GPSolo Magazine - January/February 2006
Is Spyware Trespassing?
By Brett Burney
Spyware intentionally interferes with our normal computing lives; ergo someone must be held responsible. Once computer users realize that the incessant pop-ups, slowness, and modified web pages are the result of software that was installed on their computer without their knowledge or permission, they understandably get a little irritated.
The Federal Trade Commission defines spyware as software that is “installed on your computer without your consent . . . and monitors or controls your computer use.”
Spyware is actually a broad term that encompasses several malicious-sounding digital maladies such as adware, malware, and even some viruses.
Spyware can be harmless, consisting of nothing more than a web cookie. But things quickly get annoying when you see persistent pop-up boxes or your Internet browser starts acting erratic.
At the most extreme end, spyware will record all of your keystrokes and send other personal information over the Internet to some evil headquarters where the data is filtered for passwords or credit card numbers.
The common thread that weaves throughout all spyware, regardless of the menace, is that it is software that appears on your computer without your purposeful knowledge.
Many times, computer users are actually guilty of installing spyware on their own computers, but they probably were not aware of what they were doing. Spyware can be installed by opening an e-mail or by visiting a website to play a game. Spyware can also be installed when it “piggybacks” on legitimate applications such as file-sharing programs.
And because spyware can create a host of problems for your computer, such as slowness, pop-ups, and general quirkiness, there have been several attempts to prosecute those propagating spyware.
In April 2004, the U.S. House Subcommittee on Commerce, Trade, and Consumer Protection held hearings to determine if legislation was needed to ban downloads that occurred without a user’s clear permission.
Rep. Joe Barton of Texas likened spyware downloads to a person walking into his house without his permission. “I think we’d all agree that’s trespassing . . . so why is it OK to come into my computer in my house without my permission?”
One witness from Microsoft testified that legislation would infringe the development of new technologies, stating that some pop-ups and automatic downloads serve a useful purpose, such as the important security updates for Windows users.
Witnesses from the Federal Trade Commission and the Center for Democracy and Technology insisted that new legislation was not the answer—they proclaimed that existing laws were sufficient to prosecute spyware perpetrators.
Just exactly which existing laws they were referring to is a bit of a mystery, but an April 2005 suit by the New York State Attorney General’s office against a company called Intermix provides some excellent clues.
The suit described computer users who would visit Intermix websites and unknowingly download spyware when they thought they were only downloading screensavers or other web browser plug-ins. This spyware would install browser toolbars that linked to Intermix websites, redirect users to Intermix websites, hijack browser homepages, and install hidden programs that reported user activity back to Intermix.
The civil suit accused Intermix of violating a couple of New York State General Business Law provisions against false advertising and deceptive business practices. But the most interesting charge was the third one, brought under the common law tort of “trespass to chattels.”
Trespass to chattels occurs when a person intentionally uses or interferes with an object in the possession of another, and liability attaches when harm is caused. The suit claimed that the spyware from Intermix was intentionally interfering with the use of personal computers onto which the software was downloaded. Attorney General Eliot Spitzer cited that such spyware undermined the productivity of personal computers and even served as a “hindrance to the growth of e-commerce.”
Alas, Intermix settled the case for $7.5 million in June 2005, leaving the public to wonder if the trespass charge would have been successful. Spyware continues to run rampant, and one can only hope that a precedent will be established soon for appropriate punishment. Until then, individual users are on their own and should always employ a firewall and anti-spyware software to minimize any unauthorized installations or threats to their computer.
Brett Burney is the legal practice support coordinator at Thompson Hine, LLP, in Cleveland, Ohio. You can e-mail him at firstname.lastname@example.org