 |
 |
|
|
| |
|
TOP
5 STORIES OF THE MONTH
|
|
|
Public
Policy
FTC commissioner Mozelle Thompson issues a challenge
to industry: Work with us to solve the spyware problem.
»Learn
More
Leading
Edge
A new working group drafts a list of "devious and deceptive"
software practices in order to define spyware. »Learn
More
Editorial
Emily Hackett of the Internet Alliance argues that current
anti-spyware legislation is hastily crafted -- and ineffective.
»Learn
More
Best
Practices
Representatives of AOL and Webroot Software discuss
the anti-spyware solutions they are now offering consumers.
»Learn
More
Privacy
Resource
The Web site for the April 19 FTC spyware conference
contains helpful information on the topic. »Learn
More
Stay
Current!
Privacy events around the world and on the Web. »Learn
More
TRUSTe
Tech Tip
Improve your communication with TRUSTe by designating
a site coordinator on your staff. »Learn
More
Welcome
New Members
The newest Web sites to display the TRUSTe seal. »Learn
More
|
|
 |
|
| |
FTC Commissioner Issues a Challenge to Industry: Develop
Best Practices to Address Spyware
by Commissioner Mozelle W. Thompson
The
U.S. Federal Trade Commission (FTC) recently held a
one-day public workshop on the distribution and effects
of software commonly referred to as "spyware."
The term spyware commonly refers to software that essentially
monitors consumers' computing habits. As such, it necessarily
raises privacy issues. At the workshop, I issued a challenge
to industry to promptly develop a set of best practices
with respect to spyware. These best practices should
contain several critical elements, including meaningful
notice and choice so that consumers can make informed
decisions about whether they wish to deal with an online
business that uses monitoring software or partners with
companies that do.
I
also asked industry to develop a public campaign to
educate consumers and businesses about what spyware
is and how it operates. This public campaign should
also discuss the array of technological tools available
for consumer use.
Finally,
I called upon industry to establish a mechanism that
will allow businesses and consumers to maintain a continuing
dialogue concerning how government can take action against
those who do wrong and undermine consumer confidence
through misuse of spyware.
Some
members of Congress have called for spyware legislation.
I understand the desire to take action before the problems
associated with spyware grow worse and injure more consumers
and businesses. But I do not believe that legislation
is the answer at this time. Instead, we should
give industry an opportunity to respond to my challenge.
My experience at the FTC working on issues like online
privacy and spam tells me that, in approaching such
problems, any solution must at the very least be based
upon transparency, adequate notice, and consumer choice.
But
the opportunity to self-regulate will not last forever.
If industry's response is not timely or is inadequate,
a legislative approach might be appropriate. And any
such legislation should work in conjunction with existing
laws like the Federal Trade Commission Act, which allows
the commission to stop deceptive or unfair practices.
It
is my hope that TRUSTe members will take my challenge
seriously and act promptly to address the growing public
concern about the development and use of spyware.
Mozelle
W. Thompson is a commissioner on the U.S. Federal Trade
Commission.
Editor's
note: Interested in joining with TRUSTe to rise to the
commissioner's challenge? Contact Fran Maier, executive
director of TRUSTe, at fmaier@truste.org.
|
|
|
 |
|
| |
Consumer Software Working Group Releases a Call for
Anti-Spyware Enforcement
by Ari Schwartz
Over
the past six months the Center
for Democracy and Technology has led a diverse
group of 25 companies and organizations, including TRUSTe,
in a discussion of consensus views around the contentious
issue of spyware. This Consumer Software Working Group
developed as its first document "Examples of Unfair,
Deceptive, or Devious Practices Involving Software,"
based on real practices encountered by consumers.
The
group broke the list of examples of objectionable practices
into three areas:
Hijacking.
"Hijacking" practices enable an unaffiliated
person to use the user's computer in a way that ordinarily
would not be expected. This may occur through an unnoticed
program consuming the user's computing resources or
resetting a user's existing configurations without the
user's knowledge, or through coercion or deception.
Surreptitious
surveillance. These practices involve intrusive,
surreptitious collection and use of personally identifiable
information about users that is wholly unrelated to
the purpose of the software as described to the consumer.
Inhibiting
termination. These practices frustrate consumers'
efforts to remove a program, deactivate it, or otherwise
render it inoperative, thereby terminating a relationship
with the provider of the program.
These
examples, released at the FTC Spyware Workshop in April,
are practices that the group believes, depending on
the particular circumstance, could be illegal under
current laws such as the Federal Trade Commission Act,
the Computer Fraud and Abuse Act, and the Electronic
Communications Privacy Act. In addition to federal laws,
many states have long-standing fraud statutes that would
allow state attorneys general to take action against
invasive or deceptive software. Yet most of these laws
are not being enforced, and consumers and businesses
alike are being harmed by the resulting abuses.
The
Consumer Software Working Group plans to continue tracking
bad practices, developing best practices, and interfacing
with policymakers on consensus discussions regarding
legislation. The full list of examples and the names
of the members of the working group can be found at
http://www.cdt.org/privacy/spyware/20040419cswg.pdf.
Ari
Schwartz is associate director of the Center for Democracy
and Technology. For more information, contact him at
(202) 637-9800.
|
|
|
 |
|
| |
It's a Mistake to Ban Spyware Without Figuring Out What
It Is
by Emily Hackett
Spyware
is the Internet's latest "dirty little secret."
No one knows exactly what it is, or does, but everyone
hates it and is sure it's bad. Broadly defined, spyware
is software that attaches itself to other programs in
a computer without the knowledge of the user. Spyware
raises legitimate privacy and security risks and can
keep consumers from reaching the Web sites they want
to visit. It disrupts normal functioning of software
programs and may cause computers to crash.
Not
surprisingly, spyware has been condemned by consumer
advocates and the Internet industry alike. Legislation
has been proposed in five states already this year,
and last month Utah became the first to define the technology
in statute and attempt to regulate it. But what did
the well-intentioned lawmakers in Salt Lake City ban?
- They
banned the ability of a public library, concerned
about the browsing or instant-message habits of minors
who use their facilities, from installing parental
control software to prevent children from accessing
porn sites or chat rooms where sexual predators lurk.
- The
instant-messaging products used by 80 million browsers
worldwide have been labeled spyware.
- Popular
eBay auction alerts that tell consumers when products
they have expressed an interest in are up for sale
have been banned, because they might cover another
company's advertising.
- Security
software designed to protect consumers and ISPs from
hackers and other attacks has been labeled spyware.
As
it stands, unfortunately, the Utah law seems to limit
consumers' choices, not broaden them.
These may all be unintended consequences of a well-meaning
law crafted by equally well-meaning legislators, but
they point out a fundamental problem lawmakers face
when dealing with the Internet. Legislation that attempts
to regulate the technology, as opposed to a practice
or behavior, is guaranteed to fail.
Just
a few years ago several states considered banning "cookies"
without fully understanding how critical they are to
the basic operation of the Internet. They soon found
that banning cookies would not protect a consumer's
privacy, but it would make the Internet unwieldy and
unusable.
Lawmakers
should stay away from piecemeal, quick-fix legislation
aimed at spyware. Industry has been working with the
U.S. Federal Trade Commission (FTC) and members of Congress
to explore technological and legal solutions to the
problem. Technology created this problem and will play
a significant role in solving it. Many Internet companies
are working right now on technologies that will protect
consumers from the egregious and debilitating aspects
of spyware (see examples of these technologies in the
"Best
Practices" section of this issue).
Undoubtedly,
there will be laws governing the practice and behavior
of companies using spyware. Lessons can be learned from
the spam debate that has raged in the states and the
Congress for the past five years. Thirty-six states
passed laws attempting to regulate and control spam.
Nevertheless, unwanted email continues to pile up in
consumers' mailboxes in record numbers each year despite
laws requiring spam labels and proposals to create do-not-spam
registries.
However,
states also passed fraud laws that gave prosecutors
and consumers tools with which to go after the real
cyber-criminals. These laws target illegal behavior,
not technology. Not surprisingly, Congress left these
state laws intact when it passed the Can Spam Act of
2003.
Emily
Hackett is executive director of the Internet
Alliance.
|
|
|
 |
|
| |
New Version of AOL to Combat Spyware
by Jules Polonetsky
An
upcoming software release from America
Online will add spyware protection to the
list of standard features for AOL's broadband and dial-up
Internet customers.
AOL
recognized the urgent need of its users for additional
protection through studies such as a June 2003 survey
of broadband users that AOL conducted in conjunction
with the National
Cyber Security Alliance. The findings showed
that 86 percent of the broadband users polled felt their
computer was "very" or "somewhat"
protected from online threats. Yet a scan of their hard
drives revealed that 91 percent of survey participants
had intrusion software (commonly called "spyware"
or "adware") on their home computers, much
of it placed there by music or file-sharing programs
without their knowledge.
As
Tatiana Gau, AOL's chief trust officer, concluded at
the time, "A basic broadband connection without
protection can be the equivalent of a high-speed sewage
pipe into the home, flooding it with viruses, porn,
spam, and hackers."
In
the coming weeks, the release of AOL Optimized software
will announce a new feature: AOL Spyware Protection.
AOL Spyware Protection will enable AOL users to scan
their computer hard drives for spyware or adware programs
and disable programs that it finds.
AOL's
strategy is to cast a wide net to let users know what
types of software are running on their machines and
to inform them how those applications could be used.
Some could be nefarious key loggers, some may be delivering
pop-ups, and others could be degrading the performance
of the user's computer. If users decide they want the
application, the tool will let them "unquarantine"
it. But if they don't recognize the application or are
concerned about the information it is transmitting,
one click will put it out of commission.
AOL's
new anti-spyware features will automatically scan members'
hard drives weekly, looking for software programs matching
those in a database of spyware and adware applications.
AOL members also will be able to scan their computer
at any time by clicking on an "AOL Spyware Protection"
icon on their computer desktop, or they can schedule
scans more frequently than once a week.
Jules
Polonetsky is vice president of integrity assurance
at America Online.
|
|
|
 |
|
| |
FTC
Spyware Workshop
The
April 19, 2004, FTC workshop on spyware brought together
representatives of government, industry, and consumer
advocacy groups to discuss this high-profile topic.
Speakers included FTC Commissioner Orson Swindle, Jeffrey
Friedberg of Microsoft, and Rep. Steven Urquhart of
the Utah State House of Representatives. The conference
Web site now offers visitors a full transcript of the
event, along with the panelists' visual presentations,
presenter bios, additional resources on spyware, and
public comment on the workshop.
|
|
|
 |
|
| |
TRUSTe-IAPP
'Privacy Futures' Conference
It's
not too late to make plans to attend TRUSTe and
the International
Association of Privacy Professionals'
"Privacy Futures" conference, the first
conference where privacy, marketing, and IT professionals
can explore the edges of privacy. Find out what
potential privacy advances and challenges the
future has in store, and learn how to leverage
trust to strengthen your brand.
Privacy
Futures will take place June 9-11, 2004, at the
Palace Hotel in San Francisco, bringing you the
following:
- Predictions
from respected technology and business futurists
to guide your business
- Advice
and case studies on cutting-edge privacy technologies
and tools
- A
window onto the privacy policy landscape of
California and the Pacific Rim
- Voices
of the future: a panel on what kids think of
privacy
- Networking
opportunities set against the San Francisco
skyline
Make
Privacy Futures your company's professional development
event for 2004. Bring the entire privacy team,
along with your marketing and legal professionals,
and develop a common background and vocabulary
for the privacy conversation in your organization.
Take deep dives with the experts into critical
challenging areas, access resources for all your
privacy questions and vendor needs, and stay ahead
of the legislative and regulatory curve.
For
more information on speakers, advance and on-site
registration, and sponsorship opportunities, please
visit the conference Web
site, or contact Carolyn Hodge, director
of marketing, at chodge@truste.org.
Privacy
Laws and Business 17th Annual International Conference
Location:
St. John's College, Cambridge, U.K.
Dates:
July 5-7, 2004
This
year's program, whose theme is "Integrating
Privacy Into Your Business Strategy," marks
the development of privacy and data protection
values as a key constituent of many organizations'
business strategies. Privacy values are vital
because they visibly influence the way that
organizations deal with customers, prospects,
employees, shareholders, and the media. Privacy
regulators will explain their compliance and
enforcement strategies. Participants will also
learn how to prevent privacy vulnerabilities,
develop a defensible legal position, and respond
effectively if problems occur. For more information,
visit www.privacylaws.com.
CAN-SPAM Webcast Series
Date:
10:00 a.m.-noon PDT every Tuesday, May 25-June
29, 2004
How
does the CAN-SPAM Act affect the legitimate
marketer? How can Weblogs and emerging technologies
such as RSS help enhance your email campaigns
and keep you in compliance with the act? DecisionCast's
CAN-SPAM Webcast, a free roundtable discussion
series, will help answer these questions. Participants
will hear from more than 20 speakers, including
Fran Maier, executive director of TRUSTe; Stephen
Cohen, senior attorney with the Federal Trade
Commission; and Chris Pirillo, founder of LockerGnome,
and will have the opportunity to ask questions
and participate in an online discussion. To
register, visit http://bittyurl.com/1u.
More
Knowledge Net Luncheons Coming to a City Near
You
Boston:
TBD
NYC: June 30
Washington, DC: July 12
Philadelphia: July 15
|
San
Francisco: July 21
Chicago: July 27
Baltimore: July 28 |
Due
to the success of the first round of Knowledge
Net Luncheons, which bring together members
of IAPP and TRUSTe to build local privacy communities,
IAPP and TRUSTe have scheduled a second round!
Watch your inbox for an email invitation to
join us for these free networking luncheons,
brought to you by the IAPP, TRUSTe, and Ernst
& Young. In the fall we plan to schedule
Knowledge Net events in even more cities. For
more information on these events, contact Krystal
Putman, marketing associate, at kputman@truste.org
or (415) 520-3421.
|
|
|
|
 |
|
| |
Tech Tip: Keep the lines of communication between TRUSTe
and your company open and responsive.
Communication
between TRUSTe and our members is very important --
not just during the certification process, but also
throughout the term of your license. Having a designated
site coordinator is a necessity, someone who can receive
guidance from your account manager in meeting TRUSTe's
program requirements and work with the compliance team
for Watchdog complaints or Watchfire scans.
Some
licensees have more than one person designated to work
with TRUSTe: One person may work with the account manager
to meet all of TRUSTe's program requirements, while
a different person is designated to address all Watchdog
complaints that TRUSTe receives from consumers. If more
than one person should be included in all communications
from TRUSTe, please indicate this and we will address
all issues to the proper contacts.
If
you, as a designated site coordinator, do not regularly
read your email regularly, or if you will be away from
your mailbox for a certain period, please let TRUSTe
know and we can coordinate with an alternate contact
in your absence.
Likewise,
please alert your account manager immediately if the
designated site coordinator changes so we can update
TRUSTe's records. This will greatly ease the transition
for both TRUSTe and your organization, and will prevent
escalation of issues due to nonresponsiveness.
By
keeping TRUSTe up to date with your company's current
contact information, we can be sure that all necessary
notices are properly addressed and all issues requiring
follow-up are dealt with properly and in a timely fashion.
--
Carlos Gil Jr., compliance analyst
|
|
|
 |
|
| |
TRUSTe would like to congratulate
the following new members on successfully completing
our certification process:
Advanced
Telecom Information Services, Allianz AG, Alter Your
Life LLC, American Paid Foundation, AMK Squared Enterprise,
BestBidding.com, eCRUSH.com, eDataGolf USA, Equity Media,
Emergency Debt Relief, Feldman's Furniture, Imangal.com,
MarketRange Inc., MedLink Corp., People Interactive
(India) Pvt. Ltd., POSpaper.com, Profit Systems Inc.,
Project 31, Rain and Hail LLC, RealPage Inc., Remithome
Corporation, Swyrich Corporation, Virtual Application
Partners, Xformx Inc.
|
|
|
 |
|
| |
Got Feedback?
We would like to hear what you
think of the TRUSTe
Advocate. Send an email with your
comments and suggestions to newsletter@truste.org.
TRUSTe
is an independent, nonprofit organization that administers
the Internet's first and largest privacy seal program.
685
Market Street, Suite 560
San Francisco, CA 94105
(415) 618-3400
Email: privacyseals@truste.org
Web: www.truste.org
|
|
|
 |
|
 |
|
