InfoWorld Home / Adventures in IT / The Gripe Line / Spyware bill cloaks a mini-UCITA

June 16, 2008

Spyware bill cloaks a mini-UCITA

The holy grail for the software industry's political muscle has long been what in UCITA was called "electronic self help" - the right of software publishers to remotely disable their software on the mere suspicion that it hasn't been paid for. UCITA was ultimately stopped, but last Wednesday the Senate Commerce Committee
By Ed Foster

| Print | Add a comment|

11 Recommendations

The holy grail for the software industry's political muscle has long been what in UCITA was called "electronic self help" - the right of software publishers to remotely disable their software on the mere suspicion that it hasn't been paid for. UCITA was ultimately stopped, but last Wednesday the Senate Commerce Committee held a hearing on a bill that nominally is supposed to fight spyware but seems intended to make remote disabling legal.

As I suggested last week, S. 1625 -- the Counter Spy Act -- takes an anti-spyware approach that's very similar to the way the failed Can-Spam Act of 2003 attacked spam. Its list of prohibited behaviors - like taking over computers with zombies and collecting information for identity theft -- are all already clearly illegal under existing laws. Its various loopholes would allow some bad actors to claim they're actually following the law. And actual victims would have virtually no recourse but to beg the FTC to take action.

But one aspect of the Counter Spy Act is far more troubling than anything that was in Can-Spam. It's the "Limits on Liability" provision, more specifically Section 6(a). That says the whole laundry list of prohibited acts in the bill:

"do not apply to any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services or interactive computer service..."

These institutions have immunity under the Counter Spy Act when what they're doing is done for purposes network security, diagnostics, technical support and other mostly innocuous-sounding activities. In fact, with the first nine of these liability exemptions it seems rather odd that they would need to be mentioned at all in the context of the clearly nefarious behaviors prohibited by the bill. But the tenth and final exemption is granted for when the otherwise prohibited acts are done for:

"(10) detection or prevention of the unauthorized use of software fraudulent or other illegal activities."

next ›
12 3 4

Related Content...

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs | White paper

IDC White Paper: CCM for IT Compliance and Risk Management | White paper

Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection | White paper

Survey: IT pros are optimistic about bigger budgets next year | Article

How to maintain security without increasing the operational load on IT staff | Article

Some Oracle users irked about support site switch | Article

Netscape Founder Seeks to Fund Next Gates, Jobs | Article

Sign In or Register to comment

List of all recent posts

The Business Case for Server Virtualization

See all White Papers / Webcasts

Sign up to receive Business Resource Alerts

VISIT CDW.com TODAY FOR ALL YOUR TECHNOLOGY NEEDS. Try the best rules engine free! Decisions.FICO.com Reduce costs and add Unix/Linux functionality to Windows A day of IT innovations from Cisco and InfoWorld

64-page prescriptive guide to security, compliance, and IT operations.See the power of the new Quad-Core AMD Opteron™ processor. Cloud Computing Report: Receive the latest cloud computing news Five minute business analytics assessment. Immediate results.

©1994-2009 Infoworld, Inc.