SPY Act

I don't think legistlation will have any effect because of the following:

1: it's been too long and so many companies now provide spyware for tracking purposes.

2: based on enforcing spyware policies, how would one define spyware (outside of what Ad-Aware, Spybot, etc think of it as)? A company saying they want to adhere to their goal in providing the best service by profiling their customers surely would fight against what might be considered spyware by them.

It could be worked around by redoing some of the standards involving cookies, but hey, that's a lot of work all to prevent a dataminer from Gator from working. Speaking of which, does anyone know where their HQ is? I'd love to firebomb that place with them inside.

I just wrote an article on the various legislations for my site. A District Judge has granted WhenU.com an injunction against the very first anti-spyware law enacted in the state of Utah. The claim is that "spyware" is defined too broadly to include adware and tracking programs that the users have in fact agreed to install by clicking "yes" to the EULA.

Stearns amendment for the SPY ACT Act seeks to narrow the definition so they can outlaw the illegal stuff without also outlawing programs used by employers or parents to monitor activity on their computers or outlawing software which might track and report users actions but does so with the agreed consent of the machine's owner.

I think such a law can have merit. Many of the companies that engage in drive-by downloads and track users through spyware without their knowledge are backed by actual companies who are trying to use the information they gather to market. They will be deterred from doing so and forced to at least let computer users know what they are doing first if faced with $3 million fines.

It won't stop many keyloggers and other Trojans which may blur the line between spyware and true malware and for the unethical and flat-out illegal businesses it won't hinder them or make catching and prosecuting them any easier, but a law that is well-written can have a significant impact on spyware in my opinion.

One major caveat is that they need to specify the OWNER'S consent and not the USER. The owner might be the employer or the parent while the employee or child might be the user. In order to not outlaw legitimate spyware used to monitor computer activity the difference between owner and user is important. They also must be specific about exactly how clear or obvious the spyware announcement has to be lest the purveyors of spyware simply bury it deeper in the EULA that everyone agrees to without reading anyway. They need to clearly state that the spyware consent be separate from the EULA or users will continue to unwittingly agree to install the stuff.

If you want to see my article click here: Spyware Legislation

According to an article on Yahoo the SPY ACT Act was approved by a vote of 45-4 by the Energy and Commerce Committee and will now move to consideration on the House floor.

Here is the article on Yahoo: Anti-Spyware Bill Moves To House Floor