Spyware – the ethics of covert
software
Mathias Klang
Synopsis & Presentation By: Jeremy Dobs
Overview









The Technology of Spyware
Legal Issues
Spyware Business Model
Privacy Theory
Market Solutions
Legislative Approach
Ethics of Spyware
Market vs. Legislative Solutions
Conclusions
The Technology of Spyware

What is Spyware?


Spyware is an agent technology or
software which is bundled with another
form of software
Collects information and returns that
information to the “information
gatherer”
The Technology of Spyware

Getting Spyware



Installed with larger software
packages. Typically with ‘freeware’
software
Mentioned in the End User License
Agreement (EULA)
Most users don’t want the
technology; however, it is included
without their explicit knowledge
The Technology of Spyware

There are three main attributes that
all spyware must have in order to
be considered spyware



Installation occurs without the explicit
knowledge or consent of the user
The software collects personal data
about the user and creates a unique ID
for that user
Uses the internet to transmit the data
back to the source
The Technology of Spyware




Comet Cursor
Provides new mouse-cursor look and feel
Secretly installs a GUID identifier and
tracks online browsing habits
Company is no longer in business
The Technology of Spyware

Kazaa and Altnet




File sharing service
Installs Altnet
Steals CPU resources
Distributed Network
The Technology of Spyware

Gator



An online behavioral marketing company
Gator is a digital wallet
 Stores information for later use
Installs OfferCompanion, which launches with
the Gator program
 Causes pop-up ads to appear onscreen
Legal Issues

Despite legal actions, the position of
spyware is unclear


Spyware, from a certain perspective, is
totally legal
The right to privacy is fundamental and
is protected in international
conventions
Legal Issues

Why is spyware ‘legal’?

EULA
Binds the user through liberal contract law
 User ‘consents’ to having the software
installed


We need to fundamentally reexamine contract law
Legal Issues

Shrinkwrap & Clickwrap



When you buy software, you enter into a
contract with the vendor
 Contract = You pay for the product
Documents are often included with the
software
 This is called shrinkwrap
 Somewhat binding obligations
During installation, more terms appear
 This is called clickwrap
 More binding than shrinkwrap
Legal Issues

Contract D’adhesion



A situation “in which one predominant
unilateral will dictates its law to an
undetermined multitude rather than to an
individual” (http://www.harp.org/mariner.htm,
119)
The multitudes have no ability to affect the
terms
The only way to stop it: don’t install the
software
Legal Issues

Courts have strengthened
shrinkwrap and clickwrap licenses


Places users in a weak position
Additionally, users know little legal
terms

Cannot defend themselves
Spyware Business Model


Software Manufacturers need
money
Users expect and demand free
software and services


There is a tendency to share and barter
intellectual property
“Barter” = Illegal exchange and piracy
Spyware Business Model

The desire for free software is
hurting software companies


Lost revenues
Software companies need a source
of income



Turn to marketing companies
Pay a sum to have their software
included
This is the source of spyware
Spyware Business Model

So, what do we have…





Users get free software
Software developers get the revenue they
need
Marketing companies get the information they
need
Therefore, spyware is not bad or evil
Certainly, this is over-simplifying the
problem
Privacy Theory

Unhappy users argue from a privacy
point of view

However, their position is weak
Need to prove their position exists and,
 Need to show that theirs is the worst
situation


There is no international consensus
here
Privacy Theory

Is there a right to privacy?

Yes?
Then, to what degree?
 Should privacy be limited, or expansive?

Privacy Theory

Privacy and Technology



The level of privacy stands in relation
to how well it can be invaded
Technology allows for more invasion
into personal privacy
Discussions focus on voluntary
privacy

Spyware is involuntary in most cases
and takes information without telling
the user
Privacy Theory

Privacy and Law


The amount of privacy is a function of
the laws of the time
This leaves us with contract law

Users left in a weak position
Market Solutions


One attempt to defeat spyware is
through market solutions
These include anti-spyware
programs




Spysweeper
Ad-aware
Spybot
Some are proprietary, some are free
Market Solutions

Some say this is the ultimate solution


However, there is another issue


Removes spyware programs permanently
Anti-spyware can damage legitimate business
interests and harm companies
The question: To what extend are antispyware companies liable for their
activities?
Market Solutions

Anti-Spyware: The Gatekeeper


Another hurdle software developers
must pass
Spyware companies are fighting
back


Some companies actually disable antispyware programs
This is again legitimized using the EULA
Legislative Approach



People turn to legislators for help
There have already been actions
taken
The “Spyware Control and Privacy
Protection Act of 2001” is an
American response to spyware


Manufacturers must be more open
Limits data transmission
Legislative Approach

However, ‘The Act’ may not go far
enough


No regulations on the actions of
spyware producers
European response

Classify data into two categories
Sensitive: Cannot be collected
 Non-sensitive: Fair game


What is sensitive data?
Legislative Approach

Problems with legislation



Concepts like spyware, user consent
are vague
Must obtain a balance of needs and
wants amongst all parties
Limited to the nations and locales
where the laws are passed
Ethics of Spyware

Two different views


Friedman’s: Corporations have a duty
to maximize profits and return gain to
the shareholders
Kantian View: View people as ends
unto themselves and not use them
merely as means

Using this principle, we conclude that
spyware is unethical
Ethics of Spyware

Spyware: A Necessary Evil?



Free software creates more utility than
the evil generated
Reinforced by the fact that there exists
software that can remove this problem
Growing number of anti-spyware
programs and user discontent
suggests most users believe
spwyare is wrong
Market vs. Legislative Solutions

What is the right way to go?

Use of anti-spyware software is a
market solution
User needs to be aware of the problem,
solution
 Needs access to the tools to remove the
spyware


However, most internet users are
unaware of the problem
Market vs. Legislative Solutions

What is the right way to go?

Regulation = Legislation

Problems



Takes time and a lot of effort
Not enough public debate on the issue
In the end, the problem resides
with the user, so the user is left to
the challenges of dealing with it
Conclusion

Privacy is the price we pay for our
infrastructure


The issue here is that many don’t even
realize the price they are paying
Not able to willingly enter into an
agreement
Conclusion

Alternatives to Spyware

Don’t use the software that it comes
with
Requires knowledge of the problem,
however
 May hurt the economics of free software


Eliminate the problem with market
solutions

Again, requires knowledge of the problem
Conclusion

Alternatives to Spyware

Legislative regulation


Difficult to enforce local laws when
dealing with a global problem
There needs to be more public
debate among the concerned
individuals

Without public debate, we will never
achieve a balance between technology
and the needs of society
Questions?