Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

FTC Spyware Workshop

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
Chachazz
Update Expert


Joined: 08 Apr 2004
Last Visit: 07 May 2008
Posts: 376

PostPosted: Mon Apr 19, 2004 6:02 pm    Post subject: FTC Spyware Workshop Reply with quote

FTC Spyware Workshop: 1st Impressions....by Eric L. Howes
Hi All:

I don't have much time to write, but I thought I'd update on what happened today at the FTC's Spyware Workshop. When I get home I'll post more complete comments.

As most of you know the FTC's Spyware Workshop was today. We've talked about this workshop in several previous threads:

»Tired of being hijacked? TELL the FTC!
»Telling the FTC About Spyware: A Few Tips...
»Lop.com Goes to the FTC
»What I Told the FTC about Spyware...
»A Guide to Spyware Comments Filed w/ the FTC
»What's the *motivation* for hijack-ware?
»FTC Spyware Workshop Panelists - Worries...

The workshop started today at 9 am and was hosted in the the FTC's Conference Center in Washington D.C. The workshop ws structured around six discussion panels, with roughly five panelists per panel. See...

»FTC Spyware Workshop Panelists - Worries...

...for my earlier comments on those panels and panelists.

One question that I might as well answer right now is the question that many of you will ask: will any new regulations or legislation emerge from today's workshop to regulate or even outlaw spyware or practices associated with the advertising software industry? The answer is a simple one: No.

The FTC is not interested in encouraging new regulations or legislation concerning "spyware" or advertising software. Commissioner Swindle (head of the FTC) indicated as much in the videotaped remarks that were played after the first panel this morning. The FTC is much more interested in encouraging what it calls "industry self-regulation," which involves the advertising industry itself establishing a set of "best practices" that would allow it to "play nice" with consumers. As I've indicated in several previous posts on this board as well as in the comments that I submitted to the FTC, I regard "self-regulation" as oxymoronic doublespeak at its bureaucratic finest.

Rather than belabor the point in the short time I have, let me describe what else happened at this workshop.

Panel 1 (definitions of spyware/adware) was as bad as I expected it to be. Dominated by industry representatives or those friendly to the industry, the panel came to a consensus very early (and even noted that they were all essentially in agreement). What was odd about that consensus is the way is shifted in response to the issues on the table. The panelists initially all agreed that it would be fruitless to get hung up on a term like "spyware," and that it would be much more productive to focus on "bad practices." Now, this is exactly what we anti-spyware folks have been saying for some time. So, for a moment, I almost thought that the something productive might actually be taking place, despite my initial fears.

No such luck. After agreeing that definition disputes would be best avoided, the panel did a complete 180 degree turn when the question of distinguishing "adware" from "spyware" was raised. At that moment every one of them (with the possible exception of Ari Schwartz of the CDT) became suddenly very interested in nailing down a definition of "spyware" so as to distinguish their own software (or the software of the interests they represented) from "spyware." The message from the panel was essentially exactly as I predicted it would be: "Spyware is illegitimate software; adware is legitimate software. We do adware not spyware."

Indeed, Avi Naider from WhenU pursued exactly this line, claiming that most WhenU users were quite aware of the installed software on their computers. In a somewhat bizarre move, Naider attempted to back this claim up by pointing out that of roughly 100 million WhenU installations, 80 million had been uninstalled. He claimed that the fact that users had uninstalled WhenU demonstrated that they were aware of the installations. There are all kinds of problems with this argument, which I won't bother to cover here.

Suffice it to say that at that moment Rob Cheng and Dave Methvin of PC Pitstop (the outfit sued by Gator/Claria last fall, by the way) began distributing their new survey of WhenU users that tells quite another story: over 80% of WhenU users are NOT even aware that the software is installed on their computers. See PC Pitstop's 2nd set of comments:

»www.ftc.gov/os/comments/spyware/040413..

...for the write-up of that survey. And see their 1st set of comments...

»www.ftc.gov/os/comments/spyware/040315..

...for their earlier survey with Gator/GAIN users, also quite damning.

Needless to say, this caused a minor ruckus with WhenU's attorney, who was not amused that Rob and Dave were distributing numbers that undercut what her client had just told the workshop. Naider himself also approached Rob and Dave, asking why they were picking on WhenU were there were plenty of worse actors out there. What WhenU's official response to Rob and Dave's survey will be is not yet known.

WhenU had a bad day all around. After Avi Naider's appearance on the first panel, things went quickly downhill from there. The low point for WhenU must have come during Panel 3, when Chris Jay Hoofnagle from the Electronic Privacy Information Center (EPIC.org) pointed out that Ben Edelman's research, which reported the results of some extremely clever and tenacious packet sniffing, raised the prospect that WhenU was violating its own privacy policy by collecting and transmitting certain personally sensitive data. See Ben Edelman's research results here:

»www.ftc.gov/os/comments/spyware/040319..

The fourth panel (industry self-regulation) was almost as bad as the first. Most of the panelists simply talked about what a wonderful success previous self-regulatory efforts had been (privacy polices, P3P, et al), and insisted that the industry be given the time to address the problems of spyware itself.

Beyond the first and fourth panels, though, things went rather well for those hoping to get Washington's attention on this issue. A number of panelists on the second, third, and fifth panels effectively described the problems with spyware and the great difficulties that consumers face in trying to prevent spyware from being installed on their computers or removing after it is installed.

Audience members (including this author) were allowed to put questions to the panelists, but we had to do so via question cards submitted to an FTC employee for vetting. Of the five questions I submitted over the course of the day, one was accepted and read to one of the panels. (I asked how panelists could place such faith in consumer education when 10 plus years of education on viruses and antivirus software has been a demonstrable failure. None of the panelists addressed the question square-on.) Some of the other anti-spyware folks got some of their own questions accepted as well.

I must say that the nicest part of this past few days has been meeting with and talking with the many anti-spyware folks who attended. Rob Cheng and Dave Methvin of PC Pitstop organized an informal get together on Sunday afternoon/evening. In attendance were Paul Laudanski of Computer Cops, Mike Healan of SpywareInfo, Bill Pytlovany of WinPatrol, Steve Reutter of Pest Patrol, and Ben Edelman, the Harvard grad student who's done several important studies of GAIN's and WhenU's advertising software. Our conversation was lively and productive. On Monday I got to meet Michael Wood of Lavasoft and several folks from WebRoot (makers of SpySweeper). Needless to say that I found all of these folks to be great fun and right sharp -- just the kinds of people you'd love to spend many hours talking with. Too bad it had to end so soon.

I've really not much more time to post right now. I'll have to save other comments (and answers to questions that any of you might have) for a later time. The FTC will be posting transcripts of today's sessions in roughly 10 days or so. Also, the FTC plans to issue a report in response to today's workshop. And be sure to check out Bill Pytlovany's blog from the workshop here:

»www.mysteryware.com/blog.html

He's even got a photo of Panel 1 (with WhenU's Avi Naider).

If you do have any questions about today's workshop, feel free to post them here. I'll try to answer them as soon as possible. Perhaps some of the other attendees would care to pitch in with their own observations and reactions.

Best,

Eric L. Howes
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group