Yesterday the U.S. Court of Appeals for the Ninth Circuit issued an excellent decision in a focused-but-important appeal dealing with “Section 230,� which provides vital protections to service providers who facilitate online speech and users’ ability to control their Internet experiences.

The case involved a less familiar aspect of Section 230, which is commonly applied in free speech rulings that shield (for example) a social network from liability based on content posted by its users. Section 230 also protects service providers from liability from efforts to control offensive content. The Zango v. Kaspersky decision, however, dealt with a third and lesser well-known component of 230 – protection afforded to companies that make tools that users can use to control their own online experiences (such as filtering software).

The Zango case raised the question of whether an anti-spyware vendor (Kaspersky) would be shielded from liability under this third part of Section 230. Zango had argued that 230 only applied to tools that filter adult content, rather than more broadly applying to tools that allow users to control content such as spyware.
(more…)

At the Anti-Spyware Coalition workshop two weeks ago, a common theme was how to ensure that law enforcement can work with companies and researchers to share information that could lead to effective enforcement actions. In fact, we launched the Chain of Trust Initiative, to develop avenues of collaboration on protecting the Internet from malicious actors. Brian Krebs’ keynote mentioned hosting company Triple Fiber Network (3FN) as one of the bad actors that ought to deal with swiftly. Luckily, the FTC has just taken steps to shut down the hosting company. The FTC complaint says that 3FN has actively participated in the distribution of illegal and harmful content, and was one of the world’s leading hosts of malicious content.

Last year, a huge drop in spam was seen when another rogue U.S. based hosting company was cut off from the Internet. McColo was disconnected by two Internet providers, but this was done without action by law enforcement. This FTC action is, as Brian notes, an unprecedented move. Hopefully, increased collaboration will lead to more effective and more frequent FTC enforcement. Involving all the stakeholders – industry, academics, law enforcement, and others – in the process can only lead to better information and more effective Network protection.

The Anti-Spyware Coalition (ASC), National Cybersecurity Alliance (NCSA), and StopBadware.org led a public workshop yesterday to launch a new collaborative effort to combat malicious software.  The “Chain of Trust� initiative is built on the fundamental principle that the only way to combat a global problem like this is to bring everyone involved to the table and create a united front against a growing threat.

The workshop featured discussion from representatives from government agencies, Internet companies, network providers, security vendors, researchers and advocacy groups.  Keynote speakers included Shawn Henry, assistant director of the FBI’s computer crime unit, Jeff Fox, editor, Consumer’s Union, and Brian Krebs, reporter, Washington Post, where he writes the Security Fix blog.   The discussion focused on how best to identify, educate and combat today’s cyber threats.
(more…)

Three of the world’s leading cybersecurity groups are launching a new initiative to combat malicious software or “malware” by establishing a “Chain of Trust” among all of the organizations and individuals that play a role in securing the Internet.

Developed by the Anti-Spyware Coalition (ASC), National Cybersecurity Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware. Applying many of the same approaches used to bring nuisance adware under control, the Chain of Trust Initiative aims to establish a united front against a growing threat.

To help facilitate discussion around the initiative, the ASC is holding a public workshop on May 19 featuring moderated panels and keynotes from leaders in the cyber security and consumer privacy field.  The FBI’s assistant director, Shawn Henry, who oversees the bureau’s computer crime unit, will be giving a morning keynote along with CDT Vice President, Ari Schwartz and Jeff Fox of Consumer’s Union.

Those who are unable to physically attend the conference can follow along with CDT’s live twitter feed (@CDT_LIVE) using the hashtag #asc09.  There will be discussion on the feed and reaction and comments as the workshop unfolds.  Additionally, portions of the conference will be streamed through our UStream Channel, CDT TV.

More information on attending the workshop, including registration and agenda info is available here:

http://antispywarecoalition.org/events/may2009.php

It’s significant that of all the major desktop advertising players (the others being Claria, WhenU and DirectRevenue), Zango was the last one standing.

With those words, Ken Smith the CEO of adware company Zango/180solutions signaled the end of an industry that consumers never wanted and the end of a company that CDT found to be engaging in unfair and deceptive practices, a claim substantiated by the company’s record $3 million settlement with the FTC 10 months later.

At the CDT Gala last month, FTC Chairman Leibowitz foreshadowed this development suggesting that this “iniquitous business model has been mostly eradicated.”
(more…)

War, financial crisis and the fate of a nation hanging in the balance. It sounds like a back-of-the-envelope outline for a spy novel, but it’s actually the current political climate in the U.S. Given that, it’s no surprise that discussion of Internet and technology issues is adrift, and that civil liberties protection has been pushed to the margins during this intense political season.

And yet this election cycle provides a great window of opportunity. The President and Congress will have a chance to take a fresh look at the challenges and opportunities of the Internet and set a policy course for this vital medium that will keep it open, innovative and free.

We often take the Internet for granted. In a short time it has become a powerful engine for innovation, economic growth and democratization. The Internet has changed the way we “do” politics. Ordinary Americans are making their voices heard and organizing online. Political candidates are building online networks of supporters, raising unprecedented funds from small donors, and educating the public on their policies and visions.

A few months ago CDT started a dialogue on what we believe are the key issues impacting the digital work-a-day world where most of us are spending an increasing amount of time. The ideas and feedback flowing from that discussion will help us craft a kind of blueprint for technology policy for use by the new Administration, noting things that can be done right now while also providing a strategy for achieving longer term goals.

Starting this week and following through until the election, CDT will focus on specific issue areas and write about each of them here on our Policy Beta blog. Our President, Leslie Harris, will add another level of insight and commentary on the issue in a companion article published in her Huffington Post column. And for those that want a daily dose of policy prognostication —in 140 characters or less—you can follow our efforts via Twitter.

We encourage you to push these blog postings out to your friends, family, forums and social networks. We welcome comments, criticisms and suggestions, all of which will help us sharpen our message and hone our suggestions for the next Administration and Congress.

The newest State of the Net report from Consumer Reports has concluded that several major online risks- including spyware infections- are declining in precedence. Unfortunately, spyware still cost the country 3.6 billion dollars over the last six months, with over half a million households being forced to replace computers because of spyware.

While this is an intimidating figure, it in fact represents a 54% decline in the rate of serious spyware problems, even though a third of respondents didn’t install anti-spyware programs (about the same as last year). Unfortunately, the rate of serious spyware infections is not falling at the same rate as serious spam and virus incidents.

Consumer Reports credits the progress being made against spyware and other online threats to consumer education, improved user tools, and government involvement. Of course, the spyware developers are working to come up with new ways to circumvent consumer precautions. One in 14 households had a serious spyware incident, and spyware developers are taking advantage of new platforms, such as cell phones.

Like last year, we are pleased to see progress being made in the flight against spyware, and hope that legal and technical solutions to spyware continue to be pursued.

What do you do when a couple of spammers send almost a million deceptive and spammy emails to your users? You sue them! Under the CAN-SPAM Act, MySpace asked for – and was granted – a massive $230 million in damages from the spammers that were taking advantage of the site’s users and breaking the site’s terms of service by ‘phishing’ and spamming.

This case is just the latest in “Spam King” Sanford Wallace’s spammy history. Wallace has been spamming since the early 1990’s, and apparently he just can’t seem to get out of the junk mail business. The MySpace case is just one in a long line of enforcement actions against Wallace’s companies. In 2004, CDT filed a complaint with the FTC, who then brought suit against Wallace in the first major FTC suit in spyware.

The MySpace decision is the largest award since the CAN-SPAM Act’s 2003 enactment, though its not likely that the spammers will pay up- they didn’t show up for their court date, and haven’t paid previous fines.

We’ve been keeping track of spyware enforcement actions since the beginning of our spyware war; in fact, it has just been updated. In just over three and a half years, we’ve added 25 pages of case summaries. The MySpace judgment won’t be added to the enforcement report- we don’t add cases unless the activity falls within the Anti-Spyware Coalition’s definition of Spyware. Even so, phishing is clearly a related area and it’s great to see that scammers are pursued.

Enforcement against spyware is alive and well but so are spyware and other online deceptions. The spyware problem will be around for a long time. Fortunately legislation and other tools have enabled litigation at the federal and state levels, giving enforcement officials solid, workable tools to hit scammers were it hurts most, in their wallets.

Earlier this week, the FTC filed a new brief against notorious spammer/spyware purveyor Sanford Wallace, and his partner Walter Rines, for violating the default judgment against them that was originally based on CDT’s 2004 petition.

Good to see that the Commission is not letting Wallace and Rines slip, but let’s hope that they can collect more than the $50,000 that it did last time around.

Yesterday, the FBI announced success in its efforts to shut down Bot Nets, going after a bunch of different “botherders” based in the US. In the process, the Bureau identified more than 1 million botnet crime victims. The FBI also has been working internationally with its counterparts to shut down botnets around the world. This is an important and encouraging story on the role of law enforcement in preventing major Internet crime such as identity theft and spyware installation.