Tuesday, April 04, 2006

Spy(ware) vs. Spy(ware)

Isaac Scarborough, of Chapell & Associates, wrote about the Workshop on Spyware that convened recently at the Information Law Institute at New York University.

I wasn’t able to attend the workshop, but I have a strong interest in the subject: one of my clients is beleaguered adware vendor Direct Revenue.

Scarborough chronicles one of the workshop’s panel discussions on what to do about spyware and commented that the discussion wasn’t as much about what spyware is as it was about how to stop it.

The obvious problem with this approach, however, is found in the lack of a broadly accepted definition of spyware. Scarborough mentions that panel moderator, NYU Law professor Harry First, joked about the "malleability" of the language used to describe spyware.

But that malleability is precisely what is at the heart of the adware/spyware debate.

The American Heritage Dictionary defines spy thusly:

Noun: (spī) Inflected forms: pl. spies (spīz)
1. An agent employed by a state to obtain secret information, especially of a military nature, concerning its potential or actual enemies. 2. One employed by a company to obtain confidential information about its competitors. 3. One who secretly keeps watch on another or others. 4. An act of spying.

It would follow, logically then, that spyware would be defined as some type of software or device that obtains secret information. Keyloggers, Trojan horses, dialers and other means of collecting an individual’s personal information clearly fall within that definition. Adware, however, is where the lines get blurry.

Ad serving applications that merely show a few pop-ups per day, usually in exchange for the privilege of using some free software product, typically don’t fall under this category. Rogue distributors of adware may well exploit browser security vulnerabilities to illegally upload bundles of adware in order to engage in click fraud – often resulting in serious performance degradation and a debilitating deluge of pops – but the problem has nothing to do with spying.

Some “advocates” take advantage of the lack of a clear definition of the term spyware to whip up fear and foment negative emotion. Meanwhile, organizations intent on tapping into the lucrative online marketing industry through the use of behavioral marketing and ad serving technology are hampered by the stigma associated with their craft.

Observation: To be clear, unauthorized/non-consensual downloads cannot be allowed to happen without some form of retribution, and illegal activity must be punished appropriately, but until the industry adopts and supports clear definitions for spyware and adware, no one (but the lawyers and fear-mongers) will win. Defining the issue in clear terms, and aggressively defending those terms by calling out misrepresentation of the problem to suit the needs of any particular entity, is the first step in confronting the illegality and dangers of spyware.


Post a Comment

Links to this post:

Create a Link

<< Home