The FTC's Spyware Workshop
 
Last Updated: Apr. 27 '05 by Eric L. Howes
 

On April 19, 2004 the Federal Trade Commission (FTC) hosted a workshop to address the problems of "spyware." You can read about that one day workshop and download related documents on the following pages:

Monitoring Software on Your PC: Spyware, Adware, and Other Software
http://www.ftc.gov/bcp/workshops/spyware/index.htm

FTC To Host Spyware Workshop
http://www.ftc.gov/opa/2004/02/spyware.htm

FTC Spyware Workshop - Agenda
http://www.ftc.gov/bcp/workshops/spyware/agenda.pdf

Public Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software
http://www.ftc.gov/os/2004/02/040217spywareworkshopfrn.pdf

A complete transcript of the workshop is available here:

Transcript (no bookmarks)
http://www.ftc.gov/bcp/workshops/spyware/transcript.pdf

Transcript (w/ bookmarks)
http://www.spywarewarrior.com/uiuc/transcript-idx.pdf

This page contains links to a number of other documents and resources related to the FTC's Spyware Workshop, including my own comments to FTC and my several long online musings about the recent efforts against "spyware."

Other Important Spyware Information

Several other folks have made significant contributions to the recent efforts against the scourge of "spyware." In particluar see Ben Edelman's web page, which contains his eye-opening research about WhenU and Gator. PC Pitstop also has several important studies about WhenU and Gator users. Bill Pytlovany kept a blog from the FTC's Spyware Workshop, with both comments and photos. Mike Healan of SpywareInfo has posted his own extensive comments on the Spyware Workshop. Simson Garfinkel has also offered some potentially useful suggestions for bringing the "spyware" problem under control. For still more links to important research and statements about "spyware," see the Anti-Spyware Advocacy & Research section below.

The FTC Spyware Workshop: One Year Later

It's now been one year since the FTC hosted its Spyware Workshop. Ben Edelman and I were talking recently about this, and reflecting on what's changed in the year since that event. What follows is a list of significant developments in the one year since the workshop.

The FTC Spyware Workshop: One Year Later

Reports on the Workshop

On March 7, 2005 -- almost one year after the worksop was held -- the FTC finally released its staff report on the workshop. This report provides a summary of some of the major points of discussion during the workshop, however, it is woefully short in providing real insight into the problems with spyware and adware because the FTC report finds a way to neatly straddle the fence on almost every significant issue. The staff report is available in PDF format:

FTC Spyware Workshop: Staff Report (March 2005)

The FTC's staff report isn't the only report available on the workshop, however. In the month or so after the workshop I produced mini-reports of my own with extensive comments on each of the six panels at the FTC's Spyware Workshop. This series of mini-reports appeared as several long posts in THIS thread at the DSLR/BBR Security forum: 

Followup Workshops

A number of other workshops and conferences have been held to address the problem of spyware and adware in the wake of the FTC's own Spyware Workshop:

It's worth pointing out that the UC Berkeley and NAI agendas are dominated by speakers and organizations with little apparent direct knowledge of spyware and adware, much less an established track record of working on the problem. These people and organizations were simply Missing In Action while this problem developed over the past five years, and they've taken an interest in the problem only now that the threat of regulation and widespread deployment of anti-spyware software has emerged. When the problem involved only web users getting taken to the cleaners by unsavory elements of the adware advertising industry, the problem wasn't worthy of their attention. 

While I'm certainly encouraged that the spyware and adware problem is getting wider attention, I remain skeptical of whether these new players bring anything of substance to the table, as they look to me to be far too concerned with protecting established industry interests and not concerned enough with helping the victims of spyware and adware.

Submitted Comments to the FTC  [return to top]

The FTC accepted comments from the public on the topic of "spyware" through May 21. You can view the comments that were submitted here:

Submitted Comments
http://www.ftc.gov/os/comments/spyware/index.html

For brief summaries and critiques of the more noteworthy and important comments submitted to the FTC, see this thread at the DSLR/BBR Security forum:

A Guide to Spyware Comments Filed w/ the FTC
http://www.dslreports.com/forum/remark,9864340~mode=flat

To view the comments that I submitted to the FTC, see below.

Advice & Comments About the Workshop  [return to top]

I have posted several times at the DSLR/BBR Security forum about the FTC's Spyware Workshop. In the earlier posts before the workshop was conducted, I addressed the announced topics of discussion for the workshop, what could be expected from it, and what anti-spyware activists could hope to accomplish. In a related thread I have also offered some tips for constructing a set of comments to submit to the FTC that would be useful, persuasive, and credible. Since comments from the public began rolling in, I have been briefly summarizing and evaluating the more important and noteworthy submissions to the FTC. In a later thread, I review and critique each of the six panels at the FTC's Spyware Workshop, which I attended. (Note: I'm known as "eburger68" at DSLR/BBR.) 

Tired of being hijacked? TELL the FTC! (Feb. 21, 2004)
http://www.dslreports.com/forum/remark,9458905~mode=flat

In this first thread at DSLR/BBR I review the announced topics of discussion for the Spyware Workshop and raise several concerns about the apparent direction of the FTC's agenda.

 
Telling the FTC About Spyware: A Few Tips... (Mar. 5, 2004)
http://www.dslreports.com/forum/remark,9587358~mode=flat

As it is imperative that the FTC hear from the public about the issue of "spyware," I offer a few tips for crafting effective, credible, compelling comments to submit to the FTC.

 
Lop.com Goes to the FTC (Mar. 22, 2004)
http://www.dslreports.com/forum/remark,9745185~mode=flat

C2 Media's Jason Lucas submitted a set of comments to the FTC. In this thread I critique some of the more eyebrow-raising claims that the company behind Lop.com makes.

 
What I Told the FTC about Spyware... (Mar. 29, 2004)
http://www.dslreports.com/forum/remark,9818820~mode=flat

On March 29 I finally submitted comments of my own to the FTC. This thread contains links to all of my comments (also found on this page below) as well as a few thoughts about them.

 
The Coming Spyware Storm: Polticos wake-up, take sides (Mar. 29, 2004)
http://www.dslreports.com/shownews/41552

An extension of my "comments" thread just above, this news discussion thread at DSLR/BBR contains DSLR/BBR readers reaction to my announcement that I had submitted comments.

 
A Guide to Spyware Comments Filed w/ the FTC (Apr. 3 - 26, 2004)
http://www.dslreports.com/forum/remark,9864340~mode=flat

As comments from the public are posted at the FTC's site, I have updated this thread, calling attention to the more interesting and notewrothy submissions and briefly evaluating their content.

 
What's the *motivation* for hijack-ware? (Apr. 7, 2004)
http://www.dslreports.com/forum/remark,9898401~mode=flat

Many folks wonder why anyone would have anything to do with "spyware" vendors, given how universally reviled they are. In this thread I briefly explain why "spyware" or advertising software companies are becoming a growing threat because of the business and investments they are receiving from mainstream investors and advertisers.

 

FTC Spyware Workshop Panelists - Worries... (Apr. 16, 2004)
http://www.dslreports.com/forum/remark,9986136~mode=flat

The FTC posted its agenda shortly before the workshop. That agenda contained a breakdown of the panels and panelists selected for the workshop. In this thread I raise several concerns with the makeup of those panels and exolain why consumers might not be adequately represented in several of the key discussions at the workshop.

 
FTC Spyware Workshop: 1st Impressions (Apr. 19 - May 1, 2004)
http://www.dslreports.com/forum/remark,10018653~mode=flat

On Monday April 19 I attended the FTC's Spyware Workshop in Washington D.C. This thread contains my initial impressions of the workshop (written while I was still in D.C.). Later posts in the thread offer pointed summaries and commentary on each of the six panels at the workshop. Note: be sure to check out the later pages in this thread, as most of my commentary on specific workshop panels appears on pages 2 and 3. Here's short index of my comments in this thread: 

 
FTC Won't Act on Spyware (Apr. 20, 2004)
http://www.dslreports.com/shownews/42568

In this "news" thread done in response to my "1st Impressions" thread just above, readers at DSLR/BBR react to my report from the FTC's Spyware Workshop.

 
FTC Goes to Bat for Spyware Industry (Apr. 29, 2004)
http://www.dslreports.com/forum/remark,10106664~mode=flat

The FTC has rejected calls for strong regulations or legislation to protect consumers from unscrupulous "spyware" vendors, recommending instead "industry self-regulation." In this thread I call attention to the FTC's comments on April 29 before a House subcommittee considering the issue of "spyware" -- a forum in which the FTC's representatives got a frosty reception from committee members.

 
Yahoo Gives Adware a Pass (Jun. 2, 2004)
http://www.dslreports.com/forum/remark,10399574~mode=flat

On May 26 Yahoo announced that it would be incorporating anti-spyware scanning into the new version of its Yahoo Toolbar, still in beta. On June 1, however, it became known that Yahoo had configured the toolbar by default not to scan for "adware," a category which includes among others Claria's Gator/GAIN software. It turns out that Yahoo supplies almost one-third of Claria's revenue, making it apparent that Yahoo was protecting its commercial interests rather than the privacy and security of Yahoo Toolbar users. This thread discusses that unfortunate decision by Yahoo and the dangers of relying on commercial entities more generally for spyware protection when they have a vested interest in putting advertising before internet users.

 
 

My Comments to the FTC  [return to top]

On March 29 I finally submitted my own comments to the FTC on the problem of spyware. You can download these comments in PDF format as a single document. That PDF document contains three texts: my comments themselves as well as two supporting documents:

Document PDF Format HTML Format
Comments to the FTC (w/ supporting documents) PDF (1863 kb) -----

Since one of those texts is rather large, I've split them up for those who might want to view them one-by-one. They are available in either PDF format or HTML format (web pages):

Document PDF Format HTML Format
Comments to the FTC PDF (53 kb) HTML (51 kb)
Junkware: A New Name for Spyware PDF (29 kb) HTML (21 kb)
The Anatomy of a Drive-by-Download PDF (1782 kb) HTML (952 kb)

On May 21 I submitted some "followup" comments:

Document PDF Format HTML Format
Followup Comments to the FTC PDF (19 kb) HTML (12 kb)

Note: to view the PDF versions of these documents, you'll need a PDF viewer like the free Adobe Acrobat Reader.

Recent News & Research About Spyware  [return to top]

The FTC's Spyware Workshop comes at a time of heightened scrutiny from state and federal legislators, who are hearing ever louder complaints from their constituents about the problems of "spyware." What follows is a short compendium of web pages, recent reports, news articles, and opinion pieces concerning the efforts of state and federal legislators to address the issue of "spyware" through regulation and oversight:

Anti-Spyware Advocacy & Research  [return to top]

Benjamin Edelman
http://www.benedelman.org/

Benjamin Edelman: Methods & Effects of Spyware
http://www.benedelman.org/spyware/ftc-031904.pdf
or http://www.ftc.gov/os/comments/spyware/040319edelman.pdf

Benjamin Edelman: Advertisers Using WhenU
http://www.benedelman.org/spyware/whenu-advertisers/

Benjamin Edelman: Dell's Spyware Puzzle
http://www.benedelman.org/news/060404-1.html

Benjamin Edelman: DirectRevenue Deletes Competitors from Users' Disks
http://www.benedelman.org/news/120704-1.html

Benjamin Edelman: Gator's EULA Gone Bad
http://www.benedelman.org/news/112904-1.html

Benjamin Edelman: Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It
http://www.benedelman.org/news/100904-1.html

Benjamin Edelman: The Effect of 180solutions on Affiliate Commissions & Merchants
http://www.benedelman.org/spyware/180-affiliates/

Benjamin Edelman: WhenU Copies 26+ Articles from 20+ News Sites
http://www.benedelman.org/spyware/whenu-copy/

Benjamin Edelman: WhenU Spams Google, Breaks Google "No Cloaking" Rules
http://www.benedelman.org/spyware/whenu-spam/

Benjamin Edelman: WhenU Security Hole Allows Execution of Arbitrary Software
http://www.benedelman.org/spyware/whenu-security/

Benjamin Edelman: WhenU Violates Own Privacy Policy
http://www.benedelman.org/spyware/whenu-privacy/

Benjamin Edelman: WhenU vs. Utah
http://www.benedelman.org/spyware/whenu-utah/

Benjamin Edelman: Who Profits from Security Holes?
http://www.benedelman.org/news/111804-1.html

The Center for Democracy & Technology (CDT): Campaign Against Spyware
http://www.cdt.org/action/spyware/

The Center for Democracy & Technology (CDT): Spyware Page
http://www.cdt.org/privacy/spyware/

The Center for Democracy & Technology (CDT): Deceptive Spyware Practices
http://www.cdt.org/publications/pp_10.07.shtml

The Center for Democracy & Technology (CDT): "Ghosts in Our Machines" (report)
http://www.cdt.org/privacy/031100spyware.pdf

CDT Testifies on "Spyware" Threat and Potential Solutions (3/23/04)
http://www.cdt.org/testimony/20040323berman.pdf

CDT Testifies on Approaches to "Spyware" Threat (4/29/04)
http://www.cdt.org/testimony/20040429schwartz.pdf

CDT Urges Utah Governor to Veto Weak Spyware Bill (3/12/04)
http://www.cdt.org/privacy/spyware/20040312utah.pdf

Think Tank Wants Public's Help in 'Spyware' Fight
http://www.washingtonpost.com/wp-dyn/articles/A58655-2003Nov18.html

CDT Files Complaint with FTC in "Browser Hijacking" Case 
http://www.cdt.org/privacy/20040210cdt.pdf

Dr. John Levine: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040319levine.pdf

EarthLink keeps tabs on spyware
http://news.com.com/2100-7355_3-5192308.html

Earthlink SpyAudit
http://www.earthlink.net/spyaudit/press/

Earthlink and Webroot Track the Growth of Spyware
http://www.earthlink.net/about/press/pr_spyAudit/

Spyware Runs Rampant, Earthlink Study Says
http://www.pcworld.com/news/article/0,aid,115700,00.asp

Measurement and Analysis of Spyware in a University Environment
http://www.cs.washington.edu/homes/tzoompy/publications/nsdi/2004/spyware.html

EPIC.org: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040419epic.pdf

Google: A proposal to help fight deceptive Internet software
http://www.google.com/corporate/software_principles.html

Google defines good manners for adware
http://news.com.com/2100-1029_3-5215941.html

Hertz Corporation & L.L. Bean: Gator Pop-up Ad Liklihood of Confusion/Consent Survey
http://www.ftc.gov/os/comments/spyware/040323hertzllbeanwithpopupsurvey.pdf (note: 19 mb PDF doc)

McAfee: Growth of Non-Viral Threats
http://www.ftc.gov/bcp/workshops/spyware/gordon.pdf

Microsoft: What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp

Microsoft Presents Antispyware Strategy
http://www.winnetmag.com/Article/ArticleID/42432/42432.html

PC Pitstop: Gator Information Center
http://www.pcpitstop.com/gator/

PC Pitstop: Spyware Information Center
http://www.pcpitstop.com/spycheck/default.asp

PC Pitstop: Survey Says: Gator Users Didn't Know
http://www.pcpitstop.com/gator/Survey.asp
http://www.ftc.gov/os/comments/spyware/040315pcpitstop.pdf (FTC comments)

PC Pitstop: WhenU Survey
http://www.pcpitstop.com/spycheck/whenu.asp
http://www.ftc.gov/os/comments/spyware/040413pcpitstop.pdf (FTC comments)

PC Pitstop: Response to WhenU & Gator
http://www.ftc.gov/os/comments/spyware/040427pcpitstop2gatorwhenuresponse.pdf

Pest Patrol: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040423pestpatrolstatement.pdf

Ray Everett-Church: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040319everett-church.pdf

Simson Garfinkel: The Pure Software Act of 2006
http://www.technologyreview.com/articles/wo_garfinkel040704.asp
http://www.ftc.gov/os/comments/spyware/040407garfinkel.pdf (FTC comments)

SpywareInfo: Mike Goes to Washington
http://www.spywareinfo.com/newsletter/archives/0404/24.php

SpywareInfo: Thoughts on Recent Anti-spyware Legislation
http://www.spywareinfo.com/newsletter/archives/0404/30.php

Spyware-killers get going online
http://zdnet.com.com/2100-1105_2-5250738.html

WebSense: Businesses Afflicted with Spyware
http://www.websense.com/company/news/pr/Display.php?Release=040428598

Weatherbug: Bill of Rights
http://www.weatherbug.com/billofrights

WeatherBug Creates Desktop Software User's 'Bill of Rights'
http://www.clickz.com/news/article.php/3374721

WhenU/Aluria Deal Sparks Debate
http://www.eweek.com/article2/0,1759,1706659,00.asp

WhenU/Aluria Deal: Mike Healan's Comments
http://www.spywareinfo.com/newsletter/archives/1104/4.php

WhenU Enters the Anti-Spyware Market
http://www.dslreports.com/forum/remark,11723816~mode=flat

WhenU/Aluria Spyware killer displays its own ads
http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/

WinPatrol (BillP Studios): FTC Spyware Workshop Blog
http://www.mysteryware.com/blog.html

WinPatrol (BillP Studios): Mysteryware
http://www.mysteryware.com/

WinPatrol (BillP Studios): Spyware Comments
http://www.ftc.gov/os/comments/spyware/040414billpstudios.pdf

Yahoo Toolbar Beta
http://beta.toolbar.yahoo.com/

Yahoo! Introduces Free Anti-Spyware Solution
http://docs.yahoo.com/docs/pr/release1167.html

Yahoo embraces antispyware
http://news.com.com/2100-1032_3-5221271.html

Yahoo Toolbar Combats Spyware
http://www.eweek.com/article2/0,1759,1602373,00.asp

Yahoo Gives Adware a Second Chance
http://www.eweek.com/article2/0,1759,1605586,00.asp

Yahoo Anti-Spy Favors Yahoo's Adware Partners?
http://yro.slashdot.org/yro/04/06/03/0017212.shtml

Yahoo! playing both sides of the spyware issue
http://www.spywareinfo.com/articles/spyware/yahoo_toolbar.php

Give Yahoo a Break on This Adware Controversy
http://www.eweek.com/article2/0,1759,1606431,00.asp

More Information & Tools on This Site  [return to top]

This web site contains other information and tools related to spyware:

       Information

       Tools

Background & Bio  [return to top]

I am currently Director of Malware Research at Sunbelt Software. Prior to joining Sunbelt I was a graduate student in the Graduate School of Library and Information Science (GSLIS) at the University of Illinois at Urbana-Champaign. For twelve years I taught business and technical writing at the University of Illinois. During 2004-2005 I taught a course in GSLIS titled "Literacy in the Information Age." For three years I also taught composition courses at Parkland Community College in Champaign. 

Over the past five years I have maintained a personal web site -- first at at the University of Illinois; now at Spyware Warrior.com -- to supply internet users with resources to protect their privacy and security on the internet. Among those resources are several utilities and "block lists" that allow users of Microsoft's Internet Explorer web browser to protect themselves against the flood of unwanted software and content pushed on them by aggressive advertising and marketing entities.

In June 2004 I began collaborating with Suzi of SpywareWarrior.com to create and maintain a number of pages with information on anti-spyware applications, including the "Rogue/Suspect Anti-Spyware List." I attended the FTC's Spyware Workshop (April 2004) and was a panelist at the CNET AntiSpyware Workshop (May 2005) as well as the AntiSpyware Coalition Workshop (Feb. 2006).

In recognition of my work to help internet users protect their privacy and security, Microsoft awarded me its MVP (Most Valued Professional) Award (http://mvp.support.microsoft.com/).

Questions & Contact  [return to top]

If you have questions or comments about any of the information presented above, please don't hesitate to ask.

Best regards,

Eric L. Howes

Last Updated: Apr. 27 '05

Home [frames]          Home [no frames]

2000-2005 Eric L. Howes