On June 17, 2004, the U.S. House Subcommittee on Commerce, Trade and Consumer Protection approved the Securely Protect Yourself Against Cyber Trespass Act (SPY Act). This new bill will be an amendment to the legislation sponsored last year by Representative Mary Bono (R-CA), but it will replace major portions of the previous legislation.

Criminal Intent with a $3 Million Fine

The new SPY Act makes it a criminal offense with fines up to $3 million for collecting personal information, diverting browsers, or delivering pop-up advertisements to computer users without their consent.

The bill would require that computer users be notified and be allowed to give consent before software that collects and transmits personal information is installed on their computers. The bill would also require that any software that collects the personal information of a computer user provide an easy uninstall option.

The SPY Act, sponsored by subcommittee chairman Representative Cliff Stearns (R-FL), is now headed to the House Energy and Commerce Committee. There is no word on how soon that committee will review the bill, and the prospects of getting a law passed remains in doubt.

Still No Consensus for Spyware Definition

The problem is that there is still debate over the nature and definition of spyware. For instance, an earlier version of Bono's original bill, called the Safeguard Against Privacy Invasions Act, defined all computer programs that transmit information without action from the user as spyware. But that raised objections from several IT vendors, including antivirus companies. A later draft of Bono's bill, which authorized the Federal Trade Commission to create rules for spyware notice and consent, had several other exceptions, including parental control software, antivirus software, and software that scans for license compliance.

Consumers and Companies Struggle with Spyware

In the meantime, consumers and companies alike are continuing to struggle against the impact of these automated unsolicited agents that arrive secretly into their computers and then mine them for information and statistics to the benefit of companies who are seeking better demographics.

Removing the agents is not an easy task and is certainly not in the scope of normal user skills. Spyware attaches itself into the user's Windows Registry, often with multiple registry keys, and into the Internet Explorer settings. As a consequence, a cottage industry of spyware removal tools and anti-spyware utilities is growing quickly into a multi-million-dollar sector as anti-virus tool makers rush to meet the demand.

How Did We Get Here?

This raises two questions: "How much money are we willing to spend to make Windows secure?" and "Is legislation really going to help?"

A list of prerequisites for any Internet Windows computer now includes the following:

• Windows XP operating system to maintain continued support of Windows desktop--$199
• Office Professional to use Excel, Word, Access, etc.--$499
• Anti-virus protection to scan for viruses and agents that Windows security misses--$49
• Anti-intrusion software to prevent hackers from taking over the Windows computer--$69
• Anti-spam software to handle the influx of spam generated by other Windows computers that have been infected with viruses--$39

Anti-spyware software to disable adware and spyware agents that data-mine the Windows platform (purportedly to find out how many pieces of Microsoft software you've already purchased)--$29.00 (For a list of free anti-spyware utilities, see "Spyware: More Than a Privacy Issue!")

This brings the total cost of the software platform to nearly $900 per personal computer--more than the cost of the current basic hardware package on the market.

Boom or Bust?

So, when the personal computer software industry is opening new markets to fill the holes that Microsoft has provided to criminals and entrepreneurs, how likely is it that anti-spyware, anti-adware, or anti-spam legislation will actually work? Not very likely!

Yet, to quote Bill Gates from his March postings about security on Microsoft's own site: "Given human nature, evolving threat models, and the increasing interconnectedness of computers, the number of security exploits will never reach zero. But we can dramatically blunt the impact of cybercriminals and are dedicating a major portion of our R&D investments to security advances."

Looks like it's a boom market for Microsoft security.

Thomas M. Stockwell is Editor in Chief of MC Press Online, LP.

Thomas M. Stockwell is an independent IT analyst and writer. He is the former Editor in Chief of MC Press Online and Midrange Computing magazine and has over 20 years of experience as a programmer, systems engineer, IT director, industry analyst, author, speaker, consultant, and editor.  

 

Tom works from his home in the Napa Valley in California. He can be reached at ITincendiary.com.