Has any progress been made in creating a more comprehensive definition?
It's hard to say. One person's definition tends to differ from someone else's. Some people find a cookie very intrusive, while some people don't find it problematic. But we're talking about the truly malicious stuff — keystroke loggers, software that can't be uninstalled, or programs that take down your system when you try to take them off.
It's really important to make sure that our case is heard in regard to spyware, what our firms are dealing with and how they're trying to protect consumers. Our job is engaging Congress as it is contemplating legislation and making sure that they're working with industry all the way.
We've seen some companies known as spyware sources trying to be more open about their business practices. How do you balance protecting these companies' rights with your efforts to protect consumers?
There are a variety of ways to approach this problem. We're working with the Centre for Democracy and Technology, which has pulled together a working group to examine this issue. And this effort includes not only the anti-spyware vendors, but also folks like ISPs and search engines, as well as consumer protection advocates. I think there is a need to look at this stuff in a comprehensive context.
So there is room for legal spyware, if you could call it that?
It has to be made clear to companies that if your software does certain things, then it is going to get blocked. It won't necessarily be easy to do this, but we need to make it clear to the adware people what sort of behaviour won't be tolerated.
Clearly, there are some adware companies out there that are trying to do this the right way. The effort isn't about demonising the entire adware industry; it's about trying to identify the players operating on the margins, who make things more complicated for everybody. Beyond that, you address the idea of criminalising the behaviour, and that's important too.
So, we need more complex regulations that define spyware and adware properly?
Yes. And there has to be a global context too. We're very interested in advocating for senate ratification of the Council of Europe's Convention on Cybercrime. That would help create a global framework for people to investigate and prosecute cybercriminals. If we look at Can-Spam, it was well intentioned, but it drove everyone overseas. And the Council of Europe's Convention will help us go after cybercriminals around the world.
Talkback
There's one thing to consider too. Many of the newer software products have a small clasue in the user agreement where it tells the user that it will install spyware, or "monitoring software" as they seem to call it.
I realize that one can choose to simply click no and refrain from installing the program, but is it not wrong that one has paid money to a company, for a product that you cant use? Especialy if it is a program that ahs no subscription fees. This means that the firms get theyre cash but people can use what they payed for.