Project Idea
I’m beginning to formulate a tentative idea for a project for the class – potentially a Wiki. At its core, the class is about argument in the medium of the internet. I think i can take a particular interest of mine – MalWare – and create a proposed plan of attack that directly bears on the theme of the class.
I spent my 1L internship addressing some internet issues – including malware. I am well aware that it can be a tricky legal issue. Although some sites ‘drive by’ download these programs onto your computer, most come bundled with “free software” that is willingly downloaded. Since a user would not download the software if they knew it would hijack their computer, malware distributors never clearly disclose what is happening. The amount of disclosure ranges from none (clearly illegal) to a “click for the EULA” or EULA box in the consent box to at best a warning to the user that the software they are downloading “comes with free MyWebSearch”.
The two last are trickier issues. The Malware distributor i s clearly taking advantage of the fact that noone click on these “Terms and Conditions” or reads them. Indeed, the internet would be a cumbersome venture if we had to sift through pages of small font leglease anytime we had to consent to continue. Legally speaking, a judge can find this argument unpersuasive – and hold that it is simply the user’s problem that they didn’t read the terms. Depending on how vague the wording, how small the font, whether the terms are actually there or just a hyperlink – there still may be legal ground.
Full disclosure that another program is being installed is a more difficult case still.
Yet even in cases of clear lawbreaking, I don’t think that our AGs and the FTC can keep up with the amount of malware that is out there. Put those two factors together, and it is most definitely time for users of the internet to take things into their own hands. And here I hark back on my college days. I think we need activism.
What form it will take is up for debate. That is the very debate that I am hoping to get out of participants in CyberOne. Some possibilities are:
1. Massive boycotts of companies that are known and frequent purchasers of ad space in malware, such as Vonage. Without these companies sending out checks for each click, there would be no revenue, and thus no reason to send out malware (aside from true, identity-thieving spyware)
2. Activism, in the form of a letter-writing campaign or a ‘click-only’ boycott to those who advertise the adware itself. Today I saw an ad for SmileyCentral on MySpace and posted a bulletin advising people not to click on any ads in MySpace until they stop running banners for known malware. I asked that people repost the bulletin. I know the chances are slim that my bulletin will be circulated, but theoretically if it did and people took heed, MySpace would see its click-to-visit ratio drop and lose revenue – removing the incentive for taking money from such advertisers. It’s the same reason that you don’t see PeTA commercials on TV (and believe me, they have the money and try). They know they would offend their viewers and other advertisers.
I know that getting people to stop using MySpace would be difficult, but how difficult is it not to click on an ad? If other sites, such as search enjines were accepting ads from Claria (formerly Gator), AskJeeves, WeatherBug, etc, we could organize something similar, until people distributing malware find it difficult to get people to find their site in the first place.
The internet makes it easy to organize and get word around. If people could do these things in real life with much higher transaction costs, why can’t they do it here? Spyware is something people get angry enough about to participate. All it would need is the right momentum.