FTC commish: More spyware-fighting tools needed
Stronger laws, more authority to impose penalties sought
IDG News Service - Organizations and law enforcement agencies fighting spyware are making progress, but new tools in an antispyware bill stalled in Congress could improve the efforts, a member of the Federal Trade Commission said Monday.
One of the spyware bills passed by the House of Representatives earlier this year, the Spy Act, would give the FTC authority to impose civil fines on companies that distribute spyware to consumers' computers. The bill, along with the Internet Spyware Prevention (or I-SPY) Act have stalled in the Senate since passing the House in May and June.
The FTC has the authority to collect profits from spyware operations and collect money for consumer redress, but it lacks the authority to impose other fines, as it does when going after spammers, said Commissioner Jon Leibowitz, speaking at a spyware forum in Washington, D.C.
Assigning a dollar figure to consumer harm is tricky in many spyware cases, especially when the spyware delivers pop-up advertisements to computers, Leibowitz said. It's sometimes difficult to get courts to assign large consumer damages to pop-up cases, he said.
In some cases, spyware damages are assessed by judges "who don't even use computers," said Dave Koehler, with the FTC's Bureau of Consumer Protection.
The Spy Act would allow the FTC to fine spyware vendors up to $3 million for hijacking computers, delivering unwanted adware and other violations and $1 million for collecting personal data without permission, in addition to going after the vendor's profits and seeking consumer redress.
Additional authority to impose civil fines would give the FTC "an enormous deterrent," Leibowitz said.
"Right now, companies know that the worst they can do is lose their profits," he added. "They're not going to get fined on top of that."
The FTC has brought several spyware actions against companies. In February, the agency settled a case against adware distributor DirectRevenue LLC. In that case, DirectRevenue settled for $1.5 million, based on its profits, but the founders of the company had received more than $20 million in venture-capital funding, Leibowitz said.
While participants in the spyware forum said there continue to be many challenges, including a growing trend of foreign spyware vendors, the cost of spyware to U.S. consumers seems to be falling. Consumer Reports estimated that spyware cost U.S. consumers $2.6 billion in 2006, but only $1.7 billion in 2007, noted Ari Schwartz, deputy director of the Center for Democracy and Technology, a supporter of StopBadware.org, a consumer-protection effort aimed at spyware and other malicious code.
The drop in the cost of spyware can be attributed to a number of factors, Schwartz said. Antispyware technology is getting better, the FTC has taken action against spyware vendors and StopBadware.org has distributed a list of malicious Web sites, he said. In addition, some states have taken action against spyware, and cybersecurity groups' public education programs seem to be working, he said.
But Ron Teixeira, executive director of the National Cyber Security Alliance (NCSA), noted that consumers may know more about spyware, but they don't always act on their knowledge. A survey (PDF format) released by the NCSA and McAfee earlier this month found 78 percent of respondents' computers didn't have all three of what the NCSA calls the "core protection" software -- antivirus, antispyware and firewall.
"We're not seeing a huge increase in the actual behavior change," he said.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Live Webcast
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...