Some months have passed since my last work on spyware — Documentation of Gator Advertisements and Targeting (spring 2003) and my expert testimony in the matter of Quicken Loans and Wells Fargo v. WhenU (not available on the web) (summer 2003).
This week I’ve been working on a new subsection of this web site, “Spyware”: Research, Testing, Legislation, and Suits, for which two new entries are now available:
A Close Reading of the Spyware Control Act takes a careful look at the spyware legislation recently passed in Utah and now awaiting the governor’s signature. This legislation requires software that transmits users’ usage data (web sites visited, etc.) to provide appropriate disclosures in a license agreement (in plain language, actually presented to users, etc.), and to provide an uninstall routine. Seems pretty uncontroversial? That’s what I thought, but in fact the bill has raised some opposition from big .COM companies that seem to think the legislation is actually a bad idea — even as they are among the sites most intensively targeted by spyware pop-up ads. Have these companies missed the boat? Or have I? Check out the article — including their letter (PDF) and my paragraph-by-paragraph response — and decide for yourself.
Methods and Effects of Spyware (PDF) is my written response to the FTC‘s call for comments (PDF), leading up to their April 19 workshop on spyware. In this document, I explain how spyware works, including presenting specific personal information transmitted by both Gator and WhenU. (The WhenU transmissions are particularly notable because these transmissions seem to violate WhenU’s own privacy policy.) Other sections of the document discuss installation methods of spyware (with special consideration of the technical methods used in drive-by downloads), frequency of advertisement display, and performance and security effects of spyware.
I hope to attend the FTC’s April workshop, and I would be particularly pleased to hear from others who will be there or who have comments on this issue.