by Ari Schwartz

As the problem of spyware becomes an increasingly central concern for computer users and network administrators, the absence of a clear, coherent, and standard definition of the term has rendered serious discussion of solutions difficult.

Computer users themselves can find it difficult to define “spyware.” For example, a recent study by the Ponemon Institute included a question in which users were asked if they agreed or disagreed with a specific definition of spyware. Fifty-one percent of those surveyed agreed with the definition, but 49 percent thought it incorrect.

In order to attempt to resolve this conundrum, the Center for Democracy and Technology has convened the Anti-Spyware Coalition (ASC). Composed of anti-spyware software vendors, consumer groups, and ISPs, the coalition has attempted to write an authoritative set of definitions for spyware and other potentially unwanted technologies. The ASC released “Spyware Definitions and Supporting Documents” on July 12, 2005, and is accepting public comments until August 12, 2005. (The documents can be downloaded from the ASC Web site.)

In addition to a broad definition of the phrase “spyware and other potentially unwanted technologies,” the ASC documents contain a glossary of related terms, a vendor dispute-resolution process, and some safety tips for consumers. Though these documents will have to be followed by more details on standards for consent and risk modeling, they are a significant first step in process of eliminating the threat of spyware.

There has been some concern in the Internet community that any standard definition of “spyware” will allow bad actors to superficially modify their programs to avoid detection. Keeping this potential problem in mind, the ASC has tried to write definitions that are technology neutral and that depend, as much as possible, on consumer consent and preference. The definitions give anti-spyware software companies and consumers a common vocabulary with which to communicate what programs may be wanted or unwanted on a specific computer. The coalition will continue its work refining standards for bad behaviors, but we are confident that any piece of code that a consumer may reasonably consider “spyware” will be included under the definitions of “spyware and other potentially unwanted technologies.”

Spyware presents both a technical and a definitional problem. The Anti-Spyware Coalition hopes that, with your help through the public comment process, these new definitions will provide consumers with a better understanding of the way this type of code operates and a better ability to control the software on their computers through the installation of anti-spyware software.

Ari Schwartz is the associate director of the Center for Democracy and Technology.

 

Ponemon Institute