Feeds

Anti-spyware bill could mean tougher fines

Third time lucky?

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Unsurprisingly, marketers are leery of the legislation.

Overly aggressive legislation could punish legitimate advertisers and marketing firms, Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association, said in a statement. He pointed out that the spyware situation seems much improved in the two years since the legislation was first considered.

"Where once, just two short years ago, pop-up ads, drive-by downloads, and software that hijacked computers were on the rise, consumers in 2007 experience fewer such unwanted practices," Cerasale said.

However, whether the improvement has been due to industry policing or government investigations is a matter of some debate.

The FTC, some state investigators, and the U.S. Department of Justice have gotten tougher on those that would use spyware. The FTC has concluded nearly a dozen enforcement actions since January 2005, with another dozen actions brought by individual states. The DOJ has pursued a number of bot masters, such as James Ancheta and Christopher Maxwell, that have used their network of compromised PCs to install spyware and adware for revenue. Both where sentenced in 2006.

In December, spyware researcher Ben Edelman found evidence that market survey firm comScore had installed its software on users' PCs without first getting consent.

A representative of TRUSTe asked members of the subcommittee to create a safe harbor provision for companies that follow an industry self-regulatory compliance program.

"Legislative safe harbors encourage a flexible self-regulatory regime that, if adhered to, will place a company in compliance with the regulation and create incentives for participation in programs that may exceed protections required by law," Fran Maier, executive director and president of TRUSTe, said in a statement.

However, there is evidence that industry self-policing has not worked very well. In September, a controversial survey of more than a half million Web sites found that sites are twice as likely to be rated as bad actors if they have been certified by TRUSTe, a non-profit industry group that certifies marketers' data policies.

If the bill passes the full House this year, it will be the third time. In 2004 and again in 2005, the subcommittee, full committee and House of Representatives passed the act, but the bill was voted down in the Senate.

"Twice the Spy Act met its demise in the Senate," Subcommittee Chairman Rush said in his statement. "Let's hope the Senate can get its act together this time around."

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.