District Judge Joseph C. Fratto Jr. recently granted an injunction temporarily stopping a Utah law which was the first enacted to combat spyware. WhenU.com, a major purveyor of adware which displays advertisements in pop-up windows, Web page banners, buttons, tool bars and text links, filed the suit arguing that the Utah law defined spyware too broadly and infringed on legitimate business practices as well as the less scrupulous spyware.
I don’t know the precise wording of the Utah law, but from what I have gleaned I don’t agree that the law is written too broadly. According to an article in Computerworld “Utah's Spyware Control Act defines spyware broadly as any software that monitors a computer's use and sends information about it to a remote computer or server without prior consent of the owner.” The WhenU.com software typically comes bundled with freeware available on the Internet and users must agree to the terms of the End User License Agreement (EULA) before installing it, therefore the WhenU.com software does not fit the description of spyware under the Utah law (assuming that WhenU.com is honest about their practices and intentions in their EULA).
The United States House Subcommittee on Commerce, Trade and Consumer Protection has already taken such distinctions between legitimate and illegal software into account in approving the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) Act (yes, it is redundant, but whoever came up with the catchy acronym seems to have forgotten that it would be called the SPY ACT Act). Rep. Cliff Stearns (R-Fla.) wrote a substantial amendment to a bill that was originally submitted last year by Rep. Mary Bono (R-Calif.) The amendment is designed to outlaw spyware without throwing the baby out with the bathwater so to speak by defining it so broadly that legitimate software used by parents or employers to monitor the usage of their computers would be outlawed as well. According to another Computerworld article “The Stearns amendment allows fines of up to $3 million for actions unauthorized by a computer's owner, including hijacking browsers, changing a browser's default home page, changing the security settings of a computer, logging keystrokes and delivering advertisements that the computer user can't close without turning off the computer or closing all sessions of the browser.” The bill further requires that computer owners give consent before spyware is installed on their computer system.