Security

Tech Tip: Will the FTC's spyware study create new problems?

Find out if the FTC's spyware study will create new problems.

By Jonathan Yarden

Getting more than you ask for is a popular advertising and marketing technique to attract customers. However, getting more than you ask for with software doesn't typically offer the same benefits.

More than a few popular Windows-based products install software, services, or links to services without user consent during installation, which many consider a questionable practice. Frankly, I'm adamant about not using services from any company that tries to force itself onto my Windows desktop.

What software one installs on a computer really should be the user's choice—not the choice of software companies. However, spyware often comes bundled and installed with other software, particularly because few users will willingly consent to someone monitoring their online activities.

Definitions vary, but I define spyware as software or any use of software that monitors, tracks, or reports any activities on a computer to an outside source without the user's consent. While this broad statement includes browser cookies, you can control cookies on a per-domain basis using either Netscape or Internet Explorer.

But with spyware programs installed with other software, launched when you start Windows, or included with Internet Explorer extensions, you don't have a choice. Spyware is growing more prevalent, and the lack of user consent is an issue. In fact, the Federal Trade Commission (FTC) explored the effects of, and possible responses to, spyware during a one-day public conference in April.

Users often unwittingly accept spyware when installing other software that includes programs or features designed specifically to track online activity. The majority of spyware victims are people who click Accept for a software license agreement without reading the fine print.

This acceptance is a lousy defense of the use of spyware by companies, but it's nonetheless a defense. Click-through licensing agreements notwithstanding, I think spyware is a horrible business practice.

It doesn't surprise me that the FTC may need to enact legislation to deal with the problem of spyware. But what concerns me is the idea that we're approaching a time when Internet access itself will become a government-regulated entity in the United States.

It's a sad fact that spyware—and other methods used to track and monitor online behavior—are an unfortunate side effect of the unregulated Internet. The paradox is that the unregulated nature of the Internet is precisely its greatest strength.

Any government regulation of the Internet, however beneficial to consumers, concerns me—perhaps more so than the issue of spyware itself. In my opinion, keeping the Internet free from government control and imposing regulations on its use should be mutually exclusive.

Of course, I would never defend the practices of companies that bundle spyware or engage in unauthorized monitoring practices on the Internet. Spyware is a problem—there's no doubt about it. It's an invasion of privacy, and it poses security risks.

I hope that companies engaged in the dubious practice of spyware realize the danger they face should the FTC pass a moratorium on this type of activity. It would be one more step toward a government-regulated Internet, which in the long run will benefit no one and will accomplish little to stem the tide of existing Internet security problems.

Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.

Editor's Picks

Free Newsletters, In your Inbox