A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
(1) Coalition Forms to Tackle Spyware
(2) Anti-Spyware Coalition Proposes Standardized Definitions
(3) Next Steps for the Coalition and CDT
The world's largest anti-spyware companies have joined forces with Internet service providers and public interest groups to seek common solutions to the growing plague of unwanted programs clogging users' computers and detracting from the online experience. As its first objective, the Anti-Spyware Coalition is seeking to clear up the confusion over how to define spyware. In July, the group proposed an industry-wide definition of spyware, to lay the foundation for future anti-spyware efforts.
The spyware problem has risen to epidemic levels. An October 2004 study by America Online and the National Cyber Security Alliance found 85 percent of computers infected with spyware. To combat the problem, specialty players as well as some of the nation's largest technology companies are offering a range of tools designed to detect and block spyware. Although those tools are each extremely useful in their own way, the battle to control spyware has remained somewhat fragmented, hindered by a lack of coordination and communication among anti-spyware companies, software developers and consumers. One of the most glaring examples of that phenomenon has been widespread confusion over what sorts of technologies should and should not be defined as spyware. Though consumers and companies may share a vague common understanding of what sorts of technologies are unwanted, even minor semantic differences can confuse users and make it unnecessarily difficult to separate the good programs from the bad.
Coordinated by the Center for Democracy and Technology (CDT), the Anti-Spyware Coalition (ASC) comprises some of the largest, best known anti-spyware companies and Internet service providers in the world, as well as top academics and consumer groups.
The ASC is a consensus body in which each member has veto power over major decisions, including the release of public documents and the addition of new members. All of the members are committed to the fight against spyware and other potentially unwanted technologies, and are committed to working within the consensus structure to improve communication and coordination among themselves and with the public.
The Coalition is not a lobbying group and has taken no official stance on public policy proposals that address spyware. There are also no plans for the ASC to grant seals or certifications to either to anti-spyware vendors or software developers.
In the future, the ASC will continue its efforts to increase transparency and accuracy in detection of programs by anti-spyware software companies. The creation of best practices and risk modeling documents will further illuminate the process both for consumers and software companies.
The Anti-Spyware Coalition Web Site http://www.antispywarecoalition.org.
On July 12, 2005, the Anti-Spyware Coalition proposed a standardized definition of "spyware." The definition, which is open for public comment until August 12, is intended to serve as the foundation for a more unified approach to tackling the spyware problem. In addition to defining spyware, the coalition's first public document also offers uniform definitions of other commonly used terms like "adware" and "cookie," and offers tips for users to avoid downloading unwanted programs.
Once finalized after public input, the definitions contained in the ASC document will provide a common, industry-wide glossary for discussing potentially unwanted programs. The definitions should serve both the immediate need of clarifying public understanding of the spyware problem, and the longer-term goal of establishing industry best practices and risk modeling methods for addressing spyware on a more global level.
The definitions are not intended to erase the differences among anti-spyware products. Members of the coalition believe that the current anti-spyware market, fueled by an array of independently designed competing products, is one of the greatest assets consumers have in addressing spyware on their own terms. Individual and business users all have different needs and will be looking for different levels of protection from anti-spyware programs. The definitions will simply allow users to make decisions about which products best suit their needs with a clearer understanding of what those products do.
Beyond simply defining spyware, the ASC document includes a more detailed description of how essentially neutral technologies can cross the line into being labeled "spyware." The coalition discusses a series of technologies and the sorts of behaviors that make them potentially unwanted. Each underlying technology has potential positive and negative uses. The coalition's challenge was to draw lines between benign uses, and those that make a piece of technology potentially unwanted.
Though the definitions are the main element of the coalition document, another key component is an effort to streamline the contentious dispute resolution structure that exists between anti-spyware companies and software developers who claim their technologies have been unfairly blocked. As it stands, most anti-spyware companies have a dispute resolution process, but those processes vary from one company to another, which can often result in confusion, and worse, legal challenges by software developers complaining that their software has been unfairly identified as spyware. Though a standardized dispute resolution process won't end those disputes, it should reduce some of the confusion and contention surrounding the process, freeing anti-spyware companies to spend more time refining their products and less dealing with disputes.
The Anti-Spyware Coalition's draft "Spyware Definitions and Supporting Documents" are online at http://www.antispywarecoalition.org/definitions.pdf.
Comments can be submitted at http://www.antispywarecoalition.org/comments/.
Once the public comment period for the documents ends, the ASC will respond and make appropriate changes with the intent of releasing a final version in early autumn. Coalition members will consider all comments and include the most relevant in its final document. The ASC is committed to making the process as open as possible and hopes to continue to involve the public in refining and improving its recommendations.
The definitions are an important first step toward addressing a problem that's already done terrible damage -- not only to computers, but also to public perceptions about the safety and value of the Internet.
One of the next tasks before the coalition is developing risk models to better categorize potentially unwanted software. By rating the characteristics of unwanted software from the most intrusive and troubling to the most benign, risk models would help anti-spyware companies make clearer assessments of the specific concerns raised by specific pieces of unwanted software. Further down the road, the coalition hopes to work together to identify "best practices" in the anti-spyware arena.
In addition to its work coordinating the coalition, CDT continues to campaign against unwanted spyware through legislative, investigative and user education efforts. The solution to spyware will only come from successful combination of legislation, stricter enforcement of current laws, and technological solutions. CDT has been active on all of these fronts -- participating in the legislative process, filing of civil complaints with the Federal Trade Commission, and leading the ASC.