Ghosts in Our Machines: Background and Policy Proposals on the “Spyware” Problem
Over the last several years, a loosely defined collection of computer software known as “spyware” has become the subject of growing public alarm. Computer users are increasingly finding programs on their computers that they did not know were installed and that they cannot uninstall, that create privacy problems and open security holes, that can hurt the performance and stability of their systems, and that can lead them to mistakenly believe that these problems are the fault of another application or their Internet provider.
The term “spyware” has been applied to everything from keystroke loggers, to advertising applications that track users’ web browsing, to web cookies, to programs designed to help provide security patches directly to users. More recently, there has been particular attention paid to a variety of applications that piggyback on peer-to-peer file-sharing software and other free downloads as a way to gain access to people’s computers. This report focuses primarily on these so-called “adware” and other similar applications, which have increasingly been the focus of legislative and regulatory proposals.
Many of these applications represent a significant privacy threat, but in our view the larger concerns raised by these programs are transparency and user control, problems sometimes overlooked in discussions about the issue and to a certain extent obscured by the term “spyware” itself.