Legislature(2005 - 2006)BELTZ 211
03/22/2005 01:30 PM Senate LABOR & COMMERCE
| Audio | Topic |
|---|---|
| Start | |
| SB140 | |
| SB137 | |
| SB130 | |
| Adjourn |
* first hearing in first committee of referral
+ teleconferenced
= bill was previously heard/scheduled
+ teleconferenced
= bill was previously heard/scheduled
| *+ | SB 137 | TELECONFERENCED | |
| *+ | SB 140 | TELECONFERENCED | |
| += | SB 130 | TELECONFERENCED | |
SB 140-BAN INTERNET SPYWARE
CHAIR CON BUNDE announced SB 140 to be up for consideration.
SENATOR THERRIAULT, sponsor of SB 140, gave a short introduction
before presenting a slide show.
I've introduced SB 140 to accomplish two main
objectives. The first is to send a message to computer
invaders that it will be illegal in Alaska to conduct
certain practices involving the injection of unwanted
and malicious programs into computers. The second
objective is to heighten through the legislative
process both the awareness of the magnitude of the
spyware problem and how to deal with it in the most
cost-effective and time-efficient manner.... We have
through research made contact with a nationally
recognized expert [Ben Edelman] who has worked with us
in drafting SB 140....
Virtually every branch of local and state governments have
spyware problems. The cost of protecting private citizens from
spyware is $21 billion nationally. This is based on the
estimated three to six minutes each day people use to clean or
otherwise deal with unwanted programs that affect their
computers. The challenge is to keep the legislation targeted at
unscrupulous and malicious sources without making it so broad
that it will damage legitimate uses of computer programs.
SENATOR THERRIAULT said that SB 140 is broadly based on the Utah
model with some features of the California version worked in. It
may be difficult to prosecute those who ply their invasive
practices in Alaska, but the magnitude of the problem moved him
to declare such activities illegal so that legal recourse is
available to those who wish to pursue the violators.
CURTIS CLOTHIER, Manager, Data Processing, Legislative Affairs,
narrated a presentation called "Spyware 101."
1:42:13 PM
He explained that spyware is software that collects personal
information or makes changes on your computer without your
knowledge or consent. Sometimes it's accompanied by an Addware
program that launches customized advertising. Spyware is
relatively new; the first document case being in early 2000. But
it started to hit radar screens in 2003 when a study indicated
that two out of 100 support calls to help desks were related to
spyware. Now it is estimated to be two out of five calls.
1:44:18 PM
CHAIR BUNDE asked if anti-virus programs would help.
MR. CLOTHIER answered no; virus guards usually check only for
viruses. Spyware usually makes its way through the Web browser.
Most virus guards are aimed at Email or viruses that are already
on a computer in files.
1:45:26 PM
He described ways spyware can get on a computer - generally by
installation of an application that is free with the end-user
license agreement too long. It generally causes a computer to
slow down or crash.
1:46:54 PM
Spyware doesn't necessarily collect bad information. Some
computers have it preloaded and it gives manufacturers
information about a computer's health. The customer is generally
informed, however. Other software has a free version and a paid
version. The free version includes advertising. "It's the
knowledge and consent thing, which I think is really critical in
loading software."
1:47:41 PM
Once spyware is on a computer, it requires a call to a technical
support person who can run several different programs, but that
is not always successful.
1:48:25 PM
MR. CLOTHIER said that despite his division's best efforts, the
legislature gets on average four to five machines a week that
are infected with spyware - each taking as much as several hours
to fix. He said that, "Spyware prevention and removal now takes
up more of our time than virus and spam issues."
He said there isn't any one good solution to the problem. He is
trying to focus on educating his customers. He tells them not to
click on advertisements to download software. Programs are being
developed, but they cost money. All indicators lead him to
believe it will be a problem well into the future.
1:51:47 PM
CHAIR BUNDE asked how enforcement would work.
MR. CLOTHIER replied that programs can trace things, but that in
the vast majority of cases, people are covering their tracks
pretty well. Many times they have moved on from a physical
location by the time they are found.
CHAIR BUNDE asked if this law were passed, would legitimate
vendors have to stop their activity while the serious criminals
would still be operating.
MR. CLOTHIER replied that license agreements are made difficult
on purpose and he was sure vendors could do a better job of
making it clear what they are intending to do with free
software. "Certainly, it's such a mess right now that no one
reads and people who aren't really savvy to the technology, just
say yes to everything and trap themselves."
CHAIR BUNDE remarked, "We need to protect people from themselves
a little bit - sort of like a seat belt law."
1:53:50 PM
BENJAMIN EDELMAN, PhD. student at Harvard University, said he is
a independent researcher testing spyware in his lab. It has
become quite a serious problem. Some do bona fide spying by
tracking purchases and credit cards, but others track your
Websites to find out which ones you like to visit and have pop
ups - generally with offers from competitors of the sites asked
for. There is nothing legitimate with putting yourself out there
as Hertz when you are Budget.
Hard enforcement is needed, because stealing credit cards is
already against the law. There is no clear benefit to passing
another law that would continue to be broken. Pop ups need to be
addressed, because some people think it is a grey area - as in
the Hertz/Budget scenario. It creates troubling economic
incentives where everyone and his brother wants to sneak on to
your computer with a pop up ad.
SB 140 focuses on pop up ads. It says it's not a legitimate
business practice to show a user an ad for one company when the
user asked for that company's competitor or for some other site
by domain name.
So, if I picked up my cell phone and I called 1-800-
American, trying to reach American Airlines, that
wouldn't be legitimate for Sprint to connect me to
United instead - even if United offered a nice
advertising fee to my cell phone company. That's not
fair competition....
Courts have gone both ways, but this bill makes it very clear
that it can't be done in Alaska.
1:59:41 PM
California passed a bill last year that names about a dozen
specific tactics that are absolutely abominable - like using one
person's computer as part of an attack against another computer.
They named a lot of behaviors that are problematic, but he
thought it was ultimately ineffective because the outrageous
tactics are not the ones that are used by the biggest companies
trying to sneak on to users' computers.
2:02:10 PM
Utah's governor signed a bill into law on which SB 140 is
modeled. He emphasized that constitutional issues need to be
looked at. Critics of bills like this might suggest granting
extra protection to trademark holders and that would, in turn,
be bad for consumers. This would suggest that Hertz has a right
to have their site displayed on screen and Budget can't
interfere with that. That is giving a windfall to Hertz.
He thought it was important to think through who exactly is
being harmed and who is being benefited.
It seems to me that users are receiving the brunt of
the benefit.... When a user types in Hertz.com, it's
quite clear the user wants Hertz. The user does not
want 10 different pop up ads for 10 different
competitors....
He was surprised at the number of software companies that
objected to the state of Utah passing any bill having to do with
soft ware. They thought they should be exempt from any
government regulation, especially from any state regulation.
"That seems entirely wrong to me. People who make products have
to comply with laws in all 50 states...."
MR. EDELMAN said that enforcement is difficult especially if the
companies are offshore, but the people who are doing the biggest
harm are big companies. Gator, a big spyware firm, is talking
about going public. Other spyware companies are big firms with
lobbyists and lawyers.
These are folks we can get to and to the extent that
they have big companies advertising with them, Budget
Car Rental or Expedia or you name it, we can get to
their advertisers, too. It is not impossible to find
these folks....
2:06:36 PM
SB 140 has two different ways to identify spyware - one is to
ask the user if he is an Alaskan resident and the other is for
the computer's IP address to indicate it's an Alaska address.
2:08:26 PM
Chair Bunde asked Senator Therriault if he knew of any
opposition to this bill from companies in Alaska.
SENATOR THERRIAULT replied that he had not heard of any
opposition. He thought the committee might ask for the
difference between a cookie and spyware.
CHAIR BUNDE asked if a cookie is a form of spyware.
MR. EDELMAN replied that it isn't a form of spyware. It is a
data file that a Website can place on a person's computer so
that it can store information, like a password. They do not slow
down a computer, make it crash or send your information anywhere
else. They don't cause problems. There is no need to talk about
cookies in a spyware bill.
SENATOR DAVIS asked what Mr. Edelman thought about this
particular bill.
MR. EDELMAN said he thinks it is a strong bill; it makes
specific people and entities accountable. It has a clear plan
for enforcement - by private parties under existing statutes
pertaining to unfair competition and consumer protection. Some
legislation in other states places the burden on the state to
hire investigators and lawyers to figure out who the spyware
purveyors are. The harm is actual and targets a lot of people;
it is a grey problem and courts haven't handled it consistently.
CHAIR BUNDE thanked him for his testimony and said SB 140 would
be addressed again on Thursday.
| Document Name | Date/Time | Subjects |
|---|