Tuesday, November 07, 2006

You've Got To Define It Before You Can Fine It

Today, over at Revenews, Peter Figueredo posted a brief comment on the Federal Trade Commission's recent $3 million settlement with adware company Zango.

Albeit briefly, Peter points out the need for a clear definition of the term "spyware." I agree - wholeheartedly.

Depending on how you define it, spyware runs the gamut from innocuous to annoying to criminal. As a word, it is highly evocative and can be used to stir fear and create bias among certain audiences. As a communications consultant I appreciate the strategy behind using words to achieve certain objectives, but I also believe that -- in the long run -- truth is the most effective tool in communicator's chest. Exaggeration, obfuscation, and other means of distortion only serve to undermine the credibility of those who use them, no matter how noble the cause or intent.

Spyware is a serious problem. Devious individuals with malicious intent have become highly skilled at exploiting security vulnerabilities, including human ignorance, to plant nasty code on computers. When that code is designed to steal information such as passwords, account information, PII, and more, then use that information to steal money or commit fraud, that's serious business and represents an accurate depiction of what I believe spyware to be.

Law enforcement authorities and regulators need the power to deter and prosecute bad actors, but without a clear definition, it will be difficult to go after purveyors of spyware. Before you fine it, you've got to define it.

In April of 2004 the FTC convened a workshop on spyware, one goal of which was to draft a standard definition for the term. According to the workshop's transcript, it was lively discussion, but 30 months later we are still no closer to that goal.

If the industry doesn't do it, and soon, the issue will be decided through the courts by the team with the most persuasive lawyers. If that happens, no one will be happy.


Post a Comment

<< Home