Spyware is the scourge of desktop computing. Yes, computer worms and viruses cause billions of dollars in damage every year. But spyware-programs that either record your actions for later retrieval or that automatically report on your actions over the Internet-combines commerce and deception in ways that most of us find morally repugnant.
Worms and viruses are obviously up to no good: these programs are written by miscreants and released into the wild for no purpose other than wreaking havoc. But most spyware is authored by law-abiding companies, which trick people into installing the programs onto their own computers. Some spyware is also sold for the explicit purpose of helping spouses to spy on their partners, parents to spy on their children, and employers to spy on their workers. Such programs cause computers to betray the trust of their users.
Until now, the computer industry has focused on technical means to control the plague of spyware. Search-and-destroy programs such as Ad-Aware will scan your computer for known spyware, tracking cookies, and other items that might compromise your privacy. Once identified, the offending items can be quarantined or destroyed. Firewall programs like ZoneAlarm takes a different approach: they don't stop the spyware from collecting data, but they prevent the programs from transmitting your personal information out over the Internet.
But there is another way to fight spyware-an approach that would work because the authors are legitimate organizations. Congress could pass legislation requiring that software distributed in the United States come with product labels that would reveal to consumers specific functions built into the programs. Such legislation would likely have the same kind of pro-consumer results as the Pure Food and Drug Act of 1906-the legislation that is responsible for today's labels on food and drugs.
The Art of Deception
Mandatory software labeling is a good idea because the fundamental problem with spyware is not the data collection itself, but the act of deception. Indeed, many of the things that spyware does are done also by non-spyware programs. Google's Toolbar for Internet Explorer, for example, reports back to Google which website you are looking at so that the toolbar can display the site's "page rank." But Google goes out of its way to disclose this feature-when you install the program, Google makes you decide whether you want to have your data sent back or not. "Please read this carefully," says the Toolbar's license agreement, "it's not the usual yada yada."
Spyware, on the other hand, goes out of its way to hide its true purpose. One spyware program claims to automatically set your computer's clock from the atomic clock operated by the U.S. Naval Observatory. Another program displays weather reports customized for your area. Alas, both of these programs also display pop-up advertisements when you go to particular websites. (Some software vendors insist that programs that only display advertisements are not spyware, per se, but rather something called adware, because they display advertisements. Most users don't care about this distinction.)
Some of these programs hide themselves by not displaying icons when they run and even removing themselves from the list of programs that are running on your computer. I've heard of programs that list themselves in the Microsoft Windows Add/Remove control panel-but when you go to remove them, they don't actually remove themselves, they just make themselves invisible. Sneaky.
Story continues below
Yet despite this duplicity, most spyware and adware programs aren't breaking any U.S. law. That's because many of these programs disclose what they do and then get the user's explicit consent. They do this with something that's called a click-wrap license agreement-one of those boxes full of legal mumbo-jumbo that appears when you install a program or run it for the first time. The text more-or-less spells out all of the covert tricks that these hostile programs might play on your system. Of course, hardly anybody reads these agreements. Nevertheless, the agreements effectively shield purveyors of spyware and adware from liability. After all, you can't claim that the spyware was monitoring your actions without your permission if you gave the program permission by clicking on that "I agree" button.
Uniform standards for labeling software wouldn't replace the need for license agreements, but they would make it harder for companies to bury a program's functions. Such legislation-call it the Pure Software Act of 2006-would call for the Federal Trade Commission to establish standards for the mandatory labeling of all computer programs that are distributed within the United States. A labeling requirement would force makers of spyware to reveal their program's hidden features.
E-mail
Print
Favorite
Share »
Digg this
Add to del.icio.us
Add to Reddit
Add to Facebook
Slashdot It!
Stumble It!
Add to Newsvine
Add to Connotea
Add to CiteUlike
Add to Furl
Googlize this
Add to Rojo
Add to MyWeb
Download
Massachusetts Institute of Technology
Comments