Oh, What a Tangled World Wide Web We Weave: an Analysis of Washington's Computer Spyware Act in a National Context
| Publication year | 2008 |
I. Introduction
A spyware epidemic is compromising computer security in America.(fn1) Although the technology sector has not yet agreed on a formal definition,(fn2) spyware is commonly described as a type of software that can track the online activities and collect the personal information of Internet users.(fn3) Spyware is often installed without a user's knowledge(fn4) and can maliciously change settings on the user's computer(fn5) or cause advertising messages, commonly known as pop-ups, to appear on the user's computer screen.(fn6) Difficult to detect and sometimes nearly impossible to remove, spyware has emerged as a significant security problem for Internet users.(fn7)
Spyware affects businesses as well as individuals.(fn8) Spyware can expose a company's confidential information, slow down computers and networks, and destroy data.(fn9) Employees lose efficiency while waiting for IT staff to fix the various problems caused by spyware, which increases costs.(fn10) Accordingly, spyware is not just a minor annoyance suffered by individual Internet users; rather, it harms American businesses and the economy as well.(fn11)
Washington and several other states have recently passed antispy-ware legislation.(fn12) This Comment will focus on the effectiveness of Washington's Computer Spyware Act (the Act),(fn13) while also surveying similar legislation from other states and approaches proposed at the federal level. Part II discusses the Act's content and briefly explains its definition of prohibited spyware and activities. Part III examines two early cases to invoke the Act and describes their procedural history, from filing to settlement. Part IV analyzes the Utah and California spyware statutes, which blazed the trail in this emerging area of law.(fn14) Moreover, at the time the first Washington lawsuits were filed, these statutes provided virtually the only state statutory guidance for Washington courts evaluating the Act.(fn15) Part V evaluates the current status of proposed federal spyware legislation and the role of the Federal Trade Commission (FTC) in adjudicating spyware disputes. Although no federal statutes on this subject have yet been enacted, the bills currently under consideration demonstrate the two leading approaches for penalizing spyware usage. Finally, Part VI proposes three changes to the Act that will more effectively deter prohibited conduct and compensate its victims. First, the Act's notice requirement must be more specific. Second, the plaintiffs burden of proving the defendant's intentional deceit should be eased; the Act should place the burden on the defendant by creating a rebuttable presumption of intentional deceit on the defendant's part. Finally, the legislature must increase the damages cap. These amendments will ensure that Washington remains a national leader in protecting its citizens from invasive spyware.
II. The Washington Computer Spyware Act
The Act, which took effect in July 2005, makes it "unlawful for a person who is not an owner or operator to transmit computer software to the owner or operator's computer with actual knowledge or with conscious avoidance of actual knowledge," when that software is used in certain ways.(fn16) Such prohibited uses include: modifying security settings; collecting Internet browser histories or personally identifiable information; tracking keystrokes; preventing the blocking of software installation; and inducing the purchase of software by falsely identifying spyware or viruses on a user's computer.(fn17) The Act does not prohibit software that monitors a computer user's Internet connection if the monitoring is executed by a telecommunications carrier, software provider, or computer service providing authorized software updates,(fn18) because these activities aid in proper Internet functioning.(fn19)
Only the Attorney General of Washington or an adversely affected software provider, website owner, or trademark owner may bring suit for a violation of the Act.(fn20) A plaintiff who alleges that a defendant modified certain computer settings must prove that the defendant acted with an intent to deceive.(fn21) To prove that a defendant transmitted software to tamper with computer functions, a plaintiff must show that the defendant had actual knowledge or conscious avoidance of actual knowledge of his or her software transmission.(fn22)
Damages awarded under the Act are limited to either $100,000 per violation or actual damages, whichever is greater.(fn23) Total damages may not exceed $2 million.(fn24) Repeat offenders, however, may incur a threefold increase in damages at the court's discretion, subject to the cap of $2 million.(fn25)
III. Early Washington Cases
Early in 2006, the Attorney General filed the first suit under the Act in
First, the complaint alleged that Secure Computer violated Revised Code of Washington (RCW) section 19.270.040(1) by intentionally marketing and selling products that purported to scan computers for spyware, alarming users, and enticing (or even forcing) them to purchase the products.(fn33) The complaint further alleged that Secure Computer persuaded users to get a free scan with pop-up advertisements that mimicked the Microsoft Windows security "dialog boxes."(fn34) These boxes advised users that their computers might be infected with spyware; when users clicked the box, they were guided through a process that downloaded Secure Computer spyware onto their computers.(fn35) Moreover, the complaint alleged that these scans failed to detect spyware on infected computers and purported to detect spyware on computers that had none.(fn36) Following the free scan, users received a false scan report that listed the types of spyware claimed to be found on their computers.(fn37) When users clicked the button to remove the spyware, the dialog box prompted users to purchase "Spyware Cleaner" for $49.95 by inputting credit card and other information.(fn38)
Second, the complaint alleged that Secure Computer violated RCW section 19.270.030(2)(b) when Secure Computer transferred software to users' computers that altered the users' security settings.(fn39) Allegedly, the free scan software that produced the false scan reports also erased safeguards that users placed on their computers to protect themselves from viruses and spyware, rendering the computers more susceptible to these dangers.(fn40)
By June 2006, three individually named defendants settled for sums ranging from $2,000 to $84,000.(fn41) The case ended in December 2006 when Secure Computer president Paul Burke agreed to a $ 1 million settlement, of which only $75,000 was allocated to compensate the 1,145 Washington consumers who bought and were harmed by the software.(fn42) The State allocated the remaining $925,000 for penalties, attorney's fees, and costs.(fn43) Secure Computer is now out of business.(fn44) Although this case did not create any precedent to guide future courts deciding disputes under the Act, it put spyware companies on notice that violations of the Act will result in prosecution.
In August 2006, the Attorney General brought suit against four Los Angeles companies and two individuals for allegedly promoting an online subscription-based entertainment service in violation of the Act.(fn45) The service provided movie clips, adult content, entertainment reviews, and Internet shopping information.(fn46) Yearly subscription fees ranged from $85 to $99, and monthly subscription fees ranged from $19.95 to $34.95.(fn47)
The companies allegedly utilized pop-up advertising to offer a free three-day trial but required computer users to download software in order to accept the offer.(fn48) Unfortunately, while this software did provide a free trial, it also allowed the defendants to deliver a relentless string of pop-up windows demanding payment.(fn49) These demands covered the computer screen and would not close.(fn50) Instead, the...
To continue reading
Request your trial