Feeds

Anti-spyware bill could mean tougher fines

Third time lucky?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Unsurprisingly, marketers are leery of the legislation.

Overly aggressive legislation could punish legitimate advertisers and marketing firms, Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association, said in a statement. He pointed out that the spyware situation seems much improved in the two years since the legislation was first considered.

"Where once, just two short years ago, pop-up ads, drive-by downloads, and software that hijacked computers were on the rise, consumers in 2007 experience fewer such unwanted practices," Cerasale said.

However, whether the improvement has been due to industry policing or government investigations is a matter of some debate.

The FTC, some state investigators, and the U.S. Department of Justice have gotten tougher on those that would use spyware. The FTC has concluded nearly a dozen enforcement actions since January 2005, with another dozen actions brought by individual states. The DOJ has pursued a number of bot masters, such as James Ancheta and Christopher Maxwell, that have used their network of compromised PCs to install spyware and adware for revenue. Both where sentenced in 2006.

In December, spyware researcher Ben Edelman found evidence that market survey firm comScore had installed its software on users' PCs without first getting consent.

A representative of TRUSTe asked members of the subcommittee to create a safe harbor provision for companies that follow an industry self-regulatory compliance program.

"Legislative safe harbors encourage a flexible self-regulatory regime that, if adhered to, will place a company in compliance with the regulation and create incentives for participation in programs that may exceed protections required by law," Fran Maier, executive director and president of TRUSTe, said in a statement.

However, there is evidence that industry self-policing has not worked very well. In September, a controversial survey of more than a half million Web sites found that sites are twice as likely to be rated as bad actors if they have been certified by TRUSTe, a non-profit industry group that certifies marketers' data policies.

If the bill passes the full House this year, it will be the third time. In 2004 and again in 2005, the subcommittee, full committee and House of Representatives passed the act, but the bill was voted down in the Senate.

"Twice the Spy Act met its demise in the Senate," Subcommittee Chairman Rush said in his statement. "Let's hope the Senate can get its act together this time around."

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.