The FTC has a problem. As the federal agency with the most responsibility for combating spyware, FTC Commissioners would love the power to slap down spyware vendors with massive fines or perhaps even toss them in jail for a while (where they would be shown a computer screen covered with pop-up ads, one hopes).Sadly, FTC commissioners are instead reduced to pleading their case at Congressional hearings and nonprofit luncheons while little action is taken. In the meantime, spyware vendors continue to get slapped on the wristwith a wet noodle.
We pointed out the problem back in April, when the FTC Commissioners trudged up Capitol Hill to tell the Senate Commerce Committee just how badly it needs "civil penalty authority." Currently, the FTC has trouble imposing large fines because it can only do so in cases where 1) consumers suffer economic harm or 2) the company in question has profited from unlawful activity. Quantifying consumer harm from spyware is so difficult as to be often impossible, while figuring out exactly what percentage of a company's revenue has beenearned from illicit sources can also be a nightmare.
Essentially, the FTC wants the ability to impose fines that are not directly tied to consumer loss or company profit. The House has already passed a bill called the SPY ACT (Securely Protect Yourself Against Cyber Trespass Act) back in June, a bill that provides for much higher penalties against spyware vendors. Despite the FTC's Senate appearance earlier in the year, however, the Senate has yet to take action on the measure. (The House has also passed the competing I-SPY Act, which is more limited, and the Senate hasn't acted on it, either.)
The Commissioners are therefore still schlepping themselves around DC, trying to drum up support for stiffer penalties. Anne Broache over atCNet mentions that Commissioner Jon Leibowitz pitched the idea again yesterday at a lunch discussion hosted in part by the Stop Badware Project and the Center for Democracy & Technology. He hit all the same notes as those sounded at the Senate hearing: it's tough to impose large fines, and that makes FTC enforcement less effective.
Are the new bills going anywhere? It's hard to know. The House has passed similar legislation to the SPY ACT during both the 108th and 109th Congresses, but the Senate has refused to act on the measures.
While the FTC has pursued a few high-profile spyware vendors, government has been hard-pressed to cure the malware scourge in general. Given the nature of the Internet, moving servers out of reach of any particular government has proven remarkably easy, and additional FTC enforcement powers won't change that. But the agency can make a dent in the major spyware firms, since many of them are now keen to work with traditional advertisers and to be seen as legitimate companies. Such firms could well run into difficulties if they relocate, say, to Uzbekistan.
But given that the FTC had only investigated 11 spyware vendors as of April 2007, government enforcement needs to carry the threat of substantial penalties in order to have a real effect on the spyware industry, since the odds of a prosecution are low.