|The FTC's Spyware Workshop|
|Last Updated: Apr.
||by Eric L. Howes
On April 19, 2004 the Federal Trade Commission (FTC) hosted a workshop to address the problems of "spyware." You can read about that one day workshop and download related documents on the following pages:
Monitoring Software on Your PC: Spyware, Adware, and Other Software
FTC To Host Spyware Workshop
FTC Spyware Workshop - Agenda
Public Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software
A complete transcript of the workshop is available here:
Transcript (no bookmarks)
Transcript (w/ bookmarks)
This page contains links to a number of other documents and resources related to the FTC's Spyware Workshop, including my own comments to FTC and my several long online musings about the recent efforts against "spyware."
Other Important Spyware Information
Several other folks have made significant contributions to the recent efforts against the scourge of "spyware." In particluar see
Ben Edelman's web page, which contains his eye-opening research about
Gator. PC Pitstop also has several important studies about WhenU and Gator users. Bill Pytlovany kept a blog from the FTC's Spyware Workshop, with both comments and photos. Mike Healan of SpywareInfo has posted his own extensive comments on the Spyware Workshop. Simson Garfinkel has also offered some potentially useful suggestions for bringing the "spyware" problem under control. For still more links to important research and statements about "spyware," see the Anti-Spyware Advocacy & Research section below.
The FTC Spyware Workshop: One
It's now been one year since the FTC hosted its Spyware Workshop. Ben Edelman and I were talking
recently about this, and reflecting on what's changed in the year since that event. What follows is a list of significant developments in the one year since the workshop.
The FTC Spyware Workshop: One Year Later
Reports on the Workshop
On March 7, 2005 -- almost one year after the worksop was held -- the FTC
finally released its staff report on the workshop. This report provides a
summary of some of the major points of discussion during the workshop, however,
it is woefully short in providing real insight into the problems with spyware
and adware because the FTC report finds a way to neatly straddle the fence on
almost every significant issue. The staff report is available in PDF format:
Spyware Workshop: Staff Report (March 2005)
The FTC's staff report isn't the only report available on the workshop,
however. In the month or so after the workshop I produced mini-reports of my own
with extensive comments on each of the six panels at the FTC's Spyware
Workshop. This series of mini-reports appeared as several long posts in THIS thread at the DSLR/BBR Security
A number of other workshops and conferences have been held to address the
problem of spyware and adware in the wake of the FTC's own Spyware Workshop:
It's worth pointing out that the UC Berkeley and NAI agendas are dominated by
speakers and organizations with little apparent direct knowledge of spyware and
adware, much less an established track record of working on the problem. These
people and organizations were simply Missing In Action while this problem
developed over the past five years, and they've taken an interest in the problem
only now that the threat of regulation and widespread deployment of anti-spyware
software has emerged. When the problem involved only web users getting taken to
the cleaners by unsavory elements of the adware advertising industry, the
problem wasn't worthy of their attention.
While I'm certainly encouraged that the spyware and adware problem is getting
wider attention, I remain skeptical of whether these new players bring anything
of substance to the table, as they look to me to be far too concerned with
protecting established industry interests and not concerned enough with helping
the victims of spyware and adware.
Submitted Comments to the
FTC [return to top]
The FTC accepted comments from the public on the topic of "spyware" through May 21.
You can view the comments that were submitted here:
For brief summaries and critiques of the more noteworthy and important
comments submitted to the FTC, see this thread at the DSLR/BBR Security forum:
A Guide to Spyware Comments Filed w/ the FTC
To view the comments that I submitted to the FTC, see below.
Advice & Comments About the Workshop
[return to top]
I have posted several times at the DSLR/BBR Security forum about the FTC's Spyware Workshop. In the earlier posts before the workshop was conducted, I addressed the announced topics of discussion for the workshop, what could be expected from it, and what anti-spyware activists could hope to accomplish. In a related thread I have also offered some tips for constructing a set of comments to submit to the FTC that would be useful, persuasive, and credible. Since comments from the public began rolling in, I have been briefly summarizing and evaluating the more important and noteworthy submissions to the FTC. In a later thread, I review and critique each of the six panels at the FTC's Spyware Workshop, which I attended. (Note: I'm known as "eburger68" at DSLR/BBR.)
|Tired of being hijacked? TELL the FTC!
(Feb. 21, 2004)
In this first thread at DSLR/BBR I review the announced
topics of discussion for the Spyware Workshop and raise several concerns
about the apparent direction of the FTC's agenda.
|Telling the FTC About Spyware: A Few
Tips... (Mar. 5, 2004)
As it is imperative that the FTC hear from the public
about the issue of "spyware," I offer a few tips for crafting
effective, credible, compelling comments to submit to the FTC.
|Lop.com Goes to the FTC (Mar. 22, 2004)
C2 Media's Jason Lucas submitted a set of comments to
the FTC. In this thread I critique some of the more eyebrow-raising
claims that the company behind Lop.com makes.
|What I Told the FTC about Spyware...
(Mar. 29, 2004)
On March 29 I finally submitted comments of my own to
the FTC. This thread contains links to all of my comments (also found on
this page below) as well as a
few thoughts about them.
|The Coming Spyware Storm: Polticos
wake-up, take sides (Mar. 29, 2004)
An extension of my "comments" thread just
above, this news discussion thread at DSLR/BBR contains DSLR/BBR readers
reaction to my announcement that I had submitted comments.
|A Guide to Spyware Comments Filed w/ the
FTC (Apr. 3 - 26, 2004)
As comments from the public are posted at the
FTC's site, I have updated this thread, calling attention to the more
interesting and notewrothy submissions and briefly evaluating their
|What's the *motivation* for hijack-ware?
(Apr. 7, 2004)
Many folks wonder why anyone would have anything to do
with "spyware" vendors, given how universally reviled they
are. In this thread I briefly explain why "spyware" or
advertising software companies are becoming a growing threat because of
the business and investments they are receiving from mainstream
investors and advertisers.
FTC Spyware Workshop Panelists - Worries... (Apr. 16, 2004)
The FTC posted its agenda shortly before the workshop.
That agenda contained a breakdown of the panels and panelists selected
for the workshop. In this thread I raise several concerns with the
makeup of those panels and exolain why consumers might not be adequately
represented in several of the key discussions at the workshop.
|FTC Spyware Workshop: 1st Impressions
(Apr. 19 - May 1, 2004)
On Monday April 19 I attended the FTC's Spyware
Workshop in Washington D.C. This thread contains my initial
impressions of the workshop (written while I was still in D.C.). Later
posts in the thread offer pointed summaries and commentary on each of
the six panels at the workshop. Note: be sure to check out the
later pages in this thread, as most of my commentary on specific
workshop panels appears on pages 2
Here's short index of my comments in this thread:
|FTC Won't Act on Spyware (Apr. 20, 2004)
In this "news" thread done in response to my
"1st Impressions" thread just above, readers at DSLR/BBR react
to my report from the FTC's Spyware Workshop.
|FTC Goes to Bat for Spyware Industry
(Apr. 29, 2004)
The FTC has rejected calls for strong regulations or
legislation to protect consumers from unscrupulous "spyware"
vendors, recommending instead "industry self-regulation." In
this thread I call attention to the FTC's comments on April 29 before a
House subcommittee considering the issue of "spyware" -- a
forum in which the FTC's representatives got a frosty reception from
|Yahoo Gives Adware a Pass
(Jun. 2, 2004)
On May 26 Yahoo announced that it would be
incorporating anti-spyware scanning into the new version of its Yahoo
Toolbar, still in beta. On June 1, however, it became known that Yahoo
had configured the toolbar by default not to scan for
"adware," a category which includes among others Claria's
Gator/GAIN software. It turns out that Yahoo supplies almost one-third
of Claria's revenue, making it apparent that Yahoo was protecting its
commercial interests rather than the privacy and security of Yahoo
Toolbar users. This thread discusses that unfortunate decision by Yahoo
and the dangers of relying on commercial entities more generally for
spyware protection when they have a vested interest in putting
advertising before internet users.
My Comments to the FTC [return to top]
On March 29 I finally submitted my own comments to the FTC on the problem of spyware. You can download these comments in PDF format as a single document. That PDF document contains three texts: my comments themselves as well as two supporting documents:
|Comments to the FTC (w/ supporting documents)
Since one of those texts is rather large, I've split them up for those who might want to view them one-by-one. They are available in either PDF format or HTML format (web pages):
|Comments to the FTC
Junkware: A New Name for Spyware
The Anatomy of a Drive-by-Download
On May 21 I submitted some "followup" comments:
|Followup Comments to the FTC
Note: to view the PDF versions of these documents, you'll need a PDF viewer like the free Adobe Acrobat Reader.
Recent News & Research About Spyware
[return to top]
The FTC's Spyware Workshop comes at a time of heightened scrutiny from state and federal legislators, who are hearing ever louder complaints from their constituents about the problems of "spyware." What follows is a short compendium of web pages, recent reports, news articles, and opinion pieces concerning the efforts of state and federal legislators to address the issue of "spyware" through regulation and oversight:
Anti-Spyware Advocacy & Research [return to top]
Benjamin Edelman: Methods & Effects of Spyware
Benjamin Edelman: Advertisers Using WhenU
Benjamin Edelman: Dell's Spyware Puzzle
Benjamin Edelman: DirectRevenue Deletes Competitors from Users' Disks
Benjamin Edelman: Gator's EULA Gone Bad
Benjamin Edelman: Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It
Benjamin Edelman: The Effect of 180solutions on Affiliate Commissions & Merchants
Benjamin Edelman: WhenU Copies 26+ Articles from 20+ News Sites
Benjamin Edelman: WhenU Spams Google, Breaks Google "No Cloaking" Rules
Benjamin Edelman: WhenU Security Hole Allows Execution of Arbitrary Software
Benjamin Edelman: WhenU vs. Utah
Benjamin Edelman: Who Profits from Security Holes?
The Center for Democracy & Technology (CDT): Campaign Against Spyware
The Center for Democracy & Technology (CDT): Spyware Page
The Center for Democracy & Technology (CDT): Deceptive Spyware Practices
The Center for Democracy & Technology (CDT): "Ghosts in Our Machines" (report)
CDT Testifies on "Spyware" Threat and Potential Solutions (3/23/04)
CDT Testifies on Approaches to "Spyware" Threat (4/29/04)
CDT Urges Utah Governor to Veto Weak Spyware Bill (3/12/04)
Think Tank Wants Public's Help in 'Spyware' Fight
CDT Files Complaint with FTC in "Browser Hijacking" Case
Dr. John Levine: Spyware Comments
EarthLink keeps tabs on spyware
Earthlink and Webroot Track the Growth of Spyware
Spyware Runs Rampant, Earthlink Study Says
Measurement and Analysis of Spyware in a University Environment
EPIC.org: Spyware Comments
Google: A proposal to help fight deceptive Internet software
Google defines good manners for adware
Hertz Corporation & L.L. Bean: Gator Pop-up Ad Liklihood of Confusion/Consent Survey
http://www.ftc.gov/os/comments/spyware/040323hertzllbeanwithpopupsurvey.pdf (note: 19 mb PDF doc)
McAfee: Growth of Non-Viral Threats
Microsoft: What you should know about spyware
Microsoft Presents Antispyware Strategy
PC Pitstop: Gator Information Center
PC Pitstop: Spyware Information Center
PC Pitstop: Survey Says: Gator Users Didn't Know
http://www.ftc.gov/os/comments/spyware/040315pcpitstop.pdf (FTC comments)
PC Pitstop: WhenU Survey
http://www.ftc.gov/os/comments/spyware/040413pcpitstop.pdf (FTC comments)
PC Pitstop: Response to WhenU & Gator
Pest Patrol: Spyware Comments
Ray Everett-Church: Spyware Comments
Simson Garfinkel: The Pure Software Act of 2006
http://www.ftc.gov/os/comments/spyware/040407garfinkel.pdf (FTC comments)
SpywareInfo: Mike Goes to Washington
SpywareInfo: Thoughts on Recent Anti-spyware Legislation
Spyware-killers get going online
WebSense: Businesses Afflicted with Spyware
Weatherbug: Bill of Rights
WeatherBug Creates Desktop Software User's 'Bill of Rights'
WhenU/Aluria Deal Sparks Debate
WhenU/Aluria Deal: Mike Healan's Comments
WhenU Enters the Anti-Spyware Market
WhenU/Aluria Spyware killer displays its own ads
WinPatrol (BillP Studios): FTC Spyware Workshop Blog
WinPatrol (BillP Studios): Mysteryware
WinPatrol (BillP Studios): Spyware Comments
Yahoo Toolbar Beta
Yahoo! Introduces Free Anti-Spyware Solution
Yahoo embraces antispyware
Yahoo Toolbar Combats Spyware
Yahoo Gives Adware a Second Chance
Yahoo Anti-Spy Favors Yahoo's Adware Partners?
Yahoo! playing both sides of the spyware issue
Give Yahoo a Break on This Adware Controversy
More Information & Tools on This Site
[return to top]
This web site contains other information and tools related to spyware:
Background & Bio [return to top]
I am currently Director of Malware Research at Sunbelt Software.
Prior to joining Sunbelt I was a graduate student in the Graduate School of Library and Information Science (GSLIS) at the University of Illinois at Urbana-Champaign. For twelve years I taught business and technical writing at the University of Illinois. During 2004-2005 I taught a course in GSLIS
in the Information Age." For three years I also taught composition courses at Parkland Community College in Champaign.
Over the past five years I have maintained a personal web site -- first at at the University of Illinois; now at Spyware Warrior.com -- to supply internet users with resources to protect their privacy and security on the internet. Among those resources are several utilities and "block lists" that allow users of Microsoft's Internet Explorer web browser to protect themselves against the flood of unwanted software and content pushed on them by aggressive advertising and marketing entities.
In June 2004 I began collaborating with Suzi of
SpywareWarrior.com to create and
maintain a number of pages with information on anti-spyware applications,
including the "Rogue/Suspect
Anti-Spyware List." I attended the FTC's Spyware Workshop
(April 2004) and was a panelist at the CNET AntiSpyware Workshop (May 2005) as well as the AntiSpyware Coalition Workshop (Feb. 2006).
In recognition of my work to help internet users protect their privacy and security, Microsoft awarded me its MVP (Most Valued Professional) Award (http://mvp.support.microsoft.com/).
Questions & Contact [return
If you have questions or comments about any of the information presented above, please don't hesitate to ask.
Eric L. Howes
Last Updated: Apr. 27 '05