Feeds

Anti-spyware bill could mean tougher fines

Third time lucky?

  • alert
  • submit to reddit

Seven Steps to Software Security

Unsurprisingly, marketers are leery of the legislation.

Overly aggressive legislation could punish legitimate advertisers and marketing firms, Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association, said in a statement. He pointed out that the spyware situation seems much improved in the two years since the legislation was first considered.

"Where once, just two short years ago, pop-up ads, drive-by downloads, and software that hijacked computers were on the rise, consumers in 2007 experience fewer such unwanted practices," Cerasale said.

However, whether the improvement has been due to industry policing or government investigations is a matter of some debate.

The FTC, some state investigators, and the U.S. Department of Justice have gotten tougher on those that would use spyware. The FTC has concluded nearly a dozen enforcement actions since January 2005, with another dozen actions brought by individual states. The DOJ has pursued a number of bot masters, such as James Ancheta and Christopher Maxwell, that have used their network of compromised PCs to install spyware and adware for revenue. Both where sentenced in 2006.

In December, spyware researcher Ben Edelman found evidence that market survey firm comScore had installed its software on users' PCs without first getting consent.

A representative of TRUSTe asked members of the subcommittee to create a safe harbor provision for companies that follow an industry self-regulatory compliance program.

"Legislative safe harbors encourage a flexible self-regulatory regime that, if adhered to, will place a company in compliance with the regulation and create incentives for participation in programs that may exceed protections required by law," Fran Maier, executive director and president of TRUSTe, said in a statement.

However, there is evidence that industry self-policing has not worked very well. In September, a controversial survey of more than a half million Web sites found that sites are twice as likely to be rated as bad actors if they have been certified by TRUSTe, a non-profit industry group that certifies marketers' data policies.

If the bill passes the full House this year, it will be the third time. In 2004 and again in 2005, the subcommittee, full committee and House of Representatives passed the act, but the bill was voted down in the Senate.

"Twice the Spy Act met its demise in the Senate," Subcommittee Chairman Rush said in his statement. "Let's hope the Senate can get its act together this time around."

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.