Spyware, Hacking, Law, and Liability

My colleague, Alvin Borromeo, has described in detail his struggle with spyware on our firm blog and in Spyware Snags Blogger Users.

Spyware has become big news in the past year because it has wreaked havoc in infecting millions of computers nationwide. Spyware is the mass assault progeny of hacking, with many victims targeted simultaneously. The effects of your average spyware attack are felt by many more people or companies than the effects of your average hack.

Hackers can cause a great deal of damage, but imagine the damage that could be caused by multiple hackers. That's the damage of spyware.

For instance, phone numbers, photographs, and diary entries from Paris Hilton's cell phone appeared online, apparently as the result of a successful hack. Celebrities like Lindsay Lohan, Eminem, Christina Aguilera, and Anna Kournikova presumably kept their phone numbers private for a reason. Paris Hilton chose to confine certain photographs to her cell phone, too.

Now, imagine that a successful spyware attacker stole personal information from a number of cell phones or computers. Spyware attacks typically do not attract the kind of publicity that follows Paris Hilton, Britney Spears, or even Don Knotts, but they can affect many victims. A successful spyware attacker might steal personal information from thousands of computers, like passwords or web sites visited, by insertingan "information collection program" surreptitiously into each computer .

Congress and state legislatures have begun to respond to the threats posed by spyware. Utah passed the first spyware law in the U.S. last year, although a federal court has held up enforcement of the new law as it considers a constitutional challenge to it. California has passed a spyware law, and the U.S. House and Senate have considered competing spyware bills. State and federal legislators are debating the definition of "spyware" and the acts that new laws should penalize. At the same time, they are considering ways to limit the scope of liability to protect legitimate activities, like monitoring networks or providing software updates.

In the meantime, those who develop or transmit software programs can take into account new laws, legislation under consideration, and court or regulatory decisions on alleged spyware law violations.

As Congress and the states pass laws and as courts and enforcement bodies mete out punishment, a more solid framework will develop for holding those who spread spyware accountable.

For more information on spyware legislation, law, and liability, see my Privacy and Security Update or my article, New Spyware Laws Raising Potential Liability Concerns.