Spy vs Spy [originally published Feb 19]

Congress is ready to pass a bill banning spyware, phishing and other unwelcome malware, by requiring these programs to display a screen which asks for you consent.before collecting information. There are several problems with the text of this proposed law. The first question is will the law make a difference? I am going to simplify the issue by dividing spyware into 2 categories 1) crap people download voluntarily 2) crap that just shows up on your computer. I would say Kazaa and other p2p programs belong to category 1. People already know that these programs collect information about you but has that stopped millions of people from using them.

The law would make phishing and keystroke-logging malware illegal, but the threat of legal prosecution clearly hasn't stopped spammers and other cyber-pirates. So it makes me wonder if this law will change anything in reality. My second problem is with the clear exception for anti-piracy spyware. Software companies are allowed to discreetly collect information from your computer if it is solely with the intent of fighting piracy. If the purpose of the law is to let users know how companies are collecting information about them, why can't anti-piracy initiatives properly inform the user before doing so? For those who think this lack of discretion would undermine the fight against piracy, I would like to point out most programs today don't have any snooping-based schemes built-in; therefore, we should be carefull before we authorize software companies taking a leap in that direction.

There is a dicussion of the proposed law at TechReview and the full text of the law can be found here.