Antispyware groups: Legislation still needed
Tech improving, but consumers need protection from themselves
IDG News Service - Even though security technology is improving, spyware legislation is still needed from Congress because many consumers don't use all the tech tools available to them, antispyware groups said Thursday.
Antispyware groups including the Center for Democracy and Technology (CDT) and StopBadware.org called on Congress to pass antispyware legislation during the last days of the 2006 session. Although some studies show a small decrease in the amount of spyware on PCs, the use of spyware that logs keystrokes seems to be going up, said Ari Schwartz, deputy director of the CDT.
"The issue is everyone's still making money doing this," Schwartz said during an antispyware discussion in Washington. Spyware distributors identified by the Federal Trade Commission (FTC) or the CDT can pull in tens of millions of dollars in revenue annually, he added.
Antispyware technology can work, but 81 percent of home PC users don't use all three common security tools -- antispyware software, antivirus software and firewalls -- according to a survey published in December by AOL LLC and the National Cyber Security Alliance (NCSA).
"We still think consumers are not protected," said Ron Teixeira, the NCSA's executive director. "If they don't take these three core measures, it doesn't matter what we do."
The House of Representatives passed two antispyware bills in May 2005, but the full Senate has yet to act on similar legislation introduced there. Paul Cancienne, a legislative assistant for Representative Mary Bono, said his boss is optimistic that the Senate can still pass legislation and the two chambers can iron out their differences before Congress adjourns in October.
Bono, a California Republican, pushed forward legislation that would require many software programs collecting personal information to get permission before doing so. Bono's Securely Protect Yourself Against Cyber Trespass Act also would outlaw the act of taking over a computer in order to send unauthorized information or code, and diverting a Web browser without the permission of the computer owner. The bill, which passed the House by a 389-vote margin, would allow fines of up to $3 million for spyware-like activity.
Security software updates are exempted from the Bono bill.
In addition to legislation, antispyware groups need to continue to educate consumers about online dangers and ways to combat them, said NCSA's Teixeira. Many people don't know how to properly use security software or are confused about products out there, he said.
Many of the discussion's participants said legislation that would define illegal practices and give the FTC more power to work with overseas law enforcement agencies would help fight spyware. But not everyone there saw more legislation as an improvement.
A new law could bring unintended consequences for the tech industry, said John Palafoutas, senior vice president for domestic policy and congressional affairs at tech trade group AeA.
Palafoutas pointed to studies that say a significant percentage of time consumers spend online is looking at pornography sites, identified by StopBadware.org as major sources of spyware.
"I'm wary of a legislative fix," Palafoutas said. "Part of the problem is there's a lot of recklessness out there."
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts