In other words, it's perfectly OK for basically any vendor you do business with, or maybe thinks you do business with them for that matter, to use any of the deceptive practices the bill prohibits to load spyware on your computer. The company doesn't have to give you notice and it can collect whatever information it thinks necessary to make sure there's no funny business going on. And by the way, another exception provision specifically protects computer manufacturers from any liability for spyware they load on your computer before they send it to you. Of course, the exception for software companies checking to make sure you're an authorized user is the strongest evidence of what this bill is all about. After all, in terms of function, there's not much difference between spyware and DRM. Too bad for Sony this bill wasn't already the law when its rootkit-infected CDs came to light.
Another disturbing aspect of the bill is its enforcement provisions. The bill very specifically pre-empts all state laws that regulate "unfair or deceptive conduct" similar to that covered by the Spy Act. Now, the state spyware laws are pretty useless anyway, so that may not seem like a big problem. But the bill vests all enforcement power in the FTC and says that "no person other than the Attorney General of a State may bring a civil action" under the law. Private rights of action under state consumer protection laws are eliminated. So if you're victimized by a spyware-like deception and want to sue the perpetrator, you've got to talk the FTC or your state attorney general into taking up your case.
Let's sum up. If the Spy Act become law, hardware, software, and network vendors will be granted carte blanche to use spyware themselves to police their customers' use of their products and services. Incredibly broad exceptions will probably allow even the worst of the adware outfits to operate with legal cover. State attempts to deal with the spyware problem will be pre-empted and enforcement left up almost entirely to the FTC. Gee, what's not to like in that deal?
If Congress' approach on this sounds vaguely familiar, it should. It's basically the same formula Congress adopted four years to deal with spam. As we know, the dreadful Can Spam Act of 2003 proved to be the "Yes, You Can Spam Act." If wiser heads in Congress don't prevail - and who knows if there are any - I fear the Spy Act of 2007 will just prove to be the "Vendors Can Spy Act."
Read and post comments about this story here.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Business Resource Alerts
Recommend This
