It’s the latest computer security problem to attract the attention of Congress: spyware, or software designed to collect computer users’ personal data without their knowledge. Little known a few years ago, spyware is now so common that many educators and other internet users consider it the biggest problem since spam–and now Congress also is investigating.
Secretly piggybacking on downloaded internet software, spyware transmits information about computer usage and generates pop-up advertisements and other annoyances. It often is difficult to uninstall.
Software giant Microsoft Corp. estimates that spyware is responsible for half of all PC crashes and warns that it has become a multimillion-dollar support issue for computer makers, internet service providers, and technicians.
In some cases, it makes a computer unusable.
A research lab in Washington state found one of its computers “hijacked” by pop-up ads, to the point where “we couldn’t do anything,” said Patrick Clapshaw, the lab’s director.
After a week of frustration and several visits by technicians, the problem was eventually solved, but not before causing at least $500 worth of lost data and downtime.
Clapshaw, of Kirkland, Wash., calls spyware worse than spam.
“To me, this is an aggressive computer takeover,” he said. “It’s the difference between someone dropping fliers on your front porch, or walking around your house following you and annoying you.”
Educators, too, report that spyware is a growing problem in their schools. Though commercial software is available that can find and destroy spyware at the desktop level, school leaders contacted by eSchool News say the solutions they’ve tried so far are inadequate.
“Spyware is probably the biggest problem we face today in our desktop computing environment,” said Bob Moore, executive director of IT services for the Blue Valley Unified School District in Overland Park, Kan. “We can deal with viruses, peer-to-peer file swapping software, and other security threats, but we have been unable to find good enterprise spyware solutions.”
Ray Yeagley, superintendent of schools in Rochester, N.H., agreed. “Effective filters and anti-spyware applications on our district’s computers have helped to reduce the spyware problem, but have not eliminated it,” he said. “In addition to being extremely annoying, the popups waste time, which translates into taxpayer dollars.”
Members of Congress are taking the threat seriously. At least three bills have been introduced to address the problem, with more likely to follow.
“There is no more pernicious, intrusive activity going on in the internet today” than spyware, said Rep. Joe Barton, R-Texas, chairman of the House Energy and Commerce Committee.
At a hearing April 29 before the panel’s subcommittee on commerce, trade, and consumer protection, computer makers and user groups urged Congress to address deceptive behavior, rather than ban categories of software. Citing a new Utah law, the groups said broad legislation could end up prohibiting legitimate practices and stifle innovation.
Members of the Federal Trade Commission (FTC) also urged caution as officials learn more about the problem and the best way to combat it.
“I do not believe legislation is the answer at this time,” said commission member Mozelle Thompson. “Instead, we should give industry the time to respond. Self-regulation combined with enforcement of existing laws might be the best way to go.”
The go-slow approach infuriated Barton, who said he intends to push a spyware bill through his committee–and the full House–this year.
“You like this stuff? You’re the only person in this country that wants spyware on their computer,” he told Howard Beales, the FTC’s consumer protection chief.
Barton urged FTC officials to work with the committee to draft a new law “instead of trying to defend something that’s indefensible.”
Beales said the FTC considers spyware a problem, but wants to make sure that legislation targets deceptive behavior while allowing legitimate uses. Some proposed solutions, such as requiring permission every time a user downloads a new program, “would make the process of installing new software extremely tedious,” Beales said.
Rep. Jay Inslee, D-Wash., called it “absolutely astounding” that the FTC does not see a need for a new law “when we have hundreds of thousands of violations every day.” Inslee introduced a bill April 29 that would outlaw spyware programs designed to record web browsing habits and collect personal data without notice and consent of the user.
Rep. Mary Bono, R-Calif., has introduced a similar bill requiring that consumers receive a clear and conspicuous notice before downloading software. The bill would require that third parties disclose their identity to the consumer, along with a valid eMail address.
Sens. Conrad Burns, R-Mont., Ron Wyden, D-Ore., and Barbara Boxer, D-Calif., have introduced a bill prohibiting installation of software on someone else’s computer without notice and consent. The bill also would require reasonable “uninstall” procedures for new software.
Educators polled by eSchool News were divided over whether such legislation would solve the problem.
Marc Liebman, superintendent of the Marysville Joint Unified School District in California, agreed that Congress should pass some kind of legislation regulating spyware.
“While I am not sure that it will be effective, it gives people another legal tool if the problem can be traced and the culprits identified,” Liebman said. “I think that this type of legislation will go through Congress quickly, because it is different than spam … Spyware invades personal privacy, and that will be an easy sell.”
But Blue Valley’s Moore questioned whether new laws would do any good.
“Spyware is insidious, but I am not sure that another federal law that cannot be enforced is the answer,” he said. “The real question is, what’s next? Even if we get a good anti-spyware solution in place, what is the next internet threat to our enterprise computing environment? It is a very frustrating and costly issue.”
See these related links:
House Energy and Commerce Committee
Federal Trade Commission