The FTC's Spyware Workshop |
Last Updated: Apr.
27 '05 |
by Eric L. Howes |
On April 19, 2004 the Federal Trade Commission (FTC) hosted a workshop to address the problems of "spyware." You can read about that one day workshop and download related documents on the following pages:
-
Monitoring Software on Your PC: Spyware, Adware, and Other Software
http://www.ftc.gov/bcp/workshops/spyware/index.htm
FTC To Host Spyware Workshop
http://www.ftc.gov/opa/2004/02/spyware.htm
FTC Spyware Workshop - Agenda
http://www.ftc.gov/bcp/workshops/spyware/agenda.pdf
Public Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software
http://www.ftc.gov/os/2004/02/040217spywareworkshopfrn.pdf
A complete transcript of the workshop is available here:
-
Transcript (no bookmarks)
http://www.ftc.gov/bcp/workshops/spyware/transcript.pdf
-
Transcript (w/ bookmarks)
http://www.spywarewarrior.com/uiuc/transcript-idx.pdf
This page contains links to a number of other documents and resources related to the FTC's Spyware Workshop, including my own comments to FTC and my several long online musings about the recent efforts against "spyware."
Other Important Spyware Information
Several other folks have made significant contributions to the recent efforts against the scourge of "spyware." In particluar see
Ben Edelman's web page, which contains his eye-opening research about
WhenU and
Gator. PC Pitstop also has several important studies about WhenU and Gator users. Bill Pytlovany kept a blog from the FTC's Spyware Workshop, with both comments and photos. Mike Healan of SpywareInfo has posted his own extensive comments on the Spyware Workshop. Simson Garfinkel has also offered some potentially useful suggestions for bringing the "spyware" problem under control. For still more links to important research and statements about "spyware," see the Anti-Spyware Advocacy & Research section below.
The FTC Spyware Workshop: One
Year Later
It's now been one year since the FTC hosted its Spyware Workshop. Ben Edelman and I were talking
recently about this, and reflecting on what's changed in the year since that event. What follows is a list of significant developments in the one year since the workshop.
-
The FTC Spyware Workshop: One Year Later
Reports on the Workshop
On March 7, 2005 -- almost one year after the worksop was held -- the FTC
finally released its staff report on the workshop. This report provides a
summary of some of the major points of discussion during the workshop, however,
it is woefully short in providing real insight into the problems with spyware
and adware because the FTC report finds a way to neatly straddle the fence on
almost every significant issue. The staff report is available in PDF format:
FTC
Spyware Workshop: Staff Report (March 2005)
The FTC's staff report isn't the only report available on the workshop,
however. In the month or so after the workshop I produced mini-reports of my own
with extensive comments on each of the six panels at the FTC's Spyware
Workshop. This series of mini-reports appeared as several long posts in THIS thread at the DSLR/BBR Security
forum:
Followup Workshops
A number of other workshops and conferences have been held to address the
problem of spyware and adware in the wake of the FTC's own Spyware Workshop:
It's worth pointing out that the UC Berkeley and NAI agendas are dominated by
speakers and organizations with little apparent direct knowledge of spyware and
adware, much less an established track record of working on the problem. These
people and organizations were simply Missing In Action while this problem
developed over the past five years, and they've taken an interest in the problem
only now that the threat of regulation and widespread deployment of anti-spyware
software has emerged. When the problem involved only web users getting taken to
the cleaners by unsavory elements of the adware advertising industry, the
problem wasn't worthy of their attention.
While I'm certainly encouraged that the spyware and adware problem is getting
wider attention, I remain skeptical of whether these new players bring anything
of substance to the table, as they look to me to be far too concerned with
protecting established industry interests and not concerned enough with helping
the victims of spyware and adware.
Submitted Comments to the
FTC [return to top]
The FTC accepted comments from the public on the topic of "spyware" through May 21.
You can view the comments that were submitted here:
-
Submitted Comments
http://www.ftc.gov/os/comments/spyware/index.html
For brief summaries and critiques of the more noteworthy and important
comments submitted to the FTC, see this thread at the DSLR/BBR Security forum:
-
A Guide to Spyware Comments Filed w/ the FTC
http://www.dslreports.com/forum/remark,9864340~mode=flat
To view the comments that I submitted to the FTC, see below.
Advice & Comments About the Workshop
[return to top]
I have posted several times at the DSLR/BBR Security forum about the FTC's Spyware Workshop. In the earlier posts before the workshop was conducted, I addressed the announced topics of discussion for the workshop, what could be expected from it, and what anti-spyware activists could hope to accomplish. In a related thread I have also offered some tips for constructing a set of comments to submit to the FTC that would be useful, persuasive, and credible. Since comments from the public began rolling in, I have been briefly summarizing and evaluating the more important and noteworthy submissions to the FTC. In a later thread, I review and critique each of the six panels at the FTC's Spyware Workshop, which I attended. (Note: I'm known as "eburger68" at DSLR/BBR.)
Tired of being hijacked? TELL the FTC!
(Feb. 21, 2004)
http://www.dslreports.com/forum/remark,9458905~mode=flat
In this first thread at DSLR/BBR I review the announced
topics of discussion for the Spyware Workshop and raise several concerns
about the apparent direction of the FTC's agenda. |
|
Telling the FTC About Spyware: A Few
Tips... (Mar. 5, 2004)
http://www.dslreports.com/forum/remark,9587358~mode=flat
As it is imperative that the FTC hear from the public
about the issue of "spyware," I offer a few tips for crafting
effective, credible, compelling comments to submit to the FTC. |
|
Lop.com Goes to the FTC (Mar. 22, 2004)
http://www.dslreports.com/forum/remark,9745185~mode=flat
C2 Media's Jason Lucas submitted a set of comments to
the FTC. In this thread I critique some of the more eyebrow-raising
claims that the company behind Lop.com makes. |
|
What I Told the FTC about Spyware...
(Mar. 29, 2004)
http://www.dslreports.com/forum/remark,9818820~mode=flat
On March 29 I finally submitted comments of my own to
the FTC. This thread contains links to all of my comments (also found on
this page below) as well as a
few thoughts about them. |
|
The Coming Spyware Storm: Polticos
wake-up, take sides (Mar. 29, 2004)
http://www.dslreports.com/shownews/41552
An extension of my "comments" thread just
above, this news discussion thread at DSLR/BBR contains DSLR/BBR readers
reaction to my announcement that I had submitted comments. |
|
A Guide to Spyware Comments Filed w/ the
FTC (Apr. 3 - 26, 2004)
http://www.dslreports.com/forum/remark,9864340~mode=flat
As comments from the public are posted at the
FTC's site, I have updated this thread, calling attention to the more
interesting and notewrothy submissions and briefly evaluating their
content. |
|
What's the *motivation* for hijack-ware?
(Apr. 7, 2004)
http://www.dslreports.com/forum/remark,9898401~mode=flat
Many folks wonder why anyone would have anything to do
with "spyware" vendors, given how universally reviled they
are. In this thread I briefly explain why "spyware" or
advertising software companies are becoming a growing threat because of
the business and investments they are receiving from mainstream
investors and advertisers. |
|
FTC Spyware Workshop Panelists - Worries... (Apr. 16, 2004)
http://www.dslreports.com/forum/remark,9986136~mode=flat
The FTC posted its agenda shortly before the workshop.
That agenda contained a breakdown of the panels and panelists selected
for the workshop. In this thread I raise several concerns with the
makeup of those panels and exolain why consumers might not be adequately
represented in several of the key discussions at the workshop.
|
|
FTC Spyware Workshop: 1st Impressions
(Apr. 19 - May 1, 2004)
http://www.dslreports.com/forum/remark,10018653~mode=flat
On Monday April 19 I attended the FTC's Spyware
Workshop in Washington D.C. This thread contains my initial
impressions of the workshop (written while I was still in D.C.). Later
posts in the thread offer pointed summaries and commentary on each of
the six panels at the workshop. Note: be sure to check out the
later pages in this thread, as most of my commentary on specific
workshop panels appears on pages 2
and 3.
Here's short index of my comments in this thread:
|
|
FTC Won't Act on Spyware (Apr. 20, 2004)
http://www.dslreports.com/shownews/42568
In this "news" thread done in response to my
"1st Impressions" thread just above, readers at DSLR/BBR react
to my report from the FTC's Spyware Workshop. |
|
FTC Goes to Bat for Spyware Industry
(Apr. 29, 2004)
http://www.dslreports.com/forum/remark,10106664~mode=flat
The FTC has rejected calls for strong regulations or
legislation to protect consumers from unscrupulous "spyware"
vendors, recommending instead "industry self-regulation." In
this thread I call attention to the FTC's comments on April 29 before a
House subcommittee considering the issue of "spyware" -- a
forum in which the FTC's representatives got a frosty reception from
committee members. |
|
Yahoo Gives Adware a Pass
(Jun. 2, 2004)
http://www.dslreports.com/forum/remark,10399574~mode=flat
On May 26 Yahoo announced that it would be
incorporating anti-spyware scanning into the new version of its Yahoo
Toolbar, still in beta. On June 1, however, it became known that Yahoo
had configured the toolbar by default not to scan for
"adware," a category which includes among others Claria's
Gator/GAIN software. It turns out that Yahoo supplies almost one-third
of Claria's revenue, making it apparent that Yahoo was protecting its
commercial interests rather than the privacy and security of Yahoo
Toolbar users. This thread discusses that unfortunate decision by Yahoo
and the dangers of relying on commercial entities more generally for
spyware protection when they have a vested interest in putting
advertising before internet users. |
|
|
|
My Comments to the FTC [return to top]
On March 29 I finally submitted my own comments to the FTC on the problem of spyware. You can download these comments in PDF format as a single document. That PDF document contains three texts: my comments themselves as well as two supporting documents:
Document |
PDF Format |
HTML Format |
Comments to the FTC (w/ supporting documents)
|
PDF
(1863 kb) |
----- |
|
|
Since one of those texts is rather large, I've split them up for those who might want to view them one-by-one. They are available in either PDF format or HTML format (web pages):
Document |
PDF Format |
HTML Format |
Comments to the FTC
|
PDF
(53 kb) |
HTML
(51 kb) |
Junkware: A New Name for Spyware
|
PDF
(29 kb) |
HTML
(21 kb) |
The Anatomy of a Drive-by-Download
|
PDF
(1782 kb) |
HTML
(952 kb) |
|
|
On May 21 I submitted some "followup" comments:
Document |
PDF Format |
HTML Format |
Followup Comments to the FTC
|
PDF
(19 kb) |
HTML
(12 kb) |
|
|
Note: to view the PDF versions of these documents, you'll need a PDF viewer like the free Adobe Acrobat Reader.
Recent News & Research About Spyware
[return to top]
The FTC's Spyware Workshop comes at a time of heightened scrutiny from state and federal legislators, who are hearing ever louder complaints from their constituents about the problems of "spyware." What follows is a short compendium of web pages, recent reports, news articles, and opinion pieces concerning the efforts of state and federal legislators to address the issue of "spyware" through regulation and oversight:
Anti-Spyware Advocacy & Research [return to top]
-
Benjamin Edelman
http://www.benedelman.org/
Benjamin Edelman: Methods & Effects of Spyware
http://www.benedelman.org/spyware/ftc-031904.pdf
or http://www.ftc.gov/os/comments/spyware/040319edelman.pdf
Benjamin Edelman: Advertisers Using WhenU
http://www.benedelman.org/spyware/whenu-advertisers/
Benjamin Edelman: Dell's Spyware Puzzle
http://www.benedelman.org/news/060404-1.html
Benjamin Edelman: DirectRevenue Deletes Competitors from Users' Disks
http://www.benedelman.org/news/120704-1.html
Benjamin Edelman: Gator's EULA Gone Bad
http://www.benedelman.org/news/112904-1.html
Benjamin Edelman: Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It
http://www.benedelman.org/news/100904-1.html
Benjamin Edelman: The Effect of 180solutions on Affiliate Commissions & Merchants
http://www.benedelman.org/spyware/180-affiliates/
Benjamin Edelman: WhenU Copies 26+ Articles from 20+ News Sites
http://www.benedelman.org/spyware/whenu-copy/
Benjamin Edelman: WhenU Spams Google, Breaks Google "No Cloaking" Rules
http://www.benedelman.org/spyware/whenu-spam/
Benjamin Edelman: WhenU Security Hole Allows Execution of Arbitrary Software
http://www.benedelman.org/spyware/whenu-security/
Benjamin Edelman: WhenU Violates Own Privacy Policy
http://www.benedelman.org/spyware/whenu-privacy/
Benjamin Edelman: WhenU vs. Utah
http://www.benedelman.org/spyware/whenu-utah/
Benjamin Edelman: Who Profits from Security Holes?
http://www.benedelman.org/news/111804-1.html
The Center for Democracy & Technology (CDT): Campaign Against Spyware
http://www.cdt.org/action/spyware/
The Center for Democracy & Technology (CDT): Spyware Page
http://www.cdt.org/privacy/spyware/
The Center for Democracy & Technology (CDT): Deceptive Spyware Practices
http://www.cdt.org/publications/pp_10.07.shtml
The Center for Democracy & Technology (CDT): "Ghosts in Our Machines" (report)
http://www.cdt.org/privacy/031100spyware.pdf
CDT Testifies on "Spyware" Threat and Potential Solutions (3/23/04)
http://www.cdt.org/testimony/20040323berman.pdf
CDT Testifies on Approaches to "Spyware" Threat (4/29/04)
http://www.cdt.org/testimony/20040429schwartz.pdf
CDT Urges Utah Governor to Veto Weak Spyware Bill (3/12/04)
http://www.cdt.org/privacy/spyware/20040312utah.pdf
Think Tank Wants Public's Help in 'Spyware' Fight
http://www.washingtonpost.com/wp-dyn/articles/A58655-2003Nov18.html
CDT Files Complaint with FTC in "Browser Hijacking" Case
http://www.cdt.org/privacy/20040210cdt.pdf
Dr. John Levine: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040319levine.pdf
EarthLink keeps tabs on spyware
http://news.com.com/2100-7355_3-5192308.html
Earthlink SpyAudit
http://www.earthlink.net/spyaudit/press/
Earthlink and Webroot Track the Growth of Spyware
http://www.earthlink.net/about/press/pr_spyAudit/
Spyware Runs Rampant, Earthlink Study Says
http://www.pcworld.com/news/article/0,aid,115700,00.asp
Measurement and Analysis of Spyware in a University Environment
http://www.cs.washington.edu/homes/tzoompy/publications/nsdi/2004/spyware.html
EPIC.org: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040419epic.pdf
Google: A proposal to help fight deceptive Internet software
http://www.google.com/corporate/software_principles.html
Google defines good manners for adware
http://news.com.com/2100-1029_3-5215941.html
Hertz Corporation & L.L. Bean: Gator Pop-up Ad Liklihood of Confusion/Consent Survey
http://www.ftc.gov/os/comments/spyware/040323hertzllbeanwithpopupsurvey.pdf (note: 19 mb PDF doc)
McAfee: Growth of Non-Viral Threats
http://www.ftc.gov/bcp/workshops/spyware/gordon.pdf
Microsoft: What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp
Microsoft Presents Antispyware Strategy
http://www.winnetmag.com/Article/ArticleID/42432/42432.html
PC Pitstop: Gator Information Center
http://www.pcpitstop.com/gator/
PC Pitstop: Spyware Information Center
http://www.pcpitstop.com/spycheck/default.asp
PC Pitstop: Survey Says: Gator Users Didn't Know
http://www.pcpitstop.com/gator/Survey.asp
http://www.ftc.gov/os/comments/spyware/040315pcpitstop.pdf (FTC comments)
PC Pitstop: WhenU Survey
http://www.pcpitstop.com/spycheck/whenu.asp
http://www.ftc.gov/os/comments/spyware/040413pcpitstop.pdf (FTC comments)
PC Pitstop: Response to WhenU & Gator
http://www.ftc.gov/os/comments/spyware/040427pcpitstop2gatorwhenuresponse.pdf
Pest Patrol: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040423pestpatrolstatement.pdf
Ray Everett-Church: Spyware Comments
http://www.ftc.gov/os/comments/spyware/040319everett-church.pdf
Simson Garfinkel: The Pure Software Act of 2006
http://www.technologyreview.com/articles/wo_garfinkel040704.asp
http://www.ftc.gov/os/comments/spyware/040407garfinkel.pdf (FTC comments)
SpywareInfo: Mike Goes to Washington
http://www.spywareinfo.com/newsletter/archives/0404/24.php
SpywareInfo: Thoughts on Recent Anti-spyware Legislation
http://www.spywareinfo.com/newsletter/archives/0404/30.php
Spyware-killers get going online
http://zdnet.com.com/2100-1105_2-5250738.html
WebSense: Businesses Afflicted with Spyware
http://www.websense.com/company/news/pr/Display.php?Release=040428598
Weatherbug: Bill of Rights
http://www.weatherbug.com/billofrights
WeatherBug Creates Desktop Software User's 'Bill of Rights'
http://www.clickz.com/news/article.php/3374721
WhenU/Aluria Deal Sparks Debate
http://www.eweek.com/article2/0,1759,1706659,00.asp
WhenU/Aluria Deal: Mike Healan's Comments
http://www.spywareinfo.com/newsletter/archives/1104/4.php
WhenU Enters the Anti-Spyware Market
http://www.dslreports.com/forum/remark,11723816~mode=flat
WhenU/Aluria Spyware killer displays its own ads
http://www.boston.com/business/technology/articles/2004/11/06/spyware_killer_displays_its_own_ads/
WinPatrol (BillP Studios): FTC Spyware Workshop Blog
http://www.mysteryware.com/blog.html
WinPatrol (BillP Studios): Mysteryware
http://www.mysteryware.com/
WinPatrol (BillP Studios): Spyware Comments
http://www.ftc.gov/os/comments/spyware/040414billpstudios.pdf
Yahoo Toolbar Beta
http://beta.toolbar.yahoo.com/
Yahoo! Introduces Free Anti-Spyware Solution
http://docs.yahoo.com/docs/pr/release1167.html
Yahoo embraces antispyware
http://news.com.com/2100-1032_3-5221271.html
Yahoo Toolbar Combats Spyware
http://www.eweek.com/article2/0,1759,1602373,00.asp
Yahoo Gives Adware a Second Chance
http://www.eweek.com/article2/0,1759,1605586,00.asp
Yahoo Anti-Spy Favors Yahoo's Adware Partners?
http://yro.slashdot.org/yro/04/06/03/0017212.shtml
Yahoo! playing both sides of the spyware issue
http://www.spywareinfo.com/articles/spyware/yahoo_toolbar.php
Give Yahoo a Break on This Adware Controversy
http://www.eweek.com/article2/0,1759,1606431,00.asp
More Information & Tools on This Site
[return to top]
This web site contains other information and tools related to spyware:
Information
Tools
Background & Bio [return to top]
I am currently Director of Malware Research at Sunbelt Software.
Prior to joining Sunbelt I was a graduate student in the Graduate School of Library and Information Science (GSLIS) at the University of Illinois at Urbana-Champaign. For twelve years I taught business and technical writing at the University of Illinois. During 2004-2005 I taught a course in GSLIS
titled "Literacy
in the Information Age." For three years I also taught composition courses at Parkland Community College in Champaign.
Over the past five years I have maintained a personal web site -- first at at the University of Illinois; now at Spyware Warrior.com -- to supply internet users with resources to protect their privacy and security on the internet. Among those resources are several utilities and "block lists" that allow users of Microsoft's Internet Explorer web browser to protect themselves against the flood of unwanted software and content pushed on them by aggressive advertising and marketing entities.
In June 2004 I began collaborating with Suzi of
SpywareWarrior.com to create and
maintain a number of pages with information on anti-spyware applications,
including the "Rogue/Suspect
Anti-Spyware List." I attended the FTC's Spyware Workshop
(April 2004) and was a panelist at the CNET AntiSpyware Workshop (May 2005) as well as the AntiSpyware Coalition Workshop (Feb. 2006).
In recognition of my work to help internet users protect their privacy and security, Microsoft awarded me its MVP (Most Valued Professional) Award (http://mvp.support.microsoft.com/).
Questions & Contact [return
to top]
If you have questions or comments about any of the information presented above, please don't hesitate to ask.
-
Best regards,
Eric L. Howes
Last Updated: Apr. 27 '05
|