FTC: Technology, not legislation, needed to fight spyware
Connecting state and local government leaders
A commissioner at the Federal Trade Commission said today that pending anti-spyware legislation could do more harm than good.
Federal Trade Commission commissioner Orson Swindle said that pending anti-spyware legislation is an election-year effort by Congress to appear to be taking meaningful action against a high-profile problem.
Swindle and Jim Harper, director of information policy studies at the Cato Institute, warned during a Capitol Hill briefing today that premature laws could do more harm than good.
'We would question the necessity of any new laws,' Swindle said. 'We think the laws we currently have on the books are adequate.'
To emphasize this point, the commissioner cited a civil lawsuit filed last month against Seismic Entertainment Productions Inc. and Smartbot.net Inc., alleging deceptive and unfair trade practices. The companies allegedly loaded unauthorized software on consumers' computers to market their own anti-spyware tools.
Swindle and Harper said technology is a better anti-spyware tool than legislation and that it is up to industry to solve the problem, not government.
Spyware is a program that gathers information about the host computer's activity and sends it to a third party, often without the user's knowledge. This information can be used to harvest personal and financial data and to deliver pop-up ads to the screen. Free software downloaded from the Internet frequently carries spyware, which most users regard as a nuisance, if not an invasion of privacy.
A House bill, HR 2929, would require notification and consent to install spyware and prohibit gathering personally identifiable information without the user's knowledge. The bill defines spyware as any program that can gather and transmit information about the host computer without user initiation. It calls for the FTC to distinguish spyware from legitimate software that communicates for purposes such as supporting network connections.
A Senate bill, S 2145, is more detailed. It would outlaw all surreptitious installation of software except cookies and require uninstall procedures for approved software. It also would make it illegal to mislead a user about what the software is doing and who benefits. The Senate bill would require the user to separately approve each software feature, including type of information gathered, ads delivered, setting changes and messages sent out by the host.
Swindle and Harper said the notification and consent requirements would be burdensome to computer users, and that Congress has not adequately defined spyware.
Harper said the distinguishing characteristics of spyware are sneaky delivery, secret collection and resistance to removal.
'And that's not good enough to legislate on, in my opinion,' he said. 'These things are already illegal' under the FTC Act.
Both speakers said that accurately defining spyware so that legislation does not have unintended consequences is one of the key challenges to regulating the software.
Swindle used the CAN-SPAM Act, which outlawed deceptive commercial e-mail, as an example of ineffective legislation. He said the act has done little to curb the spam problem and that e-mail filters have been more successful. He also pointed to the recent criminal conviction of a pair of spammers under Virginia state law as evidence that new federal laws are not needed.
'I do believe industry can solve these problems better,' he said. 'It had better solve them, or government will come in to try to solve it.'
If legislation is necessary, Swindle said, 'we really want to work with the staffs on the Hill to make sure we get it right.'
NEXT STORY: Standards for federal smart cards are on the way