Coddling Spies: Why the Law Doesn’t Adequately Address Computer Spyware

Consumers and businesses have attempted to use the common law of torts as well as federal statutes like the Computer Fraud and Abuse Act, the Stored Wire and Electronic Communications and Transactional Records Act, and the Wiretap Act to address the expanding problem of spyware. Spyware, which consists of software applications inserted into another\u27s computer to report a user\u27s activity to an outsider, is as innocuous as tracking purchases or as sinister as stealing trade secrets or an individual\u27s identity. Existing law does not address spyware adequately because authorization language, buried in click-through boilerplate, renders much of current law useless. Congress must act to make spyware companies disclose their intentions with conspicuous and clearly-stated warnings

Rethinking Spyware: Questioning the Propriety of Contractual Consent to Online Surveillance

The spyware epidemic has reached new heights on the Internet. Computer users are increasingly burdened with programs they did not knowingly or consciously install, which place strains on their computers\u27 performance, and which also trigger annoying pop-up advertisements of products or services which have been determined to match the users\u27 preferences. The users\u27 purported preferences are determined, in turn, by the software continuously monitoring every move the consumer makes as she surfs the Internet. The public overwhelmingly disapproves of spyware which is surreptitiously placed on computers in this manner, and also largely disapproves of the pop-up advertising paradigm. As a result, there have been many legislative proposals, on a state and federal level, to address the spyware problem. All of the proposals assume that, if knowing and effective consent to spyware installation is granted by the consumer, then the software is lawful. Existing case law would seem to provide a means for corroboration of this conclusion. However, the implications of allowing such profound and invasive surveillance appear to be largely ignored in all of the proposals and discussion concerning spyware. This may be because of the problem of perspective concerning online activities, as first highlighted by Professor Orin Kerr. This article seeks to illuminate the true nature of the spyware bargain, and questions the propriety of sanctioning such surveillance bargains under principles of contract law. Such bargains may often be unenforceable because a term allowing continual surveillance may be beyond the range of reasonable expectations of most consumers. Even if not, however, the privacy implications are such that we as a society may wish to condemn such bargains to be spied upon, and conclude that such contracts should simply be unenforceable as a matter of public policy, and therefore banned

Rethinking Spyware: Questioning the Propriety of Contractual Consent to Online Surveillance

The spyware epidemic has reached new heights on the Internet. Computer users are increasingly burdened with programs they did not knowingly or consciously install, which place strains on their computers\u27 performance, and which also trigger annoying pop-up advertisements of products or services which have been determined to match the users\u27 preferences. The users\u27 purported preferences are determined, in turn, by the software continuously monitoring every move the consumer makes as she surfs the Internet. The public overwhelmingly disapproves of spyware which is surreptitiously placed on computers in this manner, and also largely disapproves of the pop-up advertising paradigm. As a result, there have been many legislative proposals, on a state and federal level, to address the spyware problem. All of the proposals assume that, if knowing and effective consent to spyware installation is granted by the consumer, then the software is lawful. Existing case law would seem to provide a means for corroboration of this conclusion. However, the implications of allowing such profound and invasive surveillance appear to be largely ignored in all of the proposals and discussion concerning spyware. This may be because of the problem of perspective concerning online activities, as first highlighted by Professor Orin Kerr. This article seeks to illuminate the true nature of the spyware bargain, and questions the propriety of sanctioning such surveillance bargains under principles of contract law. Such bargains may often be unenforceable because a term allowing continual surveillance may be beyond the range of reasonable expectations of most consumers. Even if not, however, the privacy implications are such that we as a society may wish to condemn such bargains to be spied upon, and conclude that such contracts should simply be unenforceable as a matter of public policy, and therefore banned

Privacy Preserving Internet Browsers: Forensic Analysis of Browzar

With the advance of technology, Criminal Justice agencies are being confronted with an increased need to investigate crimes perpetuated partially or entirely over the Internet. These types of crime are known as cybercrimes. In order to conceal illegal online activity, criminals often use private browsing features or browsers designed to provide total browsing privacy. The use of private browsing is a common challenge faced in for example child exploitation investigations, which usually originate on the Internet. Although private browsing features are not designed specifically for criminal activity, they have become a valuable tool for criminals looking to conceal their online activity. As such, Technological Crime units often focus their forensic analysis on thoroughly examining the web history on a computer. Private browsing features and browsers often require a more in-depth, post mortem analysis. This often requires the use of multiple tools, as well as different forensic approaches to uncover incriminating evidence. This evidence may be required in a court of law, where analysts are often challenged both on their findings and on the tools and approaches used to recover evidence. However, there are very few research on evaluating of private browsing in terms of privacy preserving as well as forensic acquisition and analysis of privacy preserving internet browsers. Therefore in this chapter, we firstly review the private mode of popular internet browsers. Next, we describe the forensic acquisition and analysis of Browzar, a privacy preserving internet browser and compare it with other popular internet browser

E-commerce Systems and E-shop Web Sites Security

Fruitfulnes of contemporary companies rests on new business model development, elimination of communication obstacles, simplification of industrial processes, possibilities of responding in real-time and above all meeting the floating custom needs. Quite a number of company activities and transactions are realized within the framework of e-business. Business transactions are supported by e-commerce systems. One of the e-commerce system part is web interface (web sites). Present trend is putting the accent on security. E-commerce system security and web sites security is the most overlooked aspect of securing data. E-commerce system security depends on technologies and its correct exploitation and proceedings. If we want e-commerce system and e-shops web sites with all services to be safety, it is necessary to know all possible risks, use up to date technologies, follow conventions of web sites development and have good security management system. The article deals with definition and description of risk areas refer to e-commerce systems and e-shop web sites and show fundamental principles of e-commerce systems and e-shop web sites security.E-commerce system, e-shop web sites, security, security proceedings, web technologies

A Review of Trends and Issues of Cybersecurity in Academic Libraries

Cyber security is rapidly becoming an important aspect of ICT around the globe. In Nigeria there have been increase in the rate of cybercrime and various organizations have become targets of cyber criminals. Cybercrime can pose a high risk to the economy and security of a nation. The most common types of cybercrime committed in Nigerian academic libraries include hacking, cyber-theft, viruses and worms, spamming, financial fraud, identity theft, cyber and website cloning. This paper examines the effectiveness of electronic security systems also known as cyber security in academic libraries in Nigeria. The paper was introduced by understanding what security is all about and then the perspective of cyber security. It moved on to analyse the various types of threats cyber security are exposed to and also the consequences of inaction. The paper moved on to analyse some cybersecurity actions that can be embarked on such as turning on firewalls, protecting passwords, preventing identity theft and so on. Finally the paper revealed cyber ethics that are to be adhered to. The paper concludes that academic libraries have suffered adversely from security issues and other anti-social menace and that the installation of security devices would drastically improve the situation

Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks

Malicious software is abundant in a world of innumerable computer users, who are constantly faced with these threats from various sources like the internet, local networks and portable drives. Malware is potentially low to high risk and can cause systems to function incorrectly, steal data and even crash. Malware may be executable or system library files in the form of viruses, worms, Trojans, all aimed at breaching the security of the system and compromising user privacy. Typically, anti-virus software is based on a signature definition system which keeps updating from the internet and thus keeping track of known viruses. While this may be sufficient for home-users, a security risk from a new virus could threaten an entire enterprise network. This paper proposes a new and more sophisticated antivirus engine that can not only scan files, but also build knowledge and detect files as potential viruses. This is done by extracting system API calls made by various normal and harmful executable, and using machine learning algorithms to classify and hence, rank files on a scale of security risk. While such a system is processor heavy, it is very effective when used centrally to protect an enterprise network which maybe more prone to such threats.Comment: 6 page

The Legal Status of Software, 23 J. Marshall J. Computer & Info. L. 711 (2005)

This article by cyberlaw specialist Daniel B. Garrie is intended to serve as a guide for judges to ensure that judicial decisions reflect an understanding of software’s multiple facets and its relation to the boundaries of the law. The article is designed to provide a high-level overview of software and then examine software in greater depth for specific legal areas likely to spawn legal disputes directly involving software. Included within the article are a brief overview of the current legal framework evolving with respect to software development (including an examination of the 2005 Supreme Court case Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd.), a broad overview of software, and a series of tutorials on the cutting-edge technology that will likely be subject to litigation in the future