I Spy With My Little Eye -Taking a Closer Look... Spyware Journal of Information, Law and Technology

advertisement
Journal of Information, Law and Technology
I Spy With My Little Eye -Taking a Closer Look at
Spyware
Kylie Howard
Solicitor
and
Yee Fen Lim
Associate Professor, Department of Law, Macquarie University
Yee.Fen.Lim@law.mq.edu.au
This is a refereed article published on: 30 January 2006.
Citation: Howard and Lim, ' I Spy With My Little Eye -Taking a Closer Look at
Spyware’, 2005 (2) The Journal of Information, Law and Technology (JILT).
< http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2005_2/howard-lim/>
Abstract
Spyware is a practical problem that can affect interne users everywhere. This article
explains the problem of spyware, how it can affect users of PCs and the Internet and
examines the legislative approach to spyware in both Australia and the US. Although
spyware has recently received judicial and academic attention in many jurisdictions
around the world, the actual effects of spyware are largely unknown by the everyday
user of the Internet. And unfortunately, until there is a wide understanding of the
nature and scope of spyware, it is unlikely that practical legal solutions will ever
evolve. More importantly, if one does not know or understand a serious issue that
could be impeaching upon their rights, one will never exercise the legal protections
that exist (to the extent that they do exist). This article therefore, provides a detailed
explanation of spyware, and how it can affect a user of the Internet. The article then
focuses on two examples of how different jurisdictions have handled spyware Australia and the US.
Keywords: Spyware, privacy, data, Department of Communications, Information
Technology and the Arts (DCITA), California Act, Utah Act.
1. Introduction - What is Spyware?
“You are being watched. Monitored. Every move you make is being
recorded, logged. Your personal tastes and desires, your friends, travel plans,
favourite TV shows, and newspapers. Perhaps more disturbing, this
information is stored into databases, sold and shared with nameless and
countless others. And you have no idea….”1
The very problem with spyware is that it could never be the subject of an I spy game it is invisible to the every day user of the Internet. Spyware is any form of technology
that aids in gathering information about a person or an organisation without their
knowledge or informed consent.2 It is commonly referred to as “snoopware” or
“trespassware” because the program snoops or trespasses into the private life of the
user, sometimes to the extent of full identity theft.3 A user of the Internet can
sometimes play a part in downloading spyware, often without knowledge and by
accident through downloading a spy-carrying email attachment, downloading “free”
software4. More often however, just simply using the Internet can result in spyware
being placed on a user’s computer as the spyware exploits vulnerabilities in the
operating system of the user. Some examples of free software that have been known
to be accompanied by spyware include browser toolbars and modifications, file
transfer protocol, UnZip, PC clocks, personal organisers and Kazaa.5 A user may or
may not have consented to a “monitoring” software as part of an end user licence
agreement. Most would not be aware that the “I agree” consented to involve having
masses of personal information being collected (and even sold to third parties!).
Problematically, firewalls or virus protecting software do not always prevent spyware
downloads and often spyware is deliberately designed to be difficult or impossible to
uninstall.
There are some very convincing reasons why Spyware should not be tolerated. The
main arguments being security issues and the right to privacy. Regarding privacy, in
the real world, would you agree to someone following you into shops, recording the
purchases you make, looking at the types of books you read and then selling this
information to a third party for marketing purposes? Probably not. In the virtual
world, however, this is constantly happening to internet users everyday all over the
world - and not just to home users, but to companies as well. Some marketing
companies are making millions of dollars selling personal information to third
parties.6 It is not the intention of this article to explore all the data privacy issues that
spyware present. It is acknowledged that spyware would infringe many of the
protections enshrined in the EU Data Protection Directive however, the aim here is to
focus on the security and fraudulent practices that spyware represent.
Specific concerns about spyware range from slowing down PCs to extreme theft of
confidential information such as bank account details and passwords which can lead
to identity theft and other forms of criminal activities. At its most innocuous level, the
disruptive advertising pop-ups can consume significant resources on a PC.7
Companies have reported that they are losing millions of dollars in down time and lost
productivity and expect the issue to get worse.8 Evidence of the worsening problem
can be seen in a recent US survey (April, 2004) - over three months, some 30 million
spyware programs had been installed on approximately one million computers. The
number of spyware programs installed on a similar number of computers is now at an
alarming 85 million.9
The US seems to have given the issue of spyware considerable academic and judicial
attention - as to whether the regime works in a practical sense is another question. As
outlined in more detail below, there have been a number of cases brought under
various legislative and common law regimes. The legislative approach in US,
however, has proven to be problematic and unable to mould to the problem of
spyware. Some states in the US have recognised this, and have moved toward
introducing legislation to specifically deal with spyware. In Australia, although case
law on this topic is scarce, we seem to be on track in terms of focussed attention on
the issue. The Department of Communications, Information Technology and the Arts
(DCITA) issued a discussion paper on the topic, with the purpose of seeking
information and feedback from the Australian public to assist in developing a
practical response that targets spyware that is not legitimately used. Responses from
the public have now been received, and various strategies have been implemented to
address the issue. The Australian Democrats have also shown interest in the issue and
proposed a bill - the Spyware Bill 2005. However, as spyware is already present on
millions of computers even if the bill is passed (which seems unlikely at this stage), it
will be important to remember that some more general solutions will also be required
before we can begin to confidently say that the issue is under control.
2. Legislative Review in Australia
It has been recognised that the availability of legal recourse against online offences
increases the confidence of the public in using the Internet. In response to this, in
2004 the Minister for Communications, Information Technology and the Arts
announced a review of the coverage of existing Australian laws in respect to the
malicious use of spyware. DCITA began working with the Attorney-General’s
Department and law enforcement agencies to determine the adequacy of existing laws
in combating spyware. DCITA found that existing legislation, such as the Criminal
Code Act 1995 (Cth), the Privacy Act 1988 (Cth), Telecommunications Act 1997
(Cth) and the Trade Practices Act 1974 (Cth), covered many of the malicious
behaviours associated with spyware10 (this is explained in more detail below). The
review covered behaviours such as deceptive conduct, unauthorised access, cyberstalking, computer hijacking, theft of computer software, resources and bandwidth,
denial of service attacks, damage to computer settings, identity theft, content
modification, anti-competitive conduct and privacy impeachments.
For the purposes of the legislative review, spyware was defined as:
“any software application that is generally installed without the knowledge or
consent of the user, to obtain, use or interfere with personal information or
resources, content or settings for malicious or undesirable purposes”.11
The table below outlines potential criminal offences that can be brought under
existing legislation:
Legislation
Criminal Code Act 1995 (Cth)
Potential offence
Attempting to commit a serious offence (such as fraud) using a
telecommunications network;
Unauthorised access, modification or impairment of data,
information or programs with intent to commit a serious
offence;
Causing unauthorised modification of data, information or
programs to cause impairment - including the reliability,
security or operation of data, information or programs;
Unauthorised impairment of electronic communication;
Unauthorised access to or modification of restricted data - data
held on computer and to which access is restricted by an access
control system (such as passwords etc) associated with the
function of the computer;
Possession or control of information with the intention to
commit or facilitate a computer offence;
Producing, supplying or obtaining data with intention
committing or facilitating a computer offence;
Dishonestly obtaining, possessing, supplying, using or dealing
in personal financial information without consent; and
Intentionally using a carriage service to menace, harass or
cause offence.
Trade Practices Act 1974 (Cth)
Australian Securities and
Investments Commission Act 2001
(Cth) and Corporations Act 2001
(Cth)
Anti-competitive behaviour
Misleading and deceptive conduct
Misleading and deceptive conduct
Privacy Act 1988 (Cth)
Criminal Law Consolidation Act
1935 (SA)
Telecommunications Act 1997 (Cth)
Telecommunications (Interception)
Act 1979 (Cth)
Invasion of privacy
Harvesting and collecting personal information
Identity theft
Applies to some use of personal information
Collection of data and other information
As indicated above, the Australian Democrats are of a different view to DCITA - their
view is that separate legislation is required to specifically deal with spyware and
therefore introduced the Spyware Bill 2005 - a proposed Act to regulate the
unauthorised installation of computer software and require the clear disclosure to
computer users of certain computer software features that may pose a threat to user
privacy.
The objects of the proposed Act are to regulate the unauthorised or surreptitious
installation of computer software and to require clear disclosure to computer users of
certain computer software features that may pose a threat to a user’s privacy or the
speed or operation of their computer. The proposed Act aims to give computer users
the right and capacity to know that software is being installed on their computer,
refuse to have it installed and be able to uninstall any software.12 Consent by a user to
install the software was cleverly designed as a two-step process with the requirement
of an “affirmative consent” which is consent that is expressed through the action of a
computer user and independent from any other consent solicited from the user during
the installation process (for example, consent cannot be a broader consent for the
installation of a separate software to which spyware is attached).13 The first step of
consent is to the general installation of the software.14 Secondly, consent has to be
obtained as to each individual information collection feature (and other features such
as advertising, distributed computing feature and modification features) of the
software. For example, if the spyware software once downloaded causes advertising
pop-ups, collection of personal information and modifications to settings of the user’s
computer, the computer user must consent to each of these features before the
software can be lawfully installed. This type of consent ensures that users are fully
informed as to exactly how the software may affect them and their computer.
Penalties under the proposed act are directed to the actual software developers rather
than passive parties such as the host of a website through which software was made
available.15
On 1 September 2005, the Minister for Communications, Information Technology and
the Arts, Senator The Hon Helen Coonon, released a media statement indicating that
malicious uses of spyware are already covered by existing laws with an emphasis on
the need for the public to be aware of the threat of spyware.16 To complement the
need for public awareness, DCITA developed and released Taking Care of Spyware17,
a brochure designed to provide the public with information about spyware, how to
remove it and how to prevent it. The brochure is supported by the Internet Industry
Association’s (IIA) national anti-spyware campaign18 where the public can find more
detailed information and sample the anti-spyware software that is available to use for
a free trial period. Given this media release, it is unlikely that the Spyware Bill 2005
will receive sufficient support for it to be passed - perhaps this is the right approach as
it is questionable, as suggested below, whether specific legislation is the solution to
the growing spyware problem.
3. The Data Explosion - Can Legislation Fully Cope With It?
As to whether legislation is an adequate mechanism to tackle spyware is a topic that is
not just relevant to the jurisdictions that are considered in this article. All
jurisdictions that are attempting to form a regime to limit certain uses of spyware need
to carefully consider whether the legislative path is an effective or practical solution
before utilising time and resource into developing such a regime.
Specific spyware legislation may not be the answer to the spyware problem:
(a)
the very nature of spyware can make enforcement difficult because the
presence of spyware can remain unknown.. In other words, if a person
does not know that they are being affected by spyware, legislation that
prevents or limits such software is unlikely to be utilised. To
summarise this point, legislation is not useful where it protects rights
that people do not know are being put at risk and therefore shows that
it is hardly adequate from a prevention point of view and education or
public awareness is a more practical solution;
(b)
evidence gathering is difficult for law enforcement agencies and may
result in privacy implications - for example, a full copy of a person’s
hard disk may be needed to carry out a formal investigation. This may
deter people from bring a complaint forward especially if there is antispyware software that is readily available - a non intrusive way to deal
with spyware.
And some may argue that existing legislation is sufficient to deal with spyware. For
instance, it is widely acknowledged that most jurisdictions in the developed world
have extensive data protection and privacy legislation (and rights) to protect the
privacy of individuals. However, even though privacy is one of the concerns of
spyware, the privacy rights that already exist will not be utilised unless people know
about the issue and know that it is effecting them in certain ways.
Many people would suggest that the solution of the knowledge issue is to obtain
consent through contractual means. For instance, why can’t it be included as part of
an end user licence agreement? The answer is simply that if the spyware is disclosed
to the user, it is unlikely that the average user would consent. It is our view that
because of the extensive effects of spyware and its ability to gather substantial
amounts of personal information without knowledge as to which person information
is being gathered, consent through an end user licence agreement is inappropriate.
More generally, legislation has a limited geographical field of application, with
physical frontiers. It should be kept in mind that most spyware does not originate in
Australia - what happens for example, if a company in a jurisdiction other than
Australia causes spyware to be installed without the relevant notices and consents that
Australian law requires? It will all depend on whether Australia asserts jurisdiction
over that company, and if it does, whether a judgment can be enforced in Australia.
This very issue goes back to the widely debated topic of jurisdiction and the Internet.
Existing legal regimes struggle to fit into the realm of the new Internet medium, and
there is really not much Australia can do except hope that other jurisdictions have
legislative regimes (that are effective) to cope with the issue. Better still, we can hope
that an international regime will come into play that brings consistency across the
virtual world. Until then, understanding the existing legislative regimes is a useful
start to combating the spyware phenomena.
4. The Current Situation in the US
Spyware has received more judicial attention in the US than in Australia, but still the
number of spyware cases is low compared with the number of people potentially
affected by spyware. One reason for this is because plaintiffs in the majority of cases,
are forced to bring actions under existing legal regimes that are not entirely
appropriate when applied to spyware actions. Three examples are the Consumer
Fraud and Abuse Act, the Federal Trade Commission Act and the tort of trespass to
chattels. Hopefully this trend will not extend to Australia given that the view in
Australia is that existing legal regimes are sufficient to deal with malicious use of
spyware.
The Consumer Fraud and Abuse Act and the Federal Trade Commission Act have
been recognised as two federal statutes that can be used to bring an action against
spyware. The Consumer Fraud and Abuse Act (“CFAA”)19 provides for a right to
bring an action where there is damage caused to a computer system used by or for a
government entity for administration of justice, national defence or national
security.20 It is recognised that the CFAA has potential (in limited situations) for
those wishing to pursue an action against a spyware claim because it can be proven
that spyware can cause quite a substantial amount of damage to a computer system. 21
The CFAA fails to combat the spyware issue in three main ways:



it does not proscribe specific notice standards or require specific forms
of consent before spyware is downloaded;
it is limited in its application because it requires damage to be suffered
to the computer system. This means that where spyware has only
caused a massive impingement upon privacy, an action will not be
successful; and
it only applies where damage is caused to a government entity for
administration of justice, national defence or national security.
The Federal Trade Commission Act (“FTCA”)22 has the power to prohibit “unfair or
deceptive” practices.23 Section 13(b) of the statute grants the Federal Trade
Commission (“FTC”) the power to bring an action to obtain relief for false or
deceptive advertising. Recently, the FTC has been using the power to prevent
companies from deceptively collecting information from individuals - exactly one of
the issues with spyware. For example, the FTC brought a successful action against
Seismic Entertainment Productions Inc., who gained access to consumers’ computers
to advertise, by installing a software code without the consumers’ knowledge or
consent.24 Although the FTCA has been used for spyware cases, like the CFAA, it
has various limitations. The criticism is that there must be an element of
deceptiveness before the FTC will bring a civil action and this may be difficult to
prove. For example, companies could circumvent the FTC where they show that a
consumer has consented to the download of “other software” as part of the end user
licence agreement. Most consumers would fail to realise that “other software” could
include spyware yet this could be enough to fail the “deceptiveness” test. Therefore
because the FTCA does not have particular notice requirements, consumers are not
given the proper opportunity to provide informed consent.
The common law tort of trespass to chattels may also be relied on for spyware claims.
Trespass to chattels includes the use of or the intentional bringing about of physical
contact with a chattel owned by another person.25 It has successfully been used for
torts committed in cyberspace.26 Courts have also started to award punitive damages
for cyberspace cases where there has been wilful and wanton disregard for the
property rights of others27 - in some cases therefore, a plaintiff will not have to prove
that it has suffered actual loss which may be difficult in spyware cases, where the loss
that is suffered is not a calculated loss, but rather an extreme invasion of privacy.
Where a court is unwilling to impose punitive damages however, many plaintiffs may
be at odds in trying to show actual damage.
Although it is positive that existing legal regimes are attempting to accommodate the
current issues of the virtual world, it is clear that there are various limitations with the
existing regimes. The very issue is that until there are rigorous laws in place to
combat the spyware phenomena, millions and millions of people will be at risk of the
growing threat of spyware.
The only answer seems to be legislation that deals specifically with the spyware issue.
Positively, some states in the USA have recently passed such legislation. Utah for
example was the first state to formally recognise the issue by enacting the Spyware
Control Act (“Utah Act”)28 which makes installing spyware or causing spyware to be
installed on another person’s computer illegal. California followed Utah by recently
enacting the Consumer Protection Against Computer Spyware Act (“California Act”)
which became effective on 1 January 2005. The California Act makes it illegal to
knowingly or wilfully cause the installation of software on a computer, where the
software is used for "wrongful" purposes.29 There are a number of limitations to the
California Act which may in reality result in little reduction of the widespread
problem of spyware. These include30:


the software that falls within the scope of the legislation must have a
“wrongful effect” (as defined by the legislation). This means that
certain spyware may fall outside the provisions of the legislation;
to be caught by the legislation it must be proven that there has been
wilful or intentional deceptive actions.
The Utah Act approach goes well beyond the Australian Democrat’s Spyware Bill
2005 which does not go as far as banning spyware or other unauthorised installations
of software. Instead, the Australian Democrat’s approach is more in line with the
California Act requiring that the owner of a computer consent to the download of
software before that download actually occurs.
The blanket approach of Utah’s Spyware Control Act has met obstacles and in June
2004, a federal district court in Utah granted a preliminary injunction ceasing
enforcement of the statute on constitutional grounds.31 The only way to truly combat
the issue is the introduce federal legislation - an attempt to do this occurred after the
leading case In re Pharmatrack Inc Privacy Litigation.32 In that case, the defendant
had employed a company named Pharmatrack to monitor their corporate web sties
and provide them with a monthly analysis of web site traffic. Pharmatrack used
“NETcompare” a product designed to monitor clients’ web pages and
“DRUGcompare” a product designed to monitor activity across disease categories and
drug product pages. Using these products, Pharmatrack had collected names,
addresses, telephone numbers, dates of birth, sex, insurance status, medical
conditions, education levels and occupation. This resulted in detailed profiles of
hundreds of individuals being collated without consent, authorisation or knowledge.
Summary judgment was granted and upheld by the Third Circuit. Shortly after, the
Spyware Control and Spyware Protection Bill 2001 was introduced in the 107th
Congress. The stated purpose of the Bill was the requirement to disclose any
surveillance capabilities contained within software, the nature of the information
being collected and to whom the information would later be disclosed to. The bill
never became law -perhaps this proves that historically many people were not
particularly worried about spyware and as a result33 Naturally, as the general
population becomes more aware of spyware and its effects, many are pressuring the
federal government to implement a hasty solution. And perhaps the federal
government is finally listening.
5. A Way Forward in the US?
Recently, two promising US bills were introduced into Senate, both criminalising the
illicit indirect use of protected computers. First, the Enhanced Consumer Protection
Against Spyware Act 2005 (s.1004) aims to provide the FTC with the resources
necessary to protect users of the Internet from the unfair and deceptive acts of
spyware. It has now been read twice and referred to the Committee on Commerce,
Science and Transportation.34 The summary statement of the bill has two clear
messages35:


Spyware should be a matter of high priority for FTC action; and
The resources and tools available to the FTC should be enhanced to
increase the vigour of the FTC’s enforcement efforts.
The bill gives authority to the FTC to seek an increased civil penalty (as determined
by the FTC), of up to $3,000,000 where software is installed through deceptive acts or
practices on protected computers.36 The bill also gives the ability to the FTC to treble
damages where there is pattern or practice of violation, and to disgorge any profits
made.37
Secondly, the Software Principles Yielding Levels of Consumer Knowledge Act (or
Spyblock Act) (s.687) was introduced into Senate on 20 March 2005. It has also been
read twice and also referred to the Committee on Commerce, Science, and
Transportation. The bill attempts to regulate the unauthorised installation of computer
software, to require clear disclosure to computer users of certain computer software
features that may pose a threat to user privacy. It aims to prohibit installing software
on a computer without notice and consent and requires reasonable uninstall
procedures for all downloadable software. It also authorises the FTC to issue rules as
necessary to implement or clarify the provisions of the Act.
6. Conclusion
The unauthorised installation of spyware is rife, dangerously impinging on the privacy
rights of Australians and all other users of the Internet throughout the world. The US
has struggled to grapple with spyware by using the existing legal regimes. Does this
show the importance and the real need to introduce legislation that specifically covers
spyware? Possibly not, given the extensive review of Australian law recently
undertaken by DCITA. We are yet to find out. Recently, two bills have been
introduced into the US Senate which may be a move in the right direction – as to
whether these are passed is another question. There has also been a bill that has been
introduced in Australia by the Australian Democrats and a proactive move toward
educating the public about the issues associated with spyware. It should be noted that
even if none of these bills are passed, a jurisdictional issue will always exist - laws of
a jurisdiction will generally only be enforced against those that send spyware within
that jurisdiction. A final point of note needs to be made about the effectiveness of
legislative regimes – although clarifying that legislation is adequate to cope with
malicious use of spyware, the real burden of stopping the spread of spyware cannot
rest entirely on the shoulders of legislation. The threats will only ever disappear with
a widespread effort to educate and implement procedures to combat the ever-growing
issue - this is only just starting to happen in Australia. As this article demonstrates,
spyware is a global problem and will be difficult to completely eliminate. In practical
terms therefore, we need to think about having broader approaches and procedures to
handling the issue. Any rights given to computer users under legislation are only
beneficial to the extent that the user knows that rights exist. Although spyware has
been largely talked about by academics and those in the IT field, a recent National
Cyber Security Alliance survey showed that even though more than 80% of
computers are infected with spyware, only 10% of users actually knew what spyware
was.38 This is where awareness raising comes into play - and Australia is being
proactive in this sense. Furthermore, before we can even begin to think that the
spyware issue is under control there needs to be a set of procedures in place including
an international complaints handling regime, a uniform approach to unauthorised
installation of software and a guaranteed enforcement of penalties across the board. It
is doubtful that all this can be achieved in the short term (or perhaps even the long
term).
Notes and References
Michael L Baroni, “Spyware Beware” 47-APR Orange County Law 36
See http://searchsmb.techtarget.com/ accessed 29 May 2005
3
Commonwealth of Australia, Parliamentary Debates Hansard 2nd Reading Speech, 12 May 2005
4
For example, the Kaaza file transfer program that was used by millons of people around the world to
swap data also included another spyware software.
5
Hon. Jefferson Lankford, “Big Brother is Watching You” (2004) 40-AUG Ariz. Att’y 8
6
Commonwealth of Australia, Parliamentary Debates Hansard 2nd Reading Speech, 12 May 2005.
“Companies such as Doubleclick make millions of dollars each year from the sale of data and the
targeting of ads, yet their name is not often seen, other than in civil liberties courts.”
7
See http://www.adwarereport.com accessed 29 May 2005
8
IDC, a company in the IT industry reported that $12 million was spent in 2003 on anti-spyware
solutions. See http://searchsmb.techtarget.com/ accessed 29 May 2005
1
2
9
Commonwealth of Australia, Senate Parliamentary Debates Hansard 2nd Reading Speech, 12 May
2005
10
See http://www.choice.com.au/viewArticle.aspx?id=104706&catId=100245&tid=100008&p=1
accessed 5 June 2005
11
http://www.dcita.gov.au/__data/assets/pdf_file/24939/Outcome_of_Review.pdf accessed 28
September 2005
12
Clause 3, Spyware Bill 2005
13
Clause 4 Spyware Bill 2005
14
Clause 8(2)(a), Spyware Bill 2005
15
See Clause 16, Spyware Bill 2005
16
http://www.minister.dcita.gov.au/media/media_releases/taking_care_of_spyware__protecting_consumers_on_the_net accessed 28 September 2005
17
http://www.dcita.gov.au/__data/assets/pdf_file/30866/05020018_Spyware.pdf accessed 28
September 2005
18
19
www.nospyware.net.au accessed 28 September 2005
18 U.S.C §1030 (2004)
18 U.S.C. §1030 (2004) (g)
21
See Michael D Lane, “Spies Among Us: Can New Legislation Stop Spyware From Bugging Your
Computer?” (2005) 17 Loy. Consumer L. Rev 283 at 293
22
15 U.S.C. § § 41-58 (2004)
23
15 U.S.C. § 45
24
Federal Trade Commission v Seismic Entertainment Productions Inc. No. Civ. 04-377-JD, 2004 WL
2403124
25
Restatement (Second) of Torts §217 cmt.e (West 2005)
26
For example, CompuServe Incorporated v Cyber Promotions Inc., 962 F.Supp.1015, 1015 (S.D.
Ohio 1997); eBay, Inc. v Bidder’s Edge, Inc.100 F.Supp.dd 1058 (N.D. Cal. 2000)
27
See American Online Inc. v National Healthcare Discount Inc. 174 F. Supp. 2d 890, 902 (M.D. Iowa.
2001); Tyco International (US) Inc., v John Does, 1-3, No. 01 Civ. 3856, 2003 WL 21638205
(S.D.N.Y. 2003)
28
Spyware Control Act, Utah Code Ann. 2004
29
"Wrongful" includes where the software damages a computer system; causes
unauthorised financial charges to be made; opens multiple "pop-up" ads that the user
cannot close out of without closing out of their Internet browser or shutting down the
computer altogether; modifies settings through intentionally deceptive means, or
modifies security settings in any regard; collects personal information through
"intentionally deceptive" means (account balances, social security numbers, etc.);
prevents the "intentionally deceptive" installation or proper operation of anti-Spyware
programs; or uses "intentionally deceptive" means to induce an end-user into
installing harmful programs, or deleting protective ones:
30
See Michael Baroni, “Spyware Beware” (2005) 47-APR Orange County Law. 36
31
WhenU.com v Utah No. 040907578 (D. Utah June 22 2004)
32
329 F.3d 9 (1st Cir. 5 September 2003)
33
See Mike Tonsing, “The Battle Against Spyware is Just Beginning” (2004) 51-JUN Fed. Law 16
34
Enhanced Consumer Protection Against Spyware Act 2005 (Introduced in Senate)
35
http://www.geocities.com/edwardtjbrown/20052006.html accessed 22 July 2005
36
Section 5, Enhanced Consumer Protection Against Spyware Act of 2005 (Introduced in Senate)
37
Section 5(c), Enhanced Consumer Protection Against Spyware Act of 2005 (Introduced in Senate)
38
Byron Acohido & Jon Swartz, Market to Protect Consumer PCs Seems Poised for
Takeoff; As Spyware, Viruses Spread, Threat to E-commerce Grows, USA Today, Dec.
27, 2004, at B1
20
Download