Bill Lacks Heft When a Target Shows Support
Here’s a question Gov. Arnold Schwarzenegger should have asked himself as he slogged through the thousand last-minute bills awaiting his signature after the recent legislative adjournment:
When do you know a bill has been gutted?
Answer: When it’s endorsed by a company whose behavior was originally one of its targets.
The anti-spyware law that the governor signed this week is a perfect case in point. On the surface, the measure looks like a blow against programs that get installed secretly on your computer (usually through an e-mail or a download from a website you visited) to wreak havoc. These menacing visitors can disclose personal information to strangers, alter your software or distribute viruses.
Now, it’s illegal in California to install such programs on your computer without your consent.
“We picked the most egregious things and banned them outright,” says Sen. Kevin Murray, the Culver City Democrat who sponsored the bill.
But it’s hard to avoid feeling uneasy at the reaction of Claria Corp. of Redwood City, which says it “embraces” the new law as “a useful model for other state legislatures.”
Claria, you see, has been frequently accused of purveying, well, spyware.
The company’s contribution to the spyware scourge is largely untouched by the new measure because its programs aren’t exactly “malicious.” But they can be extremely obnoxious.
Nestled on your computer, they blast your screen with pop-up ads designed to distract you from whatever website you’ve actually chosen to view. Click on LLBean.com, for example, and you might suddenly find yourself staring at an ad for Eddie Bauer.
Legal challenges to the business model of Claria and other similar companies have been common. Under a previous guise as Gator Corp., Claria was sued by the Washington Post and several other media companies, including Tribune Co., the owner of this newspaper, which said Claria poached on their commercial relationships with their legitimate customers.
The plaintiffs settled the case out of court for undisclosed terms, as did Wells Fargo & Co. and L.L. Bean Inc. in separate lawsuits. But the continuing threat of litigation is sufficiently strong for Claria to have mentioned it among the risk factors for investors when it filed for a public stock offering in April. (The offering has since been shelved.)
Claria insists that most users knowingly install its software, and that dissatisfied customers should find its programs easy to remove. But those claims are naive, if not cynical. Most computer users have no idea what goes on inside their desktop box, much less how to ferret out the software behind Web ads that keep popping up unbidden.
As for how Claria’s software lands on your computer in the first place, it’s typically packaged with a free program that a user does voluntarily install. A “substantial portion” of new users, the company says, get it by installing Kazaa, a free file-sharing program often used for the trading of pirated music and videos.
“Our privacy policy and end-user agreement is available prior to download in every instance,” says D. Reed Freeman, Claria’s vice president for legislative and regulatory affairs. He adds that the most important information -- that Claria will be pushing unrelated ads at users -- is prominently displayed during the installation.
But that scarcely justifies Claria’s contention that the 40 million members of its “audience” are by and large aware that they’re hosting its software.
Though it’s true that to install Kazaa, a user must click on a box saying he or she has read the Claria user agreement, nothing stops the user from clicking without actually reading the whole thing -- nearly 6,000 legalistic words in small print. It’s doubtful that most computer users have ever read more than a few lines of any such agreement.
“What if your 6-year-old daughter clicks ‘accept,’ or you do so without reading?” asks Ben Edelman, a Boston spyware authority who has been an expert witness for Claria opponents. “Are the users really bound by that agreement?”
Murray’s original bill would have made such user agreements almost inescapable, printed in type a quarter-inch high (about the size of the headline type at the beginning this column). The agreements would have to state that the program contained spyware and describe what it does; the idea was that, given such a clear warning, many users might bail out. Some spyware experts believe, furthermore, that the original bill’s definition of spyware would surely have covered Claria products.
But the final bill lacks the “notice and consent” provision. It defines spyware narrowly in terms of a few malicious actions such as modifying a computer’s internal settings or transmitting personal information -- thus skirting what companies like Claria do for a living. It’s no more surprising that Claria “embraces” this version than that Walt Disney Co. would “embrace” a bill that addressed the shortcomings of children’s television by outlawing Looney Tunes.
Claria’s Freeman has said in public that he met with Capitol staffers to suggest “an appropriate legislative paradigm” for an anti-spyware bill, but he told me this week that the contact was limited. Murray said he had no direct contact with Claria, and that its particular flavor of spyware was never his major concern. He said the notice provision was dropped at the request of high-tech companies that maintained it would generate confusion and produce mountains of litigation.
But critics say the changes make the law a shadow of what might have been. “To the extent it addresses the slimiest type of software, we applaud California’s efforts,” Rich Donaldson, a spokesman for L.L. Bean, told me. “But it lacks the appropriate muscle if companies like Claria are just fine with it.”
