For more information contact:
Alfred Frawley
afrawley@preti.com

Published Dec. 20, 2004 in MaineBiz

by Alfred C. Frawley

The U.S. House of Representatives voted on October 12, 2004 to approve legislation prohibiting “spyware,” an emerging device used in cyber-crime and intrusive attacks on PCs. Although most consumers remain ignorant about the serious threat of spyware, it is silently taking control of personal computers and threatens productivity and even confidentiality for many businesses. For web users both at home and at work, the recently passed SPY ACT (Securely Protect Yourself Against Cyber Trespass Act) is a step in the right direction for regaining control of violated personal privacy rights.

Spyware works against consumers and businesses in several ways. It is software that attaches itself to a PC hard drive or operating system, and is capable of collecting personal information by tracking web surfing habits and scanning hard drives for sensitive files. Web users, whether at home or at work, visit websites, stay long enough to read the contents of a page, and perhaps click on a graphic or link to view an enlarged image, or download free software. Spyware is often hidden in image files or piggybacked while downloading “free” programs. Meanwhile, spyware can go to work with an unrequested code it insinuates onto the hard drive.

IT security experts warn that employee web surfing is the leading cause of the proliferation of spyware in corporate networks. And for businesses, particularly those small enough to not have an IT department, the dangers of are even greater, as malicious spyware can steal passwords, sensitive information, and confidential corporate documents. It can also cause the PC to unknowingly allow others to copy private files, or may accidentally download materials protected by copyright laws, or pornography labeled as something else, leaving employees or business owners vulnerable to legal trouble.

Spyware also undermines customer relationships by gathering private information that is frequently used to display pop-up ads or to divert a user’s chosen web page to someone else’s – a trademark violation known as “unfair competition.” For example, Peet’s Coffee sells products online. While its customer is on the Peet’s web site, they place an order. Spyware views Peet’s customers’ web travel and now knows that they are interested in coffee. Peet’s hypothetical competitor, Greg’s Coffee, now has access to his customer’s interest in coffee and soon they are seeing Greg’s Coffee pop-up ads. In the most egregious situation, Greg’s Coffee is unlawfully suggesting a connection to the trademark “Peet’s Coffee” which confuses consumers and undermines the customer relationship Peet’s Coffee has established. Even in the most benign case, Peet’s Coffee is disadvantaged by potentially losing customers and revenue to Greg’s Coffee.

Privacy advocacy groups, trademark owners, IT departments and consumers began demanding action months ago to protect Internet users from spyware. The FTC has recently issued an alert warning consumers about privacy concerns related to file-swapping software and spyware. They advised consumers to:

• set up file-sharing software carefully, ensuring that no private files or folders are being shared
• consider using software that can prevent the downloading of spyware or help detect it on their hard drives
• close connections when finished using file-sharing software to avoid accidentally sharing files
• use and update antivirus software regularly.

Regulators at the federal and state levels proposed several pieces of legislation (including the recently passed SPY ACT that is now pending Senate approval) The SPY ACT requires a user's permission before downloading a program, and the sender must clearly state the software's purpose. It also prohibits hijacking of home pages, keystroke logging, and sending ads that cannot be closed by shutting down the computer.

You can monitor the legislative progress of spyware-related activity and legislation at http://www.topix.net/tech/spyware.  You may also consider filing a complaint with the National Advertising Division of the Better Business Bureau or contact the Attorney General’s Office.

Fred Frawley is a partner with the firm Preti Flaherty and the Chair of the Intellectual Property Practice Group. He may be reached at afrawley@preti.com.