• silicon.com
• Technology
• Software

By John Borland, 12 October 2004 16:10

COMMENT In what could prove to be one the great second acts in internet history, erstwhile king of spam Sanford Wallace takes center stage this week as exhibit A in a federal crackdown on invasive online advertising software.

The US Federal Trade Commission on Tuesday is scheduled to announce an aggressive new strategy in taking on alleged purveyors of 'spyware', a vague term that describes software that may track unsuspecting web surfers and bombard them with advertisements or even steal login information and passwords.

In the first action of its kind, the agency last week filed a civil lawsuit against Wallace, charging the admitted former junk emailer with fraudulently installing advertising and other software on consumers' computers through his network of websites. The lawsuit is expected to be the centerpiece of Tuesday's announcement.

As in the early spam battles, the bombastic Wallace has become a lighting rod for efforts to clamp down on what many now consider to be among the most virulent net pests. Tuesday's lawsuits - particularly in conjunction with federal anti-spyware legislation nearing passage - could help rein in business practices that have posed increasing risks for net surfers during the past few years.

Dave Baker, an attorney for internet service provider EarthLink, which has been an active participant in anti-spyware efforts, said: "Very much like with spam and the spam legislation last year, spyware can be fought through a combination of efforts: enforcement, legislation, technology and consumer education. No one thing cures the problem by itself."

Wallace could not immediately be reached for comment.

The last year has proved to be a tipping point for an issue that has been building for several years. Reports of widespread adware and spyware infection have increased dramatically, in part as consumers have increasingly realized that their computer crashes and slowdowns were being caused by surreptitious advertising software.

EarthLink recently said that its online spyware-spotting tool had been used 3 million times since January, and had found an average of 26 spyware components on people's hard drives.

The result has been a surge of legislative efforts in Congress and state legislatures, as well as this week's lawsuits from the FTC.

Wallace - once dubbed 'Spamford' by a net community desperate to cut off the flow of unsolicited email coming from his company's servers - has been operating new advertising ventures for several years. Regardless of the outcome of the suit, the charges brought against Wallace's companies - Seismic Entertainment Productions and SmartBot - could help raise awareness of the issue.

In an interview with silicon.com sister site CNET News.com last year, he outlined his strategy of boosting traffic by forcing people to click through multiple pop-up windows in order to exit his PassItOn.com entertainment site. He said he would soon start collecting personal information from people who wanted to use his site without so many windows.

Wallace said in that interview: "We don't violate anybody's privacy; everything is disclosed. We're giving something away for free in exchange for consumers' permission to use private information. It's no secret. Publishers Clearing House has been doing this type of thing for years."

The FTC cited that interview in its lawsuit, which was filed in New Hampshire federal court last week.

In the lawsuit, FTC and independent investigators outline a string of what they say were potentially abusive practices.

FTC investigator Sallie Schools said websites operated by Wallace changed the home page in her Internet Explorer browser. Programming code on one page popped open the CD drive in her computer, and showed text saying "If your cd-rom drives open... You desperately need to rid your system of spyware pop-ups immediately." The site then offered a product called Spy Deleter.

Other sites surreptitiously downloaded software from another company's site, which in turn led to the installation of numerous other spyware and advertising programs, the lawsuit charged. All of the actions took advantage of publicized security holes in Microsoft's Internet Explorer browser.

Anti-spyware activists say a successful case focusing on these practices - changing home pages without consent, installing software without consent, and 'compelling' purchase of anti-spyware software - will help clamp down on some of the worst practices online.

Ari Schwartz, associate director of the Center for Democracy and Technology, which first brought Wallace's company to the attention of the FTC, said: "We're very positive about the way this is looking; it looks like they've built a good case. This fits into the kinds of cases where the FTC could get their feet wet on this issue."

As the FTC moves ahead with its more aggressive strategy, Congress remains close to passing legislation that would boost fines for spyware purveyors, and potentially impose criminal penalties.

The House of Representatives passed two separate bills last week aimed at the practice. Major technology companies including Microsoft, Yahoo and Dell have signed on to the idea after some trepidation, although some technology executives privately say they are still worried about provisions focusing on types of technology, rather than the behavior of potential 'bad actors'.

Some insiders say the pending bills are likely to be joined, providing both criminal penalties and higher civil fines, and passed when Congress returns to Capitol Hill after Election Day.

The issue has been a strong focus for several legislators, including US House Commerce Committee Chairman Joe Barton, R-Texas.

"Spyware is to computers what an open window is to burglars," Barton said last week, following the passage of a bill authored by Rep. Mary Bono, R-Calif. "This will provide some real, sorely needed online protection for consumers."

John Borland writes for CNET News.com