(1) Fight Against Spyware Progressing, but Challenges Remain (2) Advertisers Knowingly Support Nuisance Adware (3) State and Local Law Enforcers Make Major Strides (4) Spyware Incidents Decline, but Problem Remains Epidemic _______________________________________________ (1) Fight Against Spyware Progressing, but Challenges Remain For those engaged in the ongoing fight against spyware and nuisance adware, the last few months have brought some promising signs, as well as a few clear indications that much work remains to be done. Consumer Reports' annual State of the Net study noted a decline in the incidence of spyware but also noted that that the problem remains at "epidemic" levels in the United States. The Consumer Reports findings suggest some of the same conclusions that anti- spyware advocates drew from the most recent America Online/National Cyber Security Alliance Online Safety Study -- namely that while spyware mitigation efforts are having the desired effect, the rate of infection remains far too high. On the positive side, it is clear that the combination of political, legal and most importantly, technological tools being employed to help users take back control of their computers are making an impact. A recent CDT study found that state and federal authorities are using a broad range of laws -- some new and some old -- to go after the most egregious spyware offenders. Their aggressive efforts have paid dividends. On the technological front, anti-spyware vendors continue to work individually and collaboratively to strengthen the technological defenses against spyware. As more users take advantage of the broad range of powerful and improving anti-spyware programs on the market, the incidence of spyware infection will continue to fall. On the negative side, spyware continues to cost American companies and Internet users .6 billion each year, causing nearly a million users to throw away their computers in frustration, according to the Consumer Reports study. One of the lead factors in that exorbitant cost is that despite education and enforcement efforts, distributing nuisance adware and spyware continues to be a very profitable business model for online scammers. Two recent CDT studies found that a major driver for that profitability came in the form of legitimate, well-known national companies knowingly and unknowingly buying ads from adware companies known to have engaged in unfair and deceptive practices. CDT's "Following the Money" series tracks the origin of ads served by unscrupulous adware distributors in an effort to educate legitimate advertisers about where their ad dollars are going. In attempting to work with unethical adware distributors CDT has learned that as long as they have a financial incentive to prey on consumers with deceptive practices, they will continue to use their well-worn scams to the detriment of the larger Internet community. All told, the mix of encouraging signs and continued challenges should inspire those in the anti-spyware community to redouble their efforts to crack down on this online scourge and further empower Internet users to protect their computers and identities. _______________________________________________ (2) Advertisers Knowingly Support Nuisance Adware In March, CDT released the first of its "Following the Money" studies, which detailed the complex path that advertising dollars can take from legitimate companies into the coffers of unscrupulous adware distributors. The study identified major national brands that were knowingly or unknowingly advertising through an adware distributor accused by consumer advocates of engaging in unfair and deceptive trade practices. The aim of Following the Money I was to send a message to advertisers that they needed to be more careful about policing their advertising spending, in order to avoid having their brands tarnished by association with unwanted adware products. Earlier this month, CDT released Following the Money II, which thought to further untangle the complex web of intermediaries that operate between legitimate advertisers and nuisance adware distributors. The study arrived at some surprising findings. Although ads placed by the largest, most visible national companies tended to travel through multiple intermediaries before being displayed by nuisance adware, 55 percent of nuisance adware ads were placed directly by the companies being advertised. Another 5 percent of the ads on nuisance adware were placed by intermediaries that had no say in where the ads were placed, meaning that fully 60 percent of the ads displayed by the nuisance adware distributors targeted in the study were placed knowingly by the companies being advertised. In light of the extensive media attention and public education efforts that have been devoted to the spyware problem, it is surprising that so many companies are willing to do business with companies engaged in clearly unethical, and in some cases illegal behavior. The findings in Following the Money II were based on a sample of 380 ads served by Zango and Direct Revenue -- both of which have been shown to engage in deceptive distribution practices. CDT researchers identified the source of the ads and traced the path they took from the advertisers to the nuisance adware providers. Following the Money II urges companies to get serious about establishing and enforcing policies to prevent their ads from appearing through nuisance distributors, and to be more careful about choosing affiliate partners. Following the Money II http://www.cdt.org/privacy/20060809adware.pdf Following the Money I http://www.cdt.org/privacy/20060320adware.pdf _______________________________________________ (3) State and Local Law Enforcers Make Major Strides Earlier this summer, CDT undertook a survey of how state and federal law enforcers were using available laws to crack down on spyware and nuisance adware distributors. The results of that survey were encouraging. In March 2004, CDT President Jerry Berman testified about spyware before the Senate Commerce Committee, highlighting the fact that several existing federal laws -- Section 5 of the Federal Trade Commission Act, the Electronic Communications Privacy Act (ECPA), and the Computer Fraud and Abuse Act (CFAA) -- could be used to target the tactics of malicious spyware distributors. He urged the Congress to provide law enforcement officials with the necessary resources to use these laws in prosecuting spyware offenses. He also noted that many states had long-standing fraud statutes that could be brought to bear on spyware distributors, and that neither the federal nor the state laws had yet been used to take action in the spyware space. CDT's survey found that since then, law enforcement officials have increasingly applied statutes -- some long-standing, some relatively new -- to spyware cases. Leading the charge has been the FTC, which to date has brought six cases under its unfair and deceptive practices authority. The Department of Justice has actively pursued spyware purveyors under the CFAA and the Wiretap Act, with 11 cases to date. And three attorneys general at the state level have filed spyware lawsuits under state fraud and consumer protection laws, with two more cases initiated under new state spyware statutes. The states are in a unique position to make a great impact in the broader spyware fight. With a relatively small investment in consumer outreach and technical training, states can contribute towards broadening and diversifying the pool of law enforcement officials who are actively combating the spyware problem. In the survey, CDT urges more states to join the effort by: establishing consumer complaint Web sites where computer users can submit complaints about suspected spyware; developing forensic capabilities so that consumer protection enforcement agencies can investigate spyware complaints; and training investigators and prosecutors in identifying the attributes of spyware that violate existing laws. In a related development, the FTC publicly indicated that it will soon be announcing a new round of spyware cases and settlements. CDT Spyware Enforcement Report http://www.cdt.org/privacy/spyware/20060626spyware-enforcement.php _______________________________________________ (4) Spyware Incidents Decline, but Problem Remains Epidemic Earlier this month, Consumer Reports issued its annual State of the Net report, which details how threats like spam, viruses and spyware are affecting consumers and estimates the monetary damage caused by those threats. The results for spyware were a bit of a mixed bag. The incidence of spyware declined from 2005 -- likely a result of a range of anti-spyware efforts and increased use of anti-spyware technology -- but the rate of infestation remained disturbingly high. One in eight people had "major, often costly" problem with spyware, according to the report, which estimated the average consumer cost of a spyware incident to be . Nearly a million people discarded their computers because of spyware incidents, according to the study. Overall the report estimated the monetary damage caused by spyware nationally to be .6 billion per year. The decline is promising, but those numbers are obviously far too high. Continued effort to undercut the financial support for spyware and nuisance adware, strengthen the legislative framework, educate users, penalize the bad actors and improve the tools consumers can use to protect themselves, are necessary to protect the online public from this global problem. State of the Net Summary http://www.consumerreports.org/cro/electronics-computers/online-protection-9-06/state-of-the-net/0609_online-prot_state.htm _______________________________________________ Detailed information about online civil liberties issues may be found at http://www.cdt.org/. This document may be redistributed freely in full or linked to http://www.cdt.org/publications/policyposts/2006/15 Excerpts may be re-posted with prior permission of dmcguire@cdt.org Policy Post 12.15 Copyright 2006 Center for Democracy and Technology -- To subscribe to CDT's Activist Network, sign up at: http://www.cdt.org/join/ -- Michael Clark, Grassroots Webmaster PGP Key available on keyservers Center for Democracy and Technology 1634 Eye Street NW, Suite 1100 Washington, DC 20006 http://www.cdt.org/ voice: 202-637-9800 fax: 202-637-0968 ================== HURIDOCS-Tech listserv ===================== Send mail intended for the list to < >. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.php
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]