Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government Politics

FTC Threatens Spyware Distributors With Prison 126

Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees. His solution: imprisonment. "Federal Trade Commissioner William Kovacic said most wrongdoers in the spyware arena 'can only be described as vicious organized criminals. Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn,' so it's important for the FTC to collaborate on its cases with criminal law enforcement authorities, Kovacic said."
This discussion has been archived. No new comments can be posted.

FTC Threatens Spyware Distributors With Prison

Comments Filter:
  • Windows?? (Score:3, Insightful)

    by Mukunda_NZ ( 1078231 ) on Wednesday April 11, 2007 @02:40AM (#18686137) Homepage
    So what about the developers that put spyware in Windows XP and I'm assuming Vista also contains spyware. Will they go to prison? Will Microsoft be forced to strip the spyware out of it's operating system?
    • Re: (Score:2, Interesting)

      by timmarhy ( 659436 )
      i'm certainly no fan of windows or MS, but MS products are one of the few things you can count on not containing spyware as such. yes they do have activation, no it doesn't spy on your personal information.
      • Re: (Score:2, Informative)

        by Mukunda_NZ ( 1078231 )
        Well actually when you update Windows, an encrypted list of all installed software is sent to Microsoft, at least with XP, and I'm sure Vista would do they same. I believe also, though I'm not sure, that Windows Media Player reports on you too.
        • Re: (Score:3, Informative)

          by Nightspirit ( 846159 )
          I don't have the link on hand, but a quick google should find it. I believe the info sent to MS is an xml with actually very little information.
    • Re: (Score:3, Insightful)

      by cpaglee ( 665238 )
      Therein lies the rub. Should the husband / boyfriend who spies on his partner be faced with jail time? What if they are using his computer? Or should the developer who designs the keystroke logger go to jail? But do we trust the government to define precisely what is Spyware? I have a utility on my computer that remembers old clipboard entries. Is that Spyware? What about 'History' in your browser? What about a cookie that tracks what web site you visit before and after you visit their website? Will legi
      • Re: (Score:3, Informative)

        by walt-sjc ( 145127 )
        Oh it's pretty clear. The partner / boyfriend should be faced with jail time if it is not his computer. If it is, then it's not so clear. If the keystroke logger (A) is installed automatically with no warning or the installer's knowledge as part of another application (B), then the publisher of B should be liable. If the BF/partner installs the logger with full knowledge of what it does, then the onus falls on the BF. Cookies are not applications and wouldn't fall under the category of "program" or "applic
        • I agree that people who use Spyware to steal credit card and bank information should be punished. But we already have laws on the books which cover this kind of action: trespass, wire fraud, mail fraud, theft, conspiracy, etc. Do we really need to spend our money (because it is our tax dollars which pay congress) to write new legislation which will be hard to define in the first place to expand the scope of coverage of existing law?

          Are we really ready to begin prosecution of people who spy because they wo

      • by seven7h ( 926826 )
        The difference is the scale on which the spying is being done.
        If i was to slip a few dollars from someones pocket i would expect less punishment than if i was to go through a bunch of bags and steal all the money from them, just as someone who simply looks at some private information on a private computer would expect must less punishment that someone who came up with an automated method of spying on millions of people at once.
    • by jkrise ( 535370 ) on Wednesday April 11, 2007 @03:45AM (#18686389) Journal
      By definition, spyware is one that sends 'personally identifiable information' to a target server without the user's explicit consent. It is reliably established that Windows Genuine Advantage and so-called Critical Updates from Microsoft can be classified thus...

      Also data from 'crashed programs' etc.

      So why is the parent modded troll?

      • by gsslay ( 807818 ) on Wednesday April 11, 2007 @04:42AM (#18686577)
        By definition, a troll is a post that is principally designed to provoke argument without any real concern for the topic of the discussion.



        The article is clearly about people who write and distribute malicious programs for the criminal purpose of stealing information, and thereafter actual property and/or money. We can all complain about some aspects of Microsoft's software (yes, really), but its 'spying' is nothing like the same. Legislation may yet change their behaviour here, but suggesting they are in danger of prison is hyperbole.



        So introducing the subject is going to divert discussion off-topic, and either just another attempt at starting a fan-boy argument, or yet another boring round of Microsoft bashing.

        • Re: (Score:3, Insightful)

          by fishdan ( 569872 ) *
          Au contraire mon frere. Microsoft is on example of a company who LEGITIMATELY and ILLEGITIMATELY collects information. The nature of privacy is that you are in control of who knows what about you -- and even if you're doing "illegal" things, you should be free from "unreasonable searches."

          Now, even though Microsoft is not taking your information for malicious purposes (I'll concede that), they are violating your privacy by accumulating data on you. The question is, should what they do be considered illeg
        • We can all complain about some aspects of Microsoft's software (yes, really), but its 'spying' is nothing like the same.

          Most people don't really care about spy software. But of the ones that do, they care about as much about Microsoft grabbing their identity as they do about some hacker using their box for a botnet. Maybe more, because Microsoft undoubtedly shares all its data with Fedgov, not just Doubleclick.
      • You agreed to be spied on by microsoft. It's in the EULA, and is quite clear. That's why some of us only run MS products in a VM jail that has no network connectivity outside the local LAN. In a corp setting, all updates are done via a corp server and not directly via standard windows update.
      • Comment removed based on user account deletion
  • by timmarhy ( 659436 ) on Wednesday April 11, 2007 @02:46AM (#18686147)
    "kick someones ass on the first day and you'll be ok"
  • by Zadaz ( 950521 ) on Wednesday April 11, 2007 @02:47AM (#18686151)
    So how do you throw a corporation in prison again?

    • Re: (Score:3, Insightful)

      by karmatic ( 776420 )
      Since a corporation is (in fact) merely a collection of people, with a little legal trimming.

      Remove the trimming, and put the people in jail.
      • Remove the trimming, and put the people in jail.

        Who, the officers of the corporation?

        The shareholders?
        What about indirectly invested shareholders (like those who invest through a mutual fund)?

        The executives who decided to break the law? The peons who carried their instructions out, knowingly or unknowingly?

        Since a corporation is (in fact) merely a collection of people, with a little legal trimming.

        Not in fact -- in practice. In fact, a corporation is a separate legal entity. The people are incidental

    • Get the Russians to do it; hell, they could even throw ALL corporations in prison.
    • by asninn ( 1071320 ) on Wednesday April 11, 2007 @03:34AM (#18686355)
      Easy: throw the CEO in prison, or the board of directors, or other folks in upper management who're responsible for the crimes the company committed.

      FWIW, this seems like a good idea, too. I'm not a fan of prison terms in general, but I also think that they're quite good at deterring white-collar crime (fraud etc., as opposed to blue-collar crime where you actually have to get your hands dirty - armed robbery, battery, and so on). The problem with penalty fees is that they're paid by the company, not the individuals who're actually responsible - so even if worst comes to worst and if the company will go bankrupt, they'll just go and start another one.

      It's like punishing mafia hitmen but letting the actual dons go free - they'll just hire new hitmen and continue like before. But as soon as the directors of a spyware company are *personally* threatened with punishment for their deeds (and let's face it, it *is* upper management that is responsible for these things: the company does not have a life of its own that goes beyond the people working in/for it, and doesn't just decide to commit crimes on its own), most likely will stop and comply with the letter of the law, at least.
      • by sconeu ( 64226 )
        And let's start with Howard Stringer [wikipedia.org] as a thank-you for the Sony Rootkit.
      • Re: (Score:2, Insightful)

        Part of the benefit of being a corporation is that the actual people inside are shielded somewhat from the actions of the corporation. The corporation is its own person sometimes. A few things will actually land executives in jail or cause them personal penalties. For example, OFAC violations can cost the CEO some millions of dollars personally. But mainly it's the corporation that is in trouble and not necessarily the execs.

        I think a lot of people forget this fact when they think that corporations deserve
      • Seeing as corporate executives can literally get away with homicidal negligence [wikipedia.org] I wouldn't sit around too long waiting for criminal charges for spyware.
    • CEO/President is directly or indirectly responsible for employees that the corporation hires. Unless of course one employee went rogue and is defying corporate rules. ie, The corporate charter states that the software it sells must not contain spyware but employee defies it and does it anyways. That is only if the employee is not linked to the ceo in anyway. Witnesses could easily say CEO told the employee to do it. In which case, CEO is responsible.
    • by Anonymous Coward
      It will be a long time before it comes to that. The FTC can't even assess a decent fine [ftc.gov] for clear violations of existing spyware laws. Think about it, these guys got off with a measly $1.5m fine total after pocketing $6m to $10m for each of the four partners (see Ben Edelman's site [benedelman.org] for the details). They're laughing all the way to the bank. So forget about the risks of prison. Quite the contrary, start a spyware company and rake in millions.
    • We threw the Enron guy into prison. Its not unheard of.
    • You mean they couldn't find a large enough cage for the head monkey?
    • So how do you throw a corporation in prison again?

      You revoke its charter to operate for a period of time. Anybody caught trying to operate a suspended corporation is guilty of a felony.

      What's so hard about that?
  • I like this guy (Score:3, Insightful)

    by Talgrath ( 1061686 ) on Wednesday April 11, 2007 @02:51AM (#18686165)
    All I can say is that it is about damn time. I worked for a summer as a tech support agent and spyware caused us more headaches than anything else; and it results in stress, time lost and possibly even monetary loss for individuals with infected computers. The fact that spyware and malware writers can usually avoid punishment (particularly considering that many spyware and malware applications are used to steal people's identities) is simply ridiculous. Good on the senator, and I hope that spyware and malware writers get what is coming to them.
  • by chebucto ( 992517 ) on Wednesday April 11, 2007 @02:56AM (#18686195) Homepage
    This is a really good idea. Spyware makers are the worst in terms of computer crime.

    I remember, not too long ago, when pricks around the world wrote dialers for people with dial-up connections. Dialers, once installed, would route someone's call to their ISP through some insanely far-away place (usually pimples in the pacific) with insanely high long-distance costs. The people who wrote the software would then split the profits made from the long-distance call with the corrupt operator of the far-away places' phone company. The effect was to leave people out-of-pocket by a huge amount (hundreds or thousands of dollars). If the target got the long-distance charge removed by the local phone company, the local phone company would have to eat the charges.

    The point of the above is to underline the character of crimes committed: it's pure theft. Modern spyware either seals people's browsing habits or personal information, so it's a little less direct, but it's still a theft.

    I think spyware writers are more foul than virus writers: while virus writers do what they do for the technical thrill and bother a lot of people in the process, spyware writers do it just to get money.

    Their motives are base, their methods are underhanded, and they should go to jail.

    • by daterabytez ( 985178 ) on Wednesday April 11, 2007 @03:09AM (#18686239)

      I think spyware writers are more foul than virus writers: while virus writers do what they do for the technical thrill and bother a lot of people in the process, spyware writers do it just to get money.
      Actually, there was a time when this was probably true, but no longer. A great many viruses and exploits today, well over half, are purely for financial gains. The recent ANI exploit is just one example [bbc.co.uk].

      -Carl
    • You're on the right track here. Just ask spyware makers one simple question with two options:

      Would you like to go to federal "pound me in the @$$" prison?

      -> Yes
      -> I'm pretty sure I do, but first I just want a 90-day demo
  • Why only threathen? Why not send them directly to prison without passing Go and colleting 200...
    • Re: (Score:3, Insightful)

      Because, contrary to normal citizens, corporations still have rights.
    • Re:Threathen? (Score:4, Insightful)

      by Rocketship Underpant ( 804162 ) on Wednesday April 11, 2007 @06:17AM (#18687019)
      "Why only threathen?"

      Because this is Slashdot, where lately no one bothers paying attention to the article, or even the blurb (which is incorrect as usual anyway), and just tries to get their opinion in as quickly as possible for moderation.

      This William Kovacic dude is a bureaucrat for the FTC. He has no authority whatsoever to make laws or throw people in jail. All he can do is threaten, much like the drunk guy on the corner (except that he's more likely to get a Congressman to listen).

  • Yes!!! (Score:1, Funny)

    by Anonymous Coward
    One step closer to the death penalty!

    Maybe we can eventually even pass an amendment granting an exception to that whole 'cruel and usual' limitation.

  • What! (Score:5, Insightful)

    by dragonquest ( 1003473 ) on Wednesday April 11, 2007 @03:07AM (#18686225)
    So right, I hate spyware, adware, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the malicious code? And will there be a difference of punishment between individuals and corporations who make spyware? If a corp makes it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the corp, not necessarily prison. There cannot be a very fair system of deciding this since its a very grey area with no clear black and white lines. What some people think of as invasion of privacy could be regarded as a useful convenience by another. The best protection you could have is your common sense.
    • by Anonymous Coward
      How does it sound now when i substitute rape...

      So right, I hate rapists, molesters, and the likes. But sending people to jail may be a little on the heavy side. Reason being, who'll decide quantitatively about the severity of the rape? And will there be a difference of punishment between individuals and gangs who rape? If a gang does it, they'll be dragged to court resulting in a lengthy legal battle ultimately only resulting in financial loss of the gang, not necessarily prison. There cannot be a very fair
      • I was talking about the victim here. In case of some privacy intruding software, some people may find it annoying and some may see it as a useful addition. Like a cookie knowing your search history. However, take the case of rape, I doubt you'll find many victims who think of it as a useful convenience.
        • Re: (Score:1, Funny)

          by Anonymous Coward
          Some people like getting raped too, just like some people might like getting spyware. I think more people like being raped than like getting their computer completely fucked up though.
    • That's exactly the point. Someone steals 100$, he risks prison (or being beaten up if he is spoted by the victim). On the other hand, if a corporation steals millions from thousands of victims using malwares, should it be OK to simply fine them for a fraction of their benefit?
      One of the problem of modern capitalism is that corporations have more rights than average people and far less liabilities, so the best way to maximise shareholders gains is to act like a criminal. Anything that helps balance that is
    • I have no problem sending people to jail if they violate laws. That has been the trend these days with corporate criminals. Only problem is that spyware companies will just move abroad. So if you really want this to work you have to target the companies that do business with spyware companies. If an ad for your product pops up using software that is illegal you should be liable. "Oh your honor, we had no idea how that ad and landing page ended up there", would not cut it.
    • But sending people to jail may be a little on the heavy side

      Why? Effective punishment must be determined and fines aren't working. Prison seems like the last best choice.

      who'll decide quantitatively about the severity of the malicious code? And will there be a difference of punishment between individuals and corporations who make spyware?

      How about any malicious code is worthy of imprisonment? Seems reasonable to me. If the definitions seem unclear to you, maybe you should urge your political repres
    • who'll decide quantitatively about the severity of the malicious code?

      A court of law, just like always.

      Yeah, I'm not excited about the prospect either. But can you really come up with a better solution?

    • by Duhavid ( 677874 )
      In *every* crime, there are shades of grey, and a need to
      determine the severity of the issue. And then the
      punishment.

      Fraud is something that both corporations and individuals
      can engage in. Should we eliminate jail time for that also?
    • by iamacat ( 583406 )
      How about a 1 month jail sentence? It will not be that much on a heavy side, but will keep an average geek from doing it again and scare away others.

      As for corporations, current laws are screwed. Anyone with a few K in the pocket can start their own personal corporation to evade responsibility for their actions against hundreds of laws. If a corporation commits a crime, everyone responsible should be charged according to degree of their responsibility. Rank and file will probably avoid imprisonment by ratti
  • Has to be said (Score:5, Insightful)

    by Guppy06 ( 410832 ) on Wednesday April 11, 2007 @03:59AM (#18686447)
    /cough Sony /cough
  • that the internet is SERIOUS BUSINESS.
  • Do this! And make it international!
    Because our stupendously moronic german gouverment wants to use systems like this to spy on our home computers - in the war against terrrrrrorism, of course. Then we could finally dump these idiots into jail :-D
  • www.stopsign.con

    LOL
  • .. in order for this to work, they need a clear, concise definition of what Spyware is. As somebody else already said, it gets kind of murky when they have end user agreements which trick the user into agreeing to accept the spyware as a stipulation for using the program. Realistically, 3/4 of people don't sit there and read all the fine print in the end user agreement. If I wanted to legally get spyware onto somebody's computer, all I would have to do is make the end user agreement longer than a War and Pe
    • .. in order for this to work, they need a clear, concise definition of what Spyware is.

      Okay, here's a clear, concise way to code it into law:

      come ask me, and I'll tell you if it's spyware

  • by Dausha ( 546002 ) on Wednesday April 11, 2007 @06:10AM (#18686987) Homepage
    We need better fact checking here. Mark Pryor is the junior senator from Arkansas. The FTC official is William Kovacic.
  • "Breaking and entering" should be applied in those cases. I could not find a definitive internet resource on the sentencing on that matter, but people should receive at least 3 months in prison

  • It'll never fly (Score:4, Insightful)

    by DynaSoar ( 714234 ) * on Wednesday April 11, 2007 @06:33AM (#18687087) Journal
    My Dell computer calls home regularly. I didn't ask for this and I don't want it. Until my warranty expired I didn't dare remove it.

    I have to keep a copy of IE available because Firefox chokes on the tracking cookies MSNBC shoves at me. And still Zonealarm reports spyware being blocked from time to time.

    With this level of white collar participation, business will tell its entertainment branch, government, that this is all perfectly legal. The FTC people are great, and more power to them, but nobody is going to go to jail over it.

    On the other hand, I get spyware blocking reports from Zonealarm when I use a couple of well known bittorrent sites. Now THEY should be afraid. They don't own any congresscritters.
    • Re: (Score:1, Funny)

      by Anonymous Coward
      You can't own congresscritters -- they have moral standards. You can only rent them. Pray that no one else rents them at a higher rate at the same time.
      • A.C. sez:

        "You can't own congresscritters -- they have moral standards. You can only rent them. Pray that no one else rents them at a higher rate at the same time."

        I stand corrected. Perhaps if I kneel under their desk corrected I could get a few extra points with them. Nah, I'm an adult.

        Moral standards? "WAAAAAAAAH?!" -- Jon Stewart

  • I'd rather the jail system reserve the cells for violent criminals, like murderers or rapists. Put the spyware distributors under house arrest (with the ankle bracelet) and forbid them from having a computer or any other device that can access the Internet (no cell phone with web access, no game system, etc.) in their house or from working with computers or Internet-capable devices for the duration of the house arrest. The courts can determine what's allowed and what's forbidden. Any violations nets the
    • So his buddy can bring him a little laptop computer and the offender can steal the idiot neighbor's unencrypted wireless to do his dirty work from the comfort of his home. Good idea.
  • Overseas. (Score:1, Insightful)

    by Anonymous Coward
    Won't have any effect whatsoever on overseas operations.
  • "freedom is withdrawn" ... interesting euphemism...
  • by HTH NE1 ( 675604 ) on Wednesday April 11, 2007 @11:24AM (#18690709)

    Federal regulator Mark Pryor, in a Senate Commerce Committee hearing, has stated that spyware distributors should face harsher penalties than fees.
    Spyware has regulatory fees? Well there's your problem right there! Fees condone; fines penalize.
  • Seriously, I spend enough time cleaning out that Winfixer, Vundo, W32.spybot, SpyAxe, and AIM virus infections from college student computers at work. While thats job security for me I'd rather see the people that make this crap hang for all the frustration, down time, and expense these things cause.
  • This is the Internet we're talking about, right?

    So you get an IP address and this means exactly what? You call up the ISP and ask for information about this but the response is "we destroy all logs". Assuming you can get law enforcement involved or file a civil suit you might be able to get the ISP a subpoena. Of course, you find out they were lying about not having logs and they can indeed tell you what account had that IP address at the given time.

    You have your culprit, right? Wrong - the account hold
    • by garyok ( 218493 )

      I don't see any enforcement being possible at all.

      The WTO - make it part of the treaty obligations of the Most Favoured Nations that they co-operate in the prosecution of internet-related crimes next time there's a round of negotiations. If they want to play in the US market they'll sign up no problem. Yeah, the US will have to grant some concessions and open up a few more market a bit but there's no shortage of US bucks for Taiwanese ICs or Chinese DVD players. Then it becomes part of the signatory's laws and, when a complaint is made to one treaty sig

  • Few people like malware writers or spammers. A television show or pay-per-view event about hunting down virus writers and spammers might get good ratings and recoup some expenses from the television rights. :)

    I can see it now:

    Announcer 1 (Ed): "Well Bob last weeks episode of Hunting Cybercrime was in Dallas and what a show it was. The Dalls PD went to town on that spammer! I guess they don't like having Viagra spams in their inbox any more than the rest of us."

    Announcer 2 (Bob) "Indeed Ed, but this weeks l

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...