Friday, October 22, 2021

Is Spyware Illegal Under Existing Laws?

The fact that Eliot Spitzer, the attorney general of New York State, filed suit
last month against an alleged spyware company has been widely reported. But what
everyone seems to have missed in these reports is how Spitzer’s case managed to
get to
court — despite the fact that New York has no actual law against spyware.

The answer to that question, I believe, is incredibly important to everyone who
uses software and suffers from the threat of spyware. In a nutshell, Spitzer is
saying he doesn’t need a state antispyware law to take action against spyware
promoters. This class of computer program is already illegal under existing laws, it seems.

Let’s look at the implications of this and how it may allow
prosecutions of spyware makers in other places.

Using Business Law To Stop Spyware

The attorney general’s suit was filed in the supreme court of New York County
against Intermix Media Inc., a Los Angeles-based software company. According to
the complaint, Intermix’s software is in violation of the following
well-established sections of New York law:

Deceptive acts and practices.

When Internet users installed screen savers from Intermix’s more than 40 Web
sites, adware programs such as KeenValue were quietly installed at the same
time. Intermix made this spyware hard for users to remove, omitting an uninstall
program and reinstalling the spyware if users tried to delete its files. This is
prohibited by New York’s law against “deceptive acts and practices”;

False advertising.
To encourage Internet users to download Intermix’s software, the company made
claims on its sites such as “Free from spyware.” New York law prohibits “false
advertising in the conduct of any business, trade, or commerce”;

Trespass to chattels.

This claim is perhaps the most interesting. “Chattels” means someone’s personal
property that is movable, such as a computer (but not land or buildings). New
York law prohibits “the intentional intermeddling with a chattel” that results
in “the deprivation of the chattel or impairment of the condition, quality or
usefulness of the chattel.” Even slowing a computer system down, as spyware
almost always does, would seem to fall into this definition of trespass, if a
user had not consented to it.

“Intermix does not promote or condone spyware, and remains committed to putting this legacy issue behind it as soon as practicable,” the company
said in a statement quoted by eWeek. “Many of
the practices being challenged were instituted under prior leadership, and
Intermix has been voluntarily and proactively improving these applications for
some time,” according to Christopher Lipp, Intermix’s senior vice president and
general counsel. 

Getting To The Heart Of The Matter

Spitzer’s lawsuit is a sign that software companies might finally lose the
ability to put an unlimited set of conditions into end-user license agreements
(EULAs) and expect those conditions to be enforceable in court.

“Intermix either fails to disclose these additional [spyware] programs in any
manner, or hides mention of them deep within lengthy, legalistic license
agreements,” the attorney general’s complaint states. In one case, the disclosure
“occurred on the fourth page of a long
license agreement, under the vague heading ‘Additional Information,’ ” the suit says.

It’s become very common for software companies to make users click “OK” to long
licenses, some of which have very one-sided provisions. If Spitzer’s suit is
successful, it could begin a welcome trend for companies that buy software.
Purchasers might eventually be freed of some EULA clauses that a court of law
would find “unconscionable” and therefore unenforceable. Some database
licenses that prohibit buyers from publishing benchmark test results come to
mind.

Are New Laws Needed Or Not?

Spitzer’s actions suggest that other jurisdictions could easily take action
against spyware vendors who’ve installed software surreptitiously on users’
computers. All U.S. states and most countries of the world must certainly have laws against deceptive trade practices.

A major barrier to the U.S. Congress passing a law against
spyware is the lack of an exact definition of it. Some software installation techniques could
be deceptive in some cases but perfectly fine if the computer user truly gave
informed consent.

It may turn out that more laws aren’t needed after all. What’s needed is for
more attorneys general to decide to enforce the laws on the books, even when
the trespassers are using a novel means of breaking and entering — the Internet.

The stakes are high. The New York attorney general alleges that Intermix quietly
installed spyware on 3 million computers in that state alone. Since the
applicable laws call for a fine of $500 per violation, the penalty could add up
to $1.5 billion. That should get the attention of a few
spyware makers.

New York’s complaint and its supporting affidavits are linked to from the attorney
general’s announcement

of the suit. Intermix Media may be found at Intermix.com.

Similar articles

Latest Articles