Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004.

Slides:

Advertisements

Similar presentations

Peer-to-Peer (P2P) Software Risks Standardized Consumer Disclosures Solution To Be Universally Applied By Complying P2P Software Suppliers Developed by.

Advertisements

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Primary Threats to Computer Security

HIPAA Health Insurance Portability and Accountability Act.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Achieving Better Care by Monitoring All Prescriptions (ABC-MAP) Act 191 of 2014 Board Meeting April 8, 2015.

1 TRUSTe Trusted Download Program Certify Your Software is Spyware-Free November 2006 Colin O’Malley, Director of Product Development Anna Rogers, Product.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.

Security, Privacy, and Ethics Online Computer Crimes.

Chapter 4 Personal Security

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

March 2006 Taner Erig - EMU5-1 Basic Information on Spyware and Adware n It is difficult to define spyware and adware with precision. The working definition.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

SPYWARE  Do you know where your personal information is?

Utility Programs and their Functions. Antivirus Software (Virus Checker) Keep the Computer software healthy and free of virus’ that can harm the function.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer.

“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.

Internet safety By Lydia Snowden.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Chapter 11 Security and Privacy: Computers and the Internet.

Adware, Spyware, and Malware Anand Dedhia Bharath Raj ECE 4112 Project 28 April 2005.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

“Breach of Privacy” nPresented by Sumit Yadav. Computer Science and Engineering Computer security Aspects nPrivacy (confidentiality ) n integrity n availability.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1 Spyware, Adware, and Browser Hijacking. ECE Agenda What is Spyware? What is Adware? What is Browser Hijacking? Security concerns and risks Prevention,

Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.

How to remove spyware from your PC using Spybot S&D? A SeniorNet Workshop SeniorNet is a service program of the Lutheran Service Society of Western Pennsylvania.

Responsible Data Use: Data restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Legal Environment for a New Century. Click your mouse anywhere on the screen when you are ready to advance the text within each slide. After the starburst.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

Virus and Spyware Protection Group 9 Shana Reese, Jamarr Dumas, Casey Watkins.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,

"Share Our Pride" Our Mission Statement "To educate students for the future through collaborative efforts of students, families, staff and community."

Malware Spyware & Viruses Overview  What does it look like?  What is it?  How can you prevent it?  What can you do about it when you get it?

Federal Trade Commission FTC & Spam. Federal Trade Commission CAN-SPAM Act of 2003 (“Controlling the Assault of Non-Solicited Pornography.

The Internet of Things and Consumer Protection

1 Lab 12: Spyware A Window’s User’s Worst Nightmare.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Cyberlaw. “The moving finger writes; and, having writ Moves on: nor all thy piety nor wit Shall lure it back to cancel half a line. Nor all thy tears.

Spyware, Adware & Malware JEEP HOBSON JEEP HOBSON ITE-130 ITE-130 SPRING 2007 SPRING 2007.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Cybersecurity Test Review Introduction to Digital Technology.

Any criminal action perpetrated primarily through the use of a computer.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.

Nassau Association of School Technologists

Managing Windows Security

Fundamentals of business law, 10e

3.6 Fundamentals of cyber security

Providing Access to Your Data: Handling sensitive data

CHAPTER 33 Cyberlaw.

What is it? Why do I keep getting from Barracuda? SPAM.

Spyware: Technical Overview

Chapter 10: Privacy, Security, and Ethics

Is your computer being used against you while you sleep?

HOW DO I KEEP MY COMPUTER SAFE?

The Health Insurance Portability and Accountability Act

Presentation transcript:

Spyware: Legislative Responses Jody Blanke Mercer University ALSB, Ottawa August 20, 2004

Background Floppy disks Hard drives Modems Prodigy Cookies Spam Spyware and adware

What is Spyware? FTC definition – “software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer’s consent, or asserts control over a computer without the consumer’s knowledge” Spyware Adware Hijacker Trojan Keystroke logger Browser helper object (BHO)

Federal Legislation SPYACT (H.R. 2929) –Section 2: Prohibits “deceptive acts and practices” Taking control of computer by diverting browser or delivering ads that cannot be closed Modifying settings for default home page or bookmarks Collecting PII with keystroke logger Inducing installation or preventing efforts to block installation Inducing installation by misrepresenting identity of software Removing or disabling anti-virus or anti-spyware technology

SPYACT (H.R. 2929) –Section 3: Prohibits “collection of certain information without notice and consent” Opt-in requirement –Notice, consent and functions Information collection program –Collects PII and sends it or uses it to display advertising Notice and consent –Notice must be clear, conspicuous and in plain language –“This program will collect and transmit information about you. Do you accept?” –Change in information collected requires new notice Required functions –Disabling function –Identity function

SPYACT (H.R. 2929) –Personally identifiable information First and last name of an individual. A home or other physical address of an individual, including street name, name of a city or town, and zip code. An electronic mail address. A telephone number. A social security number, tax identification number, passport number, driver's license number, or any other government-issued identification number. A credit card number. An account number. Any access code or password, other than an access code or password transmitted by an owner or authorized user of a protected computer to register for, or log onto, a Web page or other Internet service that is protected by an access code or password. Date of birth, birth certificate number, or place of birth of an individual, except in the case of a date of birth required by law to be transmitted or collected

SPYACT (H.R. 2929) –Enforcement by FTC Civil penalties for violation of Section 2: $11,000 (or $1M) Section 3: $33,000 (or $3M) –Act would preempt state law Deceptive conduct ala Section 2 Transmission of programs similar to Section 3 Use of context-based triggering mechanisms to display ads –Act would not preempt state law Trespass Contract Tort Relating to acts of fraud

SPY BLOCK Act (S. 2145) –Section 2: Unauthorized Installation of Computer Software Software cannot be installed unless –The user has received notice that satisfies the requirements of Section 3 –The user has granted consent that satisfies the requirements of Section 3 –The software’s uninstall procedures satisfy the requirements of Section 3 “Red herring” prohibition –Bans installation of software designed to confuse or mislead the user as to the identity of the software

SPY BLOCK Act (S. 2145) –Section 3: Notice, Consent and Uninstall Requirements Notice must be clear and remain on screen until user grants or denies consent Additional separate disclosures for: –An “information collection feature” –An “advertising feature” –A “distributed computing feature” –A “settings modification feature” There must be a “clear description” of how to turn off a feature or uninstall the software There must be consent to installation of the software, plus “affirmative consent” to each of the four features

SPY BLOCK Act (S. 2145) –Section 3: Notice, Consent and Uninstall Requirements Uninstall procedures require that software shall –Appear in “Add/Remove Programs” menu of operating system –Be capable of being removed completely using normal procedures –For advertising feature, shall have an easily identifiable link that will inform the user how to turn off the feature or uninstall the software

SPY BLOCK Act (S. 2145) –Enforcement by FTC –Enforcement by state attorneys general, who may seek to Enjoin prohibited practices Enforce compliance Obtain damages, restitution or other compensation

Computer Software Privacy and Control Act (H.R. 4255) –Prohibits “unfair and deceptive acts and practices in the transmission of computer software” Unlawful to transmit software that »Collects personal information and transmits it »Monitors the web pages accessed by the user and transmits that information »Modifies default settings like browser home page –unless appropriate notice is given and appropriate consent obtained, and unless the software contains a removal utility Unlawful to transmit software that displays advertising unless appropriate notice is given and appropriate consent obtained, and unless the software contains a removal utility

Computer Software Privacy and Control Act (H.R. 4255) –Enforcement by FTC –Enforcement by state attorneys general, who may seek to Enjoin prohibited practices Enforce compliance Obtain damages, restitution or other compensation –Act would preempt state law that expressly regulates the transmission of computer software similar to that described in Section 3 –Act would create a criminal offense

I-SPY Act (H.R. 4661) –Would establish two new criminal offenses within Section 1030(a) of Title 18

State Legislation Utah –Enacted Spyware Control Act on March 23, 2004 –Basic prohibitions against Installing spyware Causing spyware to be installed Using a context based triggering mechanism to display advertising –But, extremely complex definition of “spyware” –Court issued preliminary injunction enjoining enforcement of law despite finding challenge regarding “spyware” lacking

California –2 comprehensive bills would prohibit the downloading of software onto a computer in California without the user’s knowledge and consent Iowa –Bill would create criminal misdemeanor offense of unauthorized collection and disclosure of personal information by computer, as well as civil cause of action by AG Michigan –Bill would establish criminal offense for installing or attempting to install spyware

New York –Bill would establish the crime of unlawful dissemination of spyware Pennsylvania –Bill modeled after early California bill would create the crime of misuse of adware or spyware Virginia –Bill would require public bodies to conduct privacy impact analyses whenever authorizing or prohibiting the use of “invasive technologies,” such as spyware, hidden cameras, tracking systems, and facial recognition systems