Attempting or gaining access to someone's computer without their consent or knowledge is illegal all over the world – in the UK it is prohibited under the ‘Computer Misuse Act’. However, whilst these laws criminalise those who spread malicious viruses, they do not explicitly outlaw spyware, a fact that spyware developers are eager to exploit.
Many spyware developers operate as legitimate companies because of the methods used to pass their software to computers. Though people often believe they haven’t authorised spyware to access their computer, it often comes bundled with desirable applications with permission granted through the terms outlined in the fine print of end-user license agreements. Most users usually ignore the full details of these agreements, but spyware companies believe that agreeing to these demonstrates user consent.
End-user licence agreements (EULA) are a common feature of software downloads, often in the form of ‘click wrap’ agreements, under which a single click is taken as consent to the entire text. There is legal debate surrounding whether or not these agreements can constitute a binding contract in all circumstances, and in the absence of certainty spyware developers widely use them as an acceptable form of consent. To avoid spyware, it is best to scrutinize end-user licence agreements for any mention of you giving consent to have your personal information shared with third parties. The law is much clearer on forms of spyware that don’t request user consent – these are outlawed.
Certain US states have produced clear laws that make it illegal for anyone other than the owner or operator of a computer to install software that monitors web browser setting, monitors keystrokes, or disables internet security software. Laws have also been passed in US Congress to impose penalties on producers of spyware that is used to hijack control of user’s computer, expose users to pop-up ads that cannot be closed, modify user’s personal settings or access personal information without specific consent.
The vagaries of the law on what precisely defines ‘spyware’ have led some software firms to file libel actions after their products have been described using this (commonly) pejorative term. Producers of software that monitor user’s behaviour have successfully filed law suits against agencies who have described their products as ‘spyware’, and as a result in some cases such products have become known as ‘greyware’. This is a particularly apt term, as in areas pertaining to spyware, what constitutes precise definition of the law is indeed a grey area.
Spyware producers believe end-user license agreements create a contract based on informed consent. Computer users who download software that contains spyware without reading the fine detail may not be so sure, and the law is currently not definitive on this matter.
To protect your personal information and keep your computer free of spyware, it is important that you carefully read the license agreement for any software you download and that you install anti malware software.
What is a worm?
What is a rootkit?
What is a keylogger?
What is ransomware?
What is spam?
What is a Trojan horse?