Law in the Internet Society

View   r6  >  r5  >  r4  >  r3  >  r2  >  r1
AndrewGradmanPaper2 6 - 22 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
Deleted:
<
<
still a work in progress ...
 "What I Did Over Summer Vacation"
Changed:
<
<
My summer was swell. I interned at EPIC. This was my first chance to adapt law school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every facet and contingency of every possible issue. I learned to mass-produce sufficient work rather than hand-craft perfect work. With each project that passed my desk, my school-honed intensity loosened, notch by notch, and my output became more functional and less abstract. As a result, my first project was my favorite.
>
>
My summer was swell. I interned at EPIC. This was my first chance to adapt law school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every contingency of every possible issue. I gradually adjusted to mass-producing sufficient work rather than hand-crafting perfect work. With each project that passed my desk, my school-honed intensity loosened, notch by notch, and my output became more functional and less abstract. As a result, my first project was my favorite.

On our first day, Marc received a last-minute invitation to testify before a Senate subcommittee regarding S.1625, the "Counter-Spy Act," which would expand the FTC's leverage against purveyors of spyware. By tomorrow night, he needed a briefing on the FTC's current authority against spyware. "My suspicion --" mused Marc as we returned to our desks, "-- is that this bill will snag on the definition spyware."

I was gratified when they also asked for a volunteer to write EPIC's new spyware info page. For reasons outside my control, my work never reached EPIC's website. However, I found the process of researching, understanding, and formulating the spyware-definition problem to be both fulfilling and insightful. I enjoy journalistic writing, I believe there exists a best possible way to translate arcana into public language, and I felt that if I was to distinguish EPIC's new spyware page from all the competition on the web, I had to write that translation. One Senator (yes, it was Alaska Senator Ted Stevens!) asked an FTC commissioner, "Do you believe that there is such a thing as legitimate spyware?" Senator Stevens is not the only person who asks this fraught question, and that commissioner is not the only person with no idea how to answer it. If the definition of spyware was (in Marc's opinion) the snag, then it seemed worthwhile for me to try to define it -- or to account for the controversies that complicate the effort.

In the spyware context, I found four major areas of disagreement which few people take the trouble to make explicit.

1. What constitutes “knowledge and consent”?

Everyone agrees that “spyware” should only apply to software that operates without the user’s knowledge and consent. However, that definition begs the question of how and when consumers need to be told about software installed on their computers for consent to be adequate. For example, the Anti-Spyware Coalition, which sets standards for anti-spyware vendors, models spyware as a balance between “risk” factors and mitigating “consent” factors. But it then concedes that “ultimately, the decision on what rating to give and what risk model to use falls to the individual Anti-Spyware vendor.” Elsewhere, the ASC more broadly defines (pdf) spyware as “technologies deployed without appropriate user consent and/or implemented in ways that impair user control over (1) material changes that affect their user experience, privacy or system security; (2) use of their system resources, including what programs are installed on their computers; and/or (3) collection, use, and distribution of their personal or other sensitive information.

The ASC’s definitions are intentionally vague precisely where it matters: by not defining “consent” and “risk”, it leaves to the various anti-spyware companies to decide whether targeted advertising benefits consumers, or what constitutes sufficient consent in a EULA.

The ASC is right to concede that this ambiguity cannot be removed. With proper “notice, consent, and control,” the same technologies that have been used to harm or annoy computer users can provide important benefits: “Tracking can be used for personalization, advertisement display can subsidize the cost of a product or service, monitoring tools can help parents keep their children safe online, and remote control features can allow support professionals to remotely diagnose problems.”

2. What constitutes “harm”?

Again, the ASC's "risk" factors beg the question of what constitutes a harm. Some treat software that “trespasses” on a computer as spyware because they consider trespass to be per se harmful, even if the software is otherwise benign or beneficial. Others focus on “nuisance” software, such as software that provides pop-up ads. But these definitions omit the invisible harm in data-gathering software that does not rise to a nuisance and is undetectable, because it does not alert a user to remove it from his computer. Other externalities are also not felt as "harms" by the user. An innocent user’s hard drive may unknowingly be used to generate “zombies,” or automated spam emails. ISPs or computer makers often bear the blame for harms caused by spyware. And spyware may also defraud legitimate online advertisers, for example by automatically activating pay-per-click advertisements.

 
Changed:
<
<
On our first day, Marc received a last-minute invitation to testify before a Senate subcommittee regarding S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By tomorrow night, he needed a briefing on existing FTC authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this list of FTC enforcement actions. "My suspicion --" mused Marc as we returned to our desks, "-- is that this bill will snag on the definition spyware."
>
>
3. Is “spyware” limited to “spying”? 4. Is “spyware” limited to “software?”
 
Changed:
<
<
That summary was a failure. I refused to draw conclusions regarding the FTC's anti-spyware authority, since each enforcement action was driven by the vague category of "unfair and deceptive practices" against "consumers" (15 U.S.C. 41), and anyhow would always end in a settlement or a consent decree rather than judge-made law. Thus, I concluded, there was no law. I felt privately vindicated by Marc's suspicion that, after all, spyware is hard to define.
>
>
Limiting spyware to "spying" would overlook software that otherwise creates hazards or nuisances interfering with users’ enjoyment of their computers. By contrast, the Federal Trade Commission’s “guiding principles” defining “unfair and deceptive” software practices focus on lack of consent rather than on spying. They establish that Internet businesses are “not free to help themselves” to a consumer’s computer resources.
 
Changed:
<
<
I entered the Senate hearing room pumped for the next step. I had volunteered to write EPIC's new spyware info page. While my fellow interns collapsed in their chairs after our marathon preparations, I was scribbling notes and circling hyperlinks on copies of the witnesses' testimony I'd stolen from the press table. I enjoy journalistic writing, I believe there exists a best possible way to translate arcana into public language, and I felt that if I was to distinguish EPIC's new spyware page from all the competition on the web, I had to write that translation. If the definition of spyware was (in Marc's opinion) the snag, then I would define it -- or account for the controversies that complicate the effort.
>
>
In this area, I disagree with EPIC's implied approach. The staff attorney asked me to not limit "spyware" to software (so that it encompasses new, online threats like Facebook Beacon), and that is how I wrote the document. However, people rarely deal with this question head-on. Even Marc's Senate testimony talked about "Privacy Threats Beyond Traditional Spyware Programs," so he is ambiguous whether he regards cookies & Beacon as "threats other than spyware," or "spyware threats other than programs." I think it would be strategically better to regard non-software threats as "threats other than spyware," for three reasons: 1) the term "spyware" is a portmanteau based on "software", 2) we use "Adware" and "malware" and "trespassware" to characterize software nuisances that go beyond spying, and 3) I think we can rely on the creativity of the web community to come up with a new word that suits new threats. I am less worried about closing imaginations by limiting the term "spyware" to spying-software, than I am about closing imaginations by stretching "spy-ware" to cover non-spying non-software, when lazy thinkers will tend to move from "spyware" to spying software.
 
Deleted:
<
<
Like Michelangelo's most puzzling experiments, it got stuck in drafts.
 
Deleted:
<
<
http://74.125.45.132/search?q=cache:L2VCFbJp9MoJ:epic.org/privacy/dv/Spyware_Test061108.pdf+site:epic.org+spyware&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a http://www.antispywarecoalition.org/documents/
 -- AndrewGradman - 18 Dec 2008
 
<--/commentPlugin-->

AndrewGradmanPaper2 5 - 20 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
still a work in progress ...
Line: 6 to 6
 My summer was swell. I interned at EPIC. This was my first chance to adapt law school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every facet and contingency of every possible issue. I learned to mass-produce sufficient work rather than hand-craft perfect work. With each project that passed my desk, my school-honed intensity loosened, notch by notch, and my output became more functional and less abstract. As a result, my first project was my favorite.
Changed:
<
<
On Monday -- our first day -- Marc received a last-minute invitation to testify before a Senate subcommittee regarding S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By Tuesday night, he needed a briefing on existing FTC authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this list of FTC enforcement actions. "My suspicion --" mused Marc as we returned to our desks, "-- is that this bill will snag on the definition spyware."
>
>
On our first day, Marc received a last-minute invitation to testify before a Senate subcommittee regarding S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By tomorrow night, he needed a briefing on existing FTC authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this list of FTC enforcement actions. "My suspicion --" mused Marc as we returned to our desks, "-- is that this bill will snag on the definition spyware."
 
Changed:
<
<
That summary was a failure. I could draw no conclusions regarding the FTC's anti-spyware authority, since each enforcement action was driven by the vague category of "unfair and deceptive practices" against "consumers" (15 U.S.C. 41), and anyhow would always end in a settlement or a consent decree rather than judge-made law. Thus, I concluded, there was no law. If the staff attorney was annoyed, I never noticed. I felt privately vindicated by Marc's suspicion that, after all, spyware is hard to define. Fortunately (or unfortunately) for me, if Marc had to stay up late that night to salvage his testimony, he blamed the staff attorney.
>
>
That summary was a failure. I refused to draw conclusions regarding the FTC's anti-spyware authority, since each enforcement action was driven by the vague category of "unfair and deceptive practices" against "consumers" (15 U.S.C. 41), and anyhow would always end in a settlement or a consent decree rather than judge-made law. Thus, I concluded, there was no law. I felt privately vindicated by Marc's suspicion that, after all, spyware is hard to define.
 
Changed:
<
<
I, however, entered the Senate hearing room pumped for the next step. While my fellow interns collapsed in their chairs after our marathon preparations, I was scribbling notes and circling hyperlinks in the printouts of the witnesses' testimony that I'd stolen from the press table. I had volunteered to write EPIC's new spyware info page. I enjoy journalistic writing, I believe there exists a best possible way to translate arcana into public language, and I felt that if EPIC's new spyware page was to distinguish itself from all the competition on the web, I had to find it. If the definition of spyware was (in Marc's opinion) the snag, then I would define it -- or account for the controversies that complicate the effort.
>
>
I entered the Senate hearing room pumped for the next step. I had volunteered to write EPIC's new spyware info page. While my fellow interns collapsed in their chairs after our marathon preparations, I was scribbling notes and circling hyperlinks on copies of the witnesses' testimony I'd stolen from the press table. I enjoy journalistic writing, I believe there exists a best possible way to translate arcana into public language, and I felt that if I was to distinguish EPIC's new spyware page from all the competition on the web, I had to write that translation. If the definition of spyware was (in Marc's opinion) the snag, then I would define it -- or account for the controversies that complicate the effort.
 
Changed:
<
<
As you have noticed, there is no new spyware info page. Like Michelangelo's most puzzling experiments, it never got beyond the drafts.
>
>
Like Michelangelo's most puzzling experiments, it got stuck in drafts.
 http://74.125.45.132/search?q=cache:L2VCFbJp9MoJ:epic.org/privacy/dv/Spyware_Test061108.pdf+site:epic.org+spyware&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a http://www.antispywarecoalition.org/documents/

AndrewGradmanPaper2 4 - 20 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
still a work in progress ...

"What I Did Over Summer Vacation"

Changed:
<
<
My summer was swell. I interned at EPIC. This was my first chance to apply my new "legal skills" to practical problems, and I had to adapt school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every facet and contingency of every possible issue. I learned to mass-produce sufficient work rather than hand-craft perfect work. With each project that passed my desk, my intensity loosened a little. As a result, my first project was my favorite.
>
>
My summer was swell. I interned at EPIC. This was my first chance to adapt law school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every facet and contingency of every possible issue. I learned to mass-produce sufficient work rather than hand-craft perfect work. With each project that passed my desk, my school-honed intensity loosened, notch by notch, and my output became more functional and less abstract. As a result, my first project was my favorite.
 
Changed:
<
<
On Monday -- our first day -- we learned that Marc had been invited to testify on Wednesday on S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By Tuesday night, he needed a briefing on FTC's existing authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this this list of FTC enforcement actions. "My gut feeling --" Marc mused as we returned to our desks, "-- is that this bill will have a hard time defining spyware."
>
>
On Monday -- our first day -- Marc received a last-minute invitation to testify before a Senate subcommittee regarding S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By Tuesday night, he needed a briefing on existing FTC authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this list of FTC enforcement actions. "My suspicion --" mused Marc as we returned to our desks, "-- is that this bill will snag on the definition spyware."
 
Changed:
<
<
I would rather not talk about how that summary turned out. We interns all underperformed as a team; besides, Marc held the staff attorney accountable for all that.
>
>
That summary was a failure. I could draw no conclusions regarding the FTC's anti-spyware authority, since each enforcement action was driven by the vague category of "unfair and deceptive practices" against "consumers" (15 U.S.C. 41), and anyhow would always end in a settlement or a consent decree rather than judge-made law. Thus, I concluded, there was no law. If the staff attorney was annoyed, I never noticed. I felt privately vindicated by Marc's suspicion that, after all, spyware is hard to define. Fortunately (or unfortunately) for me, if Marc had to stay up late that night to salvage his testimony, he blamed the staff attorney.

I, however, entered the Senate hearing room pumped for the next step. While my fellow interns collapsed in their chairs after our marathon preparations, I was scribbling notes and circling hyperlinks in the printouts of the witnesses' testimony that I'd stolen from the press table. I had volunteered to write EPIC's new spyware info page. I enjoy journalistic writing, I believe there exists a best possible way to translate arcana into public language, and I felt that if EPIC's new spyware page was to distinguish itself from all the competition on the web, I had to find it. If the definition of spyware was (in Marc's opinion) the snag, then I would define it -- or account for the controversies that complicate the effort.

As you have noticed, there is no new spyware info page. Like Michelangelo's most puzzling experiments, it never got beyond the drafts.

 http://74.125.45.132/search?q=cache:L2VCFbJp9MoJ:epic.org/privacy/dv/Spyware_Test061108.pdf+site:epic.org+spyware&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a http://www.antispywarecoalition.org/documents/

AndrewGradmanPaper2 3 - 20 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
still a work in progress ...

"What I Did Over Summer Vacation"

Changed:
<
<
My summer was swell. I interned at EPIC. You have to admire how Marc Rotenberg has stretched a small office, small resources, and a select team into outsized influence among many issues and bureaucrats. We interns helped make that ratio possible: for every Marc Rotenberg there were three full-time staff and seven full-time interns (plus an eighth, a GW undergrad who signed on mid-summer, was a tad boastful about his side business investing his friends' profits from dealing pot, invited me to participate, and on the third day vanished without explanation. And what charisma.)

This was my first chance to apply my new "legal skills" to practical problems. My transition from school to career would succeed, I discovered, only so much as I was willing to abandon the intensity that had succeeded, somewhat, in school -- particularly if I wanted to transition into the fast-paced world of Capitol Hill, even more so if I was interested in the faster-paced world of electronic privacy. Assignments changed too quickly, and their subject matter was too novel and complex, for me to put off work until I had analyzed every facet and contingency of every possible issue. With each successive project that passed my desk, my intensity loosened a little, my ability to satisfy myself with sufficient work-product rather than perfect work-product grew a little. As a result, my first project was my favorite.

Marc had been invited to testify before a Senate committee on S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware (whatever that means -- the key question, as I will show). We learned this on Monday. Showtime was Wednesday, and Marc needed a briefing on FTC's existing authority to pursue spyware, and Andrew, why don't you focus on ... summarizing this list of FTC enforcement actions. Your lucky, you got the easy job. "My gut feeling --" Marc mused as we returned to our desks, "-- is that this bill is going to get hung up trying to define spyware."

>
>
My summer was swell. I interned at EPIC. This was my first chance to apply my new "legal skills" to practical problems, and I had to adapt school habits to the workplace. In the fast-paced world of Capitol Hill, and of electronic privacy, assignments changed too quickly, and their subject matter was too novel and complex, to permit me the luxury of analyzing every facet and contingency of every possible issue. I learned to mass-produce sufficient work rather than hand-craft perfect work. With each project that passed my desk, my intensity loosened a little. As a result, my first project was my favorite.
 
Added:
>
>
On Monday -- our first day -- we learned that Marc had been invited to testify on Wednesday on S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware. By Tuesday night, he needed a briefing on FTC's existing authority to pursue spyware. A staff attorney assigned each intern a subtask. Mine was to summarize this this list of FTC enforcement actions. "My gut feeling --" Marc mused as we returned to our desks, "-- is that this bill will have a hard time defining spyware."
 
Added:
>
>
I would rather not talk about how that summary turned out. We interns all underperformed as a team; besides, Marc held the staff attorney accountable for all that.
 http://74.125.45.132/search?q=cache:L2VCFbJp9MoJ:epic.org/privacy/dv/Spyware_Test061108.pdf+site:epic.org+spyware&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a http://www.antispywarecoalition.org/documents/

AndrewGradmanPaper2 2 - 19 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
 
META TOPICPARENT name="WebPreferences"
Added:
>
>
still a work in progress ...
 
Changed:
<
<
-- AndrewGradman - 18 Dec 2008
>
>
"What I Did Over Summer Vacation"

My summer was swell. I interned at EPIC. You have to admire how Marc Rotenberg has stretched a small office, small resources, and a select team into outsized influence among many issues and bureaucrats. We interns helped make that ratio possible: for every Marc Rotenberg there were three full-time staff and seven full-time interns (plus an eighth, a GW undergrad who signed on mid-summer, was a tad boastful about his side business investing his friends' profits from dealing pot, invited me to participate, and on the third day vanished without explanation. And what charisma.)

This was my first chance to apply my new "legal skills" to practical problems. My transition from school to career would succeed, I discovered, only so much as I was willing to abandon the intensity that had succeeded, somewhat, in school -- particularly if I wanted to transition into the fast-paced world of Capitol Hill, even more so if I was interested in the faster-paced world of electronic privacy. Assignments changed too quickly, and their subject matter was too novel and complex, for me to put off work until I had analyzed every facet and contingency of every possible issue. With each successive project that passed my desk, my intensity loosened a little, my ability to satisfy myself with sufficient work-product rather than perfect work-product grew a little. As a result, my first project was my favorite.

 
Added:
>
>
Marc had been invited to testify before a Senate committee on S.1625, the "Counter-Spy Act" -- a bill to expand the FTC's leverage against purveyors of spyware (whatever that means -- the key question, as I will show). We learned this on Monday. Showtime was Wednesday, and Marc needed a briefing on FTC's existing authority to pursue spyware, and Andrew, why don't you focus on ... summarizing this list of FTC enforcement actions. Your lucky, you got the easy job. "My gut feeling --" Marc mused as we returned to our desks, "-- is that this bill is going to get hung up trying to define spyware."
 
Changed:
<
<
Set ALLOWTOPICVIEW = < AndrewGradman, EbenMoglen >
>
>
http://74.125.45.132/search?q=cache:L2VCFbJp9MoJ:epic.org/privacy/dv/Spyware_Test061108.pdf+site:epic.org+spyware&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a http://www.antispywarecoalition.org/documents/
 -- AndrewGradman - 18 Dec 2008
 
<--/commentPlugin-->

AndrewGradmanPaper2 1 - 18 Dec 2008 - Main.AndrewGradman
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebPreferences"

-- AndrewGradman - 18 Dec 2008

Set ALLOWTOPICVIEW = < AndrewGradman, EbenMoglen >

-- AndrewGradman - 18 Dec 2008

 
<--/commentPlugin-->

Revision 6r6 - 22 Dec 2008 - 01:19:21 - AndrewGradman
Revision 5r5 - 20 Dec 2008 - 23:03:06 - AndrewGradman
Revision 4r4 - 20 Dec 2008 - 21:52:45 - AndrewGradman
Revision 3r3 - 20 Dec 2008 - 01:01:53 - AndrewGradman
Revision 2r2 - 19 Dec 2008 - 05:37:37 - AndrewGradman
Revision 1r1 - 18 Dec 2008 - 04:31:26 - AndrewGradman
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM