/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsAndy Sullivan
WASHINGTON: Internet users have learned to keep an eye out for viruses, worms and "spam" e-mail.
Add another online hazard to the list: spyware. Programs that hide in users' computers and secretly monitor their activities are emerging as the next high-tech plague, experts say.
Spyware can sap computing power, crash machines and bury users under a blizzard of unwanted ads. It can capture passwords, credit-card numbers and other sensitive data.
Spyware has even begun to burrow into popular culture.
"I was watching a soap opera the other day, and two characters were saying, 'Did you install that spyware in that person's machine?'" said Mozelle Thompson, a commissioner with the Federal Trade Commission.
On Monday, Thompson and other FTC officials will bring together policymakers, industry experts and consumer advocates to discuss the problem.
Educating consumers may be tricky because spyware is less visible than other online threats, experts say.
"Spam wants to be seen. Spyware doesn't want to be seen," said Dave Baker, vice president of law and public policy at Internet provider EarthLink Inc.
The first step is defining the problem. Some programs that have been labeled as spyware can be harmless, even helpful.
Many popular programs such as Kazaa and Morpheus that allow users to copy music and movies from each other's hard drives come bundled with applications that serve up pop-up ads or other marketing tools as a way to subsidize costs.
"Adware" programs like ‘WhenU’ do not collect personal information from consumers, several peer-to-peer executives said, and users can easily remove them if they wish.
"The adware guys realize they're being lumped in as spyware, and I think they're cleaning up their act a lot," said Wayne Rosso, chief executive of Optisoft SL, which makes the Blubster file-sharing application.
CREATE A PROBLEM, OFFER A FIX
Other programs are clearly more malevolent. Some spyware has been known to disable a victim's computer and then advertise software to fix the problem.
Keystroke loggers, often distributed by e-mail viruses, allow identity thieves to capture bank-account numbers and other sensitive information.
An EarthLink scan of 1.1 million computers released last week turned up more than 300,000 malevolent programs.
The Center for Democracy and Technology on Friday proposed one way to separate the illegal from the merely annoying.
Software that "hijacks" Web traffic, tracks Internet users without their knowledge, or does not provide an easy way to be removed should be considered spyware, the nonprofit consumer group said in a draft letter also signed by high-tech firms and industry groups.
Legislatures have begun to turn their attention to the problem. Utah has already passed one law banning spyware.
WhenU, which would be prevented from serving its pop-up ads to Utah residents, has sued to block the law. Other tech companies say the Utah law is too broad and could inadvertently outlaw legitimate activities such as content filtering and technical support.
Two bills are pending in Congress to ban spyware, but observers say action is unlikely in this election year.
Lawmakers should consider broad online privacy protections against spyware and other online threats, said Ari Schwartz, an associate director at the Center for Democracy and Technology.
"If you keep trying to aim at the technology rather than the privacy issue, you're going to keep coming up with new issues to deal with every two years," Schwartz said.
© Reuters