Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week. Click Here for Free Sign-up Read E-letter Archive
By David McGuire washingtonpost.com Staff Writer
Monday, April 19, 2004; 7:00 PM
Federal regulators and the business community "still have a little bit of homework to do" before deciding on the best way to protect people from computer software that tracks their Web-surfing habits, a top U.S. consumer protection official said today.
Speaking today at a Federal Trade Commission workshop, Commissioner Mozelle Thompson said it is too early for Congress and the states to pass laws to ban "spyware." Instead, he said, technology businesses should teach consumers how to avoid falling victim to identity theft scams and other dangers that spyware poses.
"There are some kinds of practices that we may consider unfair or deceptive that we already have existing power to pursue," said Thompson, referring to laws against consumer fraud and identity theft.
Spyware is a catch-all term for hundreds of computer programs that can track what computer users do online. The most innocuous versions, known as "adware," serve up advertisements on people's computer screens. Other, more dangerous programs record what people type on their keyboards and relay the information back to their authors, transmitting sensitive data such as credit card numbers and passwords.
People usually download it onto their computers unwittingly when they download music file-sharing programs, games, instant messaging buddy icons or other free software. People often consent to receive it by clicking on multi-page user agreements without reading the fine print.
Internet security firm McAfee today reported that the number of "potentially unwanted programs" on its customers' computers grew from 643,000 in September 2003 to more than 2.5 million this March.
In a survey released earlier this month by Internet service provider Earthlink and privacy firm Webroot Software, the companies found close to 30 million spyware programs on more than 1 million computers in a three-month period -- nearly 28 programs for every computer.
While acknowledging the need to protect Internet users against scam artists, hackers and other online criminals, the technology industry worries that carelessly written legislation to outlaw spyware also could accidentally ban legitimate software, said Microsoft Vice President Brian Arbogast.
For example, programs like Windows Update help computer users keep their operating systems current and safe from electronic attacks by automatically sending them software updates through the Internet in much the same way that spyware programs download unwanted advertising.
"We would be concerned if [our programs] were ever to be bucketed with deceptive software," Arbogast said.