The FTC's Spyware Workshop
Last Updated: Apr. 27 '05 by Eric L. Howes

On April 19, 2004 the Federal Trade Commission (FTC) hosted a workshop to address the problems of "spyware." You can read about that one day workshop and download related documents on the following pages:

Monitoring Software on Your PC: Spyware, Adware, and Other Software

FTC To Host Spyware Workshop

FTC Spyware Workshop - Agenda

Public Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software

A complete transcript of the workshop is available here:

Transcript (no bookmarks)

Transcript (w/ bookmarks)

This page contains links to a number of other documents and resources related to the FTC's Spyware Workshop, including my own comments to FTC and my several long online musings about the recent efforts against "spyware."

Other Important Spyware Information

Several other folks have made significant contributions to the recent efforts against the scourge of "spyware." In particluar see Ben Edelman's web page, which contains his eye-opening research about WhenU and Gator. PC Pitstop also has several important studies about WhenU and Gator users. Bill Pytlovany kept a blog from the FTC's Spyware Workshop, with both comments and photos. Mike Healan of SpywareInfo has posted his own extensive comments on the Spyware Workshop. Simson Garfinkel has also offered some potentially useful suggestions for bringing the "spyware" problem under control. For still more links to important research and statements about "spyware," see the Anti-Spyware Advocacy & Research section below.

The FTC Spyware Workshop: One Year Later

It's now been one year since the FTC hosted its Spyware Workshop. Ben Edelman and I were talking recently about this, and reflecting on what's changed in the year since that event. What follows is a list of significant developments in the one year since the workshop.

The FTC Spyware Workshop: One Year Later

Reports on the Workshop

On March 7, 2005 -- almost one year after the worksop was held -- the FTC finally released its staff report on the workshop. This report provides a summary of some of the major points of discussion during the workshop, however, it is woefully short in providing real insight into the problems with spyware and adware because the FTC report finds a way to neatly straddle the fence on almost every significant issue. The staff report is available in PDF format:

FTC Spyware Workshop: Staff Report (March 2005)

The FTC's staff report isn't the only report available on the workshop, however. In the month or so after the workshop I produced mini-reports of my own with extensive comments on each of the six panels at the FTC's Spyware Workshop. This series of mini-reports appeared as several long posts in THIS thread at the DSLR/BBR Security forum: 

Followup Workshops

A number of other workshops and conferences have been held to address the problem of spyware and adware in the wake of the FTC's own Spyware Workshop:

It's worth pointing out that the UC Berkeley and NAI agendas are dominated by speakers and organizations with little apparent direct knowledge of spyware and adware, much less an established track record of working on the problem. These people and organizations were simply Missing In Action while this problem developed over the past five years, and they've taken an interest in the problem only now that the threat of regulation and widespread deployment of anti-spyware software has emerged. When the problem involved only web users getting taken to the cleaners by unsavory elements of the adware advertising industry, the problem wasn't worthy of their attention. 

While I'm certainly encouraged that the spyware and adware problem is getting wider attention, I remain skeptical of whether these new players bring anything of substance to the table, as they look to me to be far too concerned with protecting established industry interests and not concerned enough with helping the victims of spyware and adware.

Submitted Comments to the FTC  [return to top]

The FTC accepted comments from the public on the topic of "spyware" through May 21. You can view the comments that were submitted here:

Submitted Comments

For brief summaries and critiques of the more noteworthy and important comments submitted to the FTC, see this thread at the DSLR/BBR Security forum:

A Guide to Spyware Comments Filed w/ the FTC,9864340~mode=flat

To view the comments that I submitted to the FTC, see below.

Advice & Comments About the Workshop  [return to top]

I have posted several times at the DSLR/BBR Security forum about the FTC's Spyware Workshop. In the earlier posts before the workshop was conducted, I addressed the announced topics of discussion for the workshop, what could be expected from it, and what anti-spyware activists could hope to accomplish. In a related thread I have also offered some tips for constructing a set of comments to submit to the FTC that would be useful, persuasive, and credible. Since comments from the public began rolling in, I have been briefly summarizing and evaluating the more important and noteworthy submissions to the FTC. In a later thread, I review and critique each of the six panels at the FTC's Spyware Workshop, which I attended. (Note: I'm known as "eburger68" at DSLR/BBR.) 

Tired of being hijacked? TELL the FTC! (Feb. 21, 2004),9458905~mode=flat

In this first thread at DSLR/BBR I review the announced topics of discussion for the Spyware Workshop and raise several concerns about the apparent direction of the FTC's agenda.

Telling the FTC About Spyware: A Few Tips... (Mar. 5, 2004),9587358~mode=flat

As it is imperative that the FTC hear from the public about the issue of "spyware," I offer a few tips for crafting effective, credible, compelling comments to submit to the FTC. Goes to the FTC (Mar. 22, 2004),9745185~mode=flat

C2 Media's Jason Lucas submitted a set of comments to the FTC. In this thread I critique some of the more eyebrow-raising claims that the company behind makes.

What I Told the FTC about Spyware... (Mar. 29, 2004),9818820~mode=flat

On March 29 I finally submitted comments of my own to the FTC. This thread contains links to all of my comments (also found on this page below) as well as a few thoughts about them.

The Coming Spyware Storm: Polticos wake-up, take sides (Mar. 29, 2004)

An extension of my "comments" thread just above, this news discussion thread at DSLR/BBR contains DSLR/BBR readers reaction to my announcement that I had submitted comments.

A Guide to Spyware Comments Filed w/ the FTC (Apr. 3 - 26, 2004),9864340~mode=flat

As comments from the public are posted at the FTC's site, I have updated this thread, calling attention to the more interesting and notewrothy submissions and briefly evaluating their content.

What's the *motivation* for hijack-ware? (Apr. 7, 2004),9898401~mode=flat

Many folks wonder why anyone would have anything to do with "spyware" vendors, given how universally reviled they are. In this thread I briefly explain why "spyware" or advertising software companies are becoming a growing threat because of the business and investments they are receiving from mainstream investors and advertisers.


FTC Spyware Workshop Panelists - Worries... (Apr. 16, 2004),9986136~mode=flat

The FTC posted its agenda shortly before the workshop. That agenda contained a breakdown of the panels and panelists selected for the workshop. In this thread I raise several concerns with the makeup of those panels and exolain why consumers might not be adequately represented in several of the key discussions at the workshop.

FTC Spyware Workshop: 1st Impressions (Apr. 19 - May 1, 2004),10018653~mode=flat

On Monday April 19 I attended the FTC's Spyware Workshop in Washington D.C. This thread contains my initial impressions of the workshop (written while I was still in D.C.). Later posts in the thread offer pointed summaries and commentary on each of the six panels at the workshop. Note: be sure to check out the later pages in this thread, as most of my commentary on specific workshop panels appears on pages 2 and 3. Here's short index of my comments in this thread: 

FTC Won't Act on Spyware (Apr. 20, 2004)

In this "news" thread done in response to my "1st Impressions" thread just above, readers at DSLR/BBR react to my report from the FTC's Spyware Workshop.

FTC Goes to Bat for Spyware Industry (Apr. 29, 2004),10106664~mode=flat

The FTC has rejected calls for strong regulations or legislation to protect consumers from unscrupulous "spyware" vendors, recommending instead "industry self-regulation." In this thread I call attention to the FTC's comments on April 29 before a House subcommittee considering the issue of "spyware" -- a forum in which the FTC's representatives got a frosty reception from committee members.

Yahoo Gives Adware a Pass (Jun. 2, 2004),10399574~mode=flat

On May 26 Yahoo announced that it would be incorporating anti-spyware scanning into the new version of its Yahoo Toolbar, still in beta. On June 1, however, it became known that Yahoo had configured the toolbar by default not to scan for "adware," a category which includes among others Claria's Gator/GAIN software. It turns out that Yahoo supplies almost one-third of Claria's revenue, making it apparent that Yahoo was protecting its commercial interests rather than the privacy and security of Yahoo Toolbar users. This thread discusses that unfortunate decision by Yahoo and the dangers of relying on commercial entities more generally for spyware protection when they have a vested interest in putting advertising before internet users.


My Comments to the FTC  [return to top]

On March 29 I finally submitted my own comments to the FTC on the problem of spyware. You can download these comments in PDF format as a single document. That PDF document contains three texts: my comments themselves as well as two supporting documents:

Document PDF Format HTML Format
Comments to the FTC (w/ supporting documents) PDF (1863 kb) -----

Since one of those texts is rather large, I've split them up for those who might want to view them one-by-one. They are available in either PDF format or HTML format (web pages):

Document PDF Format HTML Format
Comments to the FTC PDF (53 kb) HTML (51 kb)
Junkware: A New Name for Spyware PDF (29 kb) HTML (21 kb)
The Anatomy of a Drive-by-Download PDF (1782 kb) HTML (952 kb)

On May 21 I submitted some "followup" comments:

Document PDF Format HTML Format
Followup Comments to the FTC PDF (19 kb) HTML (12 kb)

Note: to view the PDF versions of these documents, you'll need a PDF viewer like the free Adobe Acrobat Reader.

Recent News & Research About Spyware  [return to top]

The FTC's Spyware Workshop comes at a time of heightened scrutiny from state and federal legislators, who are hearing ever louder complaints from their constituents about the problems of "spyware." What follows is a short compendium of web pages, recent reports, news articles, and opinion pieces concerning the efforts of state and federal legislators to address the issue of "spyware" through regulation and oversight:

Anti-Spyware Advocacy & Research  [return to top]

Benjamin Edelman

Benjamin Edelman: Methods & Effects of Spyware

Benjamin Edelman: Advertisers Using WhenU

Benjamin Edelman: Dell's Spyware Puzzle

Benjamin Edelman: DirectRevenue Deletes Competitors from Users' Disks

Benjamin Edelman: Gator's EULA Gone Bad

Benjamin Edelman: Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It

Benjamin Edelman: The Effect of 180solutions on Affiliate Commissions & Merchants

Benjamin Edelman: WhenU Copies 26+ Articles from 20+ News Sites

Benjamin Edelman: WhenU Spams Google, Breaks Google "No Cloaking" Rules

Benjamin Edelman: WhenU Security Hole Allows Execution of Arbitrary Software

Benjamin Edelman: WhenU Violates Own Privacy Policy

Benjamin Edelman: WhenU vs. Utah

Benjamin Edelman: Who Profits from Security Holes?

The Center for Democracy & Technology (CDT): Campaign Against Spyware

The Center for Democracy & Technology (CDT): Spyware Page

The Center for Democracy & Technology (CDT): Deceptive Spyware Practices

The Center for Democracy & Technology (CDT): "Ghosts in Our Machines" (report)

CDT Testifies on "Spyware" Threat and Potential Solutions (3/23/04)

CDT Testifies on Approaches to "Spyware" Threat (4/29/04)

CDT Urges Utah Governor to Veto Weak Spyware Bill (3/12/04)

Think Tank Wants Public's Help in 'Spyware' Fight

CDT Files Complaint with FTC in "Browser Hijacking" Case

Dr. John Levine: Spyware Comments

EarthLink keeps tabs on spyware

Earthlink SpyAudit

Earthlink and Webroot Track the Growth of Spyware

Spyware Runs Rampant, Earthlink Study Says,aid,115700,00.asp

Measurement and Analysis of Spyware in a University Environment Spyware Comments

Google: A proposal to help fight deceptive Internet software

Google defines good manners for adware

Hertz Corporation & L.L. Bean: Gator Pop-up Ad Liklihood of Confusion/Consent Survey (note: 19 mb PDF doc)

McAfee: Growth of Non-Viral Threats

Microsoft: What you should know about spyware

Microsoft Presents Antispyware Strategy

PC Pitstop: Gator Information Center

PC Pitstop: Spyware Information Center

PC Pitstop: Survey Says: Gator Users Didn't Know (FTC comments)

PC Pitstop: WhenU Survey (FTC comments)

PC Pitstop: Response to WhenU & Gator

Pest Patrol: Spyware Comments

Ray Everett-Church: Spyware Comments

Simson Garfinkel: The Pure Software Act of 2006 (FTC comments)

SpywareInfo: Mike Goes to Washington

SpywareInfo: Thoughts on Recent Anti-spyware Legislation

Spyware-killers get going online

WebSense: Businesses Afflicted with Spyware

Weatherbug: Bill of Rights

WeatherBug Creates Desktop Software User's 'Bill of Rights'

WhenU/Aluria Deal Sparks Debate,1759,1706659,00.asp

WhenU/Aluria Deal: Mike Healan's Comments

WhenU Enters the Anti-Spyware Market,11723816~mode=flat

WhenU/Aluria Spyware killer displays its own ads

WinPatrol (BillP Studios): FTC Spyware Workshop Blog

WinPatrol (BillP Studios): Mysteryware

WinPatrol (BillP Studios): Spyware Comments

Yahoo Toolbar Beta

Yahoo! Introduces Free Anti-Spyware Solution

Yahoo embraces antispyware

Yahoo Toolbar Combats Spyware,1759,1602373,00.asp

Yahoo Gives Adware a Second Chance,1759,1605586,00.asp

Yahoo Anti-Spy Favors Yahoo's Adware Partners?

Yahoo! playing both sides of the spyware issue

Give Yahoo a Break on This Adware Controversy,1759,1606431,00.asp

More Information & Tools on This Site  [return to top]

This web site contains other information and tools related to spyware:



Background & Bio  [return to top]

I am currently Director of Malware Research at Sunbelt Software. Prior to joining Sunbelt I was a graduate student in the Graduate School of Library and Information Science (GSLIS) at the University of Illinois at Urbana-Champaign. For twelve years I taught business and technical writing at the University of Illinois. During 2004-2005 I taught a course in GSLIS titled "Literacy in the Information Age." For three years I also taught composition courses at Parkland Community College in Champaign. 

Over the past five years I have maintained a personal web site -- first at at the University of Illinois; now at Spyware -- to supply internet users with resources to protect their privacy and security on the internet. Among those resources are several utilities and "block lists" that allow users of Microsoft's Internet Explorer web browser to protect themselves against the flood of unwanted software and content pushed on them by aggressive advertising and marketing entities.

In June 2004 I began collaborating with Suzi of to create and maintain a number of pages with information on anti-spyware applications, including the "Rogue/Suspect Anti-Spyware List." I attended the FTC's Spyware Workshop (April 2004) and was a panelist at the CNET AntiSpyware Workshop (May 2005) as well as the AntiSpyware Coalition Workshop (Feb. 2006).

In recognition of my work to help internet users protect their privacy and security, Microsoft awarded me its MVP (Most Valued Professional) Award (

Questions & Contact  [return to top]

If you have questions or comments about any of the information presented above, please don't hesitate to ask.

Best regards,

Eric L. Howes

Last Updated: Apr. 27 '05

Home [frames]          Home [no frames]

2000-2005 Eric L. Howes