Over the past few years, computer crimes and annoyances have become an increasingly important part of the U.S. Federal Trade Commission's work. In the past year, the FTC has announced settlements with spammers, adware distributors, and even Sony BMG Music Entertainment, over its distribution of rootkit software.
FTC Chairman Deborah Platt Majoras recently sat down with the IDG News Service to discuss some of the work her organization is doing to keep the scammers and criminals at bay. She talked about the Sony settlement, the role that online advertisers play in the adware and spyware plague, and whether buried disclosures in licensing agreements really count.
Following is an edited transcript of the interview.
Although there's this perception that much of online criminal activity happens outside of the U.S., there's actually a lot of money that makes its way to the pockets of U.S. spyware vendors, hosting providers, and even advertisers. What can the FTC to go after the U.S. money?
It's a very interesting point. I spoke [recently] to a corporate council. I told them that corporate America in general ought to do a better job of figuring out where their ad dollars are going. Because what we think is happening is that some of the ad dollars are making their way to adware providers who may be providing the software without the consumer's knowledge and consent. And these companies may not even know about it at the end of the day.
If I were a company, I wouldn't think that having a consumer bombarded with pop-up ads advertising my product would be a great way to sell.
We want companies to have a better understanding of where these advertising dollars are going, so in a couple of our high-profile spyware cases, like the one against Zango, we tried to be very public. That's a company that has changed its business model now. They have told us, "We've changed our ways; we're going to do things differently." But the people who hire them need to understand exactly what is going on with this advertising.
Well, you could get their attention if you sued them. Do you think that's likely?
That would certainly get their attention. I don't know right now.
You recently settled an action against Sony over its use of rootkit technology to protect copying. That was a case of computer owner's property rights bumping up against the entertainment industry's enforcement of its intellectual property rights. Do you anticipate more of this type of conflict in the future?
Yes, we may see some additional collisions, but from our perspective, companies should think about the legal principles that we've developed in the industrial economy and continue to apply them in this new economy.
The principles we applied in the Sony case are not really new and different. It's not that they endeavoured to protect their intellectual property, which they're entitled to do, it's that they didn't tell consumers what they were doing. We felt that how a consumer could use the CDs, where the music could be played ultimately, and whether or not their habits were being monitored, those were things that consumers would want to know about before they made their purchase. From our perspective, disclosure to consumers is a first principle.
As we look at principles that we're applying in spyware and the like, the first principle there is, the computer belongs to the user, not to the software distributor. You have to think of it that way.
There is something about the way legal agreements are evolving that offends common sense. I don't think people read most disclosure agreements, and I don't blame them. If you just want to download a plugin or play a CD, is it reasonable to expect someone to read a three-page boilerplate legal agreement?
That's a tough issue that you're raising, and an important issue. One of the things that has always been the case, though, is that buried disclosures have never worked and have never been adequate. So if you are burying an important disclosure that's going to make a difference to a consumer, then there's a real question about whether that's a true disclosure.
This is also something that we worry about with some of the spyware legislation that's been proposed. People say that as long as it's disclosed to folks that, "this is what's going to happen," then that may be good enough. We actually had a case in which buried in the EULA was this disclosure that said, "We reserve the right to take over your computer."
But we said there, "No, that is not good enough." That is the type of disclosure that would need to be front and center for the consumer that they really couldn't get past.