FTC Testimony Insists on Harsher Penalties for Spyware Distributors

Current enforcement options are not appropriate or sufficient remedies to deter spyware distributors.

by / June 18, 2008

The Federal Trade Commission told the Senate Committee on Commerce, Science, and Transportation that "legislation authorizing the Commission to seek civil penalties in spyware cases could add a potent remedy to those otherwise available to the Commission." In testimony to the Committee, Eileen Harrington, deputy director of the FTC's Bureau of Consumer Protection, said that when other enforcement options -- seeking consumer redress or making the operators give up their ill-gotten gains -- are not appropriate or sufficient remedies to deter spyware distributors, "a civil penalty may be the most appropriate remedy and serve as a strong deterrent." The testimony states that the agency supports legislation that would provide "the Commission this valuable law enforcement tool."

The testimony notes that while it is often challenging to locate and apprehend perpetrators who plant spyware on consumers' computers, the FTC has "successfully challenged the distribution of spyware that causes injury to consumers online," initiating 11 spyware-related law enforcement actions since 2004.

The testimony states that the Commission's law enforcement cases targeting spyware reaffirm three key principles.

"The first is that a consumer's computer belongs to him or her, not to the software distributor, and it must be the consumer's choice whether or not to install software. This principle reflects the basic common-sense notion that Internet businesses are not free to help themselves to the resources of a consumer's computer," the testimony says. Several FTC cases alleged that the defendants downloaded spyware onto computers without consumers' knowledge or consent.

The second principle holds that individuals who download spyware cannot bury disclosures of material information needed to correct otherwise misleading impressions. "Specifically, burying material information in an End User license Agreement will not shield a spyware purveyor ... "the testimony states. It notes that in two FTC cases, "the defendants failed to disclose adequately that the free software they were offering was bundled with harmful software programs."

The third principle is that if a distributor puts a program on a computer, a consumer should be able to uninstall or disable it. The testimony notes that in two FTC cases, the companies downloaded adware that displayed frequent pop-up ads. The agency alleged that "the companies deliberately made these adware programs difficult for consumers to identify, locate, and remove from their computers, thus thwarting consumer efforts to end the intrusive pop-ups." Settlements required the companies to provide a readily identifiable means to uninstall the adware.

The testimony notes that the agency has coordinated some law enforcement initiatives targeting spyware with criminal enforcers. "Many of the worst abuses connected with spyware are criminal, and, in appropriate cases, the Commission coordinates closely with the Department of Justice."