Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004.

Published byDominique Rooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004."— Presentation transcript:

1 Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004

2 Background Floppy disks Hard drives Modems Prodigy Cookies Spam Spyware and adware

3 What is Spyware? FTC definition – “software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer’s consent, or asserts control over a computer without the consumer’s knowledge” Spyware Adware Hijacker Trojan Keystroke logger Browser helper object (BHO)

4 Federal Legislation SPYACT (H.R. 2929) –Section 2: Prohibits “deceptive acts and practices” Taking control of computer by diverting browser or delivering ads that cannot be closed Modifying settings for default home page or bookmarks Collecting PII with keystroke logger Inducing installation or preventing efforts to block installation Inducing installation by misrepresenting identity of software Removing or disabling anti-virus or anti-spyware technology

5 SPYACT (H.R. 2929) –Section 3: Prohibits “collection of certain information without notice and consent” Opt-in requirement –Notice, consent and functions Information collection program –Collects PII and sends it or uses it to display advertising Notice and consent –Notice must be clear, conspicuous and in plain language –“This program will collect and transmit information about you. Do you accept?” –Change in information collected requires new notice Required functions –Disabling function –Identity function

6 SPYACT (H.R. 2929) –Personally identifiable information First and last name of an individual. A home or other physical address of an individual, including street name, name of a city or town, and zip code. An electronic mail address. A telephone number. A social security number, tax identification number, passport number, driver's license number, or any other government-issued identification number. A credit card number. An account number. Any access code or password, other than an access code or password transmitted by an owner or authorized user of a protected computer to register for, or log onto, a Web page or other Internet service that is protected by an access code or password. Date of birth, birth certificate number, or place of birth of an individual, except in the case of a date of birth required by law to be transmitted or collected

7 SPYACT (H.R. 2929) –Enforcement by FTC Civil penalties for violation of Section 2: $11,000 (or $1M) Section 3: $33,000 (or $3M) –Act would preempt state law Deceptive conduct ala Section 2 Transmission of programs similar to Section 3 Use of context-based triggering mechanisms to display ads –Act would not preempt state law Trespass Contract Tort Relating to acts of fraud

8 SPY BLOCK Act (S. 2145) –Section 2: Unauthorized Installation of Computer Software Software cannot be installed unless –The user has received notice that satisfies the requirements of Section 3 –The user has granted consent that satisfies the requirements of Section 3 –The software’s uninstall procedures satisfy the requirements of Section 3 “Red herring” prohibition –Bans installation of software designed to confuse or mislead the user as to the identity of the software

9 SPY BLOCK Act (S. 2145) –Section 3: Notice, Consent and Uninstall Requirements Notice must be clear and remain on screen until user grants or denies consent Additional separate disclosures for: –An “information collection feature” –An “advertising feature” –A “distributed computing feature” –A “settings modification feature” There must be a “clear description” of how to turn off a feature or uninstall the software There must be consent to installation of the software, plus “affirmative consent” to each of the four features

10 SPY BLOCK Act (S. 2145) –Section 3: Notice, Consent and Uninstall Requirements Uninstall procedures require that software shall –Appear in “Add/Remove Programs” menu of operating system –Be capable of being removed completely using normal procedures –For advertising feature, shall have an easily identifiable link that will inform the user how to turn off the feature or uninstall the software

11 SPY BLOCK Act (S. 2145) –Enforcement by FTC –Enforcement by state attorneys general, who may seek to Enjoin prohibited practices Enforce compliance Obtain damages, restitution or other compensation

12 Computer Software Privacy and Control Act (H.R. 4255) –Prohibits “unfair and deceptive acts and practices in the transmission of computer software” Unlawful to transmit software that »Collects personal information and transmits it »Monitors the web pages accessed by the user and transmits that information »Modifies default settings like browser home page –unless appropriate notice is given and appropriate consent obtained, and unless the software contains a removal utility Unlawful to transmit software that displays advertising unless appropriate notice is given and appropriate consent obtained, and unless the software contains a removal utility

13 Computer Software Privacy and Control Act (H.R. 4255) –Enforcement by FTC –Enforcement by state attorneys general, who may seek to Enjoin prohibited practices Enforce compliance Obtain damages, restitution or other compensation –Act would preempt state law that expressly regulates the transmission of computer software similar to that described in Section 3 –Act would create a criminal offense

14 I-SPY Act (H.R. 4661) –Would establish two new criminal offenses within Section 1030(a) of Title 18

15 State Legislation Utah –Enacted Spyware Control Act on March 23, 2004 –Basic prohibitions against Installing spyware Causing spyware to be installed Using a context based triggering mechanism to display advertising –But, extremely complex definition of “spyware” –Court issued preliminary injunction enjoining enforcement of law despite finding challenge regarding “spyware” lacking

16 California –2 comprehensive bills would prohibit the downloading of software onto a computer in California without the user’s knowledge and consent Iowa –Bill would create criminal misdemeanor offense of unauthorized collection and disclosure of personal information by computer, as well as civil cause of action by AG Michigan –Bill would establish criminal offense for installing or attempting to install spyware

17 New York –Bill would establish the crime of unlawful dissemination of spyware Pennsylvania –Bill modeled after early California bill would create the crime of misuse of adware or spyware Virginia –Bill would require public bodies to conduct privacy impact analyses whenever authorizing or prohibiting the use of “invasive technologies,” such as spyware, hidden cameras, tracking systems, and facial recognition systems

Download ppt "Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004."

Similar presentations

Peer-to-Peer (P2P) Software Risks Standardized Consumer Disclosures Solution To Be Universally Applied By Complying P2P Software Suppliers Developed by.

Peer-to-Peer (P2P) Software Risks Standardized Consumer Disclosures Solution To Be Universally Applied By Complying P2P Software Suppliers Developed by.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Primary Threats to Computer Security

Primary Threats to Computer Security
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Achieving Better Care by Monitoring All Prescriptions (ABC-MAP) Act 191 of 2014 Board Meeting April 8, 2015.

Achieving Better Care by Monitoring All Prescriptions (ABC-MAP) Act 191 of 2014 Board Meeting April 8, 2015.
1 TRUSTe Trusted Download Program Certify Your Software is Spyware-Free November 2006 Colin O’Malley, Director of Product Development Anna Rogers, Product.

1 TRUSTe Trusted Download Program Certify Your Software is Spyware-Free November 2006 Colin O’Malley, Director of Product Development Anna Rogers, Product.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.

Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Chapter 4 Personal Security

Chapter 4 Personal Security
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
March 2006 Taner Erig - EMU5-1 Basic Information on Spyware and Adware n It is difficult to define spyware and adware with precision. The working definition.

March 2006 Taner Erig - EMU5-1 Basic Information on Spyware and Adware n It is difficult to define spyware and adware with precision. The working definition.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
SPYWARE  Do you know where your personal information is?

SPYWARE  Do you know where your personal information is?
Utility Programs and their Functions. Antivirus Software (Virus Checker) Keep the Computer software healthy and free of virus’ that can harm the function.

Utility Programs and their Functions. Antivirus Software (Virus Checker) Keep the Computer software healthy and free of virus’ that can harm the function.
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
Quiz Review.

Quiz Review.

Similar presentations

Ads by Google