StopBadware.org is a member of the Anti-Spyware Coalition (ASC), and I’m currently serving on the ASC’s “global issues subgroup.” The group’s purpose is to try to understand how spyware and other malware are viewed by consumers in other countries.

We’ve put together the following survey to get people’s perspective. If you have insight into a particular country, please send your responses to the survey below to Heather West at heather@cdt.org. Please also feel free to forward the survey along to others who may be able to help.

—

Where are you located?

How big a concern is:

• spyware? malware? viruses?
• privacy of personal information?
• identity theft?
• financial fraud?
• machine slowdown?

Are people worried about doing these things online?

• online banking
• e-commerce
• web based email
• social networking
• blogging

What is the most important/valuable thing users will store on their computer?

What kind of personal information are people worried about keeping safe, in general?

What is the incidence of identity theft?

Do most users own computers?

How do users generally connect to the internet?

Who enforces against deceptive practices or takes action against spyware?

Have any spyware enforcement cases happened in this country?

What laws are in place having to do with computer fraud and cybersecurity?

What are the legal implications of calling programs spyware?

Are there legal protections in place to protect anti-spyware vendors?

Are there legal protections for watchdog groups?

The Anti-Spyware Coalition, of which StopBadware is a member, will hold its next public workshop on January 31 in Washington, DC. The theme for the day will be “Spyware: What’s Worked, What’s Left, and What’s Coming.”

The ASC’s last conference was held here at Harvard, and proved to be an excellent opportunity for a meeting of minds in the anti-spyware space. You can read StopBadware staffers’ notes from that event here.

For more info about the January event, including planned panels and registration, head to the ASC website at antispywarecoalition.org.

Debate over several proposed U.S. federal anti-spyware laws continued at the Anti-Spyware Coalition conference last week at Harvard. In a panel on public policy moderated by StopBadware’s own John Palfrey, panelists from the Center for Democracy and Technology and the Federal Trade Commission disagreed on the best way forward for legislation that combats spyware.

The three potential bills at stake are the I-Spy Act and the Spy Act, both recently passed in the House, and the Counter Spy Act, recently re-introduced in the Senate after failing to pass in previous sessions. Ari Schwartz, deputy director of the CDT, said that the CDT supports all three bills, on the principle that any further clarification of the illegality of spyware is a good thing. Tracy Shapiro, an attorney at the FTC, said that the FTC feels it already has enough legal power at its disposal and that further legislation might actually cause confusion.

InfoWorld highlights the debate in an article here. You can also read more about the I-Spy and Spy acts in earlier StopBadware blog posts here.

Recordings of sessions at the Anti-Spyware Coalition conference, which took place this past Wednesday at Harvard Law School, are now available:

Part 1
Part 2
Part 3

You will need Real 10 Player to play the recordings (free download available here).

We have one more panel’s worth of notes from our blogging of yesterday’s Anti-Spyware Coalition conference. Here, StopBadware researcher Oliver Day shares his notes on the Trends panel, which closed out the day at the conference:

Google:

• The interstitial page. Creates a way to warn users of the search engine when a website is possibly infected.
• The Ghost in the Browser paper by Niels Provos et al. Technical paper on the methodologies used by Google to determine “badness”
• Safe browsing API overview. Opening up more information to the end users
• Online security blog. Tech oriented blog that is a day to day journal of the group.

Truste:

• Program whitelists
• Affiliate networks offloading responsibility

StopBadware:

• Educating consumers
• Guideline creation and security tips for site owners
• Community building via discussion groups, etc.

Site Advisor:

• Built for consumers by MIT engineers
• Bots testing for annoying behaviors

Questions:

How do all these pieces fit together in the security ecosystem? Orgs like Truste try to fill in particular niches like deep product reviews. Google is trying to make searching safer. Stopbadware is in a unique position as a non-profit to act as a watch dog against corporations (see AOL report).

Are we acting as arbiters of the Internet? What happens when we get something wrong? Versions change often (think updates) so how valid are product certifications?

Google claims near zero False Positives based on vetting through partners. No one should surf securely feeling that they are protected from all things. How does one “look both ways” when you are browsing web pages?

False positives can be dealt with on a programmatic level. Creating decays on bans, white lists, etc.

Will/do consumers want their computers to be like appliances?

Porn is a vehicle for a badware codec.

How do we compensate for human stupidity?

How do we evade the bad guys when they know where we are (IP address)?

Community helps develop reputation systems.

What is the opinion of these groups for certifications by other groups? Things marked bad by different orgs are likely to be bad. Things marked good should still be viewed with skepticism.