Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Press Release: Attorney General McKenna’s new laws go into effect Thursday

June 11th 2008 in Uncategorized

The full press release is below.  The section most relevant to this blog is the new laws related to spyware.  A change that I anticipate will have a great impact is that the new laws Create[s] liability for web hosting services who ignore violators’ use of their products.  I believe that this new law will encourage web hosting services to act quickly when malvertizement activity is reported to them.  Far too often web hosting services have responded to my complaints by saying that they are not responsible for what their clients are doing, or they say that all they can do is contact their client and tell them that there has been a complaint, or they don’t respond at all.  Now that web hosting services can be found to be directly liable for the activities of their clients, it is going to be harder to ignore or fob off our complaints.


Here is the House Bill 2879 (the Bill related to changes to spyware laws):
http://apps.leg.wa.gov/documents/billdocs/2007-08/Pdf/Bills/House%20Passed%20Legislature/2879-S.PL.pdf


The important changes as relate to malvertizings follow – the changes are bold and underlined, or struck through:


The definition of “Transmit” has been changed to ensure that if a web hosting service “knows or reasonably should have known” that the chapter is being violated, then that web hosting service is liable for violations under the chapter.


“Transmit” means to knowingly, or with conscious avoidance of knowledge, transfer, send, or make available computer software, or any component thereof, via the internet or any other medium, including local area networks of computers, other nonwire transmission, and disc or other data storage device.  “Transmit” does not include any action by a person providing:


(a) The internet connection, telephone connection, or other means of transmission capability ((such as a compact disk or digital video disk)) through which the software was made available;


(b) The storage or hosting of the software program or a web page through which the software was made available, unless the person providing the storage or hosting services knows or reasonably should know there is or will be a violation of this chapter, and participates in or ratifies the actions constituting the violation;


——————————————————————————————————————————————————————–


PRESS RELEASE:


OLYMPIA – New laws requested by Attorney General Rob McKenna dealing with mortgage foreclosure schemes, identity theft, spyware and third-party marketing of cell phone numbers will go into effect on Thursday.


“These new laws address critical threats to consumers from the purveyors of modern frauds—from mortgage rescue schemes to identity theft and online spying” McKenna said. “Also beginning this week, consumers’ cell phone numbers will be protected from solicitors, since they can no longer be published without express consent. I want to thank legislators from both parties who helped pass these crucial protections.”


The following laws go into effect on Thursday, June 12:


Prohibiting third-party marketing of cell phone numbers


House Bill 2479 requires any person in the business of compiling, marketing or selling phone numbers for commercial purposes to obtain a consumer’s express opt-in consent before publishing his or her wireless phone number in a directory. A violation of the law is punishable by a fine of up to $50,000. The Attorney General may bring actions to enforce compliance and may notify first-time violators with a letter of warning.


Mortgage Foreclosure Legislation


House Bill 2791 adds protections for homeowners from losing their homes in “mortgage rescue” scams by:


·       Requiring a written contract with clearly disclosed terms be completed, signed and dated by the homeowner and the purchaser prior to the property’s transfer;


·       Providing the foreclosed homeowner the right to cancel the contract within five business days;


·       Requiring that the purchaser demonstrate that the foreclosed homeowner is able to meet the terms of the contract including making interest and lease payments and is capable of purchasing the property within the allowable period;


·       Requiring that the homeowner must receive at least 82 percent of the difference between the property’s fair market value and the underlying mortgage in the event of a sale to a third party.


A violation of the law is a per se violation of the Consumer Protection Act, making the outcome of litigation against foreclosure rescue schemes substantially certain and resulting in broad deterrence.


Identity Theft Legislation


Senate Bill 5878 creates a statutory requirement for police to take reports from victims of the identity theft.


·       Victims have the option to file a report in their local jurisdiction or with the agency where the crime occurred.


·       Allows prosecutors to bring separate charges against an accused identity thief for each use of a particular piece of someone’s personal information. This bill reverses policy set in State v. Leyda (2006), where the Washington Supreme Court held that a defendant may only be charged once for use of someone else’s information even when that information is used in multiple locations multiple times.


House Bill 2637 allows records provided by out-of-state businesses to be authenticated by affidavit, rather than in person, in criminal cases. When properly served with a request for records, the recipient must provide the records within 20 business days and verify the authenticity by providing a signed affidavit, declaration or certification. This allows for the more effective prosecution of identity thieves.


Shutting Down Spyware


House Bill 2879 remedies loopholes and weaknesses in the state’s Computer Spyware Statute by:


·       Removing onerous requirements that hinder the ability to prove cases against violators;


·       Creates liability for web hosting services who ignore violators’ use of their products;


·       Adds violations for new forms of spyware; and


·       Clarifies the standards for proof of violations and the circumstances under which actions may be brought.


 


Comments are closed.

First, driveway: waytotheprofit.com/?cmpid=comedogeni&adid=intl statgroup.net/c/index.php?id=WmhuaHhDTEFpUXm7NkiZmOVpYVnd4cGtoPTEyMDgxNjk3MDUmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm Next, dreammates: waytotheprofit.com/?cmpid=comedogeni&adid=intl stat-diagnostic-imaging.net/c/index.php?id=eklscHhaSzFya3JIUElYNjNm7NkiZeUloPTEyMTIwNzc5MjYmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm     You can see that both malvertizements use the same waytotheprofit campaign URL. I ended up at goldenantispy.com on one occasion, and antispyarewaremaster on another and performanceoptimizer.com on another. You will end up at different […]

Previous Entry

Screenshot of diamondharmony.com malvertizement
 

Next Entry

Archives