The US Federal Trade Commission reported yesterday that a court had shut down three Internet companies on charges of distributing spyware without users’ consent. Enternet Media, Inc. and Conspy & Co. Inc, based in California, and Iwebtunes, based in Ohio, had their assets frozen after being found to have distributed spyware hat “piggybacked” on top of free offerings, such as ring tones, music software and utility programs, as well as a fake “security patch” for Microsoft’s Internet Explorer. The spyware tracked users’ Internet activities, changed their home pages, and deluged them with endless streams of pop-up advertisements.
Currently, complaints about spyware in the US are handled only by the FTC. However, the US Senate proposed federal legislation against spyware in 2004 and again this May. The legislation has not yet gone through the Senate and seems to be perpetually bogged down in discussion. Meanwhile, some states, including California, have introduced their own anti-spyware legislation.
While this action against three spyware companies appears to be encouraging news, it represents a mere drop in the bucket compared to the vast and hugely lucrative spyware industry, estimated at bringing in as much as US$1.6 billion in 2004. Federal legislation against spyware would, of course, do nothing about the many offshore companies that profit from this type of software. In addition, proposed legislation often is written to allow spyware companies to exist and distribute their wares as long as they a) provide warning to the user that spyware is being installed and b) provide a method of uninstallation. The first part can be easily buried in the middle of a dense EULA where nobody will read it, and the latter can also be hidden deep in Add/Remove Programs under an innocuous name. To make matters worse, there are even spyware programs that actively fight against and attempt to disable anti-spyware software. Clearly this is a problem that, like spam and phishing scams, is not going to simply go away. It will take a combination of legislation, software technology, and user education to combat this mess.