FTC Threatens Spyware Distributors With Prison

Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees. His solution: imprisonment. "Federal Trade Commissioner William Kovacic said most wrongdoers in the spyware arena 'can only be described as vicious organized criminals. Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn,' so it's important for the FTC to collaborate on its cases with criminal law enforcement authorities, Kovacic said."

Windows??

[Mukunda_NZ]

So what about the developers that put spyware in Windows XP and I'm assuming Vista also contains spyware. Will they go to prison? Will Microsoft be forced to strip the spyware out of it's operating system?

Re:Windows??

[Walt Dismal]

Send them to something far, far worse than a Turkish prison. Chain them in the RIAA lobby with no pants, clutching a pirated CD of Bing Crosby singing Christmas carols.

Re:Windows??

[mwvdlee]

Why the pirated CD?
Since when does the RIAA need evidence to screw people?

Re:Windows??

[Rob the Bold]

Why the pirated CD?

Since when does the RIAA need evidence to screw people?

Ya, but you gotta admit that Bing Crosby gives it a romantic touch. What a voice . . .

Re:

[ShieldW0lf]

Personally, I'm in favour of executing them.

This is neither a crime of passion nor of desperation. Kill em and have done with it.

Re:

[timmarhy]

i'm certainly no fan of windows or MS, but MS products are one of the few things you can count on not containing spyware as such. yes they do have activation, no it doesn't spy on your personal information.

Re:

[Mukunda_NZ]

Well actually when you update Windows, an encrypted list of all installed software is sent to Microsoft, at least with XP, and I'm sure Vista would do they same. I believe also, though I'm not sure, that Windows Media Player reports on you too.

Re:

[Nightspirit]

I don't have the link on hand, but a quick google should find it. I believe the info sent to MS is an xml with actually very little information.

Re:

[cpaglee]

Therein lies the rub. Should the husband / boyfriend who spies on his partner be faced with jail time? What if they are using his computer? Or should the developer who designs the keystroke logger go to jail? But do we trust the government to define precisely what is Spyware? I have a utility on my computer that remembers old clipboard entries. Is that Spyware? What about 'History' in your browser? What about a cookie that tracks what web site you visit before and after you visit their website? Will legi

Re:

[walt-sjc]

Oh it's pretty clear. The partner / boyfriend should be faced with jail time if it is not his computer. If it is, then it's not so clear. If the keystroke logger (A) is installed automatically with no warning or the installer's knowledge as part of another application (B), then the publisher of B should be liable. If the BF/partner installs the logger with full knowledge of what it does, then the onus falls on the BF. Cookies are not applications and wouldn't fall under the category of "program" or "applic

Jail time for invasion of privacy?

[cpaglee]

I agree that people who use Spyware to steal credit card and bank information should be punished. But we already have laws on the books which cover this kind of action: trespass, wire fraud, mail fraud, theft, conspiracy, etc. Do we really need to spend our money (because it is our tax dollars which pay congress) to write new legislation which will be hard to define in the first place to expand the scope of coverage of existing law?

Are we really ready to begin prosecution of people who spy because they wo

Re:

[seven7h]

The difference is the scale on which the spying is being done.
If i was to slip a few dollars from someones pocket i would expect less punishment than if i was to go through a bunch of bags and steal all the money from them, just as someone who simply looks at some private information on a private computer would expect must less punishment that someone who came up with an automated method of spying on millions of people at once.

Mod parent up .. this isn't a troll!

[jkrise]

By definition, spyware is one that sends 'personally identifiable information' to a target server without the user's explicit consent. It is reliably established that Windows Genuine Advantage and so-called Critical Updates from Microsoft can be classified thus...

Also data from 'crashed programs' etc.

So why is the parent modded troll?

Re:Mod parent up .. this isn't a troll!

[gsslay]

By definition, a troll is a post that is principally designed to provoke argument without any real concern for the topic of the discussion.

The article is clearly about people who write and distribute malicious programs for the criminal purpose of stealing information, and thereafter actual property and/or money. We can all complain about some aspects of Microsoft's software (yes, really), but its 'spying' is nothing like the same. Legislation may yet change their behaviour here, but suggesting they are in danger of prison is hyperbole.

So introducing the subject is going to divert discussion off-topic, and either just another attempt at starting a fan-boy argument, or yet another boring round of Microsoft bashing.

Re:

[fishdan]

Au contraire mon frere. Microsoft is on example of a company who LEGITIMATELY and ILLEGITIMATELY collects information. The nature of privacy is that you are in control of who knows what about you -- and even if you're doing "illegal" things, you should be free from "unreasonable searches."

Now, even though Microsoft is not taking your information for malicious purposes (I'll concede that), they are violating your privacy by accumulating data on you. The question is, should what they do be considered illeg

Re:

[Kirth Gersen]

We can all complain about some aspects of Microsoft's software (yes, really), but its 'spying' is nothing like the same.

Most people don't really care about spy software. But of the ones that do, they care about as much about Microsoft grabbing their identity as they do about some hacker using their box for a botnet. Maybe more, because Microsoft undoubtedly shares all its data with Fedgov, not just Doubleclick.

Re:

[walt-sjc]

You agreed to be spied on by microsoft. It's in the EULA, and is quite clear. That's why some of us only run MS products in a VM jail that has no network connectivity outside the local LAN. In a corp setting, all updates are done via a corp server and not directly via standard windows update.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

It's a pretty big stretch to call it spyware considering that it does absolutely nothing unless you turn it on.

Re:

[WrongSizeGlass]

it does absolutely nothing unless you turn it on.

If I had a nickel for every time I've used that line on a date I'd be a happy man ;-)


warning: The above content tests positive for sarcasm and/or is a failed attempt at humor and should be taken with a pound of salt.

Re:Ubuntu has spyware in it..

[J0nne]

How is that spyware? It sends anonymous statistics on what packages you have installed throught apt, and you have to choose to enable it.

It does exactly what it claims it does, and you really have to go out of your way to enable it (add/remove software>preferences>statistics>enable popularity contest )

Right under the checkbox there's a clear explanation of what it does:

To improve the user experience of Ubuntu please take part in the popularity contest. If you do so the list of installes software and how often it was used will be collected and sent anonymously to the uubuntu project on a weekly basis.
 
The results are used to improve support for popular applications in the search results

Compare that to Windows update, which 'inspects your system' every time you update, and you have no way to know what exactly it's inspecting, and what it's sending back to MS.

You're probably trolling, and I'm probably wasting my time, but someone modded you up, so I guess at least one person believed you.

Re:

[zcat_NZ]

"It sends anonymous statistics on what packages you have installed throught apt"

Anonymous, apart from being associated with your IP address if they happen to keep it in the logs.

You have to admit that if Microsoft had a program preinstalled in Windows (even if it was turned off by default) which regularly reported every single piece of software you installed and the date you last used it.. I can barely imagine the reaction!

I'm not sure windows update sends all that much back either. As I understand it Micro

Re:

[X0563511]

You realize that popcon only works for packages that have been installed through the APT system?

In windows the equivalent would be to track things installed with the add/remove programs wizard...

Re:

[zcat_NZ]

You can't make that comparison. In ubuntu practically everything is installed through apt. In windows practically nothing can be installed through add/remove programs.

I think I have about two programs (second life and google earth) that were installed by hand. Everything else I use here came from packages.

Re:

[kryptkpr]

I'm not sure windows update sends all that much back either. As I understand it Microsoft sends the list of available updates and your machine then downloads anything it doesn't already have. But I might be wrong..

From the horse's mouth [microsoft.com]:

Windows Update is committed to protecting your privacy. To provide you with the appropriate list of updates, Windows Update must collect a certain amount of configuration information from your computer. None of this configuration information can be used to identify you. This

Re:

[KutuluWare]

I don't believe for a moment that the above information isn't enough to uniquely track you. Between the PnP IDs of all of your hardware and version numbers of all of your software, you're a pretty unique datapoint.

Sure, except for the hundreds of other people with the exact same Dell/Compaq/HP/etc computer model, and thus the same PnP hardware IDs, for which the only version number being sent is "Windows" and "Office". You conveniently managed to leap from "version numbers of other software for which M

Sure they can't track you

[fishdan]

First computer eh? [wikipedia.org]

You're actually much more traceable with a giant corporation PC because Dell/HP etc. definitely can track a PC from MAC address to serial number, to sale.

I've done the opposite of what you're saying is impossible. We buy pcs in bulk -> over 1000 at a pop. User calls me from a remote site because he/she can't access our wireless network -- because we use mac filtering and some other stuff for security. User doesn't actually know where his laptop is though, so he can't check the ma

Re:

[zcat_NZ]

They didn't say MAC address. There will be thousands of identical dells or compaqs with the same network card and PCI id, even if they each have a unique MAC.

OTOH the RIAA seem to believe an IP address alone is enough to identify a user, and it sure narrows things down to a single company or a household 99% of the time.

OTOOH Microsoft have confirmed that things like WGA and OGA do report validation failures, and on the fourth hand what they send back is encrypted and could well contain any kind of unique id

Re:

[KutuluWare]

I fully agree with everything you said. But none of it is relevant to Windows update. Your MAC address or Dell serial number aren't part of your set of PnP ID's. There's a big difference between the owner of a PC being able to identify it on their own network, and Microsoft being able to identify it from across the country.

(Caveat: I am assuming they're only gathering what they claim they're gathering, not because I trust them, but because if they were lying they would have been slammed for it on /. long

Re:

[kryptkpr]

You conveniently managed to leap from "version numbers of other software for which Microsoft provides updates" to "version numbers for all of your software."

Ok, then why encrypt it [theregister.co.uk] if there's nothing to worry about?

Re:

[KutuluWare]

Ok, then why encrypt it if there's nothing to worry about?

Most likely so every script kiddie between here and Redmond can't see how many hundreds of security patches I'm missing and potentially start the next gigantic PR disaster worm infection. --K

Re:

[asninn]

That doesn't make it spyware. I assume most distros (desktop-oriented ones, anyway) also install things like Firefox by default, which - suprise! - sends information on my system to websites when I visit them. But that doesn't make Firefox spyware, simply because it only does so when I tell it to; the situation would be quite different, however, if it did so on its own in the background.

Without knowing anything about popcon really, I think it's safe to say that as long as it has to be EXPLICITELY enabled an

Re:

[eMbry00s]

Does it do things without the users consent? If it doesn't (and it obviously doesn't since it is disabled) then it is not spyware. The Last.fm music tracking is similar to spyware in function, but users install it willingly and it is therefore not spyware.

Re:

[LocoMan]

I does bring an interesting point, though... how do you define spyware?

If it's on a law, it must be defined, but make the definition too strict and spyware makers will just find loopholes... make it too broad, and you end up affecting legitimate apps like windows update or the ubuntu popularity contest. Also, how do you define willingly update/activate it?. A spyware maker can claim the user willingly installed it by leaving the "install XXX" checkbox on when installing a program, or by clicking "yes" or "I

Re:

[eMbry00s]

This has been discussed a lot, so for reference I will quote the wikipedia article:

Spyware is computer software that collects personal information about users without their informed consent.

Concerning law, it seems to me that legal action has only been taken if the EULA has not warned the user about the information gathering. I can't give you examples, but I don't remember a single time when legal action has otherwise been taken.

I do agree with you that a tiny clause in the EULA shouldn't be considered

Re:Ubuntu has spyware in it..

[jrockway]

By your logic, you are spyware. Since you know about popularity-contest, you obviously use Debian or Ubuntu. IMFORMATION LEAK! YOU ARE SPYING ON YOURSELF.

Wait. Does that argument make me sound like a complete and utter idiot? Now you know how you sound.

Re:

[Lavene]

Xchat (or mIRC for the non-linux people), now there is spyware. It sends *everything* I type to every damn computer in the channel!!!

no congical visits here...

[timmarhy]

"kick someones ass on the first day and you'll be ok"

Re:

[Dr.Merkwurdigeliebe]

Go watch "Office Space" again. Man, I love that movie so much.

Interesting challenge.

[Zadaz]

So how do you throw a corporation in prison again?

Re:

[karmatic]

Since a corporation is (in fact) merely a collection of people, with a little legal trimming.

Remove the trimming, and put the people in jail.

Re:

[Red Flayer]

Remove the trimming, and put the people in jail.

Who, the officers of the corporation?

The shareholders?
What about indirectly invested shareholders (like those who invest through a mutual fund)?

The executives who decided to break the law? The peons who carried their instructions out, knowingly or unknowingly?

Since a corporation is (in fact) merely a collection of people, with a little legal trimming.

Not in fact -- in practice. In fact, a corporation is a separate legal entity. The people are incidental

Re:

[revengebomber]

Get the Russians to do it; hell, they could even throw ALL corporations in prison.

Re:Interesting challenge.

[asninn]

Easy: throw the CEO in prison, or the board of directors, or other folks in upper management who're responsible for the crimes the company committed.

FWIW, this seems like a good idea, too. I'm not a fan of prison terms in general, but I also think that they're quite good at deterring white-collar crime (fraud etc., as opposed to blue-collar crime where you actually have to get your hands dirty - armed robbery, battery, and so on). The problem with penalty fees is that they're paid by the company, not the individuals who're actually responsible - so even if worst comes to worst and if the company will go bankrupt, they'll just go and start another one.

It's like punishing mafia hitmen but letting the actual dons go free - they'll just hire new hitmen and continue like before. But as soon as the directors of a spyware company are *personally* threatened with punishment for their deeds (and let's face it, it *is* upper management that is responsible for these things: the company does not have a life of its own that goes beyond the people working in/for it, and doesn't just decide to commit crimes on its own), most likely will stop and comply with the letter of the law, at least.

Put the CEO In Prison

[sconeu]

And let's start with Howard Stringer [wikipedia.org] as a thank-you for the Sony Rootkit.

Re:

[Profane MuthaFucka]

Part of the benefit of being a corporation is that the actual people inside are shielded somewhat from the actions of the corporation. The corporation is its own person sometimes. A few things will actually land executives in jail or cause them personal penalties. For example, OFAC violations can cost the CEO some millions of dollars personally. But mainly it's the corporation that is in trouble and not necessarily the execs.

I think a lot of people forget this fact when they think that corporations deserve

Re:

[Hoi Polloi]

Seeing as corporate executives can literally get away with homicidal negligence [wikipedia.org] I wouldn't sit around too long waiting for criminal charges for spyware.

Re:

[kahrytan]

CEO/President is directly or indirectly responsible for employees that the corporation hires. Unless of course one employee went rogue and is defying corporate rules. ie, The corporate charter states that the software it sells must not contain spyware but employee defies it and does it anyways. That is only if the employee is not linked to the ceo in anyway. Witnesses could easily say CEO told the employee to do it. In which case, CEO is responsible.

Re:Interesting challenge.Not for Direct Revenue

[Anonymous Coward]

It will be a long time before it comes to that. The FTC can't even assess a decent fine [ftc.gov] for clear violations of existing spyware laws. Think about it, these guys got off with a measly $1.5m fine total after pocketing $6m to $10m for each of the four partners (see Ben Edelman's site [benedelman.org] for the details). They're laughing all the way to the bank. So forget about the risks of prison. Quite the contrary, start a spyware company and rake in millions.

Re:

[MindStalker]

We threw the Enron guy into prison. Its not unheard of.

Re:

[someone1234]

You mean they couldn't find a large enough cage for the head monkey?

Re:

[bill_mcgonigle]

So how do you throw a corporation in prison again?

You revoke its charter to operate for a period of time. Anybody caught trying to operate a suspended corporation is guilty of a felony.

What's so hard about that?

I like this guy

[Talgrath]

All I can say is that it is about damn time. I worked for a summer as a tech support agent and spyware caused us more headaches than anything else; and it results in stress, time lost and possibly even monetary loss for individuals with infected computers. The fact that spyware and malware writers can usually avoid punishment (particularly considering that many spyware and malware applications are used to steal people's identities) is simply ridiculous. Good on the senator, and I hope that spyware and malware writers get what is coming to them.

Re:Good, spyware sucks.

[computational super]

Any company can pull money out of their ass to pay a fine, but prison?

Oh, there's some pulling out involved... although as I understand it, you don't have to actually be an active participant.

Making the punishment fit the crime

[chebucto]

This is a really good idea. Spyware makers are the worst in terms of computer crime.

I remember, not too long ago, when pricks around the world wrote dialers for people with dial-up connections. Dialers, once installed, would route someone's call to their ISP through some insanely far-away place (usually pimples in the pacific) with insanely high long-distance costs. The people who wrote the software would then split the profits made from the long-distance call with the corrupt operator of the far-away places' phone company. The effect was to leave people out-of-pocket by a huge amount (hundreds or thousands of dollars). If the target got the long-distance charge removed by the local phone company, the local phone company would have to eat the charges.

The point of the above is to underline the character of crimes committed: it's pure theft. Modern spyware either seals people's browsing habits or personal information, so it's a little less direct, but it's still a theft.

I think spyware writers are more foul than virus writers: while virus writers do what they do for the technical thrill and bother a lot of people in the process, spyware writers do it just to get money.

Their motives are base, their methods are underhanded, and they should go to jail.

Re:Making the punishment fit the crime

[daterabytez]

I think spyware writers are more foul than virus writers: while virus writers do what they do for the technical thrill and bother a lot of people in the process, spyware writers do it just to get money.

Actually, there was a time when this was probably true, but no longer. A great many viruses and exploits today, well over half, are purely for financial gains. The recent ANI exploit is just one example [bbc.co.uk].

-Carl

Re:

[Lord_Ultimate]

You're on the right track here. Just ask spyware makers one simple question with two options:

Would you like to go to federal "pound me in the @$$" prison?

-> Yes
-> I'm pretty sure I do, but first I just want a 90-day demo

Threathen?

[ms1234]

Why only threathen? Why not send them directly to prison without passing Go and colleting 200...

Re:

[aadvancedGIR]

Because, contrary to normal citizens, corporations still have rights.

Re:

[walt-sjc]

Unfortunately, that statement isn't funny, it's true.

Re:Threathen?

[Rocketship Underpant]

"Why only threathen?"

Because this is Slashdot, where lately no one bothers paying attention to the article, or even the blurb (which is incorrect as usual anyway), and just tries to get their opinion in as quickly as possible for moderation.

This William Kovacic dude is a bureaucrat for the FTC. He has no authority whatsoever to make laws or throw people in jail. All he can do is threaten, much like the drunk guy on the corner (except that he's more likely to get a Congressman to listen).

Yes!!!

[Anonymous Coward]

One step closer to the death penalty!

Maybe we can eventually even pass an amendment granting an exception to that whole 'cruel and usual' limitation.

What!

[dragonquest]

So right, I hate spyware, adware, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the malicious code? And will there be a difference of punishment between individuals and corporations who make spyware? If a corp makes it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the corp, not necessarily prison. There cannot be a very fair system of deciding this since its a very grey area with no clear black and white lines. What some people think of as invasion of privacy could be regarded as a useful convenience by another. The best protection you could have is your common sense.

Logical substitution of another crime?

[Anonymous Coward]

How does it sound now when i substitute rape...

So right, I hate rapists, molesters, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the rape? And will there be a difference of punishment between individuals and gangs who rape? If a gang does it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the gang, not necessarily prison. There cannot be a very fair

Re:

[dragonquest]

I was talking about the victim here. In case of some privacy intruding software, some people may find it annoying and some may see it as a useful addition. Like a cookie knowing your search history. However, take the case of rape, I doubt you'll find many victims who think of it as a useful convenience.

Re:

[Anonymous Coward]

Some people like getting raped too, just like some people might like getting spyware. I think more people like being raped than like getting their computer completely fucked up though.

Re:

[aadvancedGIR]

That's exactly the point. Someone steals 100$, he risks prison (or being beaten up if he is spoted by the victim). On the other hand, if a corporation steals millions from thousands of victims using malwares, should it be OK to simply fine them for a fraction of their benefit?
One of the problem of modern capitalism is that corporations have more rights than average people and far less liabilities, so the best way to maximise shareholders gains is to act like a criminal. Anything that helps balance that is

Re:

[magixman]

I have no problem sending people to jail if they violate laws. That has been the trend these days with corporate criminals. Only problem is that spyware companies will just move abroad. So if you really want this to work you have to target the companies that do business with spyware companies. If an ad for your product pops up using software that is illegal you should be liable. "Oh your honor, we had no idea how that ad and landing page ended up there", would not cut it.

Re:

[teflaime]

But sending people to jail may be a little on the heavy side

Why? Effective punishment must be determined and fines aren't working. Prison seems like the last best choice.

who'll decide quantitatively about the severity of the malicious code? And will there be a difference of punishment between individuals and corporations who make spyware?

How about any malicious code is worthy of imprisonment? Seems reasonable to me. If the definitions seem unclear to you, maybe you should urge your political repres

Re:

[drinkypoo]

who'll decide quantitatively about the severity of the malicious code?

A court of law, just like always.

Yeah, I'm not excited about the prospect either. But can you really come up with a better solution?

Re:

[Duhavid]

In *every* crime, there are shades of grey, and a need to
determine the severity of the issue. And then the
punishment.

Fraud is something that both corporations and individuals
can engage in. Should we eliminate jail time for that also?

Re:

[iamacat]

How about a 1 month jail sentence? It will not be that much on a heavy side, but will keep an average geek from doing it again and scare away others.

As for corporations, current laws are screwed. Anyone with a few K in the pocket can start their own personal corporation to evade responsibility for their actions against hundreds of laws. If a corporation commits a crime, everyone responsible should be charged according to degree of their responsibility. Rank and file will probably avoid imprisonment by ratti

Has to be said

[Guppy06]

/cough Sony /cough

Yet more proof

[user24]

that the internet is SERIOUS BUSINESS.

Oh please please please!

[KlausBreuer]

Do this! And make it international!
Because our stupendously moronic german gouverment wants to use systems like this to spy on our home computers - in the war against terrrrrrorism, of course. Then we could finally dump these idiots into jail :-D

New domain name?

[Lost Penguin]

www.stopsign.con

LOL

It's a good idea, but...

[Lunarsight]

.. in order for this to work, they need a clear, concise definition of what Spyware is. As somebody else already said, it gets kind of murky when they have end user agreements which trick the user into agreeing to accept the spyware as a stipulation for using the program. Realistically, 3/4 of people don't sit there and read all the fine print in the end user agreement. If I wanted to legally get spyware onto somebody's computer, all I would have to do is make the end user agreement longer than a War and Pe

Re:

[c0d3h4x0r]

.. in order for this to work, they need a clear, concise definition of what Spyware is.

Okay, here's a clear, concise way to code it into law:

come ask me, and I'll tell you if it's spyware

Mark Pryor is a Senator . . .

[Dausha]

We need better fact checking here. Mark Pryor is the junior senator from Arkansas. The FTC official is William Kovacic.

Obligatory

[Nimey]

You must be new here.

Re:

[kilgortrout]

No, Mark Prior is a perennially injured pitcher for the Chicago Cubs. Oh, it's "Pryor"; never mind.

Re:

[PoliTech]

I updated the Journal entry with the correction, thanks Dausha.

Breaking and entering

[mapkinase]

"Breaking and entering" should be applied in those cases. I could not find a definitive internet resource on the sentencing on that matter, but people should receive at least 3 months in prison

It'll never fly

[DynaSoar]

My Dell computer calls home regularly. I didn't ask for this and I don't want it. Until my warranty expired I didn't dare remove it.

I have to keep a copy of IE available because Firefox chokes on the tracking cookies MSNBC shoves at me. And still Zonealarm reports spyware being blocked from time to time.

With this level of white collar participation, business will tell its entertainment branch, government, that this is all perfectly legal. The FTC people are great, and more power to them, but nobody is going to go to jail over it.

On the other hand, I get spyware blocking reports from Zonealarm when I use a couple of well known bittorrent sites. Now THEY should be afraid. They don't own any congresscritters.

Re:

[Anonymous Coward]

You can't own congresscritters -- they have moral standards. You can only rent them. Pray that no one else rents them at a higher rate at the same time.

Re:

[DynaSoar]

A.C. sez:

"You can't own congresscritters -- they have moral standards. You can only rent them. Pray that no one else rents them at a higher rate at the same time."

I stand corrected. Perhaps if I kneel under their desk corrected I could get a few extra points with them. Nah, I'm an adult.

Moral standards? "WAAAAAAAAH?!" -- Jon Stewart

Our jail system is already too crowded

[Hotawa Hawk-eye]

I'd rather the jail system reserve the cells for violent criminals, like murderers or rapists. Put the spyware distributors under house arrest (with the ankle bracelet) and forbid them from having a computer or any other device that can access the Internet (no cell phone with web access, no game system, etc.) in their house or from working with computers or Internet-capable devices for the duration of the house arrest. The courts can determine what's allowed and what's forbidden. Any violations nets the

Re:

[rantingkitten]

So his buddy can bring him a little laptop computer and the offender can steal the idiot neighbor's unencrypted wireless to do his dirty work from the comfort of his home. Good idea.

Overseas.

[Anonymous Coward]

Won't have any effect whatsoever on overseas operations.

FTC, your friendly freedom-withdrawing commission

[chainLynx]

"freedom is withdrawn" ... interesting euphemism...

Fees, Fines, Foes, Fun

[HTH NE1]

Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees.

Spyware has regulatory fees? Well there's your problem right there! Fees condone; fines penalize.

Re:

[HTH NE1]

The Feds giveth, the Feds taketh away.

Heh. You make me wish I had used the subject "Fees? Fines? Faux Funds!" instead.

Hang em...

[CFBMoo1]

Seriously, I spend enough time cleaning out that Winfixer, Vundo, W32.spybot, SpyAxe, and AIM virus infections from college student computers at work. While thats job security for me I'd rather see the people that make this crap hang for all the frustration, down time, and expense these things cause.

Catch them how?

[cdrguru]

This is the Internet we're talking about, right?

So you get an IP address and this means exactly what? You call up the ISP and ask for information about this but the response is "we destroy all logs". Assuming you can get law enforcement involved or file a civil suit you might be able to get the ISP a subpoena. Of course, you find out they were lying about not having logs and they can indeed tell you what account had that IP address at the given time.

You have your culprit, right? Wrong - the account hold

Re:

[garyok]

I don't see any enforcement being possible at all.

The WTO - make it part of the treaty obligations of the Most Favoured Nations that they co-operate in the prosecution of internet-related crimes next time there's a round of negotiations. If they want to play in the US market they'll sign up no problem. Yeah, the US will have to grant some concessions and open up a few more market a bit but there's no shortage of US bucks for Taiwanese ICs or Chinese DVD players. Then it becomes part of the signatory's laws and, when a complaint is made to one treaty sig

Maybe a television show?

[Snowtide]

Few people like malware writers or spammers. A television show or pay-per-view event about hunting down virus writers and spammers might get good ratings and recoup some expenses from the television rights. :)

I can see it now:

Announcer 1 (Ed): "Well Bob last weeks episode of Hunting Cybercrime was in Dallas and what a show it was. The Dalls PD went to town on that spammer! I guess they don't like having Viagra spams in their inbox any more than the rest of us."

Announcer 2 (Bob) "Indeed Ed, but this weeks l