Editing Spyware (section)

==Legal issues==

===Criminal law===
Unauthorized access to a computer is illegal under [[computer crime]] laws, such as the U.S. [[Computer Fraud and Abuse Act]], the U.K.'s [[Computer Misuse Act]], and similar laws in other countries. Since owners of computers infected with spyware generally claim that they never authorized the installation, a ''prima facie'' reading would suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the authors of other malware, particularly viruses. However, few spyware developers have been prosecuted, and many operate openly as strictly legitimate businesses, though some have faced lawsuits.<ref>"[http://blogs.zdnet.com/Spyware/?p=655 Lawsuit filed against 180solutions] {{webarchive|url=https://web.archive.org/web/20080622000428/http://blogs.zdnet.com/Spyware/?p=655 |date=June 22, 2008 }}". ''zdnet.com'' September 13, 2005</ref><ref>Hu, Jim. "[http://news.cnet.com/2110-1024_3-5287885.html 180solutions sues allies over adware] {{Webarchive|url=https://web.archive.org/web/20110810033246/http://news.cnet.com/2110-1024_3-5287885.html |date=August 10, 2011 }}". ''news.com'' July 28, 2004</ref>

Spyware producers argue that, contrary to the users' claims, users do in fact give [[consent]] to installations. Spyware that comes bundled with [[shareware]] applications may be described in the [[legalese]] text of an [[end-user license agreement]] (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria say these demonstrate that users have consented.

Despite the ubiquity of [[EULA]]s agreements, under which a single click can be taken as consent to the entire text, relatively little [[caselaw]] has resulted from their use. It has been established in most [[common law]] jurisdictions that this type of agreement can be a binding contract ''in certain circumstances.''<ref name="clickwrap legality">Coollawyer; 2001–2006; [http://www.coollawyer.com/webfront/internet_law_library/articles/law_library_user_agreement_article.php Privacy Policies, Terms and Conditions, Website Contracts, Website Agreements] {{Webarchive|url=https://web.archive.org/web/20130513030512/http://www.coollawyer.com/webfront/internet_law_library/articles/law_library_user_agreement_article.php |date=May 13, 2013 }}; coollawyer.com. Retrieved November 28, 2006.</ref> This does not, however, mean that every such agreement is a contract, or that every term in one is enforceable.

Some jurisdictions, including the U.S. states of [[Iowa]]<ref>"[http://coolice.legis.state.ia.us/cool-ice/default.asp?category=billinfo&service=iowacode&ga=83&input=715 CHAPTER 715 Computer Spyware and Malware Protection] {{webarchive|url=https://web.archive.org/web/20120406164045/https://coolice.legis.state.ia.us/cool-ice/default.asp?category=billinfo&service=iowacode&ga=83&input=715 |date=April 6, 2012 }}". ''nxtsearch.legis.state.ia.us''. Retrieved May 11, 2011.</ref> and [[Washington (state)|Washington]],<ref>[http://apps.leg.wa.gov/RCW/default.aspx?cite=19.270 Chapter 19.270 RCW: Computer spyware] {{Webarchive|url=https://web.archive.org/web/20110721073311/http://apps.leg.wa.gov/RCW/default.aspx?cite=19.270 |date=July 21, 2011 }}. ''apps.leg.wa.gov''. Retrieved November 14, 2006.</ref> have passed laws criminalizing some forms of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.

In the United States, lawmakers introduced a bill in 2005 entitled the [[Internet Spyware Prevention Act]], which would imprison creators of spyware.<ref>Gross, Grant. [http://www.infoworld.com/article/07/03/16/HNspywarebill_1.html US lawmakers introduce I-Spy bill] {{Webarchive|url=https://web.archive.org/web/20090108160532/http://www.infoworld.com/article/07/03/16/HNspywarebill_1.html |date=January 8, 2009 }}. ''InfoWorld,'' March 16, 2007. Retrieved March 24, 2007.</ref> 

Additionally, several diplomatic efforts have been made to curb the growing usage of Spywares. Launched by France and the UK in early 2024, the Pall Mall Process<ref>{{Cite web |title=The Pall Mall Process declaration: tackling the proliferation and irresponsible use of commercial cyber intrusion capabilities |url=https://www.gov.uk/government/publications/the-pall-mall-process-declaration-tackling-the-proliferation-and-irresponsible-use-of-commercial-cyber-intrusion-capabilities |access-date=2024-10-27 |website=GOV.UK |language=en}}</ref> aims to address the proliferation and irresponsible use of commercial cyber intrusion capabilities.

===Administrative sanctions===

====US FTC actions====
The US [[Federal Trade Commission]] has sued [[Internet marketing]] organizations under the "[[unfairness doctrine]]"<ref>See [[Federal Trade Commission v. Sperry & Hutchinson Trading Stamp Co.]]</ref> to make them stop infecting consumers' PCs with spyware. In one case, that against Seismic Entertainment Productions, the FTC accused the defendants of developing a program that seized control of PCs nationwide, infected them with spyware and other malicious software, bombarded them with a barrage of pop-up advertising for Seismic's clients, exposed the PCs to security risks, and caused them to malfunction. Seismic then offered to sell the victims an "antispyware" program to fix the computers, and stop the popups and other problems that Seismic had caused. On November 21, 2006, a settlement was entered in federal court under which a $1.75&nbsp;million judgment was imposed in one case and $1.86&nbsp;million in another, but the defendants were insolvent<ref>'' [http://www.ftc.gov/opa/2006/11/seismicodysseus.shtm FTC Permanently Halts Unlawful Spyware Operations] {{webarchive|url=https://web.archive.org/web/20131102062209/http://www.ftc.gov/opa/2006/11/seismicodysseus.shtm |date=November 2, 2013 }}'' (FTC press release with links to supporting documents); see also [http://docs.law.gwu.edu/facweb/claw/FTCcrackSpyw.pdf ''FTC cracks down on spyware and PC hijacking, but not true lies''] {{Webarchive|url=https://web.archive.org/web/20101226184715/http://docs.law.gwu.edu/facweb/claw/FTCcrackSpyw.pdf |date=December 26, 2010 }}, Micro Law, IEEE MICRO (Jan.-Feb. 2005), also available at [https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1411709&isnumber=30580 IEEE Xplore] .</ref>

In a second case, brought against CyberSpy Software LLC, the [[Federal Trade Commission|FTC]] charged that CyberSpy marketed and sold "RemoteSpy" keylogger spyware to clients who would then secretly monitor unsuspecting consumers' computers. According to the FTC, Cyberspy touted RemoteSpy as a "100% undetectable" way to "Spy on Anyone. From Anywhere." The FTC has obtained a temporary order prohibiting the defendants from selling the software and disconnecting from the Internet any of their servers that collect, store, or provide access to information that this software has gathered. The case is still in its preliminary stages.  A complaint filed by the [[Electronic Privacy Information Center]] (EPIC) brought the RemoteSpy software to the FTC's attention.<ref>See [http://www.ftc.gov/opa/2008/11/cyberspy.shtm ''Court Orders Halt to Sale of Spyware''] {{Webarchive|url=https://web.archive.org/web/20101204213706/http://www.ftc.gov/opa/2008/11/cyberspy.shtm |date=December 4, 2010 }} (FTC press release November 17, 2008, with links to supporting documents).</ref>

====Netherlands OPTA====
An administrative fine, the first of its kind in Europe, has been issued by the Independent Authority of Posts and Telecommunications (OPTA) from the Netherlands. It applied fines in total value of Euro 1,000,000 for infecting 22 million computers. The spyware concerned is called DollarRevenue. The law articles that have been violated are art. 4.1 of the Decision on universal service providers and on the interests of end users; the fines have been issued based on art. 15.4 taken together with art. 15.10 of the Dutch telecommunications law.<ref>{{cite web |author=OPTA |title=Besluit van het college van de Onafhankelijke Post en Telecommunicatie Autoriteit op grond van artikel 15.4 juncto artikel 15.10 van de Telecommunicatiewet tot oplegging van boetes ter zake van overtredingen van het gestelde bij of krachtens de Telecommunicatiewet |date=November 5, 2007 |url=http://www.opta.nl/download/202311+boete+verspreiding+ongewenste+software.pdf |archive-url=https://web.archive.org/web/20110129012910/http://www.opta.nl/download/202311+boete+verspreiding+ongewenste+software.pdf |archive-date=2011-01-29}}</ref>

===Civil law===
Former [[New York State Attorney General]] and former [[Governor of New York]] [[Eliot Spitzer]] has pursued spyware companies for fraudulent installation of software.<ref>{{cite press release|title=State Sues Major "Spyware" Distributor |publisher=Office of New York State Attorney General |date=April 28, 2005 |url=http://www.oag.state.ny.us/media_center/2005/apr/apr28a_05.html |access-date=September 4, 2008 |quote=Attorney General Spitzer today sued one of the nation's leading internet marketing companies, alleging that the firm was the source of "spyware" and "adware" that has been secretly installed on millions of home computers. |url-status=dead|archive-url=https://web.archive.org/web/20090110150302/http://www.oag.state.ny.us/media_center/2005/apr/apr28a_05.html |archive-date=January 10, 2009 }}</ref> In a suit brought in 2005 by Spitzer, the California firm [[Intermix Media, Inc.]] ended up settling, by agreeing to pay US$7.5&nbsp;million and to stop distributing spyware.<ref>Gormley, Michael. {{cite news|url=https://news.yahoo.com/news?tmpl=story&u=/cpress/20050615/ca_pr_on_tc/spitzer_spyware |title=Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general |archive-url=https://web.archive.org/web/20050622082027/http://news.yahoo.com/news?tmpl=story&u=%2Fcpress%2F20050615%2Fca_pr_on_tc%2Fspitzer_spyware |archive-date=June 22, 2005 |work=[[Yahoo!]] News |date=June 15, 2005 |url-status=dead}}</ref>

The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers sued [[Claria]] for replacing advertisements, but settled out of court.

Courts have not yet had to decide whether advertisers can be held [[Legal liability|liable]] for spyware that displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, they have contracted with an [[advertising agency]], which in turn contracts with an online subcontractor who gets paid by the number of "impressions" or appearances of the advertisement. Some major firms such as [[Dell Computer]] and [[Mercedes-Benz]] have sacked advertising agencies that have run their ads in spyware.<ref>{{cite news |last=Gormley |first=Michael |url=https://www.usatoday.com/tech/news/computersecurity/2005-06-25-companies-spyware_x.htm |title=Major advertisers caught in spyware net |work=USA Today |date=June 25, 2005 |access-date=September 4, 2008 |archive-date=September 20, 2008 |archive-url=https://web.archive.org/web/20080920222209/http://www.usatoday.com/tech/news/computersecurity/2005-06-25-companies-spyware_x.htm |url-status=live }}</ref>

===Libel suits by spyware developers===

Litigation has gone both ways. Since "spyware" has become a common [[pejorative]], some makers have filed [[slander and libel|libel]] and [[defamation]] actions when their products have been so described. In 2003, Gator (now known as Claria) filed suit against the website [[PC Pitstop]] for describing its program as "spyware".<ref>Festa, Paul. "[http://news.cnet.com/2100-1032_3-5095051.html See you later, anti-Gators?] {{Webarchive|url=https://web.archive.org/web/20140714170649/http://news.cnet.com/2100-1032_3-5095051.html |date=July 14, 2014 }}". ''News.com''. October 22, 2003.</ref> PC Pitstop settled, agreeing not to use the word "spyware", but continues to describe harm caused by the Gator/Claria software.<ref>"[http://www.pcpitstop.com/gator/default.asp Gator Information Center] {{Webarchive|url=https://web.archive.org/web/20050701080044/http://www.pcpitstop.com/gator/default.asp |date=July 1, 2005 }}". ''pcpitstop.com'' November 14, 2005.</ref> As a result, other anti-spyware and anti-virus companies have also used other terms such as "potentially unwanted programs" or [[Malware#Grayware|greyware]] to denote these products.

===WebcamGate===
{{Main|Robbins v. Lower Merion School District}}
In the 2010 [[Robbins v. Lower Merion School District|WebcamGate]] case, plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, and therefore infringed on their privacy rights.  The school loaded each student's computer with [[LANrev]]'s remote activation tracking software.  This included the now-discontinued "TheftTrack".  While TheftTrack was not enabled by default on the software, the program allowed the school district to elect to activate it, and to choose which of the TheftTrack surveillance options the school wanted to enable.<ref name="autogenerated5" />

TheftTrack allowed school district employees to secretly remotely activate the webcam embedded in the student's laptop, above the laptop's screen. That allowed school officials to secretly take photos through the webcam, of whatever was in front of it and in its line of sight, and send the photos to the school's server. The LANrev software disabled the webcams for all other uses (''e.g.'', students were unable to use [[Photo Booth]] or [[video chat]]), so most students mistakenly believed their webcams did not work at all. On top of the webcam surveillance, TheftTrack allowed school officials to take screenshots and send them to the school's server. School officials were also granted the ability to take snapshots of instant messages, web browsing, music playlists, and written compositions. The schools admitted to secretly snapping over 66,000 webshots and [[screenshot]]s, including webcam shots of students in their bedrooms.<ref name="autogenerated5">[http://lmsd.org/documents/news/100503_l3_report.pdf "Initial LANrev System Findings"] {{webarchive|url=https://web.archive.org/web/20100615100827/http://lmsd.org/documents/news/100503_l3_report.pdf |date=June 15, 2010 }}, LMSD Redacted Forensic Analysis, L-3 Services – prepared for [[Ballard Spahr]] (LMSD's counsel), May 2010. Retrieved August 15, 2010.</ref><ref name="USATODAY">{{cite news |url=http://content.usatoday.com/communities/ondeadline/post/2010/02/school-district-accused-of-issuing-webcam-laptops-to-spy-on-students/1 |author=Doug Stanglin|title=School district accused of spying on kids via laptop webcams |date=February 18, 2010|work=[[USA Today]] |access-date=February 19, 2010|url-status=live |archive-date=September 13, 2012 |archive-url=https://web.archive.org/web/20120913050816/http://content.usatoday.com/communities/ondeadline/post/2010/02/school-district-accused-of-issuing-webcam-laptops-to-spy-on-students/1}}</ref><ref>{{cite news |title=Suit: Schools Spied on Students Via Webcam |url=https://www.cbsnews.com/news/suit-schools-spied-on-students-via-webcam/ |newspaper=CBS NEWS|date=March 8, 2010|access-date=July 29, 2013|archive-date=August 1, 2013|archive-url=https://web.archive.org/web/20130801034022/http://www.cbsnews.com/2100-201_162-6220751.html |url-status=live}}</ref>