Privacy-invasive Software - Problem With The Spyware Concept

Problem With The Spyware Concept

In early 2000, Steve Gibson formulated the first description of spyware after realizing software that stole his personal information had been installed on his computer (Gibson Research Corporation). His definition reads as follows:

“

Spyware is any software which employs a user’s Internet connection in the background (the so-called ‘backchannel’) without their knowledge or explicit permission.

”

This definition was valid in the beginning of the spyware evolution. However, as the spyware concept evolved over the years it attracted new kinds of behaviours. As these behaviours grew both in number and in diversity, the term spyware became hollowed out. This evolution resulted in that a great number of synonyms sprang up, e.g. thiefware, scumware, trackware, and badware. We believe that the lack of a single standard definition of spyware depends on the diversity in all these different views on what really should be included, or as Aaron Weiss put it (Weiss 2005):

“

What the old-school intruders have going for them is that they are relatively straightforward to define. Spyware, in its broadest sense, is harder to pin down. Yet many feel, as the late Supreme Court Justice Potter Stewart once said, ‘I know it when I see it.’.

”

Despite this vague comprehension of the essence in spyware, all descriptions include two central aspects. The degree of associated user consent, and the level of negative impact they impair on the user and their computer system (further discussed in Section 2.3 and Section 2.5 in (Boldt 2007a)). Because of the diffuse understanding in the spyware concept, recent attempts to define it have been forced into compromises. The Anti-Spyware Coalition (ASC) which is constituted by public interest groups, trade associations, and anti-spyware companies, have come to the conclusion that the term spyware should be used at two different abstraction levels (Anti-Spyware Coalition). At the low level they use the following definition, which is similar to Steve Gibson’s original one:

“

In its narrow sense, Spyware is a term for tracking software deployed without adequate notice, consent, or control for the user.

”

However, since this definition does not capture all the different types of spyware available they also provide a wider definition, which is more abstract in its appearance:

“

In its broader sense, spyware is used as a synonym for what the ASC calls ‘Spyware (and Other Potentially Unwanted Technologies)’. Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

1) Material changes that affect their user experience, privacy, or system security;
2) Use of their system resources, including what programs are installed on their computers; and/or
3) Collection, use, and distribution of their personal or other sensitive information.

”

Difficulties in defining spyware, forced the ASC to define what they call Spyware (and Other Potentially Unwanted Technologies) instead. In this term they include any software that does not have the users’ appropriate consent for running on their computers. Another group that has tried to define spyware is a group called StopBadware.org, which consists of actors such as Harvard Law School, Oxford University, Google, Lenovo, and Sun Microsystems (StopBadware.org). Their result is that they do not use the term spyware at all, but instead introduce the term badware. Their definition thereof span over seven pages, but the essence looks as follows (StopBadware.org Guidelines):

“

An application is badware in one of two cases:

1) If the application acts deceptively or irreversibly.
2) If the application engages in potentially objectionable behaviour without: first, prominently disclosing to the user that it will engage in such behaviour, in clear and non-technical language, and then obtaining the user's affirmative consent to that aspect of the application.

”

Both definitions from ASC and StopBadware.org show the difficulty with defining spyware. We therefore regard the term spyware at two different abstraction levels. On the lower level it can be defined according to Steve Gibsons original definition. However, in its broader and in a more abstract sense the term spyware is hard to properly define, as concluded above.

Read more about this topic: Privacy-invasive Software

Famous quotes containing the words problem with the, problem with, problem and/or concept:

“I don’t have any problem with a reporter or a news person who says the President is uninformed on this issue or that issue. I don’t think any of us would challenge that. I do have a problem with the singular focus on this, as if that’s the only standard by which we ought to judge a president. What we learned in the last administration was how little having an encyclopedic grasp of all the facts has to do with governing.”
—David R. Gergen (b. 1942)

“The general public is easy. You don’t have to answer to anyone; and as long as you follow the rules of your profession, you needn’t worry about the consequences. But the problem with the powerful and rich is that when they are sick, they really want their doctors to cure them.”
—Molière [Jean Baptiste Poquelin] (1622–1673)

“If a problem is insoluble, it is Necessity. Leave it alone.”
—Mason Cooley (b. 1927)

“Every new concept first comes to the mind in a judgment.”
—Charles Sanders Peirce (1839–1914)