Antispyware groups: Legislation still needed
Tech improving, but consumers need protection from themselves
IDG News Service - Even though security technology is improving, spyware legislation is still needed from Congress because many consumers don't use all the tech tools available to them, antispyware groups said Thursday.
Antispyware groups including the Center for Democracy and Technology (CDT) and StopBadware.org called on Congress to pass antispyware legislation during the last days of the 2006 session. Although some studies show a small decrease in the amount of spyware on PCs, the use of spyware that logs keystrokes seems to be going up, said Ari Schwartz, deputy director of the CDT.
"The issue is everyone's still making money doing this," Schwartz said during an antispyware discussion in Washington. Spyware distributors identified by the Federal Trade Commission (FTC) or the CDT can pull in tens of millions of dollars in revenue annually, he added.
Antispyware technology can work, but 81 percent of home PC users don't use all three common security tools -- antispyware software, antivirus software and firewalls -- according to a survey published in December by AOL LLC and the National Cyber Security Alliance (NCSA).
"We still think consumers are not protected," said Ron Teixeira, the NCSA's executive director. "If they don't take these three core measures, it doesn't matter what we do."
The House of Representatives passed two antispyware bills in May 2005, but the full Senate has yet to act on similar legislation introduced there. Paul Cancienne, a legislative assistant for Representative Mary Bono, said his boss is optimistic that the Senate can still pass legislation and the two chambers can iron out their differences before Congress adjourns in October.
Bono, a California Republican, pushed forward legislation that would require many software programs collecting personal information to get permission before doing so. Bono's Securely Protect Yourself Against Cyber Trespass Act also would outlaw the act of taking over a computer in order to send unauthorized information or code, and diverting a Web browser without the permission of the computer owner. The bill, which passed the House by a 389-vote margin, would allow fines of up to $3 million for spyware-like activity.
Security software updates are exempted from the Bono bill.
In addition to legislation, antispyware groups need to continue to educate consumers about online dangers and ways to combat them, said NCSA's Teixeira. Many people don't know how to properly use security software or are confused about products out there, he said.
Many of the discussion's participants said legislation that would define illegal practices and give the FTC more power to work with overseas law enforcement agencies would help fight spyware. But not everyone there saw more legislation as an improvement.
A new law could bring unintended consequences for the tech industry, said John Palafoutas, senior vice president for domestic policy and congressional affairs at tech trade group AeA.
Palafoutas pointed to studies that say a significant percentage of time consumers spend online is looking at pornography sites, identified by StopBadware.org as major sources of spyware.
"I'm wary of a legislative fix," Palafoutas said. "Part of the problem is there's a lot of recklessness out there."
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts