger Thompson, vice president of product and development at Pest Patrol, reported that in this year alone his company received 60,000 incidents of spyware abuse. COAST offers great opportunities for those spyware companies that truly want to comply to standards so that they don’t go down with the “dangerous spyware” label.

Having kicked off a campaign to gather spyware horror stories, CDT suggests that, for now, computer users should do several things in order to deal with invasive applications:

1. Run a spyware detection and removal utility on your computer
2. Be wary of installing free, ad-supported applications
3. Read up on new software and read all licensing agreements before installing
4. Check for and read privacy policies posted on company websites
5. Do not accept downloads from pop-up windows or from unknown websites

Although the efforts of Bono, Senator John Edwards, and various others are applaudable, legislation alone cannot address all of the concerns raised by spyware. It is the industry itself, believes CDT, that can regulate illegal activity. The current definition of spyware is rather fuzzy and slippery, therefore making it difficult to draft legislation. Looks like 007 has a little competition.

 back to top