» » » » » » User consent and legality of spyware

User consent and legality of spyware

Gaining unauthorized access to a computer is illegal, under computer crime laws such as the United States Computer Fraud and Abuse Act. Since the owners of computers infected with spyware generally claim that they never authorized the installation, a prima facie reading would suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the authors of other malware programs, such as viruses. Nonetheless, few prosecutions of writers of spyware have occurred, and many such producers operate openly as aboveboard businesses. Some have, however, faced lawsuits.

Spyware producers primarily argue in defense of the legality of their acts that, contrary to the users’ claims, users do in fact give consent to the installation of their spyware. Spyware that comes bundled with shareware applications may appear, for instance, described in the legalese text of an end-user license agreement (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria claim that these demonstrate that users have consented to the installation of their software.

Despite the ubiquity of EULAs and of clickwrap agreements, relatively little case law has resulted from their use. It has been established in most common law jurisdictions that a clickwrap agreements can be a binding contract in certain circumstances. This does not however mean that every clickwrap agreement is a contract or that every term in a clickwrap contract is enforceable. It seems highly likely that many of the purported contract terms presented in clickwrap agreements would be dismissed in most jurisdictions as being contrary to public policy. Many spyware clickwrap agreements appear intentionally ambiguous and excessive in length, with key contract terms made inconspicuous. These are all grounds on which similar agreements have been rejected as contracts of adhesion.

Nor can a contract possibly exist in the case of spyware installed by surreptitious means, such as in a drive-by download where the user receives no opportunity to either agree to or refuse the contract terms.

Some jurisdictions, including the U.S. states of Iowa [1] and Washington [2], have passed laws criminalizing some forms of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.

New York Attorney General Eliot Spitzer has pursued spyware companies for fraudulent installation of software. [9] In a suit brought in 2005 by Spitzer, the California firm Intermix Media, Inc. ended up settling by agreeing to pay $7.5 million and to stop distributing spyware. Intermix’s spyware spread via drive-by download, and deliberately installed itself in ways that made it difficult to remove. [1]

Another spyware behavior has attracted lawsuits: the replacement of Web advertisements. In June 2002, a number of large Web publishers sued Claria for replacing advertisements, but settled out of court. Other spyware apart from Claria’s also replaces advertisements, thus diverting revenue from the ad-bearing Web site to the spyware author.

One legal issue not yet pursued involves whether courts can hold advertisers responsible for spyware which displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, the advertised company contracts with an advertising agency, which in turn contracts with an online subcontractor who gets paid by the number of “impressions” or appearances of the advertisement. Some major firms such as Dell Computer and Mercedes-Benz have “fired” advertising agencies which have run their ads in spyware. [2]

In a sort of turnabout, a few spyware companies have threatened websites which have posted descriptions of their products. In 2003, Gator (now known as Claria) filed suit against the website PC Pitstop for describing the Gator program as “spyware”. [3] PC Pitstop settled, agreeing not to use the word “spyware”, but continues to publish descriptions of the harmful behavior of the Gator/Claria software. [3]

References

  1. Gormley, Michael. “Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general”. Yahoo! News. June 15, 2005.
  2. Gormley, Michael. “Major advertisers caught in spyware net”. Business Week. June 24, 2005.
  3. Festa, Paul. “See you later, anti-Gators?”. News.com. October 22, 2003.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Leave a Reply

Your email address will not be published. Required fields are marked *