1 / 13

“Liability Issues in Anti-Spyware Software”

“Liability Issues in Anti-Spyware Software”. Peter P. Swire Ohio State University Center for American Progress Anti-Spyware Coalition Public Workshop January 31, 2008. Overview. Background & Disclaimer Kaspersky case Safe harbor statute

mccann
Download Presentation

“Liability Issues in Anti-Spyware Software”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Liability Issues in Anti-Spyware Software” Peter P. Swire Ohio State University Center for American Progress Anti-Spyware Coalition Public Workshop January 31, 2008

  2. Overview • Background & Disclaimer • Kaspersky case • Safe harbor statute • A current case – should anti-spyware delete opt-out cookies?

  3. Background & Disclaimer • To “balance” the panel, Ari asked me to highlight critiques of anti-spyware software • I worked extensively with this Coalition in formative stage • Ari & CDT have done such a good job that I have been happy to let them take the lead since • I am enormously appreciative of contributions of anti-spyware software

  4. Kaspersky • I share the general happiness for the overall outcome – Zango loses • Two broad holdings that perhaps make bad law • “Interactive computer service” • “Otherwise objectionable”

  5. “Interactive Computer Service” • Court admits it gives a very broad reading to ICS • Broad as well on “access software provider” • Maybe would mean a service that lets the user access an outside service • Court’s definition means any “phone home” software is included – put that in your software and you are immune • Court goes broad, but perhaps another court would find differently

  6. “Otherwise Objectionable” • One of these things is not like the other? • Obscene, lewd, lascivious, filthy, excessively violent, harassing • Ads for a legal product • Purpose of the law – the “Communications Decency Act” – restrict children’s access • Ejusdem generis – canon of statutory interpretation • No discussion of these issues in the district court decision

  7. Safe Harbor & Kaspersky • ASC and long hours spent drafting versions of safe harbor legislation • Kaspersky is broader safe harbor • Kaspersky would block FTC & state AG enforcement • No need to act in good faith • No need to have a reasonable process to define malware or manage disputes • District court holding in Kaspersky may go too far in immunizing anti-spyware software

  8. A Current Issue • FTC comments on behavioral profiling due Feb. 22 • I’m working on comments about technical barriers to effective consumer choice • One existing tool for consumer choice is the “opt out cookie” • Technical problems with these, at least partially fixable • Comments today are tentative & welcome your input • Have reached out to the ACM

  9. Opt Out Cookies - I • Monday I opt out of tracking • DoubleClick • Network Advertising Initiative • Maybe a lot more given FTC involvement • Tuesday I delete my cookies • Wednesday I am being tracked again

  10. Opt-Out Cookies: II • Monday I opt out of tracking • Tuesday my anti-spyware software deletes all cookies (or all 3d party cookies) • Wednesday I am being tracked again • (At least until the next anti-spyware cleaning of my computer)

  11. Change to Anti-spyware? • First problem is for the browsers – more granular control over cookies so opt out cookies persist better • Second problem is for anti-spyware vendors • What barriers to allowing opt-out cookies to persist? • Need standards to define “opt out cookies”? • Security holes or vulnerabilities if bad guys use “opt out cookies”?

  12. Some Implications • Perhaps it’s worth it to tune anti-spyware so opt out cookies can persist • Better ways to enable consumer choice on behavioral profile? In reasonable amount of time? • If not, then bigger importance of tuning anti-spyware software to preserve opt-out cookies, soon.

  13. Finally • If it is worth getting persistence of opt-out cookies • And if vendors decided not to tune their products • ThenKaspersky would block the FTC and state AGs from legal action • That might not be the right legal regime for how anti-spyware fits into the rest of the legal system

More Related