Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Obama Looks for Talent in Securing Web Site | Main | AT&T Laptop Theft - Physician Heal Thyself? »

Searching for Legal Definition of Spyware

Lawmakers face a problem when trying to come up with better legislation to counter the use of spyware: they have to define it.

The U.S. Federal Trade Commission is arguing for passage of the Counter Spy Act which would allow for greater penalties for spyware use. From The Register:

"It has been the agency's experience in spyware cases, however, that restitution or disgorgement may not be appropriate or sufficient remedies because consumers often have not purchased a product or service from defendants, the harm to consumers may be difficult to quantify, or the defendants' profits may be slim or difficult to calculate with certainty," she wrote in prepared comments (PDF) submitted on Wednesday. "In such cases, a civil penalty may be the most appropriate remedy and serve as a strong deterrent."

The problem is that legislators need a reasonable definition of spyware and if they base that definition on the form or structure of the malware instead of the function, then the spyware writes craft their code to avoid the legal definition of spyware.

As noted by Maxim Weinstein, manager of StopBadware,


"StopBadware.org has changed its badware guidelines multiple times in just two and a half years, due to ongoing changes in technology and badware practices, as well as an ongoing desire to make sure that we're 'getting it right',"

Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on June 13, 2008 8:48 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/759

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net