« Your Laser Printer is a Government Spy, Maybe | Main | The Flip Side of Laptops as a Classroom Tool »

October 18, 2005

New and Recent Papers Available from SSRN on the Topic of Spyware

Available at SSRN:

Rethinking Spyware: Questioning the Propriety of Contractual Consent to Online Surveillance
39 U.C. Davis L. Rev. _____ (forthcoming 2006)
Wayne Barnes
Texas Wesleyan University School of Law
Date Posted: October 14, 2004

The spyware epidemic has reached new heights on the Internet. Computer users are increasingly burdened with programs they did not knowingly or consciously install, which place strains on their computers’ performance, and which also trigger annoying “pop-up” advertisements of products or services which have been determined to match the users’ preferences. The users’ purported preferences are determined, in turn, by the software continuously monitoring every move the consumer makes as she “surfs the Internet.” The public overwhelmingly disapproves of spyware which is surreptitiously placed on computers in this manner, and also largely disapproves of the pop-up advertising paradigm. As a result, there have been many legislative proposals, on a state and federal level, to address the spyware problem. All of the proposals assume that, if knowing and effective consent to spyware installation is granted by the consumer, then the software is lawful. Existing case law would seem to provide a means for corroboration of this conclusion. However, the implications of allowing such profound and invasive surveillance appear to be largely ignored in all of the proposals and discussion concerning spyware. This may be because of the “problem of perspective” concerning online activities, as first highlighted by Professor Orin Kerr. This article seeks to illuminate the true nature of the spyware bargain, and questions the propriety of sanctioning such “surveillance bargains” under principles of contract law. Such bargains may often be unenforceable because a term allowing continual surveillance may be beyond the range of reasonable expectations of most consumers. Even if not, however, the privacy implications are such that we as a society may wish to condemn such “bargains to be spied upon,” and conclude that such contracts should simply be unenforceable as a matter of public policy, and therefore banned.

First do no Harm: The Problem of Spyware
Berkeley Technology Law Journal, Vol. 20, p. 1433, 2005
Susan P. Crawford
Cardozo School of Law
Date Posted: September 20, 2005
Last Revised: September 26, 2005

Over the last few years, there has been enormous U.S. interest in legislating rules governing spyware. This Article provides a comprehensive overview of the bills that have been proposed (and passed) in the states and on the federal level. It argues that because spyware is impossible to define, these legislative efforts may do harm to the extent they either are focused on design mandates or are attempts to require notice for electronic interactions. Only a technical approach-and only a particular kind of technical approach at that-will work in addressing spyware. Technical actors need to take an immune system approach to spyware, dividing their efforts and experimenting in the field the same way immunity networks do. If we think of the legal system as a medical expert operating on this difficult disease, our first priority must be to wait to allow these already-emerging immunity networks to take effect, and to do no harm in the interim. This is a time for patience, not for the knife.

Regulating 'Spyware': The Limitations of State 'Laboratories' and the Case for Federal Preemption of State Unfair Competition Laws
Berkeley Technology Law Journal, Vol. 20, p. 1363, 2005
Peter S. Menell
University of California, Berkeley - School of Law (Boalt Hall)
Date Posted: September 22, 2005
Last Revised: September 28, 2005

Drawing on Justice Brandeis's oft-cited observation that states can serve as "laboratories" of policy experimentation, this Article develops a framework for assessing the allocation of governance authority for regulating Internet activities. In particular, it focuses on whether states should be free to experiment with regulatory approaches or whether the federal government should have principal, if not exclusive (preemptive), regulatory authority over Internet-related activities. Using recent efforts to regulate spyware and adware as a case study, the analysis shows that the lack of harmonization of, and uncertainty surrounding, state unfair competition law produces costly, confusing, multi-district litigation and pushes enterprises to adhere to the limits of the most restrictive state. Such a governance regime unduly hinders innovation in Internet business models. On this basis, the Article favors a uniform federal regulatory system and pre-emption of state statutes and unfair competition common law as applied to spyware and adware. The final section of the Article extrapolates from this study of spyware and adware regulation to the larger context of Internet governance.

Spyware and the Limits of Surveillance Law
Berkeley Technology Law Journal, Vol. 20, 2005
Patricia L. Bellia
Notre Dame Law School
Date Posted: July 19, 2005
Last Revised: July 28, 2005

For policymakers, litigants, and commentators seeking to address the threats digital technology poses for privacy, electronic surveillance law remains a weapon of choice. The debate over how best to respond to the spyware problem provides only the most recent illustration of that fact. Although there is much controversy over how to define spyware, that label encompasses at least some software that monitors a computer user's electronic communications. Federal surveillance statutes thus present an intuitive fit for responding to the regulatory challenges of spyware, because those statutes bar the unauthorized acquisition of electronic communications and related data in some circumstances. Indeed, those who argue that no new federal legislation is needed to address the spyware problem rely in part on the opportunities for criminal prosecution and civil suits under surveillance statutes and related doctrines.

As the debate on the need for new federal legislation proceeds, however, there is good reason to question whether federal electronic surveillance statutes can successfully combat anything but the most extreme forms of spyware. Electronic surveillance law does not apply by any reasonable construction to many forms of spyware. Moreover, the overall record on application of surveillance law statutes to a variety of digital-age problems is in fact quite mixed. Courts have reached privacy-protective outcomes on very bad facts, but have also let seemingly problematic practices pass unsanctioned.

The difficulty with efforts to apply surveillance law statutes to new privacy problems is that our federal electronic surveillance statutes are emphatically not general data privacy statutes. Unfortunately, efforts to treat them as such have produced a body of confused - even incoherent - case law. That case law, moreover, tends to make many impediments to application of surveillance law seem technical rather than structural or conceptual. To that extent, it diverts attention from important policy questions, including whether Congress should consider legislative solutions tailored to specific privacy threats (such as spyware), or whether broader data privacy statutes are necessary or appropriate.

This Article uses the difficulties of applying electronic surveillance law statutes to spyware to illustrate the broader limits of surveillance law. Current case law suggests that electronic surveillance statutes are likely to constrain only the most egregious forms of spyware, and there may even be some difficulties in surveillance law performing that limited task. Efforts to use surveillance law to push for more privacy-sensitive industry practices are likely to fail altogether. My predictive judgments may be controversial, partly because surveillance law is sufficiently unstable that there is room for courts to adopt approaches that are more privacy-protective. I thus consider whether courts should use surveillance law to respond more aggressively to privacy challenges such as spyware. Drawing upon case law from other contexts, I show that there is good reason to be wary of using surveillance law as a vehicle for addressing various information privacy problems. Indeed, if electronic surveillance cases were to more plainly expose the limits of surveillance law, they would generate a more fruitful legislative debate about the propriety of true data privacy legislation, whether broadly or narrowly conceived.

October 18, 2005 | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference New and Recent Papers Available from SSRN on the Topic of Spyware:


Post a comment